173 lines
5.7 KiB
YAML
173 lines
5.7 KiB
YAML
|
#########################
|
||
|
### modify check mode ###
|
||
|
#########################
|
||
|
- name: check mode modify audit policy directory
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_folder }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: directory
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: check mode modify audit policy file
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_file }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
inheritance_flags: none
|
||
|
register: file
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: check mode modify audit policy registry
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_registry }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: registry
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: check mode modify get directory rule results
|
||
|
test_get_audit_rule:
|
||
|
path: "{{ test_audit_rule_folder }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: directory_results
|
||
|
|
||
|
- name: check mode modify get file rule results
|
||
|
test_get_audit_rule:
|
||
|
path: "{{ test_audit_rule_file }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
inheritance_flags: none
|
||
|
register: file_results
|
||
|
|
||
|
- name: check mode modify get REGISTRY rule results
|
||
|
test_get_audit_rule:
|
||
|
path: "{{ test_audit_rule_registry }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: registry_results
|
||
|
|
||
|
- name: check mode modify assert that change is needed but rights still equal the original rights and not test_audit_rule_new_rights
|
||
|
assert:
|
||
|
that:
|
||
|
- directory | changed
|
||
|
- file | changed
|
||
|
- registry | changed
|
||
|
- not directory_results.matching_rule_found and directory_results.path_type == 'directory'
|
||
|
- not file_results.matching_rule_found and file_results.path_type == 'file'
|
||
|
- not registry_results.matching_rule_found and registry_results.path_type == 'registry'
|
||
|
|
||
|
##############
|
||
|
### modify ###
|
||
|
##############
|
||
|
- name: modify audit policy directory
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_folder }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: directory
|
||
|
|
||
|
- name: modify audit policy file
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_file }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
inheritance_flags: none
|
||
|
register: file
|
||
|
|
||
|
- name: modify audit policy registry
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_registry }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: registry
|
||
|
|
||
|
- name: modify get directory rule results
|
||
|
test_get_audit_rule:
|
||
|
path: "{{ test_audit_rule_folder }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: directory_results
|
||
|
|
||
|
- name: modify get file rule results
|
||
|
test_get_audit_rule:
|
||
|
path: "{{ test_audit_rule_file }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
inheritance_flags: none
|
||
|
register: file_results
|
||
|
|
||
|
- name: modify get REGISTRY rule results
|
||
|
test_get_audit_rule:
|
||
|
path: "{{ test_audit_rule_registry }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: registry_results
|
||
|
|
||
|
- name: modify assert that the rules were modified and a change is detected
|
||
|
assert:
|
||
|
that:
|
||
|
- directory | changed
|
||
|
- file | changed
|
||
|
- registry | changed
|
||
|
- directory_results.matching_rule_found and directory_results.path_type == 'directory'
|
||
|
- file_results.matching_rule_found and file_results.path_type == 'file'
|
||
|
- registry_results.matching_rule_found and registry_results.path_type == 'registry'
|
||
|
|
||
|
#####################################
|
||
|
### idempotent test modify a rule ###
|
||
|
#####################################
|
||
|
- name: idempotent modify audit policy directory
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_folder }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: directory
|
||
|
|
||
|
- name: idempotent modify audit policy file
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_file }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
inheritance_flags: none
|
||
|
register: file
|
||
|
|
||
|
- name: idempotent modify audit policy registry
|
||
|
win_audit_rule:
|
||
|
path: "{{ test_audit_rule_registry }}"
|
||
|
user: "{{ test_audit_rule_user }}"
|
||
|
rights: "{{ test_audit_rule_new_rights }}"
|
||
|
state: present
|
||
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
||
|
register: registry
|
||
|
|
||
|
- name: idempotent modify assert that and a change is not detected
|
||
|
assert:
|
||
|
that:
|
||
|
- not directory | changed and directory.path_type == 'directory'
|
||
|
- not file | changed and file.path_type == 'file'
|
||
|
- not registry | changed and registry.path_type == 'registry'
|