cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/win_audit_rule/tasks/remove.yml
nwsparks 5cccad8ed4 new windows module, win_audit_rule (#30473) 
* added win_audit_rule with integration test

* Updated integration testing to target files as well as directories
and registry keys. Split testing files apart to be more organized.

Updated powershell for better handling when targetting file objects
and optimized a bit. Removed duplicated sections that got there from a
previous merge I think.

* Decided to make all the fact names the same in integration testing.
Seemed like there would be less change of accidentally using the wrong
variable when copy/pasting that way, and not much upside to having
unique names.

Did final cleanup and fixed a few errors in the integration testing.

* Fixed a bug where results was displaying a wrong value

Fixed a bug where removal was failing if multiple rules existed due to
inheritance from higher level objects.

* Resolved issue with unhandled error when used didn't have permissions
for get-acl.

Changed from setauditrule to addauditrule, see comment in script for reasoning.

Fixed state absent to be able to remove multiple entries if they exist.

* fixed docs issue

* updated to fail if invalid inheritance_rule when defining a file rather than warn
2017-10-20 11:20:33 +10:00

151 lines
4.6 KiB
YAML
Raw Blame History

################################
### check mode remove a rule ###
################################
- name: check mode remove directory rule
win_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: directory
check_mode: yes
- name: check mode remove file rule
win_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: file
check_mode: yes
- name: check mode remove registry rule
win_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: registry
check_mode: yes
- name: check mode remove get directory rule results
test_get_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: directory_results
- name: check mode remove get file rule results
test_get_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
inheritance_flags: none
register: file_results
- name: check mode remove get REGISTRY rule results
test_get_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: registry_results
- name: check mode remove assert that change detected, but rule is still present
assert:
that:
- directory | changed
- file | changed
- registry | changed
- directory_results.matching_rule_found and directory_results.path_type == 'directory'
- file_results.matching_rule_found and file_results.path_type == 'file'
- registry_results.matching_rule_found and registry_results.path_type == 'registry'
#####################
### remove a rule ###
#####################
- name: remove directory rule
win_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: directory
- name: remove file rule
win_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: file
- name: remove registry rule
win_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: registry
- name: remove get directory rule results
test_get_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: directory_results
- name: remove get file rule results
test_get_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
inheritance_flags: none
register: file_results
- name: remove get REGISTRY rule results
test_get_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
rights: "{{ test_audit_rule_new_rights }}"
audit_flags: "{{ test_audit_rule_audit_flags }}"
register: registry_results
- name: remove assert that change detected and rule is gone
assert:
that:
- directory | changed
- file | changed
- registry | changed
- not directory_results.matching_rule_found and directory_results.path_type == 'directory'
- not file_results.matching_rule_found and file_results.path_type == 'file'
- not registry_results.matching_rule_found and registry_results.path_type == 'registry'
################################
### idempotent remove a rule ###
################################
- name: idempotent remove directory rule
win_audit_rule:
path: "{{ test_audit_rule_folder }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: directory
- name: idempotent remove file rule
win_audit_rule:
path: "{{ test_audit_rule_file }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: file
- name: idempotent remove registry rule
win_audit_rule:
path: "{{ test_audit_rule_registry }}"
user: "{{ test_audit_rule_user }}"
state: absent
register: registry
- name: idempotent remove assert that no change detected
assert:
that:
- not directory | changed and directory.path_type == 'directory'
- not file | changed and file.path_type == 'file'
- not registry | changed and registry.path_type == 'registry'
Reference in a new issue View git blame Copy permalink