Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

windows_security_policy incorrectly reporting updates #14111

Open
skscrpo opened this issue Dec 1, 2023 · 0 comments
Open

windows_security_policy incorrectly reporting updates #14111

skscrpo opened this issue Dec 1, 2023 · 0 comments
Labels
Status: Untriaged An issue that has yet to be triaged.

Comments

@skscrpo
Copy link

skscrpo commented Dec 1, 2023

Description

When converging a recipe with 3 or more windows_security_policy resources that require changes, one or more resources will converge correctly, and apply the proper changes, but show in the log as (up to date). The final report line also does not include the resources as having updated. Which resources report incorrectly is inconsistent between runs.

Chef Version

18.3.0

Platform Version

Observed on Windows 10

Replication Case

Using the Security Policy MMC snap-in (secpol.msc) or net accounts, set the following values:

Setting Value
Minimum password age anything other than 1
Maximum password age anything other than 30 and greater than 1
Password must meet complexity requirements Disabled

Converge the following resources:

windows_security_policy 'MinimumPasswordAge' do
  secvalue '1'
  action :set
end
windows_security_policy 'MaximumPasswordAge' do
  secvalue '30'
  action :set
end
windows_security_policy 'PasswordComplexity' do
  secvalue '1'
  action :set
end

Again using net accounts or the Security Policy snap-in, examine the three settings. Note that all three have updated.
NB these resources are not specific triggers of the bug and only just examples. In testing, the bug has been observed with any setting.

Client Output

Recipe: windows_secpol_test::default
  * windows_security_policy[MinimumPasswordAge] action set[2023-12-01T09:43:30-08:00] INFO: Processing windows_security_policy[MinimumPasswordAge] action set (windows_secpol_test::default line 7)

    - update MinimumPasswordAge
    -   set secvalue to "1" (was "2")
  * windows_security_policy[LockoutBadCount] action set[2023-12-01T09:43:32-08:00] INFO: Processing windows_security_policy[LockoutBadCount] action set (windows_secpol_test::default line 11)

    - update LockoutBadCount
    -   set secvalue to "10" (was "4")
  * windows_security_policy[PasswordComplexity] action set[2023-12-01T09:43:33-08:00] INFO: Processing windows_security_policy[PasswordComplexity] action set (windows_secpol_test::default line 15)
 (up to date)
[2023-12-01T09:43:34-08:00] WARN: Skipping final node save because override_runlist was given
[2023-12-01T09:43:34-08:00] INFO: Chef Infra Client Run complete in 10.2564524 seconds
[2023-12-01T09:43:34-08:00] INFO: Skipping removal of unused files from the cache

Running handlers:
[2023-12-01T09:43:34-08:00] INFO: Running report handlers
Running handlers complete
[2023-12-01T09:43:34-08:00] INFO: Report handlers complete
Infra Phase complete, 2/3 resources updated in 25 seconds

Stacktrace

N/A
@skscrpo skscrpo added the Status: Untriaged An issue that has yet to be triaged. label Dec 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Status: Untriaged An issue that has yet to be triaged.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@skscrpo