From 5e86e783d285399849c99ca5c5ea2e4b9faeb9c3 Mon Sep 17 00:00:00 2001 From: "Jituri, Pranav" Date: Sat, 31 Oct 2020 01:20:37 +0530 Subject: [PATCH 1/5] Add hyperv permission health check --- pkg/minikube/reason/reason.go | 1 + pkg/minikube/registry/drvs/hyperv/hyperv.go | 17 ++++++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/pkg/minikube/reason/reason.go b/pkg/minikube/reason/reason.go index f90c1d98d8..4f0815c6e1 100644 --- a/pkg/minikube/reason/reason.go +++ b/pkg/minikube/reason/reason.go @@ -231,6 +231,7 @@ var ( DrvNotDetected = Kind{ID: "DRV_NOT_DETECTED", ExitCode: ExDriverNotFound} DrvAsRoot = Kind{ID: "DRV_AS_ROOT", ExitCode: ExDriverPermission} DrvNeedsRoot = Kind{ID: "DRV_NEEDS_ROOT", ExitCode: ExDriverPermission} + DrvNeedsAdministrator = Kind{ID: "DRV_NEEDS_ADMINISTRATOR", ExitCode: ExDriverPermission} GuestCacheLoad = Kind{ID: "GUEST_CACHE_LOAD", ExitCode: ExGuestError} GuestCert = Kind{ID: "GUEST_CERT", ExitCode: ExGuestError} diff --git a/pkg/minikube/registry/drvs/hyperv/hyperv.go b/pkg/minikube/registry/drvs/hyperv/hyperv.go index c12f2d826d..3c6b5d207d 100644 --- a/pkg/minikube/registry/drvs/hyperv/hyperv.go +++ b/pkg/minikube/registry/drvs/hyperv/hyperv.go @@ -34,6 +34,8 @@ import ( "k8s.io/minikube/pkg/minikube/driver" "k8s.io/minikube/pkg/minikube/localpath" "k8s.io/minikube/pkg/minikube/registry" + "k8s.io/minikube/pkg/minikube/exit" + "k8s.io/minikube/pkg/minikube/reason" ) const ( @@ -105,5 +107,18 @@ func status() registry.State { return registry.State{Installed: false, Running: false, Error: errorMessage, Fix: fixMessage, Doc: docURL} } + // Ensure user is either a Windows Administrator or a Hyper-V Administrator. + adminCheckCmd := exec.CommandContext(ctx, path, `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")`) + adminCheckOut, _ := adminCheckCmd.CombinedOutput() + + hypervAdminCheckCmd := exec.CommandContext(ctx, path, `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(([System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-578")))`) + hypervAdminCheckOut, _ := hypervAdminCheckCmd.CombinedOutput() + + + if (strings.TrimSpace(string(adminCheckOut)) != "True") && (strings.TrimSpace(string(hypervAdminCheckOut)) != "True") { + exit.Error(reason.DrvNeedsAdministrator,"", errors.New("Hyper-v commands have to be run as an Administrator")) + } + + return registry.State{Installed: true, Healthy: true} -} +} \ No newline at end of file From d415adfe9a6d8e0ecbe7ae1d567bb9e46c704925 Mon Sep 17 00:00:00 2001 From: "Jituri, Pranav" Date: Sat, 31 Oct 2020 16:53:43 +0530 Subject: [PATCH 2/5] Resolve review comments --- pkg/minikube/registry/drvs/hyperv/hyperv.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/minikube/registry/drvs/hyperv/hyperv.go b/pkg/minikube/registry/drvs/hyperv/hyperv.go index 3c6b5d207d..92af003484 100644 --- a/pkg/minikube/registry/drvs/hyperv/hyperv.go +++ b/pkg/minikube/registry/drvs/hyperv/hyperv.go @@ -34,8 +34,6 @@ import ( "k8s.io/minikube/pkg/minikube/driver" "k8s.io/minikube/pkg/minikube/localpath" "k8s.io/minikube/pkg/minikube/registry" - "k8s.io/minikube/pkg/minikube/exit" - "k8s.io/minikube/pkg/minikube/reason" ) const ( @@ -116,7 +114,9 @@ func status() registry.State { if (strings.TrimSpace(string(adminCheckOut)) != "True") && (strings.TrimSpace(string(hypervAdminCheckOut)) != "True") { - exit.Error(reason.DrvNeedsAdministrator,"", errors.New("Hyper-v commands have to be run as an Administrator")) + error := fmt.Errorf("Hyper-v commands have to be run as an Administrator") + fixMessage := "Right-click the PowerShell icon and select Run as Administrator to open PowerShell in elevated mode." + return registry.State{Installed: true, Running: false, Error: error, Fix: fixMessage, Doc: docURL} } From 5202288ddedf30b58af72d7f8f8b712aa9b9a229 Mon Sep 17 00:00:00 2001 From: "Jituri, Pranav" Date: Sat, 31 Oct 2020 16:55:46 +0530 Subject: [PATCH 3/5] Fix error collide with interface --- pkg/minikube/registry/drvs/hyperv/hyperv.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkg/minikube/registry/drvs/hyperv/hyperv.go b/pkg/minikube/registry/drvs/hyperv/hyperv.go index 92af003484..4c5816c42b 100644 --- a/pkg/minikube/registry/drvs/hyperv/hyperv.go +++ b/pkg/minikube/registry/drvs/hyperv/hyperv.go @@ -114,9 +114,9 @@ func status() registry.State { if (strings.TrimSpace(string(adminCheckOut)) != "True") && (strings.TrimSpace(string(hypervAdminCheckOut)) != "True") { - error := fmt.Errorf("Hyper-v commands have to be run as an Administrator") + err := fmt.Errorf("Hyper-v commands have to be run as an Administrator") fixMessage := "Right-click the PowerShell icon and select Run as Administrator to open PowerShell in elevated mode." - return registry.State{Installed: true, Running: false, Error: error, Fix: fixMessage, Doc: docURL} + return registry.State{Installed: true, Running: false, Error: err, Fix: fixMessage, Doc: docURL} } From 2406cdc3b82b56f3e91aaa44670d5b32ae2ee568 Mon Sep 17 00:00:00 2001 From: "Jituri, Pranav" Date: Sun, 15 Nov 2020 01:32:54 +0530 Subject: [PATCH 4/5] Address review comments --- pkg/minikube/registry/drvs/hyperv/hyperv.go | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pkg/minikube/registry/drvs/hyperv/hyperv.go b/pkg/minikube/registry/drvs/hyperv/hyperv.go index 4c5816c42b..fbe285ec4e 100644 --- a/pkg/minikube/registry/drvs/hyperv/hyperv.go +++ b/pkg/minikube/registry/drvs/hyperv/hyperv.go @@ -107,14 +107,26 @@ func status() registry.State { // Ensure user is either a Windows Administrator or a Hyper-V Administrator. adminCheckCmd := exec.CommandContext(ctx, path, `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")`) - adminCheckOut, _ := adminCheckCmd.CombinedOutput() + adminCheckOut, adminCheckErr := adminCheckCmd.CombinedOutput() + + if adminCheckErr != nil { + errorMessage := fmt.Errorf("%s returned %q", strings.Join(adminCheckCmd.Args, " "), adminCheckOut) + fixMessage := "Unable to determine current user's administrator privileges" + return registry.State{Installed: false, Running: false, Error: errorMessage, Fix: fixMessage, Doc: docURL} + } hypervAdminCheckCmd := exec.CommandContext(ctx, path, `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(([System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-578")))`) - hypervAdminCheckOut, _ := hypervAdminCheckCmd.CombinedOutput() + hypervAdminCheckOut, hypervAdminCheckErr := hypervAdminCheckCmd.CombinedOutput() + + if hypervAdminCheckErr != nil { + errorMessage := fmt.Errorf("%s returned %q", strings.Join(hypervAdminCheckCmd.Args, " "), hypervAdminCheckOut) + fixMessage := "Unable to determine current user's Hyper-V administrator privileges." + return registry.State{Installed: false, Running: false, Error: errorMessage, Fix: fixMessage, Doc: docURL} + } if (strings.TrimSpace(string(adminCheckOut)) != "True") && (strings.TrimSpace(string(hypervAdminCheckOut)) != "True") { - err := fmt.Errorf("Hyper-v commands have to be run as an Administrator") + err := fmt.Errorf("Hyper-V requires Administrator privileges") fixMessage := "Right-click the PowerShell icon and select Run as Administrator to open PowerShell in elevated mode." return registry.State{Installed: true, Running: false, Error: err, Fix: fixMessage, Doc: docURL} } From 6e900ee2fd5301f1fa4bf28ef50bf3f1726527ee Mon Sep 17 00:00:00 2001 From: "Jituri, Pranav" Date: Fri, 20 Nov 2020 01:17:30 +0530 Subject: [PATCH 5/5] Resolve review comments & fix powershell issue --- pkg/minikube/registry/drvs/hyperv/hyperv.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkg/minikube/registry/drvs/hyperv/hyperv.go b/pkg/minikube/registry/drvs/hyperv/hyperv.go index fbe285ec4e..a114842fc0 100644 --- a/pkg/minikube/registry/drvs/hyperv/hyperv.go +++ b/pkg/minikube/registry/drvs/hyperv/hyperv.go @@ -89,7 +89,7 @@ func status() registry.State { ctx, cancel := context.WithTimeout(context.Background(), 8*time.Second) defer cancel() - cmd := exec.CommandContext(ctx, path, "@(Get-Wmiobject Win32_ComputerSystem).HypervisorPresent") + cmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive","@(Get-Wmiobject Win32_ComputerSystem).HypervisorPresent") out, err := cmd.CombinedOutput() if err != nil { @@ -106,29 +106,29 @@ func status() registry.State { } // Ensure user is either a Windows Administrator or a Hyper-V Administrator. - adminCheckCmd := exec.CommandContext(ctx, path, `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")`) + adminCheckCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive",`@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator")`) adminCheckOut, adminCheckErr := adminCheckCmd.CombinedOutput() if adminCheckErr != nil { errorMessage := fmt.Errorf("%s returned %q", strings.Join(adminCheckCmd.Args, " "), adminCheckOut) fixMessage := "Unable to determine current user's administrator privileges" - return registry.State{Installed: false, Running: false, Error: errorMessage, Fix: fixMessage, Doc: docURL} + return registry.State{Installed: true, Running: false, Error: errorMessage, Fix: fixMessage} } - hypervAdminCheckCmd := exec.CommandContext(ctx, path, `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(([System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-578")))`) + hypervAdminCheckCmd := exec.CommandContext(ctx, path, "-NoProfile", "-NonInteractive", `@([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(([System.Security.Principal.SecurityIdentifier]::new("S-1-5-32-578")))`) hypervAdminCheckOut, hypervAdminCheckErr := hypervAdminCheckCmd.CombinedOutput() if hypervAdminCheckErr != nil { errorMessage := fmt.Errorf("%s returned %q", strings.Join(hypervAdminCheckCmd.Args, " "), hypervAdminCheckOut) fixMessage := "Unable to determine current user's Hyper-V administrator privileges." - return registry.State{Installed: false, Running: false, Error: errorMessage, Fix: fixMessage, Doc: docURL} + return registry.State{Installed: true, Running: false, Error: errorMessage, Fix: fixMessage} } if (strings.TrimSpace(string(adminCheckOut)) != "True") && (strings.TrimSpace(string(hypervAdminCheckOut)) != "True") { err := fmt.Errorf("Hyper-V requires Administrator privileges") fixMessage := "Right-click the PowerShell icon and select Run as Administrator to open PowerShell in elevated mode." - return registry.State{Installed: true, Running: false, Error: err, Fix: fixMessage, Doc: docURL} + return registry.State{Installed: true, Running: false, Error: err, Fix: fixMessage} }