diff options
author | Davin Taddeo <davin@chef.io> | 2020-06-11 14:20:18 -0400 |
---|---|---|
committer | Davin Taddeo <davin@chef.io> | 2020-06-11 14:20:18 -0400 |
commit | e46512e00a701e547c992b879673b6331f8ec48d (patch) | |
tree | 076db5fefa77e8f8566e63ac4c9889232da125d2 | |
parent | 81c9167e2c4e3fb2b38ebf0f37aeb9165788eca6 (diff) | |
download | chef-e46512e00a701e547c992b879673b6331f8ec48d.tar.gz |
updating to use the `converge_by` option for nicer logging during the client run.
Signed-off-by: Davin Taddeo <davin@chef.io>
-rw-r--r-- | lib/chef/resource/windows_audit_policy.rb | 69 |
1 files changed, 34 insertions, 35 deletions
diff --git a/lib/chef/resource/windows_audit_policy.rb b/lib/chef/resource/windows_audit_policy.rb index 3203c777ef..152f6442f1 100644 --- a/lib/chef/resource/windows_audit_policy.rb +++ b/lib/chef/resource/windows_audit_policy.rb @@ -176,52 +176,51 @@ class Chef unless new_resource.sub_category.empty? new_resource.sub_category.each do |subcategory| next if subcategory_configured?(subcategory, new_resource.success, new_resource.failure) - - sval = new_resource.success ? "enable" : "disable" - fval = new_resource.failure ? "enable" : "disable" - cmd = "auditpol /set " - cmd << "/user:\"#{new_resource.include_user}\" /include " if new_resource.include_user - cmd << "/user:\"#{new_resource.exclude_user}\" /exclude " if new_resource.exclude_user - cmd << "/subcategory:\"#{subcategory}\" /success:#{sval} /failure:#{fval}" - - powershell_script "Update Audit Policy for Subcategory: #{subcategory}" do - code cmd + + sval = new_resource.success ? 'enable' : 'disable' + fval = new_resource.failure ? 'enable' : 'disable' + converge_by "Update Audit Policy for \"#{subcategory}\" to Success:#{sval} and Failure:#{fval}" do + cmd = 'auditpol /set ' + cmd += "/user:\"#{new_resource.include_user}\" /include " if new_resource.include_user + cmd += "/user:\"#{new_resource.exclude_user}\" /exclude " if new_resource.exclude_user + cmd += "/subcategory:\"#{subcategory}\" /success:#{sval} /failure:#{fval}" + powershell_exec(cmd) end end end - - if !new_resource.crash_on_audit_fail.nil? && option_configured?("CrashOnAuditFail", new_resource.crash_on_audit_fail) - val = new_resource.crash_on_audit_fail ? "Enable" : "Disable" - cmd = "auditpol /set /option:CrashOnAuditFail /value:#{val}" - powershell_script "Configure Audit: CrashOnAuditFail to #{val}" do - code cmd + + if !new_resource.crash_on_audit_fail.nil? && option_configured?('CrashOnAuditFail', new_resource.crash_on_audit_fail) + val = new_resource.crash_on_audit_fail ? 'Enable' : 'Disable' + converge_by "Configure Audit: CrashOnAuditFail to #{val}" do + cmd = "auditpol /set /option:CrashOnAuditFail /value:#{val}" + powershell_exec(cmd) end end - - if !new_resource.full_privilege_auditing.nil? && option_configured?("FullPrivilegeAuditing", new_resource.full_privilege_auditing) - val = new_resource.full_privilege_auditing ? "Enable" : "Disable" - cmd = "auditpol /set /option:FullPrivilegeAuditing /value:#{val}" - powershell_script "Configure Audit: FullPrivilegeAuditing to #{val}" do - code cmd + + if !new_resource.full_privilege_auditing.nil? && option_configured?('FullPrivilegeAuditing', new_resource.full_privilege_auditing) + val = new_resource.full_privilege_auditing ? 'Enable' : 'Disable' + converge_by "Configure Audit: FullPrivilegeAuditing to #{val}" do + cmd = "auditpol /set /option:FullPrivilegeAuditing /value:#{val}" + powershell_exec(cmd) end end - - if !new_resource.audit_base_directories.nil? && option_configured?("AuditBaseDirectories", new_resource.audit_base_directories) - val = new_resource.audit_base_directories ? "Enable" : "Disable" - cmd = "auditpol /set /option:AuditBaseDirectories /value:#{val}" - powershell_script "Configure Audit: AuditBaseDirectories to #{val}" do - code cmd + + if !new_resource.audit_base_directories.nil? && option_configured?('AuditBaseDirectories', new_resource.audit_base_directories) + val = new_resource.audit_base_directories ? 'Enable' : 'Disable' + converge_by "Configure Audit: AuditBaseDirectories to #{val}" do + cmd = "auditpol /set /option:AuditBaseDirectories /value:#{val}" + powershell_exec(cmd) end end - - if !new_resource.audit_base_objects.nil? && option_configured?("AuditBaseObjects", new_resource.audit_base_objects) - val = new_resource.audit_base_objects ? "Enable" : "Disable" - cmd = "auditpol /set /option:AuditBaseObjects /value:#{val}" - powershell_script "Configure Audit: AuditBaseObjects to #{val}" do - code cmd + + if !new_resource.audit_base_objects.nil? && option_configured?('AuditBaseObjects', new_resource.audit_base_objects) + val = new_resource.audit_base_objects ? 'Enable' : 'Disable' + converge_by "Configure Audit: AuditBaseObjects to #{val}" do + cmd = "auditpol /set /option:AuditBaseObjects /value:#{val}" + powershell_exec(cmd) end end - end + end end end end |