Merge pull request #77989 from ksubrmnn/kubeadm

Use os package for Windows IsPrivilegedUserCheck

cmd/kubeadm/app/preflight/checks_windows.go

@@ -19,28 +19,38 @@ limitations under the License.
 package preflight
 
 import (
-	"os/exec"
+	"os/user"
-	"strings"
 
 	"github.com/pkg/errors"
 )
 
-// Check validates if an user has elevated (administrator) privileges.
+// The "Well-known SID" of Administrator group
+// https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems
+const administratorSID = "S-1-5-32-544"
+
+// Check validates if a user has elevated (administrator) privileges.
 func (ipuc IsPrivilegedUserCheck) Check() (warnings, errorList []error) {
 	errorList = []error{}
 
-	// The "Well-known SID" of Administrator group is S-1-5-32-544
+	currUser, err := user.Current()
-	// The following powershell will return "True" if run as an administrator, "False" otherwise
-	// See https://msdn.microsoft.com/en-us/library/cc980032.aspx
-	args := []string{"[bool](([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match \"S-1-5-32-544\")"}
-	isAdmin, err := exec.Command("powershell", args...).Output()
-
 	if err != nil {
-		errorList = append(errorList, errors.Wrap(err, "unable to determine if user is running as administrator"))
+		errorList = append(errorList, errors.New("cannot get current user"))
-	} else if strings.EqualFold(strings.TrimSpace(string(isAdmin)), "false") {
+		return nil, errorList
-		errorList = append(errorList, errors.New("user is not running as administrator"))
 	}
 
+	groupIds, err := currUser.GroupIds()
+	if err != nil {
+		errorList = append(errorList, errors.New("cannot get group IDs for current user"))
+		return nil, errorList
+	}
+
+	for _, sid := range groupIds {
+		if sid == administratorSID {
+			return nil, errorList
+		}
+	}
+
+	errorList = append(errorList, errors.New("user is not running as administrator"))
 	return nil, errorList
 }