Merge pull request #124665 from neolit123/1.31-fix-windows-priv-preflight-check

kubeadm: update the IsPriviligedUser preflight check on Windows
2025-08-11 04:52:08 +00:00 · 2024-05-02 13:13:28 -07:00 · 2024-05-02 13:13:28 -07:00 · 201e6262c4
commit 201e6262c4
parent bb838fde5b d105ddd350
1 changed files with 5 additions and 22 deletions
--- a/cmd/kubeadm/app/preflight/checks_windows.go
+++ b/cmd/kubeadm/app/preflight/checks_windows.go
@ -20,34 +20,17 @@ limitations under the License.
 package preflight
 import (
 	"os/user"
 	"github.com/pkg/errors"
 	"golang.org/x/sys/windows"
 )
 // The "Well-known SID" of Administrator group
 // https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
 const administratorSID = "S-1-5-32-544"
 // Check validates if a user has elevated (administrator) privileges.
 func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) {
-	currUser, err := user.Current()
+	hProcessToken := windows.GetCurrentProcessToken()
-	if err != nil {
+	if hProcessToken.IsElevated() {
-		return nil, []error{errors.Wrap(err, "cannot get current user")}
+		return nil, nil
 	}
-
+	return nil, []error{errors.New("the kubeadm process must be run by a user with elevated privileges")}
 	groupIds, err := currUser.GroupIds()
 	if err != nil {
 		return nil, []error{errors.Wrap(err, "cannot get group IDs for current user")}
 	}
 	for _, sid := range groupIds {
 		if sid == administratorSID {
 			return nil, nil
 		}
 	}
 	return nil, []error{errors.New("user is not running as administrator")}
 }
 // Check number of memory required by kubeadm