inspec/test/unit/resources/security_policy_test.rb

require "helper"
require "inspec/resource"
require "inspec/resources/security_policy"

describe "Inspec::Resources::SecurityPolicy" do
  it "verify processes resource" do
    resource = load_resource("security_policy")
    Process.expects(:pid).returns("abc123")

    _(resource.MaximumPasswordAge).must_equal 42
    _(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_equal "4,0"
    _(resource.SeUndockPrivilege).must_equal ["S-1-5-32-544"]
    _(resource.SeRemoteInteractiveLogonRight).must_equal ["S-1-5-32-544", "S-1-5-32-555"]
    _(resource.SeServiceLogonRight).must_equal %w{ DB2ADMNS db2admin }
  end

  it "parse empty policy file" do
    resource = load_resource("security_policy")
    Process.expects(:pid).returns("abc123")
    backend = resource.inspec.backend
    backend.commands["Get-Content win_secpol-abc123.cfg"] = backend.mock_command("", "", "", 0)

    _(resource.MaximumPasswordAge).must_be_nil
    _(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_be_nil
    _(resource.SeUndockPrivilege).must_equal []
    _(resource.SeRemoteInteractiveLogonRight).must_equal []
  end

  it "verify sids are successfully translated or returned SID" do
    resource = load_resource("security_policy", translate_sid: true)
    Process.expects(:pid).returns("abc123")

    _(resource.MaximumPasswordAge).must_equal 42
    _(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_equal "4,0"
    _(resource.SeUndockPrivilege).must_equal ["BUILTIN\\Administrators"]
    _(resource.SeRemoteInteractiveLogonRight).must_equal ["BUILTIN\\Administrators", "S-1-5-32-555"]
    _(resource.SeServiceLogonRight).must_equal %w{ DB2ADMNS db2admin }
  end
end
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`require "helper"`
			`require "inspec/resource"`
			`require "inspec/resources/security_policy"`
implement security policy resource tests 2015-09-05 16:23:13 +00:00
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`describe "Inspec::Resources::SecurityPolicy" do`
			`it "verify processes resource" do`
			`resource = load_resource("security_policy")`
			`Process.expects(:pid).returns("abc123")`
Unique export file for security policy resource (#2350) * Add a unique export for security policy resource. Signed-off-by: Jared Quick <jquick@chef.io> * Remove skip resource on empty policy file. Signed-off-by: Jared Quick <jquick@chef.io> 2017-11-29 14:16:40 +00:00
simplify unit tests 2015-09-22 16:33:05 +00:00			`_(resource.MaximumPasswordAge).must_equal 42`
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`_(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_equal "4,0"`
use simple config for security policy resource 2016-09-11 11:43:36 +00:00			`_(resource.SeUndockPrivilege).must_equal ["S-1-5-32-544"]`
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`_(resource.SeRemoteInteractiveLogonRight).must_equal ["S-1-5-32-544", "S-1-5-32-555"]`
Fix for security_policy resource does not return array for local groups Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> 2021-08-26 10:04:42 +00:00			`_(resource.SeServiceLogonRight).must_equal %w{ DB2ADMNS db2admin }`
implement security policy resource tests 2015-09-05 16:23:13 +00:00			`end`
Unique export file for security policy resource (#2350) * Add a unique export for security policy resource. Signed-off-by: Jared Quick <jquick@chef.io> * Remove skip resource on empty policy file. Signed-off-by: Jared Quick <jquick@chef.io> 2017-11-29 14:16:40 +00:00
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`it "parse empty policy file" do`
			`resource = load_resource("security_policy")`
			`Process.expects(:pid).returns("abc123")`
Unique export file for security policy resource (#2350) * Add a unique export for security policy resource. Signed-off-by: Jared Quick <jquick@chef.io> * Remove skip resource on empty policy file. Signed-off-by: Jared Quick <jquick@chef.io> 2017-11-29 14:16:40 +00:00			`backend = resource.inspec.backend`
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`backend.commands["Get-Content win_secpol-abc123.cfg"] = backend.mock_command("", "", "", 0)`
Unique export file for security policy resource (#2350) * Add a unique export for security policy resource. Signed-off-by: Jared Quick <jquick@chef.io> * Remove skip resource on empty policy file. Signed-off-by: Jared Quick <jquick@chef.io> 2017-11-29 14:16:40 +00:00
			`_(resource.MaximumPasswordAge).must_be_nil`
			`_(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_be_nil`
			`_(resource.SeUndockPrivilege).must_equal []`
			`_(resource.SeRemoteInteractiveLogonRight).must_equal []`
			`end`
Update security_policy resource to return Names, not SIDs (#2462) * Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch) Signed-off-by: ViolentOr <github@violentor.me> * fixed errors Signed-off-by: ViolentOr <github@violentor.me> * changed pars to opts * renameg temp variable Signed-off-by: ViolentOr <github@violentor.me> * Required tests added Signed-off-by: ViolentOr <github@violentor.me> * fixed mistype Signed-off-by: ViolentOr <github@violentor.me> * should not copy-paste. Signed-off-by: ViolentOr <github@violentor.me> * replaced empty call with empty file Signed-off-by: ViolentOr <github@violentor.me> * tests fixed. Signed-off-by: ViolentOr <github@violentor.me> * grouped command mocks related to the security_policy resource Signed-off-by: ViolentOr <github@violentor.me> * bacgitend -> backend Signed-off-by: ViolentOr <github@violentor.me> 2018-01-23 20:31:57 +00:00
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`it "verify sids are successfully translated or returned SID" do`
			`resource = load_resource("security_policy", translate_sid: true)`
			`Process.expects(:pid).returns("abc123")`
Update security_policy resource to return Names, not SIDs (#2462) * Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch) Signed-off-by: ViolentOr <github@violentor.me> * fixed errors Signed-off-by: ViolentOr <github@violentor.me> * changed pars to opts * renameg temp variable Signed-off-by: ViolentOr <github@violentor.me> * Required tests added Signed-off-by: ViolentOr <github@violentor.me> * fixed mistype Signed-off-by: ViolentOr <github@violentor.me> * should not copy-paste. Signed-off-by: ViolentOr <github@violentor.me> * replaced empty call with empty file Signed-off-by: ViolentOr <github@violentor.me> * tests fixed. Signed-off-by: ViolentOr <github@violentor.me> * grouped command mocks related to the security_policy resource Signed-off-by: ViolentOr <github@violentor.me> * bacgitend -> backend Signed-off-by: ViolentOr <github@violentor.me> 2018-01-23 20:31:57 +00:00
			`_(resource.MaximumPasswordAge).must_equal 42`
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`_(resource.send('MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Setup\RecoveryConsole\SecurityLevel')).must_equal "4,0"`
Update security_policy resource to return Names, not SIDs (#2462) * Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch) Signed-off-by: ViolentOr <github@violentor.me> * fixed errors Signed-off-by: ViolentOr <github@violentor.me> * changed pars to opts * renameg temp variable Signed-off-by: ViolentOr <github@violentor.me> * Required tests added Signed-off-by: ViolentOr <github@violentor.me> * fixed mistype Signed-off-by: ViolentOr <github@violentor.me> * should not copy-paste. Signed-off-by: ViolentOr <github@violentor.me> * replaced empty call with empty file Signed-off-by: ViolentOr <github@violentor.me> * tests fixed. Signed-off-by: ViolentOr <github@violentor.me> * grouped command mocks related to the security_policy resource Signed-off-by: ViolentOr <github@violentor.me> * bacgitend -> backend Signed-off-by: ViolentOr <github@violentor.me> 2018-01-23 20:31:57 +00:00			`_(resource.SeUndockPrivilege).must_equal ["BUILTIN\\Administrators"]`
blindly applied chefstyle -a Signed-off-by: Ryan Davis <zenspider@chef.io> 2019-06-11 22:24:35 +00:00			`_(resource.SeRemoteInteractiveLogonRight).must_equal ["BUILTIN\\Administrators", "S-1-5-32-555"]`
Fix for security_policy resource does not return array for local groups Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io> 2021-08-26 10:04:42 +00:00			`_(resource.SeServiceLogonRight).must_equal %w{ DB2ADMNS db2admin }`
Update security_policy resource to return Names, not SIDs (#2462) * Added possibility to translate SID to human-readable name (using 'translate_sid: true' switch) Signed-off-by: ViolentOr <github@violentor.me> * fixed errors Signed-off-by: ViolentOr <github@violentor.me> * changed pars to opts * renameg temp variable Signed-off-by: ViolentOr <github@violentor.me> * Required tests added Signed-off-by: ViolentOr <github@violentor.me> * fixed mistype Signed-off-by: ViolentOr <github@violentor.me> * should not copy-paste. Signed-off-by: ViolentOr <github@violentor.me> * replaced empty call with empty file Signed-off-by: ViolentOr <github@violentor.me> * tests fixed. Signed-off-by: ViolentOr <github@violentor.me> * grouped command mocks related to the security_policy resource Signed-off-by: ViolentOr <github@violentor.me> * bacgitend -> backend Signed-off-by: ViolentOr <github@violentor.me> 2018-01-23 20:31:57 +00:00			`end`
implement security policy resource tests 2015-09-05 16:23:13 +00:00			`end`