Hello Chef Community,
I had a question that you might be able to help me. I have been running chef for some time and I understand why when the client runs it does it with the root\system account. I came across a scenario that the verify (inspec) stage needs to run as a different user.
Scenario:
we are using dsc_resource to install an Exchange Server and Configure it. This is done with a specific user because of some dependencies with AD (membership - domain admin\schema admin etc). This is possible because we can run the dsc_resource with the credential helper. more information here: https://docs.chef.io/resources/dsc_resource/#properties
The problem is that I need to run some powershell inpec test and with the local account it won't be able to do so because it doesn't have the correct permissions to run it (you need Organizational Management in Exchange to do so)
Question:
Is there a way that we can run inspec test when we do kitchen verify as a different user that has been pre-created and has the correct permissions instead of the local account. this will help us run the following scripts and get the correct test for the Exchange Application as we build our cookbook.
Example:
exchange_product_key = <<-EOH
Add-PSSnapin Microsoft.Exchange.Management.PowerShell.SnapIn;
Get-ExchangeServer $env:COMPUTERNAME | select -ExpandProperty IsExchangeTrialEdition
EOH
describe powershell(exchange_product_key) do
its('stdout') { should cmp(/^False/) }
end
Let me know if you need more information and thank you in advance for the help.
Some references we have been looking at: