diff options
author | Matt Davis <nitzmahone@users.noreply.github.com> | 2018-01-25 02:56:58 -0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-01-25 02:56:58 -0800 |
commit | 2a9ec6bdbf58c830680cd961f89972acf99ec1e8 (patch) | |
tree | fcba4e35afec27ec2c2e1a3159cbb10c0c680e58 /test/integration/targets/win_module_utils | |
parent | 3e7671879f956c0b4e3eed2c7200ecbaaa407b5f (diff) | |
download | ansible-2a9ec6bdbf58c830680cd961f89972acf99ec1e8.tar.gz |
fix Windows tests with hardcoded Administrator account (#35339)
* Admin account is not always called Administrator (eg Azure)
* this fixes some, but not all issues related to the Administrator account on non-English Windows as well (still numerous references to "Administrators" and other en-US Windows group names)
Diffstat (limited to 'test/integration/targets/win_module_utils')
-rw-r--r-- | test/integration/targets/win_module_utils/library/sid_utils_test.ps1 | 25 |
1 files changed, 19 insertions, 6 deletions
diff --git a/test/integration/targets/win_module_utils/library/sid_utils_test.ps1 b/test/integration/targets/win_module_utils/library/sid_utils_test.ps1 index 1b9bffd2f7..e64f5cf454 100644 --- a/test/integration/targets/win_module_utils/library/sid_utils_test.ps1 +++ b/test/integration/targets/win_module_utils/library/sid_utils_test.ps1 @@ -10,14 +10,24 @@ Function Assert-Equals($actual, $expected) { } Function Get-ComputerSID() { - # this is sort off cheating but I can't see any better way of getting this SID - $admin_sid = Convert-ToSID -account_name "$env:COMPUTERNAME\Administrator" + # find any local user and trim off the final UID + $luser_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID - return $admin_sid.Substring(0, $admin_sid.Length - 4) + return $luser_sid -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1' } $local_sid = Get-ComputerSID +# most machines should have a -500 Administrator account, but it may have been renamed. Look it up by SID +$default_admin = Get-CimInstance Win32_UserAccount -Filter "SID='$local_sid-500'" + +# this group is called Administrators by default on English Windows, but could named something else. Look it up by SID +$default_admin_group = Get-CimInstance Win32_Group -Filter "SID='S-1-5-32-544'" + +if (@($default_admin).Length -ne 1) { + Fail-Json @{} "could not find a local admin account with SID ending in -500" +} + ### Set this to the NETBIOS name of the domain you wish to test, not set for shippable ### $test_domain = $null @@ -26,10 +36,10 @@ $tests = @( @{ sid = "S-1-1-0"; full_name = "Everyone"; names = @("Everyone") }, @{ sid = "S-1-5-18"; full_name = "NT AUTHORITY\SYSTEM"; names = @("NT AUTHORITY\SYSTEM", "SYSTEM") }, @{ sid = "S-1-5-20"; full_name = "NT AUTHORITY\NETWORK SERVICE"; names = @("NT AUTHORITY\NETWORK SERVICE", "NETWORK SERVICE") }, - @{ sid = "$local_sid-500"; full_name = "$env:COMPUTERNAME\Administrator"; names = @("$env:COMPUTERNAME\Administrator", "Administrator", ".\Administrator") }, + @{ sid = "$($default_admin.SID)"; full_name = "$($default_admin.FullName)"; names = @("$env:COMPUTERNAME\$($default_admin.Name)", "$($default_admin.Name)", ".\$($default_admin.Name)") }, # Local Groups - @{ sid = "S-1-5-32-544"; full_name = "BUILTIN\Administrators"; names = @("BUILTIN\Administrators", "Administrators", ".\Administrators") } + @{ sid = "$($default_admin_group.SID)"; full_name = "BUILTIN\$($default_admin_group.Name)"; names = @("BUILTIN\$($default_admin_group.Name)", "$($default_admin_group.Name)", ".\$($default_admin_group.Name)") } ) # Add domain tests if the domain name has been set @@ -55,7 +65,10 @@ if ($test_domain -ne $null) { foreach ($test in $tests) { $actual_account_name = Convert-FromSID -sid $test.sid - Assert-Equals -actual $actual_account_name -expected $test.full_name + # renamed admins may have an empty FullName; skip comparison in that case + if ($test.full_name) { + Assert-Equals -actual $actual_account_name -expected $test.full_name + } foreach ($test_name in $test.names) { $actual_sid = Convert-ToSID -account_name $test_name |