1import pytest
2import salt.loader
3import salt.modules.win_lgpo as win_lgpo
4
5pytestmark = [
6    pytest.mark.windows_whitelisted,
7    pytest.mark.skip_unless_on_windows,
8    pytest.mark.destructive_test,
9]
10
11
12@pytest.fixture
13def configure_loader_modules(minion_opts, modules):
14    return {
15        win_lgpo: {
16            "__opts__": minion_opts,
17            "__salt__": modules,
18            "__utils__": salt.loader.utils(minion_opts),
19        },
20    }
21
22
23@pytest.fixture(scope="module")
24def enable_legacy_auditing():
25    # To test and use these policy settings we have to set one of the policies to Disabled
26    # Location: Windows Settings -> Security Settings -> Local Policies -> Security Options
27    # Policy: "Audit: Force audit policy subcategory settings..."
28    # Short Name: SceNoApplyLegacyAuditPolicy
29    from tests.support.sminion import create_sminion
30
31    salt_minion = create_sminion()
32    test_setting = "Disabled"
33    pre_security_setting = salt_minion.functions.lgpo.get_policy(
34        policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine"
35    )
36    pre_audit_setting = salt_minion.functions.lgpo.get_policy(
37        policy_name="Audit Account Management", policy_class="machine"
38    )
39    try:
40        if pre_security_setting != test_setting:
41            salt_minion.functions.lgpo.set_computer_policy(
42                name="SceNoApplyLegacyAuditPolicy", setting=test_setting
43            )
44            assert (
45                salt_minion.functions.lgpo.get_policy(
46                    policy_name="SceNoApplyLegacyAuditPolicy", policy_class="machine"
47                )
48                == test_setting
49            )
50        yield
51    finally:
52        salt_minion.functions.lgpo.set_computer_policy(
53            name="SceNoApplyLegacyAuditPolicy", setting=pre_security_setting
54        )
55        salt_minion.functions.lgpo.set_computer_policy(
56            name="Audit Account Management", setting=pre_audit_setting
57        )
58
59
60@pytest.fixture(scope="function")
61def clear_policy():
62    # Ensure the policy is not set
63    test_setting = "No auditing"
64    win_lgpo.set_computer_policy(name="Audit account management", setting=test_setting)
65    assert (
66        win_lgpo.get_policy(
67            policy_name="Audit account management", policy_class="machine"
68        )
69        == test_setting
70    )
71
72
73@pytest.fixture(scope="function")
74def set_policy():
75    # Ensure the policy is set
76    test_setting = "Success"
77    win_lgpo.set_computer_policy(name="Audit account management", setting=test_setting)
78    assert (
79        win_lgpo.get_policy(
80            policy_name="Audit account management", policy_class="machine"
81        )
82        == test_setting
83    )
84
85
86def _test_auditing(setting):
87    """
88    Helper function to set an audit setting and assert that it was successful
89    """
90    win_lgpo.set_computer_policy(name="Audit account management", setting=setting)
91    # Clear the context so we're getting the actual settings from the machine
92    win_lgpo._get_secedit_data(refresh=True)
93    result = win_lgpo.get_policy(
94        policy_name="Audit account management", policy_class="machine"
95    )
96    assert result == setting
97
98
99def test_no_auditing(enable_legacy_auditing, set_policy):
100    _test_auditing("No auditing")
101
102
103def test_success(enable_legacy_auditing, clear_policy):
104    _test_auditing("Success")
105
106
107def test_failure(enable_legacy_auditing, clear_policy):
108    _test_auditing("Failure")
109
110
111def test_success_and_failure(enable_legacy_auditing, clear_policy):
112    _test_auditing("Success, Failure")
113