summaryrefslogtreecommitdiffstats
path: root/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil
diff options
context:
space:
mode:
Diffstat (limited to 'test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil')
-rw-r--r--test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/aliases3
-rw-r--r--test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/library/privilege_util_test.ps1113
-rw-r--r--test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/tasks/main.yml8
3 files changed, 124 insertions, 0 deletions
diff --git a/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/aliases b/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/aliases
new file mode 100644
index 0000000..cf71478
--- /dev/null
+++ b/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/aliases
@@ -0,0 +1,3 @@
+windows
+shippable/windows/group1
+shippable/windows/smoketest
diff --git a/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/library/privilege_util_test.ps1 b/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/library/privilege_util_test.ps1
new file mode 100644
index 0000000..414b80a
--- /dev/null
+++ b/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/library/privilege_util_test.ps1
@@ -0,0 +1,113 @@
+#!powershell
+
+#AnsibleRequires -CSharpUtil Ansible.Basic
+#Requires -Module Ansible.ModuleUtils.PrivilegeUtil
+
+$module = [Ansible.Basic.AnsibleModule]::Create($args, @{})
+
+Function Assert-Equal($actual, $expected) {
+ if ($actual -cne $expected) {
+ $call_stack = (Get-PSCallStack)[1]
+ $module.Result.actual = $actual
+ $module.Result.expected = $expected
+ $module.Result.line = $call_stack.ScriptLineNumber
+ $module.Result.method = $call_stack.Position.Text
+ $module.FailJson("AssertionError: actual != expected")
+ }
+}
+
+# taken from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants
+$total_privileges = @(
+ "SeAssignPrimaryTokenPrivilege",
+ "SeAuditPrivilege",
+ "SeBackupPrivilege",
+ "SeChangeNotifyPrivilege",
+ "SeCreateGlobalPrivilege",
+ "SeCreatePagefilePrivilege",
+ "SeCreatePermanentPrivilege",
+ "SeCreateSymbolicLinkPrivilege",
+ "SeCreateTokenPrivilege",
+ "SeDebugPrivilege",
+ "SeEnableDelegationPrivilege",
+ "SeImpersonatePrivilege",
+ "SeIncreaseBasePriorityPrivilege",
+ "SeIncreaseQuotaPrivilege",
+ "SeIncreaseWorkingSetPrivilege",
+ "SeLoadDriverPrivilege",
+ "SeLockMemoryPrivilege",
+ "SeMachineAccountPrivilege",
+ "SeManageVolumePrivilege",
+ "SeProfileSingleProcessPrivilege",
+ "SeRelabelPrivilege",
+ "SeRemoteShutdownPrivilege",
+ "SeRestorePrivilege",
+ "SeSecurityPrivilege",
+ "SeShutdownPrivilege",
+ "SeSyncAgentPrivilege",
+ "SeSystemEnvironmentPrivilege",
+ "SeSystemProfilePrivilege",
+ "SeSystemtimePrivilege",
+ "SeTakeOwnershipPrivilege",
+ "SeTcbPrivilege",
+ "SeTimeZonePrivilege",
+ "SeTrustedCredManAccessPrivilege",
+ "SeUndockPrivilege"
+)
+
+$raw_privilege_output = &whoami /priv | Where-Object { $_.StartsWith("Se") }
+$actual_privileges = @{}
+foreach ($raw_privilege in $raw_privilege_output) {
+ $split = $raw_privilege.TrimEnd() -split " "
+ $actual_privileges."$($split[0])" = ($split[-1] -eq "Enabled")
+}
+$process = [Ansible.Privilege.PrivilegeUtil]::GetCurrentProcess()
+
+### Test PS cmdlets ###
+# test ps Get-AnsiblePrivilege
+foreach ($privilege in $total_privileges) {
+ $expected = $null
+ if ($actual_privileges.ContainsKey($privilege)) {
+ $expected = $actual_privileges.$privilege
+ }
+ $actual = Get-AnsiblePrivilege -Name $privilege
+ Assert-Equal -actual $actual -expected $expected
+}
+
+# test c# GetAllPrivilegeInfo
+$actual = [Ansible.Privilege.PrivilegeUtil]::GetAllPrivilegeInfo($process)
+Assert-Equal -actual $actual.GetType().Name -expected 'Dictionary`2'
+Assert-Equal -actual $actual.Count -expected $actual_privileges.Count
+foreach ($privilege in $total_privileges) {
+ if ($actual_privileges.ContainsKey($privilege)) {
+ $actual_value = $actual.$privilege
+ if ($actual_privileges.$privilege) {
+ Assert-Equal -actual $actual_value.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled) -expected $true
+ }
+ else {
+ Assert-Equal -actual $actual_value.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled) -expected $false
+ }
+ }
+}
+
+# test Set-AnsiblePrivilege
+Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false # ensure we start with a disabled privilege
+
+Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $true -WhatIf
+$actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
+Assert-Equal -actual $actual -expected $false
+
+Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $true
+$actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
+Assert-Equal -actual $actual -expected $true
+
+Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false -WhatIf
+$actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
+Assert-Equal -actual $actual -expected $true
+
+Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false
+$actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
+Assert-Equal -actual $actual -expected $false
+
+$module.Result.data = "success"
+$module.ExitJson()
+
diff --git a/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/tasks/main.yml b/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/tasks/main.yml
new file mode 100644
index 0000000..5f54480
--- /dev/null
+++ b/test/integration/targets/module_utils_Ansible.ModuleUtils.PrivilegeUtil/tasks/main.yml
@@ -0,0 +1,8 @@
+---
+- name: call module with PrivilegeUtil tests
+ privilege_util_test:
+ register: privilege_util_test
+
+- assert:
+ that:
+ - privilege_util_test.data == 'success'
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-20 14:57:10 +0000