Increase coverage for win_lgpo

2025-04-17 10:10:20 +00:00 · 2023-09-20 09:45:39 -06:00 · 2023-09-20 09:45:39 -06:00 · 1f13ff59b3
commit 1f13ff59b3
parent 5942fb296e
3 changed files with 447 additions and 7 deletions
--- a/salt/modules/win_lgpo.py
+++ b/salt/modules/win_lgpo.py
@ -59,6 +59,7 @@ import salt.utils.files
 import salt.utils.path
 import salt.utils.platform
 import salt.utils.stringutils
+import salt.utils.win_lgpo_auditpol
 import salt.utils.win_lgpo_netsh
 from salt.exceptions import CommandExecutionError, SaltInvocationError
 from salt.serializers.configparser import deserialize
@ -4799,8 +4800,6 @@ class _policy_info:
        """
        converts a list of pysid objects to string representations
        """
-        if isinstance(val, str):
-            val = val.split(",")
        usernames = []
        for _sid in val:
            try:
@ -4918,11 +4917,11 @@ class _policy_info:
            return None
        if value_lookup:
            if not isinstance(item, list):
-                return "Invalid Value"
+                return "Invalid Value: Not a list"
            ret_val = 0
        else:
            if not isinstance(item, int):
-                return "Invalid Value"
+                return "Invalid Value: Not an int"
            ret_val = []
        if "lookup" in kwargs:
            for k, v in kwargs["lookup"].items():
@ -4937,7 +4936,7 @@ class _policy_info:
                    if do_test and isinstance(k, int) and item & k == k:
                        ret_val.append(v)
        else:
-            return "Invalid Value"
+            return "Invalid Value: No lookup passed"
        return ret_val

    @classmethod
@ -5392,7 +5391,7 @@ def _get_advaudit_defaults(option=None):
        # Get available setting names and GUIDs
        # This is used to get the fieldnames and GUIDs for individual policies
        log.debug("Loading auditpol defaults into __context__")
-        dump = __utils__["auditpol.get_auditpol_dump"]()
+        dump = salt.utils.win_lgpo_auditpol.get_auditpol_dump()
        reader = csv.DictReader(dump)
        audit_defaults = {"fieldnames": reader.fieldnames}
        for row in reader:
@ -5624,7 +5623,7 @@ def _set_advaudit_pol_data(option, value):
        "3": "Success and Failure",
    }
    defaults = _get_advaudit_defaults(option)
-    return __utils__["auditpol.set_setting"](
+    return salt.utils.win_lgpo_auditpol.set_setting(
        name=defaults["Auditpol Name"], value=auditpol_values[value]
    )

--- a/tests/pytests/functional/states/win_lgpo/test_adv_audit_settings_state.py
+++ b/tests/pytests/functional/states/win_lgpo/test_adv_audit_settings_state.py
@ -3,6 +3,7 @@ import pytest
 import salt.loader
 import salt.modules.win_lgpo as win_lgpo_module
 import salt.states.win_lgpo as win_lgpo_state
+import salt.utils.win_lgpo_auditpol as win_lgpo_auditpol

 pytestmark = [
    pytest.mark.windows_whitelisted,
@ -20,11 +21,16 @@ def configure_loader_modules(minion_opts, modules):
            "__opts__": minion_opts,
            "__salt__": modules,
            "__utils__": utils,
+            "__context__": {},
        },
        win_lgpo_module: {
            "__opts__": minion_opts,
            "__salt__": modules,
            "__utils__": utils,
+            "__context__": {},
+        },
+        win_lgpo_auditpol: {
+            "__context__": {},
        },
    }

--- a/tests/pytests/unit/modules/win_lgpo/test__policy_info.py
+++ b/tests/pytests/unit/modules/win_lgpo/test__policy_info.py
@ -0,0 +1,435 @@
+import socket
+
+import pytest
+import win32security
+import win32security as ws
+
+import salt.modules.cmdmod
+import salt.modules.win_file
+import salt.modules.win_lgpo as win_lgpo
+from salt.exceptions import CommandExecutionError
+from tests.support.mock import patch
+
+pytestmark = [
+    pytest.mark.windows_whitelisted,
+    pytest.mark.skip_unless_on_windows,
+    pytest.mark.slow_test,
+]
+
+
+@pytest.fixture
+def configure_loader_modules():
+    return {
+        win_lgpo: {
+            "__salt__": {
+                "cmd.run": salt.modules.cmdmod.run,
+                "file.file_exists": salt.modules.win_file.file_exists,
+                "file.remove": salt.modules.win_file.remove,
+            },
+        },
+    }
+
+
+@pytest.fixture(scope="module")
+def pol_info():
+    return win_lgpo._policy_info()
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (0, False),
+        (1, True),
+        ("", False),
+        ("text", True),
+        ([], False),
+        ([1, 2, 3], True),
+    ),
+)
+def test_notEmpty(pol_info, val, expected):
+    assert pol_info._notEmpty(val) is expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        (0, 0),
+        (86400, 1),
+    ),
+)
+def test_seconds_to_days(pol_info, val, expected):
+    assert pol_info._seconds_to_days(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        (0, 0),
+        (1, 86400),
+    ),
+)
+def test_days_to_seconds(pol_info, val, expected):
+    assert pol_info._days_to_seconds(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        (0, 0),
+        (60, 1),
+    ),
+)
+def test_seconds_to_minutes(pol_info, val, expected):
+    assert pol_info._seconds_to_minutes(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        (0, 0),
+        (1, 60),
+    ),
+)
+def test_minutes_to_seconds(pol_info, val, expected):
+    assert pol_info._minutes_to_seconds(val) == expected
+
+
+def test_strip_quotes(pol_info):
+    assert pol_info._strip_quotes('"spongebob"') == "spongebob"
+
+
+def test_add_quotes(pol_info):
+    assert pol_info._add_quotes("squarepants") == '"squarepants"'
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        (chr(0), "Disabled"),
+        (chr(1), "Enabled"),
+        (chr(2), "Invalid Value: {!r}".format(chr(2))),
+        ("patrick", "Invalid Value"),
+    ),
+)
+def test_binary_enable_zero_disable_one_conversion(pol_info, val, expected):
+    assert pol_info._binary_enable_zero_disable_one_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, None),
+        ("Disabled", chr(0)),
+        ("Enabled", chr(1)),
+        ("Junk", None),
+    ),
+)
+def test_binary_enable_zero_disable_one_reverse_conversion(pol_info, val, expected):
+    assert pol_info._binary_enable_zero_disable_one_reverse_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        ("0", "Administrators"),
+        (0, "Administrators"),
+        ("", "Administrators"),
+        ("1", "Administrators and Power Users"),
+        (1, "Administrators and Power Users"),
+        ("2", "Administrators and Interactive Users"),
+        (2, "Administrators and Interactive Users"),
+        (3, "Not Defined"),
+    ),
+)
+def test_dasd_conversion(pol_info, val, expected):
+    assert pol_info._dasd_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        ("Administrators", "0"),
+        ("Administrators and Power Users", "1"),
+        ("Administrators and Interactive Users", "2"),
+        ("Not Defined", "9999"),
+        ("Plankton", "Invalid Value"),
+    ),
+)
+def test_dasd_reverse_conversion(pol_info, val, expected):
+    assert pol_info._dasd_reverse_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        ("Not Defined", True),
+        (None, False),
+        (1, True),
+        (3, False),
+        ("spongebob", False),
+    ),
+)
+def test_in_range_inclusive(pol_info, val, expected):
+    assert pol_info._in_range_inclusive(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        ("3,1,2", "Not Defined"),
+        ("3,0", "Silently Succeed"),
+        ("3,1", "Warn but allow installation"),
+        ("3,2", "Do not allow installation"),
+        ("3,Not Defined", "Not Defined"),
+        ("3,spongebob", "Invalid Value"),
+    ),
+)
+def test_driver_signing_reg_conversion(pol_info, val, expected):
+    assert pol_info._driver_signing_reg_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Defined"),
+        ("Silently Succeed", "3,0"),
+        ("Warn but allow installation", f"3,{chr(1)}"),
+        ("Do not allow installation", f"3,{chr(2)}"),
+        ("spongebob", "Invalid Value"),
+    ),
+)
+def test_driver_signing_reg_reverse_conversion(pol_info, val, expected):
+    assert pol_info._driver_signing_reg_reverse_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (ws.ConvertStringSidToSid("S-1-5-0"), ["S-1-5-0"]),
+        (ws.ConvertStringSidToSid("S-1-1-0"), ["Everyone"]),
+        (
+            ws.LookupAccountName("", "Administrator")[0],
+            [f"{socket.gethostname()}\\Administrator"],
+        ),
+    ),
+)
+def test_sidConversion(pol_info, val, expected):
+    assert pol_info._sidConversion([val]) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, None),
+        ("", ""),
+    ),
+)
+def test_usernamesToSidObjects_empty_value(pol_info, val, expected):
+    assert pol_info._usernamesToSidObjects(val) == expected
+
+
+def test_usernamesToSidObjects_string_list(pol_info):
+    val = "Administrator,Guest"
+    admin_sid = win32security.LookupAccountName("", "Administrator")[0]
+    guest_sid = win32security.LookupAccountName("", "Guest")[0]
+    expected = [admin_sid, guest_sid]
+    assert pol_info._usernamesToSidObjects(val) == expected
+
+
+def test_usernamesToSidObjects_string_list_error(pol_info):
+    val = "spongebob,squarepants"
+    with pytest.raises(CommandExecutionError):
+        pol_info._usernamesToSidObjects(val)
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, "Not Configured"),
+        ("None", "Not Configured"),
+        ("true", "Run Windows PowerShell scripts first"),
+        ("false", "Run Windows PowerShell scripts last"),
+        ("spongebob", "Invalid Value"),
+    ),
+)
+def test_powershell_script_order_conversion(pol_info, val, expected):
+    assert pol_info._powershell_script_order_conversion(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        ("Not Configured", None),
+        ("Run Windows PowerShell scripts first", "true"),
+        ("Run Windows PowerShell scripts last", "false"),
+        ("spongebob", "Invalid Value"),
+    ),
+)
+def test_powershell_script_order_reverse_conversion(pol_info, val, expected):
+    assert pol_info._powershell_script_order_reverse_conversion(val) == expected
+
+
+def test_dict_lookup(pol_info):
+    lookup = {
+        "spongebob": "squarepants",
+        "patrick": "squidward",
+        "plankton": "mr.crabs",
+    }
+    assert pol_info._dict_lookup("spongebob", lookup=lookup) == "squarepants"
+    assert (
+        pol_info._dict_lookup("squarepants", lookup=lookup, value_lookup=True)
+        == "spongebob"
+    )
+    assert pol_info._dict_lookup("homer", lookup=lookup) == "Invalid Value"
+    assert (
+        pol_info._dict_lookup("homer", lookup=lookup, value_lookup=True)
+        == "Invalid Value"
+    )
+    assert pol_info._dict_lookup("homer") == "Invalid Value"
+
+
+def test_dict_lookup_bitwise_add(pol_info):
+    lookup = {
+        0: "spongebob",
+        1: "squarepants",
+        2: "patrick",
+    }
+    assert pol_info._dict_lookup_bitwise_add("Not Defined") is None
+    assert (
+        pol_info._dict_lookup_bitwise_add("not a list", value_lookup=True)
+        == "Invalid Value: Not a list"
+    )
+    assert (
+        pol_info._dict_lookup_bitwise_add([], value_lookup=True)
+        == "Invalid Value: No lookup passed"
+    )
+    assert (
+        pol_info._dict_lookup_bitwise_add("not an int") == "Invalid Value: Not an int"
+    )
+    assert pol_info._dict_lookup_bitwise_add(0, lookup=lookup) == []
+    assert (
+        pol_info._dict_lookup_bitwise_add(
+            ["spongebob", "squarepants"], lookup=lookup, value_lookup=True
+        )
+        == 1
+    )
+    assert pol_info._dict_lookup_bitwise_add(1, lookup=lookup) == ["squarepants"]
+    assert pol_info._dict_lookup_bitwise_add(0, lookup=lookup) == []
+    assert pol_info._dict_lookup_bitwise_add(0, lookup=lookup, test_zero=True) == [
+        "spongebob"
+    ]
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (["list", "of", "items"], ["list", "of", "items"]),
+        ("Not Defined", None),
+        ("list,of,items", ["list", "of", "items"]),
+        (7, "Invalid Value"),
+    ),
+)
+def test_multi_string_put_transform(pol_info, val, expected):
+    assert pol_info._multi_string_put_transform(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (["list", "of", "items"], ["list", "of", "items"]),
+        (None, "Not Defined"),
+        ("list,of,items", "Invalid Value"),
+        (7, "Invalid Value"),
+    ),
+)
+def test_multi_string_get_transform(pol_info, val, expected):
+    assert pol_info._multi_string_get_transform(val) == expected
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        ("String Item", "String Item"),
+        ("Not Defined", None),
+        (7, None),
+    ),
+)
+def test_string_put_transform(pol_info, val, expected):
+    assert pol_info._string_put_transform(val) == expected
+
+
+def test__virtual__(pol_info):
+    assert win_lgpo.__virtual__() == "lgpo"
+    with patch("salt.utils.platform.is_windows", return_value=False):
+        assert win_lgpo.__virtual__() == (
+            False,
+            "win_lgpo: Not a Windows System",
+        )
+
+    with patch.object(win_lgpo, "HAS_WINDOWS_MODULES", False):
+        assert win_lgpo.__virtual__() == (
+            False,
+            "win_lgpo: Required modules failed to load",
+        )
+
+
+def test_get_advaudit_defaults():
+    with patch.dict(win_lgpo.__context__, {}):
+        assert "Machine Name" in win_lgpo._get_advaudit_defaults("fieldnames")
+
+    audit_defaults = {"junk": "defaults"}
+    with patch.dict(win_lgpo.__context__, {"lgpo.audit_defaults": audit_defaults}):
+        assert win_lgpo._get_advaudit_defaults() == audit_defaults
+
+
+def test_get_netsh_value():
+    with patch.dict(win_lgpo.__context__, {}):
+        assert win_lgpo._get_netsh_value("domain", "State") == "ON"
+
+    context = {
+        "lgpo.netsh_data": {
+            "domain": {
+                "State": "ONContext",
+                "Inbound": "NotConfigured",
+                "Outbound": "NotConfigured",
+                "LocalFirewallRules": "NotConfigured",
+            },
+        },
+    }
+    with patch.dict(win_lgpo.__context__, context):
+        assert win_lgpo._get_netsh_value("domain", "State") == "ONContext"
+
+
+def test_get_secedit_data(tmp_path):
+    with patch.dict(win_lgpo.__opts__, {"cachedir": str(tmp_path)}):
+        assert "[System Access]\r\n" in win_lgpo._get_secedit_data()
+
+
+def test_get_secedit_value(tmp_path):
+    with patch.dict(win_lgpo.__opts__, {"cachedir": str(tmp_path)}):
+        assert win_lgpo._get_secedit_value("Unicode") == "yes"
+        assert win_lgpo._get_secedit_value("JunkKey") == "Not Defined"
+
+
+@pytest.mark.parametrize(
+    "val, expected",
+    (
+        (None, b"\x00\x00"),
+        ("spongebob", b"s\x00p\x00o\x00n\x00g\x00e\x00b\x00o\x00b\x00\x00\x00"),
+    ),
+)
+def test_encode_string(val, expected):
+    assert win_lgpo._encode_string(val) == expected
+
+
+def test_encode_string_error():
+    with pytest.raises(TypeError):
+        win_lgpo._encode_string(1)