search

ansible-lockdown / Windows-2019-CIS

CIS Baseline Ansible Role for Windows 2019
MIT License
134 stars 72 forks source link

Control 2.2.47 sets empty string instead of empty list #41

Closed bschapendonk closed 3 years ago

bschapendonk commented 3 years ago 
redirecting (type: modules) ansible.builtin.win_user_right to ansible.windows.win_user_right
Using module file /home/user/.ansible/lib/python3.8/site-packages/ansible_collections/ansible/windows/plugins/modules/win_user_right.ps1
Pipelining is enabled.
<10.x.x.x> ESTABLISH WINRM CONNECTION FOR USER: Administrator on PORT 5985 TO 10.x.x.x
EXEC (via pipeline wrapper)
The full traceback is:
Cannot bind argument to parameter 'InputObject' because it is an empty string.
At line:346 char:34
+ $userSids = [String[]]@($users | ConvertTo-SecurityIdentifier | ForEa ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertTo-SecurityIdentifier], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorEmptyStringNotAllowed,ConvertTo-SecurityIdentifier

ScriptStackTrace:
at <ScriptBlock>, <No file>: line 346

System.Management.Automation.ParameterBindingValidationException: Cannot bind argument to parameter 'InputObject' because it is an empty string.
   at System.Management.Automation.CmdletParameterBinderController.BindValueFromPipeline(PSObject inputToOperateOn, MergedCompiledCommandParameter parameter, ParameterBindingFlags flags)
   at System.Management.Automation.CmdletParameterBinderController.BindUnboundParametersForBindingStateInParameterSet(PSObject inputToOperateOn, CurrentlyBinding currentlyBinding, UInt32 validParameterSets)
   at System.Management.Automation.CmdletParameterBinderController.BindUnboundParametersForBindingState(PSObject inputToOperateOn, CurrentlyBinding currentlyBinding, UInt32 validParameterSets)
   at System.Management.Automation.CmdletParameterBinderController.BindPipelineParametersPrivate(PSObject inputToOperateOn)
   at System.Management.Automation.CmdletParameterBinderController.BindPipelineParameters(PSObject inputToOperateOn)
   at System.Management.Automation.CommandProcessor.Read()
fatal: [x.testing.x.x]: FAILED! => {
    "changed": false,
    "msg": "Unhandled exception while executing module: Cannot bind argument to parameter 'InputObject' because it is an empty string."
}

https://github.com/ansible-lockdown/Windows-2019-CIS/blob/devel/tasks/section02.yml#L626

should be users: []

georgenalen commented 3 years ago

Thanks for raising the issue. I will work on getting this at least into devel. The same issue was in the 2016-CIS and impacted a few tasks. I'll do the same fix here.

George

georgenalen commented 3 years ago

Addressed in PR #44 release 1.1.1