Skip to content

Allow Powershell provisioner to use service accounts #6972

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
SwampDragons merged 2 commits into from
Nov 12, 2018
Merged

Allow Powershell provisioner to use service accounts #6972

SwampDragons merged 2 commits into from
Nov 12, 2018

Conversation

@bodgit
Copy link
Contributor

@bodgit bodgit commented Nov 8, 2018

This uses the logic defined in #6104 to allow running Powershell with a service account, i.e. setting elevated_password to an empty value.

Tested using a Powershell script that runs Puppet with elevated_user set to SYSTEM. Previously Puppet didn't have sufficient permissions within the WinRM connection to install all packages/apply changes whereas now it seems to work properly. Ultimately I'd like to extract some of this elevated functionality to fix #5478 (except with the puppet-server provisioner instead) however my familiarity with Windows internals is a tad lacking currently.

Fixes #6104

@bodgit bodgit requested a review from a team as a code owner November 8, 2018 12:06
@bodgit bodgit mentioned this pull request Nov 8, 2018
Closed
@azr
Copy link
Contributor

azr commented Nov 9, 2018
edited
Loading

Nice one ! Thanks.
The test for what you changed are failing now. Other than that, LGTM.

@bodgit
Copy link
Contributor Author

bodgit commented Nov 9, 2018

Ok, I'll try and get that fixed up.

@bodgit
Copy link
Contributor Author

bodgit commented Nov 9, 2018

Tests seem happy now.

azr
azr reviewed Nov 9, 2018
View reviewed changes
SwampDragons
SwampDragons approved these changes Nov 12, 2018
View reviewed changes
Copy link
Contributor

@SwampDragons SwampDragons left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome!! Thanks for this :D

@SwampDragons SwampDragons merged commit 3d6b484 into hashicorp:master Nov 12, 2018
@azr azr mentioned this pull request Nov 13, 2018
Closed
@SwampDragons SwampDragons added this to the upcoming-patch milestone Nov 27, 2018
obilodeau added a commit to GoSecure/malboxes that referenced this pull request Sep 4, 2019
@obilodeau
Bump requirements for Packer due to powershell as SYSTEM
6c0345c 
Turns out that the upstream feature was introduced in 1.3.3 released on December 5, 2018 and merged in hashicorp/packer#6972.
@ghost
Copy link

ghost commented Mar 30, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Mar 30, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

2 more reviewers

@azr azr azr left review comments

@SwampDragons SwampDragons SwampDragons approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

enhancement provisioner/powershell

Projects

None yet

Milestone

v1.3.3

Development

Successfully merging this pull request may close these issues.

Allow users of the PowerShell provisioner to use service accounts for elevated_user Run Puppet Masterless provisioner as elevated user on Windows

3 participants

@bodgit @azr @SwampDragons