Skip to content

Commit

Permalink
Remove ansbile-lint warnings/errors from win_acl_inheritance
Browse files Browse the repository at this point in the history
  • Loading branch information
@ronger4
ronger4 committed Oct 22, 2024
1 parent 5f859d1 commit adf7c22
Showing 1 changed file with 73 additions and 68 deletions.
141 changes: 73 additions & 68 deletions tests/integration/targets/win_acl_inheritance/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
# Test setup
# Use single task to save in CI runtime
- name: create test folders
- name: Create test folders
ansible.windows.win_powershell:
parameters:
Path: '{{ test_win_acl_inheritance_path }}'
Expand All @@ -17,8 +17,11 @@
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$current_sid = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User
$system_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList @([System.Security.Principal.WellKnownSidType]::LocalSystemSid, $null)
$everyone_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList @([System.Security.Principal.WellKnownSidType]::WorldSid, $null)
$system_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier `
-ArgumentList @([System.Security.Principal.WellKnownSidType]::LocalSystemSid, $null)
$everyone_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier `
-ArgumentList @([System.Security.Principal.WellKnownSidType]::WorldSid, $null)
$sd = New-Object -TypeName System.Security.AccessControl.DirectorySecurity
$sd.SetAccessRuleProtection($true, $false)
Expand Down Expand Up @@ -60,7 +63,7 @@
$everyone_sid.Value
register: test_sids # register the output SID values used for comparison tests below

- name: create test registry key
- name: Create test registry key
ansible.windows.win_powershell:
parameters:
Path: '{{ test_win_acl_inheritance_registry_path }}'
Expand Down Expand Up @@ -90,8 +93,10 @@
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$current_sid = ([System.Security.Principal.WindowsIdentity]::GetCurrent()).User
$system_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList @([System.Security.Principal.WellKnownSidType]::LocalSystemSid, $null)
$everyone_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList @([System.Security.Principal.WellKnownSidType]::WorldSid, $null)
$system_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList `
@([System.Security.Principal.WellKnownSidType]::LocalSystemSid, $null)
$everyone_sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList `
@([System.Security.Principal.WellKnownSidType]::WorldSid, $null)
$sd = New-Object -TypeName System.Security.AccessControl.RegistrySecurity
$sd.SetAccessRuleProtection($true, $false)
Expand Down Expand Up @@ -135,10 +140,10 @@
- name: (folder) remove inheritance check
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_path }}\folder'
reorganize: True
reorganize: true
state: absent
register: remove_check
check_mode: True
check_mode: true

- name: (folder) get actual remove inheritance check
test_get_acl:
Expand All @@ -148,16 +153,16 @@
- name: (folder) assert remove inheritance check
ansible.builtin.assert:
that:
- remove_check is changed
- actual_remove_check.inherited == True
- actual_remove_check.user_details[test_sids.output[0]].isinherited == True
- actual_remove_check.user_details[test_sids.output[1]].isinherited == True
- actual_remove_check.user_details[test_sids.output[2]].isinherited == True
- remove_check is changed
- actual_remove_check.inherited == True
- actual_remove_check.user_details[test_sids.output[0]].isinherited == True
- actual_remove_check.user_details[test_sids.output[1]].isinherited == True
- actual_remove_check.user_details[test_sids.output[2]].isinherited == True

- name: (folder) remove inheritance
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_network_path }}\folder'
reorganize: True
reorganize: true
state: absent
register: remove

Expand All @@ -169,31 +174,31 @@
- name: (folder) assert remove inheritance
ansible.builtin.assert:
that:
- remove is changed
- actual_remove.inherited == False
- actual_remove.user_details[test_sids.output[0]].isinherited == False
- actual_remove.user_details[test_sids.output[1]].isinherited == False
- actual_remove.user_details[test_sids.output[2]].isinherited == False
- remove is changed
- actual_remove.inherited == False
- actual_remove.user_details[test_sids.output[0]].isinherited == False
- actual_remove.user_details[test_sids.output[1]].isinherited == False
- actual_remove.user_details[test_sids.output[2]].isinherited == False

- name: (folder) remove inheritance again
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_network_path }}\folder'
reorganize: True
reorganize: true
state: absent
register: remove_again

- name: (folder) assert remove inheritance again
ansible.builtin.assert:
that:
- remove_again is not changed
- remove_again is not changed

- name: (folder) add inheritance check
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_path }}\folder'
reorganize: True
reorganize: true
state: present
register: add_check
check_mode: True
check_mode: true

- name: (folder) get actual add inheritance check
test_get_acl:
Expand All @@ -203,16 +208,16 @@
- name: (folder) assert add inheritance check
ansible.builtin.assert:
that:
- add_check is changed
- actual_add_check.inherited == False
- actual_add_check.user_details[test_sids.output[0]].isinherited == False
- actual_add_check.user_details[test_sids.output[1]].isinherited == False
- actual_add_check.user_details[test_sids.output[2]].isinherited == False
- add_check is changed
- actual_add_check.inherited == false
- actual_add_check.user_details[test_sids.output[0]].isinherited == False
- actual_add_check.user_details[test_sids.output[1]].isinherited == False
- actual_add_check.user_details[test_sids.output[2]].isinherited == False

- name: (folder) add inheritance
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_path }}\folder'
reorganize: True
reorganize: true
state: present
register: add

Expand All @@ -224,33 +229,33 @@
- name: (folder) assert add inheritance
ansible.builtin.assert:
that:
- add is changed
- actual_add.inherited == True
- actual_add.user_details[test_sids.output[0]].isinherited == True
- actual_add.user_details[test_sids.output[1]].isinherited == True
- actual_add.user_details[test_sids.output[2]].isinherited == True
- add is changed
- actual_add.inherited == True
- actual_add.user_details[test_sids.output[0]].isinherited == True
- actual_add.user_details[test_sids.output[1]].isinherited == True
- actual_add.user_details[test_sids.output[2]].isinherited == True

- name: (folder) add inheritance again
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_path }}\folder'
reorganize: True
reorganize: true
state: present
register: add_again

- name: (folder) assert add inheritance again
ansible.builtin.assert:
that:
- add_again is not changed
- add_again is not changed

# registry

- name: (registry) remove inheritance check
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_registry_path }}\folder'
reorganize: True
reorganize: true
state: absent
register: registry_remove_check
check_mode: True
check_mode: true

- name: (registry) get actual remove inheritance check
test_get_acl:
Expand All @@ -260,16 +265,16 @@
- name: (registry) assert remove inheritance check
ansible.builtin.assert:
that:
- registry_remove_check is changed
- actual_registry_remove_check.inherited == True
- actual_registry_remove_check.user_details[test_sids.output[0]].isinherited == True
- actual_registry_remove_check.user_details[test_sids.output[1]].isinherited == True
- actual_registry_remove_check.user_details[test_sids.output[2]].isinherited == True
- registry_remove_check is changed
- actual_registry_remove_check.inherited == True
- actual_registry_remove_check.user_details[test_sids.output[0]].isinherited == True
- actual_registry_remove_check.user_details[test_sids.output[1]].isinherited == True
- actual_registry_remove_check.user_details[test_sids.output[2]].isinherited == True

- name: (registry) remove inheritance
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_registry_path }}\folder'
reorganize: True
reorganize: true
state: absent
register: registry_remove

Expand All @@ -281,31 +286,31 @@
- name: (registry) assert remove inheritance
ansible.builtin.assert:
that:
- registry_remove is changed
- actual_registry_remove.inherited == False
- actual_registry_remove.user_details[test_sids.output[0]].isinherited == False
- actual_registry_remove.user_details[test_sids.output[1]].isinherited == False
- actual_registry_remove.user_details[test_sids.output[2]].isinherited == False
- registry_remove is changed
- actual_registry_remove.inherited == False
- actual_registry_remove.user_details[test_sids.output[0]].isinherited == False
- actual_registry_remove.user_details[test_sids.output[1]].isinherited == False
- actual_registry_remove.user_details[test_sids.output[2]].isinherited == False

- name: (registry) remove inheritance again
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_registry_path }}\folder'
reorganize: True
reorganize: true
state: absent
register: registry_remove_again

- name: (registry) assert remove inheritance again
ansible.builtin.assert:
that:
- registry_remove_again is not changed
- registry_remove_again is not changed

- name: (registry) add inheritance check
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_registry_path }}\folder'
reorganize: True
reorganize: true
state: present
register: registry_add_check
check_mode: True
check_mode: true

- name: (registry) get actual add inheritance check
test_get_acl:
Expand All @@ -315,16 +320,16 @@
- name: (registry) assert add inheritance check
ansible.builtin.assert:
that:
- registry_add_check is changed
- actual_registry_add_check.inherited == False
- actual_registry_add_check.user_details[test_sids.output[0]].isinherited == False
- actual_registry_add_check.user_details[test_sids.output[1]].isinherited == False
- actual_registry_add_check.user_details[test_sids.output[2]].isinherited == False
- registry_add_check is changed
- actual_registry_add_check.inherited == False
- actual_registry_add_check.user_details[test_sids.output[0]].isinherited == False
- actual_registry_add_check.user_details[test_sids.output[1]].isinherited == False
- actual_registry_add_check.user_details[test_sids.output[2]].isinherited == False

- name: (registry) add inheritance
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_registry_path }}\folder'
reorganize: True
reorganize: true
state: present
register: registry_add

Expand All @@ -336,31 +341,31 @@
- name: (registry) assert add inheritance
ansible.builtin.assert:
that:
- registry_add is changed
- actual_registry_add.inherited == True
- actual_registry_add.user_details[test_sids.output[0]].isinherited == True
- actual_registry_add.user_details[test_sids.output[1]].isinherited == True
- actual_registry_add.user_details[test_sids.output[2]].isinherited == True
- registry_add is changed
- actual_registry_add.inherited == True
- actual_registry_add.user_details[test_sids.output[0]].isinherited == True
- actual_registry_add.user_details[test_sids.output[1]].isinherited == True
- actual_registry_add.user_details[test_sids.output[2]].isinherited == True

- name: (registry) add inheritance again
ansible.windows.win_acl_inheritance:
path: '{{ test_win_acl_inheritance_registry_path }}\folder'
reorganize: True
reorganize: true
state: present
register: registry_add_again

- name: (registry) assert add inheritance again
ansible.builtin.assert:
that:
- registry_add_again is not changed
- registry_add_again is not changed

# Test cleanup
- name: remove test folder
- name: Remove test folder
ansible.windows.win_file:
path: '{{ test_win_acl_inheritance_path }}'
state: absent

- name: remove test registry key
- name: Remove test registry key
ansible.windows.win_regedit:
path: '{{ test_win_acl_inheritance_registry_path }}'
state: absent

0 comments on commit adf7c22

Please sign in to comment.