ansible/test/integration/targets/win_audit_rule/tasks/remove.yml

152 lines
4.6 KiB
YAML
Raw Normal View History

################################
### check mode remove a rule ###
################################
- name: check mode remove directory rule
win_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: directory
check_mode: yes
- name: check mode remove file rule
win_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: file
check_mode: yes
- name: check mode remove registry rule
win_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: registry
check_mode: yes
- name: check mode remove get directory rule results
test_get_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: directory_results
- name: check mode remove get file rule results
test_get_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
inheritance_flags: none
register: file_results
- name: check mode remove get REGISTRY rule results
test_get_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: registry_results
- name: check mode remove assert that change detected, but rule is still present
assert:
that:
- directory | changed
- file | changed
- registry | changed
- directory_results.matching_rule_found and directory_results.path_type == 'directory'
- file_results.matching_rule_found and file_results.path_type == 'file'
- registry_results.matching_rule_found and registry_results.path_type == 'registry'
#####################
### remove a rule ###
#####################
- name: remove directory rule
win_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: directory
- name: remove file rule
win_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: file
- name: remove registry rule
win_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: registry
- name: remove get directory rule results
test_get_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: directory_results
- name: remove get file rule results
test_get_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
inheritance_flags: none
register: file_results
- name: remove get REGISTRY rule results
test_get_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: registry_results
- name: remove assert that change detected and rule is gone
assert:
that:
- directory | changed
- file | changed
- registry | changed
- not directory_results.matching_rule_found and directory_results.path_type == 'directory'
- not file_results.matching_rule_found and file_results.path_type == 'file'
- not registry_results.matching_rule_found and registry_results.path_type == 'registry'
################################
### idempotent remove a rule ###
################################
- name: idempotent remove directory rule
win_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: directory
- name: idempotent remove file rule
win_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: file
- name: idempotent remove registry rule
win_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: registry
- name: idempotent remove assert that no change detected
assert:
that:
- not directory | changed and directory.path_type == 'directory'
- not file | changed and file.path_type == 'file'
- not registry | changed and registry.path_type == 'registry'