1import pytest 2import salt.loader 3import salt.modules.win_lgpo as win_lgpo 4 5pytestmark = [ 6 pytest.mark.windows_whitelisted, 7 pytest.mark.skip_unless_on_windows, 8 pytest.mark.destructive_test, 9] 10 11 12@pytest.fixture 13def configure_loader_modules(minion_opts, modules): 14 return { 15 win_lgpo: { 16 "__opts__": minion_opts, 17 "__salt__": modules, 18 "__utils__": salt.loader.utils(minion_opts), 19 }, 20 } 21 22 23@pytest.fixture(scope="module") 24def enable_legacy_auditing(): 25 # To test and use these policy settings we have to set one of the policies to Disabled 26 # Location: Windows Settings -> Security Settings -> Local Policies -> Security Options 27 # Policy: "Audit: Force audit policy subcategory settings..." 28 # Short Name: SceNoApplyLegacyAuditPolicy 29 from tests.support.sminion import create_sminion 30 31 salt_minion = create_sminion() 32 test_setting = "Disabled" 33 pre_security_setting = salt_minion.functions.lgpo.get_policy( 34 policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine" 35 ) 36 pre_audit_setting = salt_minion.functions.lgpo.get_policy( 37 policy_name="Audit Account Management", policy_class="machine" 38 ) 39 try: 40 if pre_security_setting != test_setting: 41 salt_minion.functions.lgpo.set_computer_policy( 42 name="SceNoApplyLegacyAuditPolicy", setting=test_setting 43 ) 44 assert ( 45 salt_minion.functions.lgpo.get_policy( 46 policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine" 47 ) 48 == test_setting 49 ) 50 yield 51 finally: 52 salt_minion.functions.lgpo.set_computer_policy( 53 name="SceNoApplyLegacyAuditPolicy", setting=pre_security_setting 54 ) 55 salt_minion.functions.lgpo.set_computer_policy( 56 name="Audit Account Management", setting=pre_audit_setting 57 ) 58 59 60@pytest.fixture(scope="function") 61def clear_policy(): 62 # Ensure the policy is not set 63 test_setting = "No auditing" 64 win_lgpo.set_computer_policy(name="Audit account management", setting=test_setting) 65 assert ( 66 win_lgpo.get_policy( 67 policy_name="Audit account management", policy_class="machine" 68 ) 69 == test_setting 70 ) 71 72 73@pytest.fixture(scope="function") 74def set_policy(): 75 # Ensure the policy is set 76 test_setting = "Success" 77 win_lgpo.set_computer_policy(name="Audit account management", setting=test_setting) 78 assert ( 79 win_lgpo.get_policy( 80 policy_name="Audit account management", policy_class="machine" 81 ) 82 == test_setting 83 ) 84 85 86def _test_auditing(setting): 87 """ 88 Helper function to set an audit setting and assert that it was successful 89 """ 90 win_lgpo.set_computer_policy(name="Audit account management", setting=setting) 91 # Clear the context so we're getting the actual settings from the machine 92 win_lgpo._get_secedit_data(refresh=True) 93 result = win_lgpo.get_policy( 94 policy_name="Audit account management", policy_class="machine" 95 ) 96 assert result == setting 97 98 99def test_no_auditing(enable_legacy_auditing, set_policy): 100 _test_auditing("No auditing") 101 102 103def test_success(enable_legacy_auditing, clear_policy): 104 _test_auditing("Success") 105 106 107def test_failure(enable_legacy_auditing, clear_policy): 108 _test_auditing("Failure") 109 110 111def test_success_and_failure(enable_legacy_auditing, clear_policy): 112 _test_auditing("Success, Failure") 113