def test_set_perms(self): """ Test the set_perms function """ result = win_dacl.set_perms( obj_name=self.obj_name, obj_type=self.obj_type, grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] } }, inheritance=True, reset=False, ) expected = { "deny": { "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] } }, "grant": {"Backup Operators": {"perms": "read"}}, } self.assertDictEqual(result, expected)
def test_set_perms(self): ''' Test the set_perms function ''' result = win_dacl.set_perms( obj_name=self.obj_name, obj_type=self.obj_type, grant_perms={'Backup Operators': { 'perms': 'read' }}, deny_perms={ 'NETWORK SERVICE': { 'perms': ['delete', 'set_value', 'write_dac', 'write_owner'] } }, inheritance=True, reset=False) expected = { 'deny': { 'NETWORK SERVICE': { 'perms': ['delete', 'set_value', 'write_dac', 'write_owner'] } }, 'grant': { 'Backup Operators': { 'perms': 'read' } } } self.assertDictEqual(result, expected)
def test_set_perms(reg_key): result = win_dacl.set_perms( obj_name=reg_key, obj_type="registry", grant_perms={"Backup Operators": { "perms": "read" }}, deny_perms={ "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] } }, inheritance=True, reset=False, ) expected = { "deny": { "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] } }, "grant": { "Backup Operators": { "perms": "read" } }, } assert result == expected
def test_set_perms(test_file): result = win_dacl.set_perms( obj_name=str(test_file), obj_type="file", grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "NETWORK SERVICE": { "perms": [ "delete", "change_permissions", "write_attributes", "write_data", ] } }, inheritance=True, reset=False, ) expected = { "deny": { "NETWORK SERVICE": { "perms": [ "delete", "change_permissions", "write_attributes", "write_data", ] } }, "grant": {"Backup Operators": {"perms": "read"}}, } assert result == expected
class WinDaclRegTestCase(TestCase, LoaderModuleMockMixin): obj_name = "HKLM\\" + FAKE_KEY obj_type = "registry" """ Test cases for salt.utils.win_dacl in the registry """ def setup_loader_modules(self): return {win_dacl: {}} def setUp(self): self.assertTrue( win_reg.set_value( hive="HKLM", key=FAKE_KEY, vname="fake_name", vdata="fake_data" ) ) def tearDown(self): win_reg.delete_key_recursive(hive="HKLM", key=FAKE_KEY) @destructiveTest def test_owner(self): """ Test the set_owner function Test the get_owner function """ self.assertTrue( win_dacl.set_owner( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ) ) self.assertEqual( win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Backup Operators", ) @destructiveTest def test_primary_group(self): """ Test the set_primary_group function Test the get_primary_group function """ self.assertTrue( win_dacl.set_primary_group( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ) ) self.assertEqual( win_dacl.get_primary_group(obj_name=self.obj_name, obj_type=self.obj_type), "Backup Operators", ) @destructiveTest def test_set_permissions(self): """ Test the set_permissions function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) expected = { "Not Inherited": { "Backup Operators": { "grant": { "applies to": "This key and subkeys", "permissions": "Full Control", } } } } self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), expected, ) @destructiveTest def test_get_permissions(self): """ Test the get_permissions function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) expected = { "Not Inherited": { "Backup Operators": { "grant": { "applies to": "This key and subkeys", "permissions": "Full Control", } } } } self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), expected, ) @destructiveTest def test_has_permission(self): """ Test the has_permission function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) # Test has_permission exact self.assertTrue( win_dacl.has_permission( obj_name=self.obj_name, principal="Backup Operators", permission="full_control", access_mode="grant", obj_type=self.obj_type, exact=True, ) ) # Test has_permission contains self.assertTrue( win_dacl.has_permission( obj_name=self.obj_name, principal="Backup Operators", permission="read", access_mode="grant", obj_type=self.obj_type, exact=False, ) ) @destructiveTest def test_rm_permissions(self): """ Test the rm_permissions function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) self.assertTrue( win_dacl.rm_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ) ) self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), {}, ) @destructiveTest def test_inheritance(self): """ Test the set_inheritance function Test the get_inheritance function """ self.assertTrue( win_dacl.set_inheritance( obj_name=self.obj_name, enabled=True, obj_type=self.obj_type, clear=False, ) ) self.assertTrue( win_dacl.get_inheritance(obj_name=self.obj_name, obj_type=self.obj_type) ) self.assertTrue( win_dacl.set_inheritance( obj_name=self.obj_name, enabled=False, obj_type=self.obj_type, clear=False, ) ) self.assertFalse( win_dacl.get_inheritance(obj_name=self.obj_name, obj_type=self.obj_type) ) @destructiveTest def test_check_perms(self): """ Test the check_perms function """ with patch.dict(win_dacl.__opts__, {"test": False}): result = win_dacl.check_perms( obj_name=self.obj_name, obj_type=self.obj_type, ret={}, owner="Users", grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "Backup Operators": {"perms": ["delete"]}, "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] }, }, inheritance=True, reset=False, ) expected = { "changes": { "owner": "Users", "perms": { "Backup Operators": {"grant": "read", "deny": ["delete"]}, "NETWORK SERVICE": { "deny": ["delete", "set_value", "write_dac", "write_owner"] }, }, }, "comment": "", "name": self.obj_name, "result": True, } self.assertDictEqual(result, expected) expected = { "Not Inherited": { "Backup Operators": { "grant": { "applies to": "This key and subkeys", "permissions": "Read", }, "deny": { "applies to": "This key and subkeys", "permissions": ["Delete"], }, } } } self.assertDictEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), expected, ) expected = { "Not Inherited": { "NETWORK SERVICE": { "deny": { "applies to": "This key and subkeys", "permissions": [ "Delete", "Set Value", "Write DAC", "Write Owner", ], } } } } self.assertDictEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="NETWORK SERVICE", obj_type=self.obj_type, ), expected, ) self.assertEqual( win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Users" ) @destructiveTest def test_check_perms_test_true(self): """ Test the check_perms function ''' with patch.dict(win_dacl.__opts__, {'test': True}): result = win_dacl.check_perms( obj_name=self.obj_name, obj_type=self.obj_type, ret=None, owner="Users", grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] }, "Backup Operators": {"perms": ["delete"]}, }, inheritance=True, reset=False, ) expected = { "changes": { "owner": "Users", "perms": { "Backup Operators": {"grant": "read", "deny": ["delete"]}, "NETWORK SERVICE": { "deny": ["delete", "set_value", "write_dac", "write_owner"] }, }, }, "comment": "", "name": self.obj_name, "result": None, } self.assertDictEqual(result, expected) self.assertNotEqual( win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Users" ) self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), {}, ) def test_set_perms(self): """ Test the set_perms function """ result = win_dacl.set_perms( obj_name=self.obj_name, obj_type=self.obj_type, grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] } }, inheritance=True, reset=False, ) expected = { "deny": { "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] } }, "grant": {"Backup Operators": {"perms": "read"}}, } self.assertDictEqual(result, expected) @skipIf(not HAS_WIN32, "Requires pywin32") @skipIf(not salt.utils.platform.is_windows(), "System is not Windows") class WinDaclFileTestCase(TestCase, LoaderModuleMockMixin): obj_name = "" obj_type = "file" """ Test cases for salt.utils.win_dacl in the file system """ def setup_loader_modules(self): return {win_dacl: {}} def setUp(self): config_file_fd, self.obj_name = tempfile.mkstemp( prefix="SaltTesting-", suffix="txt" ) os.close(config_file_fd) def tearDown(self): os.remove(self.obj_name) @destructiveTest def test_owner(self): """ Test the set_owner function Test the get_owner function """ self.assertTrue( win_dacl.set_owner( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ) ) self.assertEqual( win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Backup Operators", ) @destructiveTest def test_primary_group(self): """ Test the set_primary_group function Test the get_primary_group function """ self.assertTrue( win_dacl.set_primary_group( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ) ) self.assertEqual( win_dacl.get_primary_group(obj_name=self.obj_name, obj_type=self.obj_type), "Backup Operators", ) @destructiveTest def test_set_permissions(self): """ Test the set_permissions function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) expected = { "Not Inherited": { "Backup Operators": { "grant": { "applies to": "Not Inherited (file)", "permissions": "Full control", } } } } self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), expected, ) @destructiveTest def test_get_permissions(self): """ Test the get_permissions function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) expected = { "Not Inherited": { "Backup Operators": { "grant": { "applies to": "Not Inherited (file)", "permissions": "Full control", } } } } self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), expected, ) @destructiveTest def test_has_permission(self): """ Test the has_permission function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) # Test has_permission exact self.assertTrue( win_dacl.has_permission( obj_name=self.obj_name, principal="Backup Operators", permission="full_control", access_mode="grant", obj_type=self.obj_type, exact=True, ) ) # Test has_permission contains self.assertTrue( win_dacl.has_permission( obj_name=self.obj_name, principal="Backup Operators", permission="read", access_mode="grant", obj_type=self.obj_type, exact=False, ) ) @destructiveTest def test_rm_permissions(self): """ Test the rm_permissions function """ self.assertTrue( win_dacl.set_permissions( obj_name=self.obj_name, principal="Backup Operators", permissions="full_control", access_mode="grant", obj_type=self.obj_type, reset_perms=False, protected=None, ) ) self.assertTrue( win_dacl.rm_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ) ) self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), {}, ) @destructiveTest def test_inheritance(self): """ Test the set_inheritance function Test the get_inheritance function """ self.assertTrue( win_dacl.set_inheritance( obj_name=self.obj_name, enabled=True, obj_type=self.obj_type, clear=False, ) ) self.assertTrue( win_dacl.get_inheritance(obj_name=self.obj_name, obj_type=self.obj_type) ) self.assertTrue( win_dacl.set_inheritance( obj_name=self.obj_name, enabled=False, obj_type=self.obj_type, clear=False, ) ) self.assertFalse( win_dacl.get_inheritance(obj_name=self.obj_name, obj_type=self.obj_type) ) @destructiveTest def test_check_perms(self): """ Test the check_perms function """ with patch.dict(win_dacl.__opts__, {"test": False}): result = win_dacl.check_perms( obj_name=self.obj_name, obj_type=self.obj_type, ret={}, owner="Users", grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "Backup Operators": {"perms": ["delete"]}, "NETWORK SERVICE": { "perms": [ "delete", "change_permissions", "write_attributes", "write_data", ] }, }, inheritance=True, reset=False, ) expected = { "changes": { "owner": "Users", "perms": { "Backup Operators": {"grant": "read", "deny": ["delete"]}, "NETWORK SERVICE": { "deny": [ "delete", "change_permissions", "write_attributes", "write_data", ] }, }, }, "comment": "", "name": self.obj_name, "result": True, } self.assertDictEqual(result, expected) expected = { "Not Inherited": { "Backup Operators": { "grant": { "applies to": "Not Inherited (file)", "permissions": "Read", }, "deny": { "applies to": "Not Inherited (file)", "permissions": ["Delete"], }, } } } self.assertDictEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), expected, ) expected = { "Not Inherited": { "NETWORK SERVICE": { "deny": { "applies to": "Not Inherited (file)", "permissions": [ "Change permissions", "Create files / write data", "Delete", "Write attributes", ], } } } } self.assertDictEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="NETWORK SERVICE", obj_type=self.obj_type, ), expected, ) self.assertEqual( win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Users" ) @destructiveTest def test_check_perms_test_true(self): """ Test the check_perms function """ with patch.dict(win_dacl.__opts__, {"test": True}): result = win_dacl.check_perms( obj_name=self.obj_name, obj_type=self.obj_type, ret=None, owner="Users", grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "NETWORK SERVICE": { "perms": ["delete", "set_value", "write_dac", "write_owner"] }, "Backup Operators": {"perms": ["delete"]}, }, inheritance=True, reset=False, ) expected = { "changes": { "owner": "Users", "perms": { "Backup Operators": {"grant": "read", "deny": ["delete"]}, "NETWORK SERVICE": { "deny": ["delete", "set_value", "write_dac", "write_owner"] }, }, }, "comment": "", "name": self.obj_name, "result": None, } self.assertDictEqual(result, expected) self.assertNotEqual( win_dacl.get_owner(obj_name=self.obj_name, obj_type=self.obj_type), "Users" ) self.assertEqual( win_dacl.get_permissions( obj_name=self.obj_name, principal="Backup Operators", obj_type=self.obj_type, ), {}, ) def test_set_perms(self): """ Test the set_perms function """ result = win_dacl.set_perms( obj_name=self.obj_name, obj_type=self.obj_type, grant_perms={"Backup Operators": {"perms": "read"}}, deny_perms={ "NETWORK SERVICE": { "perms": [ "delete", "change_permissions", "write_attributes", "write_data", ] } }, inheritance=True, reset=False, ) expected = { "deny": { "NETWORK SERVICE": { "perms": [ "delete", "change_permissions", "write_attributes", "write_data", ] } }, "grant": {"Backup Operators": {"perms": "read"}}, } self.assertDictEqual(result, expected)