mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-24 21:14:00 -07:00 
			
		
		
		
	win_acl: fix recent bug and add basic tests (#43054)
This commit is contained in:
		
					parent
					
						
							
								35f6bbf18b
							
						
					
				
			
			
				commit
				
					
						64f5f9c2f9
					
				
			
		
					 5 changed files with 185 additions and 1 deletions
				
			
		|  | @ -182,7 +182,7 @@ if (!$sid) { | |||
| If (Test-Path -Path $path -PathType Leaf) { | ||||
|     $inherit = "None" | ||||
| } | ||||
| ElseIf ($inherit -eq "") { | ||||
| ElseIf ($null -eq $inherit) { | ||||
|     $inherit = "ContainerInherit, ObjectInherit" | ||||
| } | ||||
| 
 | ||||
|  |  | |||
							
								
								
									
										1
									
								
								test/integration/targets/win_acl/aliases
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										1
									
								
								test/integration/targets/win_acl/aliases
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1 @@ | |||
| windows/ci/group3 | ||||
							
								
								
									
										2
									
								
								test/integration/targets/win_acl/defaults/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										2
									
								
								test/integration/targets/win_acl/defaults/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,2 @@ | |||
| --- | ||||
| test_acl_path: '{{ win_output_dir }}/win_acl' | ||||
							
								
								
									
										18
									
								
								test/integration/targets/win_acl/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								test/integration/targets/win_acl/tasks/main.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,18 @@ | |||
| --- | ||||
| - name: ensure we start with a clean dir | ||||
|   win_file: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     state: '{{ item }}' | ||||
|   with_items: | ||||
|   - absent | ||||
|   - directory | ||||
| 
 | ||||
| - block: | ||||
|   - name: run tests | ||||
|     include_tasks: tests.yml | ||||
| 
 | ||||
|   always: | ||||
|   - name: clenaup testing dir | ||||
|     win_file: | ||||
|       path: '{{ test_acl_path }}' | ||||
|       state: absent | ||||
							
								
								
									
										163
									
								
								test/integration/targets/win_acl/tasks/tests.yml
									
										
									
									
									
										Normal file
									
								
							
							
						
						
									
										163
									
								
								test/integration/targets/win_acl/tasks/tests.yml
									
										
									
									
									
										Normal file
									
								
							|  | @ -0,0 +1,163 @@ | |||
| # these are very basic tests, they should be expanded greatly as this is a core module | ||||
| --- | ||||
| - name: get register cmd that will get ace info | ||||
|   set_fact: | ||||
|     test_ace_cmd: | | ||||
|       $ace_list = (Get-Acl -Path $path).Access | Where-Object { $_.IsInherited -eq $false } | ForEach-Object { | ||||
|           @{ | ||||
|               rights = $_.FileSystemRights.ToString() | ||||
|               type = $_.AccessControlType.ToString() | ||||
|               identity = $_.IdentityReference.Value.ToString() | ||||
|               inheritance_flags = $_.InheritanceFlags.ToString() | ||||
|               propagation_flags = $_.PropagationFlags.ToString() | ||||
|           } | ||||
|       } | ||||
|       ConvertTo-Json -InputObject @($ace_list) | ||||
| 
 | ||||
| - name: add write rights to Guest | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: allow | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|   register: allow_right | ||||
| 
 | ||||
| - name: get result of add write rights to Guest | ||||
|   win_shell: '$path = ''{{ test_acl_path }}''; {{ test_ace_cmd }}' | ||||
|   register: allow_right_actual | ||||
| 
 | ||||
| - name: assert add write rights to Guest | ||||
|   assert: | ||||
|     that: | ||||
|     - allow_right is changed | ||||
|     - (allow_right_actual.stdout|from_json)|count == 1 | ||||
|     - (allow_right_actual.stdout|from_json)[0].identity == 'BUILTIN\Guests' | ||||
|     - (allow_right_actual.stdout|from_json)[0].inheritance_flags == 'ContainerInherit, ObjectInherit' | ||||
|     - (allow_right_actual.stdout|from_json)[0].propagation_flags == 'None' | ||||
|     - (allow_right_actual.stdout|from_json)[0].rights == 'Write, Synchronize' | ||||
|     - (allow_right_actual.stdout|from_json)[0].type == 'Allow' | ||||
| 
 | ||||
| - name: add write rights to Guest (idempotent) | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: allow | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|   register: allow_right_again | ||||
| 
 | ||||
| - name: assert add write rights to Guest (idempotent) | ||||
|   assert: | ||||
|     that: | ||||
|     - not allow_right_again is changed | ||||
| 
 | ||||
| - name: remove write rights from Guest | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: allow | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|     state: absent | ||||
|   register: remove_right | ||||
| 
 | ||||
| - name: get result of remove write rights from Guest | ||||
|   win_shell: '$path = ''{{ test_acl_path }}''; {{ test_ace_cmd }}' | ||||
|   register: remove_right_actual | ||||
| 
 | ||||
| - name: assert remove write rights from Guest | ||||
|   assert: | ||||
|     that: | ||||
|     - remove_right is changed | ||||
|     - remove_right_actual.stdout_lines == ["[", "", "]"] | ||||
| 
 | ||||
| - name: remove write rights from Guest (idempotent) | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: allow | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|     state: absent | ||||
|   register: remove_right_again | ||||
| 
 | ||||
| - name: assert remote write rights from Guest (idempotent) | ||||
|   assert: | ||||
|     that: | ||||
|     - not remove_right_again is changed | ||||
| 
 | ||||
| - name: add deny write rights to Guest | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: deny | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|     inherit: ContainerInherit | ||||
|     propagation: NoPropagateInherit | ||||
|     state: present | ||||
|   register: add_deny_right | ||||
| 
 | ||||
| - name: get result of add deny write rights to Guest | ||||
|   win_shell: '$path = ''{{ test_acl_path }}''; {{ test_ace_cmd }}' | ||||
|   register: add_deny_right_actual | ||||
| 
 | ||||
| - name: assert add deny write rights to Guest | ||||
|   assert: | ||||
|     that: | ||||
|     - add_deny_right is changed | ||||
|     - (add_deny_right_actual.stdout|from_json)|count == 1 | ||||
|     - (add_deny_right_actual.stdout|from_json)[0].identity == 'BUILTIN\Guests' | ||||
|     - (add_deny_right_actual.stdout|from_json)[0].inheritance_flags == 'ContainerInherit' | ||||
|     - (add_deny_right_actual.stdout|from_json)[0].propagation_flags == 'NoPropagateInherit' | ||||
|     - (add_deny_right_actual.stdout|from_json)[0].rights == 'Write' | ||||
|     - (add_deny_right_actual.stdout|from_json)[0].type == 'Deny' | ||||
| 
 | ||||
| - name: add deny write rights to Guest (idempotent) | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: deny | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|     inherit: ContainerInherit | ||||
|     propagation: NoPropagateInherit | ||||
|     state: present | ||||
|   register: add_deny_right_again | ||||
| 
 | ||||
| - name: assert add deny write rights to Guest (idempotent) | ||||
|   assert: | ||||
|     that: | ||||
|     - not add_deny_right_again is changed | ||||
| 
 | ||||
| - name: remove deny write rights from Guest | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: deny | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|     inherit: ContainerInherit | ||||
|     propagation: NoPropagateInherit | ||||
|     state: absent | ||||
|   register: remove_deny_right | ||||
| 
 | ||||
| - name: get result of remove deny write rights from Guest | ||||
|   win_shell: '$path = ''{{ test_acl_path }}''; {{ test_ace_cmd }}' | ||||
|   register: remove_deny_right_actual | ||||
| 
 | ||||
| - name: assert remove deny write rights from Guest | ||||
|   assert: | ||||
|     that: | ||||
|     - remove_deny_right is changed | ||||
|     - remove_deny_right_actual.stdout_lines == ["[", "", "]"] | ||||
| 
 | ||||
| - name: remove deny write rights from Guest (idempotent) | ||||
|   win_acl: | ||||
|     path: '{{ test_acl_path }}' | ||||
|     type: deny | ||||
|     user: Guests | ||||
|     rights: Write | ||||
|     inherit: ContainerInherit | ||||
|     propagation: NoPropagateInherit | ||||
|     state: absent | ||||
|   register: remove_deny_right_again | ||||
| 
 | ||||
| - name: assert remove deny write rights from Guest (idempotent) | ||||
|   assert: | ||||
|     that: | ||||
|     - not remove_deny_right_again is changed | ||||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue