win_secedit: Added module with tests/diff mode (#26332)

* win_secedit: Added module with tests/diff mode

* fixed up test issues

* Added missing return value

* change for win_secedit based on review

* updated win_security_policy examples for rename

test/integration/targets/win_security_policy/aliases

@@ -0,0 +1 @@
+windows/ci/group1

test/integration/targets/win_security_policy/library/test_win_security_policy.ps1

@@ -0,0 +1,53 @@
+#!powershell
+
+# WANT_JSON
+# POWERSHELL_COMMON
+
+# basic script to get the lsit of users in a particular right
+# this is quite complex to put as a simple script so this is
+# just a simple module
+
+$ErrorActionPreference = 'Stop'
+
+$params = Parse-Args $args -supports_check_mode $false
+$section = Get-AnsibleParam -obj $params -name "section" -type "str" -failifempty $true
+$key = Get-AnsibleParam -obj $params -name "key" -type "str" -failifempty $true
+
+$result = @{
+    changed = $false
+}
+
+Function ConvertFrom-Ini($file_path) {
+    $ini = @{}
+    switch -Regex -File $file_path {
+        "^\[(.+)\]" {
+            $section = $matches[1]
+            $ini.$section = @{}
+        }
+        "(.+?)\s*=(.*)" {
+            $name = $matches[1].Trim()
+            $value = $matches[2].Trim()
+            if ($value -match "^\d+$") {
+                $value = [int]$value
+            } elseif ($value.StartsWith('"') -and $value.EndsWith('"')) {
+                $value = $value.Substring(1, $value.Length - 2)
+            }
+
+            $ini.$section.$name = $value
+        }
+    }
+
+    $ini
+}
+
+$secedit_ini_path = [IO.Path]::GetTempFileName()
+&SecEdit.exe /export /cfg $secedit_ini_path /quiet
+$secedit_ini = ConvertFrom-Ini -file_path $secedit_ini_path
+
+if ($secedit_ini.ContainsKey($section)) {
+    $result.value = $secedit_ini.$section.$key
+} else {
+    $result.value = $null
+}
+
+Exit-Json $result

test/integration/targets/win_security_policy/tasks/main.yml

@@ -0,0 +1,41 @@
+---
+- name: get current entry for audit
+  test_win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+  register: before_value_audit
+
+- name: get current entry for guest
+  test_win_security_policy:
+    section: System Access
+    key: NewGuestName
+  register: before_value_guest
+
+- block:
+  - name: set AuditSystemEvents entry before tests
+    win_security_policy:
+      section: Event Audit
+      key: AuditSystemEvents
+      value: 0
+
+  - name: set NewGuestName entry before tests
+    win_security_policy:
+      section: System Access
+      key: NewGuestName
+      value: Guest
+  
+  - name: run tests
+    include_tasks: tests.yml
+
+  always:
+  - name: reset entries for AuditSystemEvents
+    win_security_policy:
+      section: Event Audit
+      key: AuditSystemEvents
+      value: "{{before_value_audit.value}}"
+
+  - name: reset entries for NewGuestName
+    win_security_policy:
+      section: System Access
+      key: NewGuestName
+      value: "{{before_value_guest.value}}"

test/integration/targets/win_security_policy/tasks/tests.yml

@@ -0,0 +1,133 @@
+---
+- name: fail with invalid section name
+  win_security_policy:
+    section: This is not a valid section
+    key: KeyName
+    value: 0
+  register: fail_invalid_section
+  failed_when: fail_invalid_section.msg != "The section 'This is not a valid section' does not exist in SecEdit.exe output ini"
+
+- name: fail with invalid key name
+  win_security_policy:
+    section: System Access
+    key: InvalidKey
+    value: 0
+  register: fail_invalid_key
+  failed_when: fail_invalid_key.msg != "The key 'InvalidKey' in section 'System Access' is not a valid key, cannot set this value"
+
+- name: change existing key check
+  win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+    value: 1
+  register: change_existing_check
+  check_mode: yes
+
+- name: get actual change existing key check
+  test_win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+  register: change_existing_actual_check
+
+- name: assert change existing key check
+  assert:
+    that:
+    - change_existing_check|changed
+    - change_existing_actual_check.value == 0
+
+- name: change existing key
+  win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+    value: 1
+  register: change_existing
+
+- name: get actual change existing key
+  test_win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+  register: change_existing_actual
+
+- name: assert change existing key
+  assert:
+    that:
+    - change_existing|changed
+    - change_existing_actual.value == 1
+
+- name: change existing key again
+  win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+    value: 1
+  register: change_existing_again
+
+- name: assert change existing key again
+  assert:
+    that:
+    - not change_existing_again|changed
+    - change_existing_again.value == 1
+
+- name: change existing key with string type
+  win_security_policy:
+    section: Event Audit
+    key: AuditSystemEvents
+    value: "1"
+  register: change_existing_key_with_type
+
+- name: assert change existing key with string type
+  assert:
+    that:
+    - not change_existing_key_with_type|changed
+    - change_existing_key_with_type.value == "1"
+
+- name: change existing string key check
+  win_security_policy:
+    section: System Access
+    key: NewGuestName
+    value: New Guest
+  register: change_existing_string_check
+  check_mode: yes
+
+- name: get actual change existing string key check
+  test_win_security_policy:
+    section: System Access
+    key: NewGuestName
+  register: change_existing_string_actual_check
+
+- name: assert change existing string key check
+  assert:
+    that:
+    - change_existing_string_check|changed
+    - change_existing_string_actual_check.value == "Guest"
+
+- name: change existing string key
+  win_security_policy:
+    section: System Access
+    key: NewGuestName
+    value: New Guest
+  register: change_existing_string
+
+- name: get actual change existing string key
+  test_win_security_policy:
+    section: System Access
+    key: NewGuestName
+  register: change_existing_string_actual
+
+- name: assert change existing string key
+  assert:
+    that:
+    - change_existing_string|changed
+    - change_existing_string_actual.value == "New Guest"
+
+- name: change existing string key again
+  win_security_policy:
+    section: System Access
+    key: NewGuestName
+    value: New Guest
+  register: change_existing_string_again
+
+- name: assert change existing string key again
+  assert:
+    that:
+    - not change_existing_string_again|changed
+    - change_existing_string_again.value == "New Guest"