4fe08441be
* Warn on tests used as filters * Update docs, add aliases for tests that fit more gramatically with test syntax * Fix rst formatting * Add successful filter, alias of success * Remove renamed_deprecation, it was overkill * Make directory alias for is_dir * Update tests to use proper jinja test syntax * Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax * Add conversion script, porting guide updates, and changelog updates * Update newly added uses of tests as filters * No underscore variable * Convert recent tests as filter changes to win_stat * Fix some changes related to rebasing a few integration tests * Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name * Add test for tests_as_filters_warning * Update tests as filters in newly added/modified tests * Address recent changes to several integration tests * Address recent changes in cs_vpc
151 lines
4.6 KiB
YAML
151 lines
4.6 KiB
YAML
################################
|
|
### check mode remove a rule ###
|
|
################################
|
|
- name: check mode remove directory rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_folder }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: directory
|
|
check_mode: yes
|
|
|
|
- name: check mode remove file rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_file }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: file
|
|
check_mode: yes
|
|
|
|
- name: check mode remove registry rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_registry }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: registry
|
|
check_mode: yes
|
|
|
|
- name: check mode remove get directory rule results
|
|
test_get_audit_rule:
|
|
path: "{{ test_audit_rule_folder }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
rights: "{{ test_audit_rule_new_rights }}"
|
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
|
register: directory_results
|
|
|
|
- name: check mode remove get file rule results
|
|
test_get_audit_rule:
|
|
path: "{{ test_audit_rule_file }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
rights: "{{ test_audit_rule_new_rights }}"
|
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
|
inheritance_flags: none
|
|
register: file_results
|
|
|
|
- name: check mode remove get REGISTRY rule results
|
|
test_get_audit_rule:
|
|
path: "{{ test_audit_rule_registry }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
rights: "{{ test_audit_rule_new_rights }}"
|
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
|
register: registry_results
|
|
|
|
- name: check mode remove assert that change detected, but rule is still present
|
|
assert:
|
|
that:
|
|
- directory is changed
|
|
- file is changed
|
|
- registry is changed
|
|
- directory_results.matching_rule_found and directory_results.path_type == 'directory'
|
|
- file_results.matching_rule_found and file_results.path_type == 'file'
|
|
- registry_results.matching_rule_found and registry_results.path_type == 'registry'
|
|
|
|
#####################
|
|
### remove a rule ###
|
|
#####################
|
|
- name: remove directory rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_folder }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: directory
|
|
|
|
- name: remove file rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_file }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: file
|
|
|
|
- name: remove registry rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_registry }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: registry
|
|
|
|
- name: remove get directory rule results
|
|
test_get_audit_rule:
|
|
path: "{{ test_audit_rule_folder }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
rights: "{{ test_audit_rule_new_rights }}"
|
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
|
register: directory_results
|
|
|
|
- name: remove get file rule results
|
|
test_get_audit_rule:
|
|
path: "{{ test_audit_rule_file }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
rights: "{{ test_audit_rule_new_rights }}"
|
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
|
inheritance_flags: none
|
|
register: file_results
|
|
|
|
- name: remove get REGISTRY rule results
|
|
test_get_audit_rule:
|
|
path: "{{ test_audit_rule_registry }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
rights: "{{ test_audit_rule_new_rights }}"
|
|
audit_flags: "{{ test_audit_rule_audit_flags }}"
|
|
register: registry_results
|
|
|
|
- name: remove assert that change detected and rule is gone
|
|
assert:
|
|
that:
|
|
- directory is changed
|
|
- file is changed
|
|
- registry is changed
|
|
- not directory_results.matching_rule_found and directory_results.path_type == 'directory'
|
|
- not file_results.matching_rule_found and file_results.path_type == 'file'
|
|
- not registry_results.matching_rule_found and registry_results.path_type == 'registry'
|
|
|
|
################################
|
|
### idempotent remove a rule ###
|
|
################################
|
|
- name: idempotent remove directory rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_folder }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: directory
|
|
|
|
- name: idempotent remove file rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_file }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: file
|
|
|
|
- name: idempotent remove registry rule
|
|
win_audit_rule:
|
|
path: "{{ test_audit_rule_registry }}"
|
|
user: "{{ test_audit_rule_user }}"
|
|
state: absent
|
|
register: registry
|
|
|
|
- name: idempotent remove assert that no change detected
|
|
assert:
|
|
that:
|
|
- directory is not changed and directory.path_type == 'directory'
|
|
- file is not changed and file.path_type == 'file'
|
|
- registry is not changed and registry.path_type == 'registry'
|