win_secedit: Added module with tests/diff mode (#26332)

* win_secedit: Added module with tests/diff mode

* fixed up test issues

* Added missing return value

* change for win_secedit based on review

* updated win_security_policy examples for rename
This commit is contained in:
Jordan Borean 2017-07-15 04:00:29 +10:00 committed by Matt Davis
commit 8e05d7d962
6 changed files with 561 additions and 0 deletions

View file

@ -0,0 +1 @@
windows/ci/group1

View file

@ -0,0 +1,53 @@
#!powershell
# WANT_JSON
# POWERSHELL_COMMON
# basic script to get the lsit of users in a particular right
# this is quite complex to put as a simple script so this is
# just a simple module
$ErrorActionPreference = 'Stop'
$params = Parse-Args $args -supports_check_mode $false
$section = Get-AnsibleParam -obj $params -name "section" -type "str" -failifempty $true
$key = Get-AnsibleParam -obj $params -name "key" -type "str" -failifempty $true
$result = @{
changed = $false
}
Function ConvertFrom-Ini($file_path) {
$ini = @{}
switch -Regex -File $file_path {
"^\[(.+)\]" {
$section = $matches[1]
$ini.$section = @{}
}
"(.+?)\s*=(.*)" {
$name = $matches[1].Trim()
$value = $matches[2].Trim()
if ($value -match "^\d+$") {
$value = [int]$value
} elseif ($value.StartsWith('"') -and $value.EndsWith('"')) {
$value = $value.Substring(1, $value.Length - 2)
}
$ini.$section.$name = $value
}
}
$ini
}
$secedit_ini_path = [IO.Path]::GetTempFileName()
&SecEdit.exe /export /cfg $secedit_ini_path /quiet
$secedit_ini = ConvertFrom-Ini -file_path $secedit_ini_path
if ($secedit_ini.ContainsKey($section)) {
$result.value = $secedit_ini.$section.$key
} else {
$result.value = $null
}
Exit-Json $result

View file

@ -0,0 +1,41 @@
---
- name: get current entry for audit
test_win_security_policy:
section: Event Audit
key: AuditSystemEvents
register: before_value_audit
- name: get current entry for guest
test_win_security_policy:
section: System Access
key: NewGuestName
register: before_value_guest
- block:
- name: set AuditSystemEvents entry before tests
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: 0
- name: set NewGuestName entry before tests
win_security_policy:
section: System Access
key: NewGuestName
value: Guest
- name: run tests
include_tasks: tests.yml
always:
- name: reset entries for AuditSystemEvents
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: "{{before_value_audit.value}}"
- name: reset entries for NewGuestName
win_security_policy:
section: System Access
key: NewGuestName
value: "{{before_value_guest.value}}"

View file

@ -0,0 +1,133 @@
---
- name: fail with invalid section name
win_security_policy:
section: This is not a valid section
key: KeyName
value: 0
register: fail_invalid_section
failed_when: fail_invalid_section.msg != "The section 'This is not a valid section' does not exist in SecEdit.exe output ini"
- name: fail with invalid key name
win_security_policy:
section: System Access
key: InvalidKey
value: 0
register: fail_invalid_key
failed_when: fail_invalid_key.msg != "The key 'InvalidKey' in section 'System Access' is not a valid key, cannot set this value"
- name: change existing key check
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: 1
register: change_existing_check
check_mode: yes
- name: get actual change existing key check
test_win_security_policy:
section: Event Audit
key: AuditSystemEvents
register: change_existing_actual_check
- name: assert change existing key check
assert:
that:
- change_existing_check|changed
- change_existing_actual_check.value == 0
- name: change existing key
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: 1
register: change_existing
- name: get actual change existing key
test_win_security_policy:
section: Event Audit
key: AuditSystemEvents
register: change_existing_actual
- name: assert change existing key
assert:
that:
- change_existing|changed
- change_existing_actual.value == 1
- name: change existing key again
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: 1
register: change_existing_again
- name: assert change existing key again
assert:
that:
- not change_existing_again|changed
- change_existing_again.value == 1
- name: change existing key with string type
win_security_policy:
section: Event Audit
key: AuditSystemEvents
value: "1"
register: change_existing_key_with_type
- name: assert change existing key with string type
assert:
that:
- not change_existing_key_with_type|changed
- change_existing_key_with_type.value == "1"
- name: change existing string key check
win_security_policy:
section: System Access
key: NewGuestName
value: New Guest
register: change_existing_string_check
check_mode: yes
- name: get actual change existing string key check
test_win_security_policy:
section: System Access
key: NewGuestName
register: change_existing_string_actual_check
- name: assert change existing string key check
assert:
that:
- change_existing_string_check|changed
- change_existing_string_actual_check.value == "Guest"
- name: change existing string key
win_security_policy:
section: System Access
key: NewGuestName
value: New Guest
register: change_existing_string
- name: get actual change existing string key
test_win_security_policy:
section: System Access
key: NewGuestName
register: change_existing_string_actual
- name: assert change existing string key
assert:
that:
- change_existing_string|changed
- change_existing_string_actual.value == "New Guest"
- name: change existing string key again
win_security_policy:
section: System Access
key: NewGuestName
value: New Guest
register: change_existing_string_again
- name: assert change existing string key again
assert:
that:
- not change_existing_string_again|changed
- change_existing_string_again.value == "New Guest"