1import pytest 2import salt.loader 3import salt.modules.win_lgpo as win_lgpo 4 5pytestmark = [ 6 pytest.mark.windows_whitelisted, 7 pytest.mark.skip_unless_on_windows, 8 pytest.mark.destructive_test, 9] 10 11 12@pytest.fixture 13def configure_loader_modules(minion_opts, modules): 14 return { 15 win_lgpo: { 16 "__opts__": minion_opts, 17 "__salt__": modules, 18 "__utils__": salt.loader.utils(minion_opts), 19 "__context__": {}, 20 }, 21 } 22 23 24@pytest.fixture(scope="module") 25def disable_legacy_auditing(): 26 # To test and use these policy settings we have to set one of the policies to Enabled 27 # Location: Windows Settings -> Security Settings -> Local Policies -> Security Options 28 # Policy: "Audit: Force audit policy subcategory settings..." 29 # Short Name: SceNoApplyLegacyAuditPolicy 30 from tests.support.sminion import create_sminion 31 32 salt_minion = create_sminion() 33 test_setting = "Enabled" 34 pre_security_setting = salt_minion.functions.lgpo.get_policy( 35 policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine" 36 ) 37 pre_audit_setting = salt_minion.functions.lgpo.get_policy( 38 policy_name="Audit User Account Management", policy_class="machine" 39 ) 40 try: 41 if pre_security_setting != test_setting: 42 salt_minion.functions.lgpo.set_computer_policy( 43 name="SceNoApplyLegacyAuditPolicy", setting=test_setting 44 ) 45 assert ( 46 salt_minion.functions.lgpo.get_policy( 47 policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine" 48 ) 49 == test_setting 50 ) 51 yield 52 finally: 53 salt_minion.functions.lgpo.set_computer_policy( 54 name="SceNoApplyLegacyAuditPolicy", setting=pre_security_setting 55 ) 56 salt_minion.functions.lgpo.set_computer_policy( 57 name="Audit User Account Management", setting=pre_audit_setting 58 ) 59 60 61@pytest.fixture(scope="function") 62def clear_policy(): 63 # Ensure the policy is not set 64 test_setting = "No Auditing" 65 win_lgpo.set_computer_policy( 66 name="Audit User Account Management", setting=test_setting 67 ) 68 assert ( 69 win_lgpo.get_policy( 70 policy_name="Audit User Account Management", policy_class="machine" 71 ) 72 == test_setting 73 ) 74 75 76@pytest.fixture(scope="function") 77def set_policy(): 78 # Ensure the policy is set 79 test_setting = "Success" 80 win_lgpo.set_computer_policy( 81 name="Audit User Account Management", setting=test_setting 82 ) 83 assert ( 84 win_lgpo.get_policy( 85 policy_name="Audit User Account Management", policy_class="machine" 86 ) 87 == test_setting 88 ) 89 90 91def _test_adv_auditing(setting, expected): 92 """ 93 Helper function to set an audit setting and assert that it was successful 94 """ 95 win_lgpo.set_computer_policy(name="Audit User Account Management", setting=setting) 96 # Clear the context so we're getting the actual settings from the machine 97 result = win_lgpo._get_advaudit_value("Audit User Account Management", refresh=True) 98 assert result == expected 99 100 101def test_no_auditing(disable_legacy_auditing, set_policy): 102 _test_adv_auditing("No Auditing", "0") 103 104 105def test_success(disable_legacy_auditing, clear_policy): 106 _test_adv_auditing("Success", "1") 107 108 109def test_failure(disable_legacy_auditing, clear_policy): 110 _test_adv_auditing("Failure", "2") 111 112 113def test_success_and_failure(disable_legacy_auditing, clear_policy): 114 _test_adv_auditing("Success and Failure", "3") 115