new windows module win_audit_policy_system (#31046)

* new windows module win_audit_policy_system * removed the backup/restore functionality adjusted to use run-command rather than running the command directly adjusted testing appropriately for the above changes * fixed issue with variable naming in testing removed .psm1 from requires fixed copyright * Updated audit_type to list and added appropriate error handling Updated testing accordingly Fixed up documentation
2025-10-22 12:03:58 -07:00 · 2017-12-04 17:42:36 -05:00 · 2017-12-04 17:42:36 -05:00 · cf6f6d09db
commit cf6f6d09db
parent 807bebaa1f
7 changed files with 443 additions and 0 deletions
--- a/test/integration/targets/win_audit_policy_system/aliases
+++ b/test/integration/targets/win_audit_policy_system/aliases
@ -0,0 +1 @@
+windows/ci/group2
--- a/test/integration/targets/win_audit_policy_system/defaults/main.yml
+++ b/test/integration/targets/win_audit_policy_system/defaults/main.yml
@ -0,0 +1,3 @@
+#important that the subcategory is from a different category
+category_name: detailed tracking
+subcategory_name: file system
--- a/test/integration/targets/win_audit_policy_system/tasks/add.yml
+++ b/test/integration/targets/win_audit_policy_system/tasks/add.yml
@ -0,0 +1,108 @@
+########################
+### check mode apply ###
+########################
+- name: check mode enable category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: success
+  check_mode: yes
+  register: category
+
+- name: check mode enable subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: success, failure
+  check_mode: yes
+  register: subcategory
+
+- name: check mode assert that changed is true
+  assert:
+    that:
+      - category | changed
+      - subcategory | changed
+
+- name: check mode assert that audit_type is "no auditing"
+  assert:
+    that:
+      - item == "no auditing"
+  with_items:
+    - "{{ subcategory.current_audit_policy.values() | list }}"
+    - "{{ category.current_audit_policy.values() | list | unique }}"
+
+#alternative check for category...pretty noise and requires more lines
+#  - name: assert that audit_type is no auditing
+#    assert:
+#      that: item.value == "no auditing"
+#    with_dict: "{{ category.current_audit_policy }}"
+
+####################
+### apply change ###
+####################
+
+- name: enable category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: success
+  register: category
+
+- name: enable subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: success, failure
+  register: subcategory
+
+- name: enable assert that changed is true
+  assert:
+    that:
+      - category | changed
+      - subcategory | changed
+
+- name: enable assert that audit_type is "success" for category
+  assert:
+    that:
+      - item == "success"
+  with_items:
+    - "{{ category.current_audit_policy.values() | list | unique }}"
+
+- name: enable assert that audit_type is "success and failure" for subcategory
+  assert:
+    that:
+      - item == "success and failure"
+  with_items:
+    - "{{ subcategory.current_audit_policy.values() | list }}"
+
+###############################
+### idempotent apply change ###
+###############################
+
+- name: idem enable category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: success
+  register: category
+
+- name: idem enable subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: success, failure
+  register: subcategory
+
+- name: idem assert that changed is false
+  assert:
+    that:
+      - not category | changed
+      - not subcategory | changed
+
+- name: idem assert that audit_type is "success" for category
+  assert:
+    that:
+      - item == "success"
+  with_items:
+    - "{{ category.current_audit_policy.values() | list | unique }}"
+
+- name: idem assert that audit_type is "success and failure" for subcategory
+  assert:
+    that:
+      - item == "success and failure"
+  with_items:
+    - "{{ subcategory.current_audit_policy.values() | list }}"
--- a/test/integration/targets/win_audit_policy_system/tasks/main.yml
+++ b/test/integration/targets/win_audit_policy_system/tasks/main.yml
@ -0,0 +1,25 @@
+#turn off so then we can test changes occur on enable. Turning off for object access also
+#covers our subcategory test for file system
+- name: turn off auditing for category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: none
+
+- name: turn off auditing for subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: none
+
+- block:
+    - include_tasks: add.yml
+    - include_tasks: remove.yml
+  always:
+  - name: CLEANUP turn "{{ category_name }}" back to no auditing
+    win_audit_policy_system:
+      category: "{{ category_name }}"
+      audit_type: none
+
+  - name: CLEANUP turn "{{ subcategory_name }}" back to no auditing
+    win_audit_policy_system:
+      subcategory: "{{ subcategory_name }}"
+      audit_type: none
--- a/test/integration/targets/win_audit_policy_system/tasks/remove.yml
+++ b/test/integration/targets/win_audit_policy_system/tasks/remove.yml
@ -0,0 +1,96 @@
+#########################
+### check mode remove ###
+#########################
+- name: check mode disable category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: none
+  check_mode: yes
+  register: category
+
+- name: check mode disable subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: none
+  check_mode: yes
+  register: subcategory
+
+- name: check mode assert that changed is true
+  assert:
+    that:
+      - category | changed
+      - subcategory | changed
+
+- name: check mode assert that audit_type is still "success" (old value) for category
+  assert:
+    that:
+      - item == "success"
+  with_items:
+    - "{{ category.current_audit_policy.values() | list | unique }}"
+
+- name: check mode assert that audit_type is still "success and failure" (old value) for subcategory
+  assert:
+    that:
+      - item == "success and failure"
+  with_items:
+    - "{{ subcategory.current_audit_policy.values() | list }}"
+
+######################
+### disable policy ###
+######################
+
+- name: disable category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: none
+  register: category
+
+- name: disable subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: none
+  register: subcategory
+
+- name: assert that changed is true
+  assert:
+    that:
+      - category | changed
+      - subcategory | changed
+
+- name: assert that audit_type is "no auditing"
+  assert:
+    that:
+      - item == "no auditing"
+  with_items:
+    - "{{ subcategory.current_audit_policy.values() | list }}"
+    - "{{ category.current_audit_policy.values() | list | unique }}"
+
+##########################
+### idempotent disable ###
+##########################
+
+- name: idem disable category
+  win_audit_policy_system:
+    category: "{{ category_name }}"
+    audit_type: none
+  register: category
+
+- name: idem disable subcategory
+  win_audit_policy_system:
+    subcategory: "{{ subcategory_name }}"
+    audit_type: none
+  register: subcategory
+
+- name: idem assert that changed is false
+  assert:
+    that:
+      - not category | changed
+      - not subcategory | changed
+
+- name: assert that audit_type is "no auditing"
+  assert:
+    that:
+      - item == "no auditing"
+  with_items:
+    - "{{ subcategory.current_audit_policy.values() | list }}"
+    - "{{ category.current_audit_policy.values() | list | unique }}"