Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Group resource errors with duplicate user names #9119

RonButler opened this issue Nov 21, 2019 · 0 comments

Group resource errors with duplicate user names #9119

RonButler opened this issue Nov 21, 2019 · 0 comments


Copy link

@RonButler RonButler commented Nov 21, 2019

I recently encountered some unexpected behavior with a cookbook that manages group membership for some of my hosts. It might be a good idea to do some input validation to remove duplicate entries and protect users from themselves.

Describe the problem

When passing a list of users to add to a group, if there are any duplicates in the list, Chef encounters a Windows 1378 error. (User already in group)

Software Version

OS: Windows 2019, Windows 2016
Chef: 14.7.17

Replication Case

default['group_manager'] << 'contoso\testuser'
default['group_manager'] << 'contoso\testuser'

action_class do
def admins_res
node['group_manager'].each do |local_group, domain_user|
group local_group do
members domain_user
append true


Chef run failure caused by duplicate users ``` ================================================================================ Error executing action `create` on resource 'group[Administrators]' ================================================================================
  The specified account name is already a member of the group.
  ---- Begin Win32 API output ----
  System Error Code: 1378
  System Error Message: The specified account name is already a member of the group.
  ---- End Win32 API output ----
  Resource Declaration:
  # In C:/chef/cache/cookbooks/group_manager/resources/group_manager.rb
   19:       group local do
   20:         members domain
   21:         append true
   22:       end
   23:     end
   24:   end
  Compiled Resource:
  # Declared in C:/chef/cache/cookbooks/group_manager/resources/group_manager.rb:19:in 'block in admins_res'
  group("Administrators") do
    action [:create]
    default_guard_interpreter :default
    declared_type :group
    cookbook_name "group_manager"
    members ["contoso\\admins", "contoso\\security_admins", "contoso\\security_admins"]
    append true
    excluded_members []
  System Info:
  ruby=ruby 2.5.3p105 (2018-10-18 revision 65156) [x64-mingw32]

Possible Solution

To fix my users, I simply added a ".uniq" to the array being passed to the members property.
20: members domain.uniq

Something similar might be added as input validation on the resource side.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.