Merge pull request #5510 from hashicorp/fix5216

fix hyper-v admin check
2017-10-27 08:49:16 -07:00 · 2017-10-27 08:49:16 -07:00 · faf96b369f
parent 8d3bbf4da2 794e518eb7
commit faf96b369f
2 changed files with 32 additions and 13 deletions
--- a/builder/hyperv/common/driver_ps_4.go
+++ b/builder/hyperv/common/driver_ps_4.go
@ -291,9 +291,7 @@ func (d *HypervPS4Driver) verifyPSHypervModule() error {
 		return err
 	}

-	res := strings.TrimSpace(cmdOut)
-
-	if res == "False" {
+	if powershell.IsFalse(cmdOut) {
 		err := fmt.Errorf("%s", "PS Hyper-V module is not loaded. Make sure Hyper-V feature is on.")
 		return err
 	}
@ -301,23 +299,36 @@ func (d *HypervPS4Driver) verifyPSHypervModule() error {
 	return nil
 }

+func (d *HypervPS4Driver) isCurrentUserAHyperVAdministrator() (bool, error) {
+	//SID:S-1-5-32-578 = 'BUILTIN\Hyper-V Administrators'
+	//https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
+
+	var script = `
+$identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
+$principal = new-object System.Security.Principal.WindowsPrincipal($identity)
+$hypervrole = [System.Security.Principal.SecurityIdentifier]"S-1-5-32-578"
+return $principal.IsInRole($hypervrole)
+`
+
+	var ps powershell.PowerShellCmd
+	cmdOut, err := ps.Output(script)
+	if err != nil {
+		return false, err
+	}
+
+	return powershell.IsTrue(cmdOut), nil
+}
+
 func (d *HypervPS4Driver) verifyHypervPermissions() error {

 	log.Printf("Enter method: %s", "verifyHypervPermissions")

-	//SID:S-1-5-32-578 = 'BUILTIN\Hyper-V Administrators'
-	//https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
-	hypervAdminCmd := "([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole('S-1-5-32-578')"
-
-	var ps powershell.PowerShellCmd
-	cmdOut, err := ps.Output(hypervAdminCmd)
+	hyperVAdmin, err := d.isCurrentUserAHyperVAdministrator()
 	if err != nil {
-		return err
+		log.Printf("Error discovering if current is is a Hyper-V Admin: %s", err)
 	}
+	if !hyperVAdmin {

-	res := strings.TrimSpace(cmdOut)
-
-	if res == "False" {
 		isAdmin, _ := powershell.IsCurrentUserAnAdministrator()

 		if !isAdmin {
--- a/common/powershell/powershell.go
+++ b/common/powershell/powershell.go
@ -17,6 +17,14 @@ const (
 	powerShellTrue  = "True"
 )

+func IsTrue(s string) bool {
+	return strings.TrimSpace(s) == powerShellTrue
+}
+
+func IsFalse(s string) bool {
+	return strings.TrimSpace(s) == powerShellFalse
+}
+
 type PowerShellCmd struct {
 	Stdout io.Writer
 	Stderr io.Writer