Add some more tests for LGPO module

Split out some of the tests into their own file
2025-04-16 09:40:20 +00:00 · 2023-11-16 09:31:29 -07:00 · 2023-11-16 09:31:29 -07:00 · 3b8337c371
commit 3b8337c371
parent 9e1bdd1415
6 changed files with 402 additions and 59 deletions
--- a/tests/pytests/unit/modules/win_lgpo/test__policy_info.py
+++ b/tests/pytests/unit/modules/win_lgpo/test__policy_info.py
@ -5,7 +5,6 @@ import pytest
 import salt.modules.cmdmod
 import salt.modules.win_file
 import salt.modules.win_lgpo as win_lgpo
-import salt.utils.win_lgpo_auditpol as ap
 from salt.exceptions import CommandExecutionError
 from tests.support.mock import patch

@ -395,53 +394,6 @@ def test__virtual__(pol_info):
        )


-def test_get_advaudit_defaults():
-    patch_context = patch.dict(win_lgpo.__context__, {})
-    patch_salt = patch.dict(
-        win_lgpo.__utils__, {"auditpol.get_auditpol_dump": ap.get_auditpol_dump}
-    )
-    with patch_context, patch_salt:
-        assert "Machine Name" in win_lgpo._get_advaudit_defaults("fieldnames")
-
-    audit_defaults = {"junk": "defaults"}
-    patch_context = patch.dict(
-        win_lgpo.__context__, {"lgpo.audit_defaults": audit_defaults}
-    )
-    with patch_context, patch_salt:
-        assert win_lgpo._get_advaudit_defaults() == audit_defaults
-
-
-def test_get_netsh_value():
-    with patch.dict(win_lgpo.__context__, {"lgpo.netsh_data": {"domain": {}}}):
-        win_lgpo._set_netsh_value("domain", "state", "State", "NotConfigured")
-    with patch.dict(win_lgpo.__context__, {}):
-        assert win_lgpo._get_netsh_value("domain", "State") == "NotConfigured"
-
-    context = {
-        "lgpo.netsh_data": {
-            "domain": {
-                "State": "ONContext",
-                "Inbound": "NotConfigured",
-                "Outbound": "NotConfigured",
-                "LocalFirewallRules": "NotConfigured",
-            },
-        },
-    }
-    with patch.dict(win_lgpo.__context__, context):
-        assert win_lgpo._get_netsh_value("domain", "State") == "ONContext"
-
-
-def test_get_secedit_data(tmp_path):
-    with patch.dict(win_lgpo.__opts__, {"cachedir": str(tmp_path)}):
-        assert "[System Access]\r\n" in win_lgpo._get_secedit_data()
-
-
-def test_get_secedit_value(tmp_path):
-    with patch.dict(win_lgpo.__opts__, {"cachedir": str(tmp_path)}):
-        assert win_lgpo._get_secedit_value("Unicode") == "yes"
-        assert win_lgpo._get_secedit_value("JunkKey") == "Not Defined"
-
-
@pytest.mark.parametrize(
    "val, expected",
    (
--- a/tests/pytests/unit/modules/win_lgpo/test_adv_audit_settings.py
+++ b/tests/pytests/unit/modules/win_lgpo/test_adv_audit_settings.py
@ -4,6 +4,8 @@ import salt.modules.win_file as win_file
 import salt.modules.win_lgpo as win_lgpo
 import salt.utils.win_dacl as win_dacl
 import salt.utils.win_lgpo_auditpol as auditpol
+from salt.exceptions import CommandExecutionError
+from tests.support.mock import MagicMock, patch

 pytestmark = [
    pytest.mark.windows_whitelisted,
@ -110,7 +112,16 @@ def set_policy():
    )


-def _test_adv_auditing(setting, expected):
+@pytest.mark.parametrize(
+    "setting, expected",
+    [
+        ("No Auditing", "0"),
+        ("Success", "1"),
+        ("Failure", "2"),
+        ("Success and Failure", "3"),
+    ],
+)
+def test_get_value(setting, expected):
    """
    Helper function to set an audit setting and assert that it was successful
    """
@ -120,17 +131,38 @@ def _test_adv_auditing(setting, expected):
    assert result == expected


-def test_no_auditing(disable_legacy_auditing, set_policy):
-    _test_adv_auditing("No Auditing", "0")
+def test_get_defaults():
+    patch_context = patch.dict(win_lgpo.__context__, {})
+    patch_salt = patch.dict(
+        win_lgpo.__utils__, {"auditpol.get_auditpol_dump": auditpol.get_auditpol_dump}
+    )
+    with patch_context, patch_salt:
+        assert "Machine Name" in win_lgpo._get_advaudit_defaults("fieldnames")
+
+    audit_defaults = {"junk": "defaults"}
+    patch_context = patch.dict(
+        win_lgpo.__context__, {"lgpo.audit_defaults": audit_defaults}
+    )
+    with patch_context, patch_salt:
+        assert win_lgpo._get_advaudit_defaults() == audit_defaults


-def test_success(disable_legacy_auditing, clear_policy):
-    _test_adv_auditing("Success", "1")
+def test_set_value_error():
+    mock_set_file_data = MagicMock(return_value=False)
+    with patch.object(win_lgpo, "_set_advaudit_file_data", mock_set_file_data):
+        with pytest.raises(CommandExecutionError):
+            win_lgpo._set_advaudit_value("Audit User Account Management", "None")


-def test_failure(disable_legacy_auditing, clear_policy):
-    _test_adv_auditing("Failure", "2")
-
-
-def test_success_and_failure(disable_legacy_auditing, clear_policy):
-    _test_adv_auditing("Success and Failure", "3")
+def test_set_value_log_messages(caplog):
+    mock_set_file_data = MagicMock(return_value=True)
+    mock_set_pol_data = MagicMock(return_value=False)
+    mock_context = {"lgpo.adv_audit_data": {"test_option": "test_value"}}
+    with patch.object(
+        win_lgpo, "_set_advaudit_file_data", mock_set_file_data
+    ), patch.object(win_lgpo, "_set_advaudit_pol_data", mock_set_pol_data), patch.dict(
+        win_lgpo.__context__, mock_context
+    ):
+        win_lgpo._set_advaudit_value("test_option", None)
+        assert "Failed to apply audit setting:" in caplog.text
+        assert "LGPO: Removing Advanced Audit data:" in caplog.text
--- a/tests/pytests/unit/modules/win_lgpo/test_netsh.py
+++ b/tests/pytests/unit/modules/win_lgpo/test_netsh.py
@ -0,0 +1,135 @@
+import pytest
+
+import salt.modules.win_lgpo as win_lgpo
+from tests.support.mock import MagicMock, patch
+
+pytestmark = [
+    pytest.mark.windows_whitelisted,
+    pytest.mark.skip_unless_on_windows,
+    pytest.mark.destructive_test,
+    pytest.mark.slow_test,
+]
+
+
+@pytest.fixture
+def configure_loader_modules():
+    return {win_lgpo: {}}
+
+
+def test_get_netsh_value():
+    with patch.dict(win_lgpo.__context__, {"lgpo.netsh_data": {"domain": {}}}):
+        win_lgpo._set_netsh_value("domain", "state", "State", "NotConfigured")
+    with patch.dict(win_lgpo.__context__, {}):
+        assert win_lgpo._get_netsh_value("domain", "State") == "NotConfigured"
+
+    context = {
+        "lgpo.netsh_data": {
+            "domain": {
+                "State": "ONContext",
+                "Inbound": "NotConfigured",
+                "Outbound": "NotConfigured",
+                "LocalFirewallRules": "NotConfigured",
+            },
+        },
+    }
+    with patch.dict(win_lgpo.__context__, context):
+        assert win_lgpo._get_netsh_value("domain", "State") == "ONContext"
+
+
+def test_set_value_error():
+    with pytest.raises(ValueError):
+        win_lgpo._set_netsh_value("domain", "bad_section", "junk", "junk")
+
+
+def test_set_value_firewall():
+    mock_context = {"lgpo.netsh_data": {"domain": "junk"}}
+    with patch(
+        "salt.utils.win_lgpo_netsh.set_firewall_settings", MagicMock()
+    ) as mock, patch.dict(win_lgpo.__context__, mock_context):
+        win_lgpo._set_netsh_value(
+            profile="domain",
+            section="firewallpolicy",
+            option="Inbound",
+            value="spongebob",
+        )
+        mock.assert_called_once_with(
+            profile="domain",
+            inbound="spongebob",
+            outbound=None,
+            store="lgpo",
+        )
+
+
+def test_set_value_settings():
+    mock_context = {"lgpo.netsh_data": {"domain": "junk"}}
+    with patch(
+        "salt.utils.win_lgpo_netsh.set_settings", MagicMock()
+    ) as mock, patch.dict(win_lgpo.__context__, mock_context):
+        win_lgpo._set_netsh_value(
+            profile="domain",
+            section="settings",
+            option="spongebob",
+            value="squarepants",
+        )
+        mock.assert_called_once_with(
+            profile="domain",
+            setting="spongebob",
+            value="squarepants",
+            store="lgpo",
+        )
+
+
+def test_set_value_state():
+    mock_context = {"lgpo.netsh_data": {"domain": "junk"}}
+    with patch("salt.utils.win_lgpo_netsh.set_state", MagicMock()) as mock, patch.dict(
+        win_lgpo.__context__, mock_context
+    ):
+        win_lgpo._set_netsh_value(
+            profile="domain",
+            section="state",
+            option="junk",
+            value="spongebob",
+        )
+        mock.assert_called_once_with(
+            profile="domain",
+            state="spongebob",
+            store="lgpo",
+        )
+
+
+def test_set_value_logging_filename():
+    mock_context = {"lgpo.netsh_data": {"domain": "junk"}}
+    with patch(
+        "salt.utils.win_lgpo_netsh.set_logging_settings", MagicMock()
+    ) as mock, patch.dict(win_lgpo.__context__, mock_context):
+        win_lgpo._set_netsh_value(
+            profile="domain",
+            section="logging",
+            option="FileName",
+            value="Not configured",
+        )
+        mock.assert_called_once_with(
+            profile="domain",
+            setting="FileName",
+            value="notconfigured",
+            store="lgpo",
+        )
+
+
+def test_set_value_logging_log():
+    mock_context = {"lgpo.netsh_data": {"domain": "junk"}}
+    with patch(
+        "salt.utils.win_lgpo_netsh.set_logging_settings", MagicMock()
+    ) as mock, patch.dict(win_lgpo.__context__, mock_context):
+        win_lgpo._set_netsh_value(
+            profile="domain",
+            section="logging",
+            option="LogSpongebob",
+            value="Junk",
+        )
+        mock.assert_called_once_with(
+            profile="domain",
+            setting="Spongebob",
+            value="Junk",
+            store="lgpo",
+        )
--- a/tests/pytests/unit/modules/win_lgpo/test_policy_info.py
+++ b/tests/pytests/unit/modules/win_lgpo/test_policy_info.py
@ -5,6 +5,7 @@ import pytest

 import salt.modules.win_file as win_file
 import salt.modules.win_lgpo as win_lgpo
+from tests.support.mock import MagicMock, patch

 pytestmark = [
    pytest.mark.windows_whitelisted,
@ -42,6 +43,18 @@ def test_get_policy_name():
    assert result == expected


+def test_get_adml_display_name_bad_name():
+    result = win_lgpo._getAdmlDisplayName("junk", "spongbob")
+    assert result is None
+
+
+def test_get_adml_display_name_no_results():
+    patch_xpath = patch.object(win_lgpo, "ADML_DISPLAY_NAME_XPATH", return_value=[])
+    with patch_xpath:
+        result = win_lgpo._getAdmlDisplayName("junk", "$(spongbob.squarepants)")
+    assert result is None
+
+
 def test_get_policy_id():
    result = win_lgpo.get_policy(
        policy_name="WfwPublicSettingsNotification",
@ -156,3 +169,78 @@ def test_get_policy_id_full_return_full_names_hierarchical():
        }
    }
    assert result == expected
+
+
+def test_transform_value_missing_type():
+    policy = {"Transform": {"some_type": "junk"}}
+    result = win_lgpo._transform_value(
+        value="spongebob",
+        policy=policy,
+        transform_type="different_type",
+    )
+    assert result == "spongebob"
+
+
+def test_transform_value_registry():
+    policy = {"Registry": {}}
+    result = win_lgpo._transform_value(
+        value="spongebob",
+        policy=policy,
+        transform_type="different_type",
+    )
+    assert result == "spongebob"
+
+
+def test_transform_value_registry_not_set():
+    policy = {"Registry": {}}
+    result = win_lgpo._transform_value(
+        value="(value not set)",
+        policy=policy,
+        transform_type="different_type",
+    )
+    assert result == "Not Defined"
+
+
+def test_validate_setting_not_in_list():
+    policy = {"Settings": ["junk"]}
+    result = win_lgpo._validateSetting(value="spongebob", policy=policy)
+    assert not result
+
+
+def test_validate_setting_in_list():
+    policy = {"Settings": ["spongebob"]}
+    result = win_lgpo._validateSetting(value="spongebob", policy=policy)
+    assert result
+
+
+def test_validate_setting_not_list_or_dict():
+    policy = {"Settings": "spongebob"}
+    result = win_lgpo._validateSetting(value="spongebob", policy=policy)
+    assert result
+
+
+def test_add_account_rights_error():
+    patch_w32sec = patch(
+        "win32security.LsaOpenPolicy", MagicMock(side_effect=Exception)
+    )
+    with patch_w32sec:
+        assert win_lgpo._addAccountRights("spongebob", "junk") is False
+
+
+def test_del_account_rights_error():
+    patch_w32sec = patch(
+        "win32security.LsaOpenPolicy", MagicMock(side_effect=Exception)
+    )
+    with patch_w32sec:
+        assert win_lgpo._delAccountRights("spongebob", "junk") is False
+
+
+def test_validate_setting_no_function():
+    policy = {
+        "Settings": {
+            "Function": "_in_range_inclusive",
+            "Args": {"min": 0, "max": 24},
+        },
+    }
+    result = win_lgpo._validateSetting(value="spongebob", policy=policy)
+    assert not result
--- a/tests/pytests/unit/modules/win_lgpo/test_reg_pol.py
+++ b/tests/pytests/unit/modules/win_lgpo/test_reg_pol.py
@ -0,0 +1,53 @@
+"""
+:codeauthor: Shane Lee <slee@saltstack.com>
+"""
+import pytest
+
+import salt.modules.win_lgpo as win_lgpo
+
+pytestmark = [
+    pytest.mark.windows_whitelisted,
+    pytest.mark.skip_unless_on_windows,
+    pytest.mark.slow_test,
+]
+
+
+@pytest.fixture
+def reg_pol_dword():
+    data = (
+        b"PReg\x01\x00\x00\x00"  # Header
+        b"[\x00"  # Opening list of policies
+        b"S\x00o\x00m\x00e\x00\\\x00K\x00e\x00y\x00\x00\x00;\x00"  # Key
+        b"V\x00a\x00l\x00u\x00e\x00N\x00a\x00m\x00e\x00\x00\x00;\x00"  # Value
+        b"\x04\x00\x00\x00;\x00"  # Reg DWord Type
+        b"\x04\x00\x00\x00;\x00"  # Size
+        # b"\x01\x00\x00\x00"  # Reg Dword Data
+        b"\x00\x00\x00\x00"  # No Data
+        b"]\x00"  # Closing list of policies
+    )
+    yield data
+
+
+def test_get_data_from_reg_pol_data(reg_pol_dword):
+    encoded_name = "ValueName".encode("utf-16-le")
+    encoded_null = chr(0).encode("utf-16-le")
+    encoded_semicolon = ";".encode("utf-16-le")
+    encoded_type = chr(4).encode("utf-16-le")
+    encoded_size = chr(4).encode("utf-16-le")
+    search_string = b"".join(
+        [
+            encoded_semicolon,
+            encoded_name,
+            encoded_null,
+            encoded_semicolon,
+            encoded_type,
+            encoded_null,
+            encoded_semicolon,
+            encoded_size,
+            encoded_null,
+        ]
+    )
+    result = win_lgpo._getDataFromRegPolData(
+        search_string, reg_pol_dword, return_value_name=True
+    )
+    assert result == {"ValueName": 0}
--- a/tests/pytests/unit/modules/win_lgpo/test_secedit.py
+++ b/tests/pytests/unit/modules/win_lgpo/test_secedit.py
@ -0,0 +1,83 @@
+import pytest
+
+import salt.modules.cmdmod as cmd
+import salt.modules.win_file as win_file
+import salt.modules.win_lgpo as win_lgpo
+from tests.support.mock import MagicMock, patch
+
+pytestmark = [
+    pytest.mark.windows_whitelisted,
+    pytest.mark.skip_unless_on_windows,
+    pytest.mark.destructive_test,
+    pytest.mark.slow_test,
+]
+
+
+@pytest.fixture
+def configure_loader_modules(tmp_path):
+    cachedir = tmp_path / "__test_admx_policy_cache_dir"
+    cachedir.mkdir(parents=True, exist_ok=True)
+    return {
+        win_lgpo: {
+            "__salt__": {
+                "cmd.run": cmd.run,
+                "file.file_exists": win_file.file_exists,
+                "file.remove": win_file.remove,
+            },
+            "__opts__": {
+                "cachedir": str(cachedir),
+            },
+        },
+    }
+
+
+def test_load_secedit_data():
+    result = win_lgpo._load_secedit_data()
+    result = [x.strip() for x in result]
+    assert "[Unicode]" in result
+    assert "[System Access]" in result
+
+
+def test_get_secedit_data():
+    with patch.dict(win_lgpo.__context__, {}):
+        result = win_lgpo._get_secedit_data()
+    result = [x.strip() for x in result]
+    assert "[Unicode]" in result
+    assert "[System Access]" in result
+
+
+def test_get_secedit_data_existing_context():
+    mock_context = {"lgpo.secedit_data": ["spongebob", "squarepants"]}
+    with patch.dict(win_lgpo.__context__, mock_context):
+        result = win_lgpo._get_secedit_data()
+    result = [x.strip() for x in result]
+    assert "spongebob" in result
+    assert "squarepants" in result
+
+
+def test_get_secedit_value():
+    result = win_lgpo._get_secedit_value("AuditDSAccess")
+    assert result == "0"
+
+
+def test_get_secedit_value_not_defined():
+    result = win_lgpo._get_secedit_value("Spongebob")
+    assert result == "Not Defined"
+
+
+def test_write_secedit_data_import_fail(caplog):
+    patch_cmd_retcode = patch.dict(
+        win_lgpo.__salt__, {"cmd.retcode": MagicMock(return_value=1)}
+    )
+    with patch_cmd_retcode:
+        assert win_lgpo._write_secedit_data("spongebob") is False
+        assert "Secedit failed to import template data" in caplog.text
+
+
+def test_write_secedit_data_configure_fail(caplog):
+    patch_cmd_retcode = patch.dict(
+        win_lgpo.__salt__, {"cmd.retcode": MagicMock(side_effect=[0, 1])}
+    )
+    with patch_cmd_retcode:
+        assert win_lgpo._write_secedit_data("spongebob") is False
+        assert "Secedit failed to apply security database" in caplog.text