1import pytest
2import salt.loader
3import salt.modules.win_lgpo as win_lgpo
4
5pytestmark = [
6    pytest.mark.windows_whitelisted,
7    pytest.mark.skip_unless_on_windows,
8    pytest.mark.destructive_test,
9]
10
11
12@pytest.fixture
13def configure_loader_modules(minion_opts, modules):
14    return {
15        win_lgpo: {
16            "__opts__": minion_opts,
17            "__salt__": modules,
18            "__utils__": salt.loader.utils(minion_opts),
19            "__context__": {},
20        },
21    }
22
23
24@pytest.fixture(scope="module")
25def disable_legacy_auditing():
26    # To test and use these policy settings we have to set one of the policies to Enabled
27    # Location: Windows Settings -> Security Settings -> Local Policies -> Security Options
28    # Policy: "Audit: Force audit policy subcategory settings..."
29    # Short Name: SceNoApplyLegacyAuditPolicy
30    from tests.support.sminion import create_sminion
31
32    salt_minion = create_sminion()
33    test_setting = "Enabled"
34    pre_security_setting = salt_minion.functions.lgpo.get_policy(
35        policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine"
36    )
37    pre_audit_setting = salt_minion.functions.lgpo.get_policy(
38        policy_name="Audit User Account Management", policy_class="machine"
39    )
40    try:
41        if pre_security_setting != test_setting:
42            salt_minion.functions.lgpo.set_computer_policy(
43                name="SceNoApplyLegacyAuditPolicy", setting=test_setting
44            )
45            assert (
46                salt_minion.functions.lgpo.get_policy(
47                    policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine"
48                )
49                == test_setting
50            )
51        yield
52    finally:
53        salt_minion.functions.lgpo.set_computer_policy(
54            name="SceNoApplyLegacyAuditPolicy", setting=pre_security_setting
55        )
56        salt_minion.functions.lgpo.set_computer_policy(
57            name="Audit User Account Management", setting=pre_audit_setting
58        )
59
60
61@pytest.fixture(scope="function")
62def clear_policy():
63    # Ensure the policy is not set
64    test_setting = "No Auditing"
65    win_lgpo.set_computer_policy(
66        name="Audit User Account Management", setting=test_setting
67    )
68    assert (
69        win_lgpo.get_policy(
70            policy_name="Audit User Account Management", policy_class="machine"
71        )
72        == test_setting
73    )
74
75
76@pytest.fixture(scope="function")
77def set_policy():
78    # Ensure the policy is set
79    test_setting = "Success"
80    win_lgpo.set_computer_policy(
81        name="Audit User Account Management", setting=test_setting
82    )
83    assert (
84        win_lgpo.get_policy(
85            policy_name="Audit User Account Management", policy_class="machine"
86        )
87        == test_setting
88    )
89
90
91def _test_adv_auditing(setting, expected):
92    """
93    Helper function to set an audit setting and assert that it was successful
94    """
95    win_lgpo.set_computer_policy(name="Audit User Account Management", setting=setting)
96    # Clear the context so we're getting the actual settings from the machine
97    result = win_lgpo._get_advaudit_value("Audit User Account Management", refresh=True)
98    assert result == expected
99
100
101def test_no_auditing(disable_legacy_auditing, set_policy):
102    _test_adv_auditing("No Auditing", "0")
103
104
105def test_success(disable_legacy_auditing, clear_policy):
106    _test_adv_auditing("Success", "1")
107
108
109def test_failure(disable_legacy_auditing, clear_policy):
110    _test_adv_auditing("Failure", "2")
111
112
113def test_success_and_failure(disable_legacy_auditing, clear_policy):
114    _test_adv_auditing("Success and Failure", "3")
115