def policy_clear(): # Make sure policy is not set to begin with, unsets it after test try: computer_policy = {"Point and Print Restrictions": "Not Configured"} with patch.dict(win_lgpo.__opts__, {"test": False}): win_lgpo.set_(name="test_state", computer_policy=computer_policy) yield finally: computer_policy = {"Point and Print Restrictions": "Not Configured"} with patch.dict(win_lgpo.__opts__, {"test": False}): win_lgpo.set_(name="test_state", computer_policy=computer_policy)
def _test_adv_auditing(setting, expected): """ Helper function to set an audit setting and assert that it was successful """ win_lgpo_state.set_(name="Audit User Account Management", setting=setting, policy_class="machine") # Clear the context so we're getting the actual settings from the machine result = win_lgpo_module._get_advaudit_value( "Audit User Account Management", refresh=True) assert result == expected
def _test_auditing(setting): """ Helper function to set an audit setting and assert that it was successful """ computer_policy = {"Audit Account Management": setting} win_lgpo_state.set_(name="junk", computer_policy=computer_policy) # Clear the context so we're getting the actual settings from the machine win_lgpo_module._get_secedit_data(refresh=True) result = win_lgpo_module.get_policy(policy_name="Audit Account Management", policy_class="machine") assert result == setting
def test_cumulative_rights_assignments(stage_single): expected = ["BUILTIN\\Administrators", "BUILTIN\\Backup Operators"] win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["BUILTIN\\Backup Operators"], policy_class="machine", cumulative_rights_assignments=True, ) result = win_lgpo_module.get_policy( policy_name="SeTakeOwnershipPrivilege", policy_class="machine", ) assert sorted(result) == sorted(expected)
def test_non_cumulative_rights_assignments_resolve_name(stage_multiple): expected = ["BUILTIN\\Administrators"] win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["Administrators"], policy_class="machine", cumulative_rights_assignments=False, ) result = win_lgpo_module.get_policy( policy_name="SeTakeOwnershipPrivilege", policy_class="machine", ) assert sorted(result) == sorted(expected)
def test_old_element_naming_style(self): computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by " "semicolons": "fakeserver1;fakeserver2", "Users can only point and print to machines in their " "forest": True, # Here's the old one "Security Prompts: When installing drivers for a new connection": "Show warning and elevation prompt", "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": True}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "changes": {}, "comment": "The LGPO module changed the way it gets policy element names.\n" '"Security Prompts: When installing drivers for a new connection" is no longer valid.\n' 'Please use "When installing drivers for a new connection" instead.\n' "All specified policies are properly configured", } self.assertDictEqual(result["changes"], expected["changes"]) self.assertTrue(result["result"]) self.assertEqual(result["comment"], expected["comment"])
def test_current_element_naming_style(self): computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by " "semicolons": "fakeserver1;fakeserver2", "Users can only point and print to machines in their " "forest": True, "When installing drivers for a new connection": "Show warning and elevation prompt", "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": False}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) result = win_lgpo._convert_to_unicode(result) expected = { "Point and Print Restrictions": { "Enter fully qualified server names separated by " "semicolons": "fakeserver1;fakeserver2", "When installing drivers for a new connection": "Show warning and elevation prompt", "Users can only point and print to machines in " "their forest": True, "Users can only point and print to these servers": True, "When updating drivers for an existing connection": "Show warning only", } } self.assertDictEqual( result["changes"]["new"]["Computer Configuration"], expected )
def test_old_element_naming_style(self): computer_policy = { 'Point and Print Restrictions': { 'Users can only point and print to these servers': True, 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'Users can only point and print to machines in their ' 'forest': True, # Here's the old one 'Security Prompts: When installing drivers for a new connection': 'Show warning and elevation prompt', 'When updating drivers for an existing connection': 'Show warning only', } } with patch.dict(win_lgpo.__opts__, {'test': True}): result = win_lgpo.set_(name='test_state', computer_policy=computer_policy) expected = { 'changes': {}, 'comment': 'The LGPO module changed the way it gets policy element names.\n' '"Security Prompts: When installing drivers for a new connection" is no longer valid.\n' 'Please use "When installing drivers for a new connection" instead.\n' 'All specified policies are properly configured' } self.assertDictEqual(result['changes'], expected['changes']) self.assertTrue(result['result']) self.assertEqual(result['comment'], expected['comment'])
def setUp(self): if not self.configured: computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by " "semicolons": "fakeserver1;fakeserver2", "Users can only point and print to machines in their " "forest": True, "When installing drivers for a new connection": "Show warning and elevation prompt", "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": False}): win_lgpo.set_(name="nc_state", computer_policy=computer_policy) self.configured = True
def test_current_element_naming_style(self): computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by " "semicolons": "fakeserver1;fakeserver2", "Users can only point and print to machines in their " "forest": True, "When installing drivers for a new connection": "Show warning and elevation prompt", "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": True}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "changes": {}, "comment": "All specified policies are properly configured", } self.assertDictEqual(result["changes"], expected["changes"]) self.assertTrue(result["result"]) self.assertEqual(result["comment"], expected["comment"])
def test_current_element_naming_style(policy_clear): """ Ensure that current naming style works properly. """ computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by semicolons": ( "fakeserver1;fakeserver2" ), "Users can only point and print to machines in their forest": True, "When installing drivers for a new connection": ( "Show warning and elevation prompt" ), "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": False}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) result = win_lgpo._convert_to_unicode(result) expected = { "Point and Print Restrictions": { "Enter fully qualified server names separated by semicolons": ( "fakeserver1;fakeserver2" ), "When installing drivers for a new connection": ( "Show warning and elevation prompt" ), "Users can only point and print to machines in their forest": True, "Users can only point and print to these servers": True, "When updating drivers for an existing connection": "Show warning only", } } assert result["changes"]["new"]["Computer Configuration"] == expected
def test_current_element_naming_style(self): computer_policy = { 'Point and Print Restrictions': { 'Users can only point and print to these servers': True, 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'Users can only point and print to machines in their ' 'forest': True, 'When installing drivers for a new connection': 'Show warning and elevation prompt', 'When updating drivers for an existing connection': 'Show warning only', } } with patch.dict(win_lgpo.__opts__, {'test': True}): result = win_lgpo.set_(name='test_state', computer_policy=computer_policy) expected = { 'changes': {}, 'comment': 'All specified policies are properly configured' } self.assertDictEqual(result['changes'], expected['changes']) self.assertTrue(result['result']) self.assertEqual(result['comment'], expected['comment'])
def test_current_element_naming_style_true(policy_set): """ Test current naming style with test=True """ computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by semicolons": ( "fakeserver1;fakeserver2" ), "Users can only point and print to machines in their forest": True, "When installing drivers for a new connection": ( "Show warning and elevation prompt" ), "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": True}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "changes": {}, "comment": "All specified policies are properly configured", } assert result["changes"] == expected["changes"] assert result["result"] assert result["comment"] == expected["comment"]
def test_old_element_naming_style_true(policy_set): """ Test old naming style with test=True. Should not make changes but return a warning """ computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by semicolons": ( "fakeserver1;fakeserver2" ), "Users can only point and print to machines in their forest": True, # Here's the old one "Security Prompts: When installing drivers for a new connection": ( "Show warning and elevation prompt" ), "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": True}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "changes": {}, "comment": ( "The LGPO module changed the way it gets policy element names.\n" '"Security Prompts: When installing drivers for a new connection" is no longer valid.\n' 'Please use "When installing drivers for a new connection" instead.' ), } assert result["changes"] == expected["changes"] assert not result["result"] assert result["comment"] == expected["comment"]
def setUp(self): if not self.configured: computer_policy = { 'Point and Print Restrictions': { 'Users can only point and print to these servers': True, 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'Users can only point and print to machines in their ' 'forest': True, 'When installing drivers for a new connection': 'Show warning and elevation prompt', 'When updating drivers for an existing connection': 'Show warning only', }} with patch.dict(win_lgpo.__opts__, {'test': False}): win_lgpo.set_(name='nc_state', computer_policy=computer_policy) self.configured = True
def policy_set(): # Make sure policy is set to begin with, unsets it after test try: computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by " "semicolons": "fakeserver1;fakeserver2", "Users can only point and print to machines in their forest": True, "When installing drivers for a new connection": "Show warning and elevation prompt", "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": False}): win_lgpo.set_(name="test_state", computer_policy=computer_policy) yield finally: computer_policy = {"Point and Print Restrictions": "Not Configured"} with patch.dict(win_lgpo.__opts__, {"test": False}): win_lgpo.set_(name="test_state", computer_policy=computer_policy)
def test_cumulative_rights_assignments_exists(stage_multiple): expected = { "name": "SeTakeOwnershipPrivilege", "result": True, "changes": {}, "comment": "All specified policies are properly configured", } result = win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["BUILTIN\\Backup Operators"], policy_class="machine", cumulative_rights_assignments=True, ) assert result == expected
def test_non_cumulative_rights_assignments_resolve_name_exists(stage_single): expected = { "name": "SeTakeOwnershipPrivilege", "result": True, "changes": {}, "comment": "All specified policies are properly configured", } result = win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["Administrators"], policy_class="machine", cumulative_rights_assignments=False, ) assert result == expected
def test_cumulative_rights_assignments_resolve_name_exists_test_true(stage_multiple): expected = { "name": "SeTakeOwnershipPrivilege", "result": True, "changes": {}, "comment": "All specified policies are properly configured", } with patch.dict(win_lgpo_state.__opts__, {"test": True}): result = win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["Backup Operators"], policy_class="machine", cumulative_rights_assignments=True, ) assert result == expected
def test_old_element_naming_style(self): computer_policy = { 'Point and Print Restrictions': { 'Users can only point and print to these servers': True, 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'Users can only point and print to machines in their ' 'forest': True, # Here's the old one 'Security Prompts: When installing drivers for a new connection': 'Show warning and elevation prompt', 'When updating drivers for an existing connection': 'Show warning only', } } with patch.dict(win_lgpo.__opts__, {'test': False}): result = win_lgpo.set_(name='test_state', computer_policy=computer_policy) if six.PY2: result = win_lgpo._convert_to_unicode(result) expected = { 'Point and Print Restrictions': { 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'When installing drivers for a new connection': 'Show warning and elevation prompt', 'Users can only point and print to machines in ' 'their forest': True, 'Users can only point and print to these servers': True, 'When updating drivers for an existing connection': 'Show warning only' } } self.assertDictEqual( result['changes']['new']['Computer Configuration'], expected) expected = 'The LGPO module changed the way it gets policy element names.\n' \ '"Security Prompts: When installing drivers for a new connection" is no longer valid.\n' \ 'Please use "When installing drivers for a new connection" instead.\n' \ 'The following policies changed:\n' \ 'Point and Print Restrictions' self.assertEqual(result['comment'], expected)
def test_non_cumulative_rights_assignments_resolve_name_test_true(stage_multiple): expected = { "name": "SeTakeOwnershipPrivilege", "result": None, "changes": {}, "comment": "The following policies are set to change:\n" "SeTakeOwnershipPrivilege", } with patch.dict(win_lgpo_state.__opts__, {"test": True}): result = win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["Administrators"], policy_class="machine", cumulative_rights_assignments=False, ) assert result == expected
def test_cumulative_rights_assignments_test_true(stage_single): expected = { "name": "SeTakeOwnershipPrivilege", "result": None, "changes": {}, "comment": "The following policies are set to change:\n" "SeTakeOwnershipPrivilege", } with patch.dict(win_lgpo_state.__opts__, {"test": True}): result = win_lgpo_state.set_( name="SeTakeOwnershipPrivilege", setting=["BUILTIN\\Backup Operators"], policy_class="machine", cumulative_rights_assignments=True, ) assert result == expected
def test_old_element_naming_style(policy_clear): """ Ensure that the old naming style is converted to new and a warning is returned """ computer_policy = { "Point and Print Restrictions": { "Users can only point and print to these servers": True, "Enter fully qualified server names separated by semicolons": ("fakeserver1;fakeserver2"), "Users can only point and print to machines in their forest": True, # Here's the old one "Security Prompts: When installing drivers for a new connection": ("Show warning and elevation prompt"), "When updating drivers for an existing connection": "Show warning only", } } with patch.dict(win_lgpo.__opts__, {"test": False}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "Point and Print Restrictions": { "Enter fully qualified server names separated by semicolons": ("fakeserver1;fakeserver2"), "When installing drivers for a new connection": ("Show warning and elevation prompt"), "Users can only point and print to machines in their forest": True, "Users can only point and print to these servers": True, "When updating drivers for an existing connection": "Show warning only", } } assert result["changes"]["new"]["Computer Configuration"] == expected expected = ( 'The LGPO module changed the way it gets policy element names.\n"Security' ' Prompts: When installing drivers for a new connection" is no longer' ' valid.\nPlease use "When installing drivers for a new connection"' " instead.\nThe following policies changed:\nPoint and Print Restrictions" ) assert result["comment"] == expected
def test_invalid_elements(self): computer_policy = { 'Point and Print Restrictions': { 'Invalid element spongebob': True, 'Invalid element squidward': False}} with patch.dict(win_lgpo.__opts__, {'test': True}): result = win_lgpo.set_(name='test_state', computer_policy=computer_policy) expected = { 'changes': {}, 'comment': 'Invalid element name: Invalid element squidward\n' 'Invalid element name: Invalid element spongebob', 'name': 'test_state', 'result': False} self.assertDictEqual(result['changes'], expected['changes']) self.assertIn('Invalid element squidward', result['comment']) self.assertIn('Invalid element spongebob', result['comment']) self.assertFalse(expected['result'])
def test_invalid_elements(self): computer_policy = { "Point and Print Restrictions": { "Invalid element spongebob": True, "Invalid element squidward": False, } } with patch.dict(win_lgpo.__opts__, {"test": True}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "changes": {}, "comment": "Invalid element name: Invalid element squidward\n" "Invalid element name: Invalid element spongebob", "name": "test_state", "result": False, } self.assertDictEqual(result["changes"], expected["changes"]) self.assertIn("Invalid element squidward", result["comment"]) self.assertIn("Invalid element spongebob", result["comment"]) self.assertFalse(expected["result"])
def test_invalid_elements_true(): computer_policy = { "Point and Print Restrictions": { "Invalid element spongebob": True, "Invalid element squidward": False, } } with patch.dict(win_lgpo.__opts__, {"test": True}): result = win_lgpo.set_(name="test_state", computer_policy=computer_policy) expected = { "changes": {}, "comment": "Invalid element name: Invalid element squidward\n" "Invalid element name: Invalid element spongebob", "name": "test_state", "result": False, } assert result["changes"] == expected["changes"] assert "Invalid element squidward" in result["comment"] assert "Invalid element spongebob" in result["comment"] assert not expected["result"]
def test_current_element_naming_style(self): computer_policy = { 'Point and Print Restrictions': { 'Users can only point and print to these servers': True, 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'Users can only point and print to machines in their ' 'forest': True, 'When installing drivers for a new connection': 'Show warning and elevation prompt', 'When updating drivers for an existing connection': 'Show warning only', } } with patch.dict(win_lgpo.__opts__, {'test': False}): result = win_lgpo.set_(name='test_state', computer_policy=computer_policy) result = win_lgpo._convert_to_unicode(result) expected = { 'Point and Print Restrictions': { 'Enter fully qualified server names separated by ' 'semicolons': 'fakeserver1;fakeserver2', 'When installing drivers for a new connection': 'Show warning and elevation prompt', 'Users can only point and print to machines in ' 'their forest': True, 'Users can only point and print to these servers': True, 'When updating drivers for an existing connection': 'Show warning only' } } self.assertDictEqual( result['changes']['new']['Computer Configuration'], expected)
def setUp(self): computer_policy = {'Point and Print Restrictions': 'Not Configured'} with patch.dict(win_lgpo.__opts__, {'test': False}): win_lgpo.set_(name='nc_state', computer_policy=computer_policy)
def setUp(self): computer_policy = {"Point and Print Restrictions": "Not Configured"} with patch.dict(win_lgpo.__opts__, {"test": False}): win_lgpo.set_(name="nc_state", computer_policy=computer_policy)