Merge pull request #1039 from chef/chris-rock/user_enabled

identify enabled/disabled accounts for windows

lib/resources/users.rb

@@ -81,9 +81,10 @@ module Inspec::Resources
           .add(:mindays,   field: :mindays)
           .add(:maxdays,   field: :maxdays)
           .add(:warndays,  field: :warndays)
-          .add(:exists?) { |x|
-            !x.entries.empty?
-          }
+          .add(:disabled,  field: :disabled)
+          .add(:exists?) { |x| !x.entries.empty? }
+          .add(:disabled?) { |x| x.where { disabled == false }.entries.empty? }
+          .add(:enabled?) { |x| x.where { disabled == true }.entries.empty? }
     filter.connect(self, :collect_user_details)
 
     def to_s
@@ -157,6 +158,14 @@ module Inspec::Resources
       !identity.nil? && !identity[:username].nil?
     end
 
+    def disabled?
+      identity[:disabled] == true unless identity.nil?
+    end
+
+    def enabled?
+      identity[:disabled] == false unless identity.nil?
+    end
+
     def username
       identity[:username] unless identity.nil?
     end
@@ -576,7 +585,7 @@ module Inspec::Resources
         # get related groups
         $groups = $user.GetRelated('Win32_Group') | Select-Object -Property Caption, Domain, Name, LocalAccount, SID, SIDType, Status
         # filter user information
-        $user = $user | Select-Object -Property Caption, Description, Domain, Name, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID, SIDType, Status
+        $user = $user | Select-Object -Property Caption, Description, Domain, Name, LocalAccount, Lockout, PasswordChangeable, PasswordExpires, PasswordRequired, SID, SIDType, Status, Disabled
         # build response object
         New-Object -Type PSObject | `
         Add-Member -MemberType NoteProperty -Name User -Value ($user) -PassThru | `
@@ -599,13 +608,13 @@ module Inspec::Resources
       # if groups is no array, generate one
       group_hashes = [group_hashes] unless group_hashes.is_a?(Array)
       group_names = group_hashes.map { |grp| grp['Caption'] }
-
       {
         uid: user_hash['SID'],
         username: user_hash['Caption'],
         gid: nil,
         group: nil,
         groups: group_names,
+        disabled: user_hash['Disabled'],
       }
     end
 

test/helper.rb

@@ -208,7 +208,7 @@ class MockLoader
       # user info for freebsd
       'pw usershow root -7' => cmd.call('pw-usershow-root-7'),
       # user info for windows (winrm 1.6.0, 1.6.1)
-      '1f2dd0691487fe7ca8169dfd764e0197e6303f17de416e7c1b7439aedef87ae7' => cmd.call('GetUserAccount'),
+      '942eeec2b290bda610229d4bd29981ee945ed27b0f4ce7cca099aabe38af6386' => cmd.call('GetUserAccount'),
       # group info for windows
       'Get-WmiObject Win32_Group | Select-Object -Property Caption, Domain, Name, SID, LocalAccount | ConvertTo-Json' => cmd.call('GetWin32Group'),
       # network interface

test/unit/mock/cmd/GetUserAccount

@@ -11,7 +11,8 @@
     "PasswordRequired": true,
     "SID": "S-1-5-21-725088257-906184668-2367214287-500",
     "SIDType": 1,
-    "Status": "OK"
+    "Status": "OK",
+    "Disabled": false
   },
   "Groups": [{
     "Caption": "WIN-K0AKLED332V\\Administrators",

test/unit/resources/user_test.rb

@@ -109,6 +109,7 @@ describe 'Inspec::Resources::User' do
     _(resource.mindays).must_equal nil
     _(resource.maxdays).must_equal nil
     _(resource.warndays).must_equal nil
+    _(resource.disabled?).must_equal false
   end
 
   it 'read user on undefined os' do