mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-24 05:40:23 -07:00
win_secedit: Added module with tests/diff mode (#26332)
* win_secedit: Added module with tests/diff mode * fixed up test issues * Added missing return value * change for win_secedit based on review * updated win_security_policy examples for rename
This commit is contained in:
parent
53295b2cbf
commit
8e05d7d962
6 changed files with 561 additions and 0 deletions
1
test/integration/targets/win_security_policy/aliases
Normal file
1
test/integration/targets/win_security_policy/aliases
Normal file
|
@ -0,0 +1 @@
|
|||
windows/ci/group1
|
|
@ -0,0 +1,53 @@
|
|||
#!powershell
|
||||
|
||||
# WANT_JSON
|
||||
# POWERSHELL_COMMON
|
||||
|
||||
# basic script to get the lsit of users in a particular right
|
||||
# this is quite complex to put as a simple script so this is
|
||||
# just a simple module
|
||||
|
||||
$ErrorActionPreference = 'Stop'
|
||||
|
||||
$params = Parse-Args $args -supports_check_mode $false
|
||||
$section = Get-AnsibleParam -obj $params -name "section" -type "str" -failifempty $true
|
||||
$key = Get-AnsibleParam -obj $params -name "key" -type "str" -failifempty $true
|
||||
|
||||
$result = @{
|
||||
changed = $false
|
||||
}
|
||||
|
||||
Function ConvertFrom-Ini($file_path) {
|
||||
$ini = @{}
|
||||
switch -Regex -File $file_path {
|
||||
"^\[(.+)\]" {
|
||||
$section = $matches[1]
|
||||
$ini.$section = @{}
|
||||
}
|
||||
"(.+?)\s*=(.*)" {
|
||||
$name = $matches[1].Trim()
|
||||
$value = $matches[2].Trim()
|
||||
if ($value -match "^\d+$") {
|
||||
$value = [int]$value
|
||||
} elseif ($value.StartsWith('"') -and $value.EndsWith('"')) {
|
||||
$value = $value.Substring(1, $value.Length - 2)
|
||||
}
|
||||
|
||||
$ini.$section.$name = $value
|
||||
}
|
||||
}
|
||||
|
||||
$ini
|
||||
}
|
||||
|
||||
$secedit_ini_path = [IO.Path]::GetTempFileName()
|
||||
&SecEdit.exe /export /cfg $secedit_ini_path /quiet
|
||||
$secedit_ini = ConvertFrom-Ini -file_path $secedit_ini_path
|
||||
|
||||
if ($secedit_ini.ContainsKey($section)) {
|
||||
$result.value = $secedit_ini.$section.$key
|
||||
} else {
|
||||
$result.value = $null
|
||||
}
|
||||
|
||||
Exit-Json $result
|
41
test/integration/targets/win_security_policy/tasks/main.yml
Normal file
41
test/integration/targets/win_security_policy/tasks/main.yml
Normal file
|
@ -0,0 +1,41 @@
|
|||
---
|
||||
- name: get current entry for audit
|
||||
test_win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
register: before_value_audit
|
||||
|
||||
- name: get current entry for guest
|
||||
test_win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
register: before_value_guest
|
||||
|
||||
- block:
|
||||
- name: set AuditSystemEvents entry before tests
|
||||
win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
value: 0
|
||||
|
||||
- name: set NewGuestName entry before tests
|
||||
win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
value: Guest
|
||||
|
||||
- name: run tests
|
||||
include_tasks: tests.yml
|
||||
|
||||
always:
|
||||
- name: reset entries for AuditSystemEvents
|
||||
win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
value: "{{before_value_audit.value}}"
|
||||
|
||||
- name: reset entries for NewGuestName
|
||||
win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
value: "{{before_value_guest.value}}"
|
133
test/integration/targets/win_security_policy/tasks/tests.yml
Normal file
133
test/integration/targets/win_security_policy/tasks/tests.yml
Normal file
|
@ -0,0 +1,133 @@
|
|||
---
|
||||
- name: fail with invalid section name
|
||||
win_security_policy:
|
||||
section: This is not a valid section
|
||||
key: KeyName
|
||||
value: 0
|
||||
register: fail_invalid_section
|
||||
failed_when: fail_invalid_section.msg != "The section 'This is not a valid section' does not exist in SecEdit.exe output ini"
|
||||
|
||||
- name: fail with invalid key name
|
||||
win_security_policy:
|
||||
section: System Access
|
||||
key: InvalidKey
|
||||
value: 0
|
||||
register: fail_invalid_key
|
||||
failed_when: fail_invalid_key.msg != "The key 'InvalidKey' in section 'System Access' is not a valid key, cannot set this value"
|
||||
|
||||
- name: change existing key check
|
||||
win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
value: 1
|
||||
register: change_existing_check
|
||||
check_mode: yes
|
||||
|
||||
- name: get actual change existing key check
|
||||
test_win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
register: change_existing_actual_check
|
||||
|
||||
- name: assert change existing key check
|
||||
assert:
|
||||
that:
|
||||
- change_existing_check|changed
|
||||
- change_existing_actual_check.value == 0
|
||||
|
||||
- name: change existing key
|
||||
win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
value: 1
|
||||
register: change_existing
|
||||
|
||||
- name: get actual change existing key
|
||||
test_win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
register: change_existing_actual
|
||||
|
||||
- name: assert change existing key
|
||||
assert:
|
||||
that:
|
||||
- change_existing|changed
|
||||
- change_existing_actual.value == 1
|
||||
|
||||
- name: change existing key again
|
||||
win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
value: 1
|
||||
register: change_existing_again
|
||||
|
||||
- name: assert change existing key again
|
||||
assert:
|
||||
that:
|
||||
- not change_existing_again|changed
|
||||
- change_existing_again.value == 1
|
||||
|
||||
- name: change existing key with string type
|
||||
win_security_policy:
|
||||
section: Event Audit
|
||||
key: AuditSystemEvents
|
||||
value: "1"
|
||||
register: change_existing_key_with_type
|
||||
|
||||
- name: assert change existing key with string type
|
||||
assert:
|
||||
that:
|
||||
- not change_existing_key_with_type|changed
|
||||
- change_existing_key_with_type.value == "1"
|
||||
|
||||
- name: change existing string key check
|
||||
win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
value: New Guest
|
||||
register: change_existing_string_check
|
||||
check_mode: yes
|
||||
|
||||
- name: get actual change existing string key check
|
||||
test_win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
register: change_existing_string_actual_check
|
||||
|
||||
- name: assert change existing string key check
|
||||
assert:
|
||||
that:
|
||||
- change_existing_string_check|changed
|
||||
- change_existing_string_actual_check.value == "Guest"
|
||||
|
||||
- name: change existing string key
|
||||
win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
value: New Guest
|
||||
register: change_existing_string
|
||||
|
||||
- name: get actual change existing string key
|
||||
test_win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
register: change_existing_string_actual
|
||||
|
||||
- name: assert change existing string key
|
||||
assert:
|
||||
that:
|
||||
- change_existing_string|changed
|
||||
- change_existing_string_actual.value == "New Guest"
|
||||
|
||||
- name: change existing string key again
|
||||
win_security_policy:
|
||||
section: System Access
|
||||
key: NewGuestName
|
||||
value: New Guest
|
||||
register: change_existing_string_again
|
||||
|
||||
- name: assert change existing string key again
|
||||
assert:
|
||||
that:
|
||||
- not change_existing_string_again|changed
|
||||
- change_existing_string_again.value == "New Guest"
|
Loading…
Add table
Add a link
Reference in a new issue