Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

win_secedit: Added module with tests/diff mode #26332

Merged
merged 5 commits into from Jul 14, 2017
Merged

win_secedit: Added module with tests/diff mode #26332

merged 5 commits into from Jul 14, 2017

Conversation

jborean93
Copy link
Contributor

SUMMARY

Added win_secedit module with the following supported

  • check mode
  • diff mode
  • integration tests
ISSUE TYPE
  • New Module Pull Request
COMPONENT NAME

win_secedit

ANSIBLE VERSION
ansible 2.4.0 (win_secedit-module 196d900df3) last updated 2017/07/03 08:09:07 (GMT +1000)
  config file = None
  configured module search path = [u'/home/jborean/.ansible/plugins/modules', u'/usr/share/ansible/plugins/modules']
  ansible python module location = /home/jborean/dev/ansible/lib/ansible
  executable location = /home/jborean/dev/ansible/bin/ansible
  python version = 2.7.13 (default, Jun 28 2017, 21:13:49) [GCC 6.3.1 20161221 (Red Hat 6.3.1-1)]
ADDITIONAL INFORMATION

This is a continuing of #22775 with tests/check and diff mode added.

@ansibot ansibot added affects_2.4 This issue/PR affects Ansible v2.4 community_review In order to be merged, this PR must follow the community review workflow. module This issue/PR relates to a module. needs_triage Needs a first human triage before being processed. new_module This PR includes a new module. new_plugin This PR includes a new plugin. support:community This issue/PR relates to code supported by the Ansible community. test_pull_requests windows Windows community labels Jul 2, 2017
@ansibot
Copy link
Contributor

ansibot commented Jul 2, 2017

The test ansible-test sanity --test shebang failed with the following error:

Command "test/sanity/code-smell/shebang.sh" returned exit status 1.
>>> Standard Output
./test/integration/targets/win_secedit/defaults/test_win_secedit.ps1:#!powershell
One or more file(s) listed above have an unexpected shebang.
See test/sanity/code-smell/shebang.sh for the list of acceptable values.

The test ansible-test sanity --test validate-modules failed with the following errors:

lib/ansible/modules/windows/win_secedit.py:0:0: E319 RETURN.before_value.type: not a valid value for dictionary value @ data['type']. Got 'string or int'
lib/ansible/modules/windows/win_secedit.py:0:0: E319 RETURN.value.type: not a valid value for dictionary value @ data['type']. Got 'string or int'

click here for bot help

@ansibot ansibot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. and removed community_review In order to be merged, this PR must follow the community review workflow. labels Jul 2, 2017
@ansibot
Copy link
Contributor

ansibot commented Jul 2, 2017

@SamLiu79 @timothyvandenbrande @ar7z1 @blakfeld @brianlloyd @chrishoffman @if-meaton @joshludwig @petemounce @schwartzmx @smadam813

As a maintainer of a module in the same namespace this new module has been submitted to, your vote counts for shipits. Please review this module and add shipit if you would like to see it merged.

click here for bot help

@ansibot ansibot added community_review In order to be merged, this PR must follow the community review workflow. and removed needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. labels Jul 2, 2017
@bcoca bcoca removed the needs_triage Needs a first human triage before being processed. label Jul 3, 2017
@dagwieers dagwieers mentioned this pull request Jul 5, 2017
Closed
@rndmh3ro rndmh3ro mentioned this pull request Jul 7, 2017
Closed
nitzmahone
nitzmahone requested changes Jul 12, 2017
View reviewed changes
Copy link
Member

@nitzmahone nitzmahone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking a rename would be good on this one (win_security_policy?). I was never really a fan of naming the modules after the utility they were built on (eg, win_regedit should've been win_registry). Couple other little things (pretty much same as win_user_right).

lib/ansible/modules/windows/win_secedit.py Outdated

DOCUMENTATION = r'''
---
module: win_secedit
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this be win_security_policy or something now?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Happy to change, the only reason I went this way as I wasn't sure if there were security policies that can't be edited by secedit. If that isn't the case I agree changing it is best.

lib/ansible/modules/windows/win_secedit.ps1 Outdated
# check the return code and if the file has been populated, otherwise error out
if (($export_result.rc -ne 0) -or ((Get-Item -Path $secedit_ini_path).Length -eq 0)) {
Remove-Item -Path $secedit_ini_path -Force
Fail-Json $result "Failed to export secedit.ini file to $($secedit_ini_path).`nRC: $($export_result.rc)`nSTDOUT: $($export_result.stdout)`nSTDERR: $($export_result.stderr)`nLOG: $($export_result.log)"
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same comment from win_user_right WRT: discrete return keys for these instead of all in msg? Could see either way...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That makes sense, I think I went this way as older Ansible versions just ignored attributes for $result, them being there now makes sense.

lib/ansible/modules/windows/win_secedit.py Outdated
'''

RETURN = r'''
before_value:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

redundant w/ diff mode?

lib/ansible/modules/windows/win_secedit.ps1 Outdated

# secedit doesn't error out on improper entries, re-export and verify
# the changes occurred
$export_result = Run-SecEdit -arguments @("/export", "/cfg", $secedit_ini_path, "/quiet")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as win_user_right: couldn't we just factor out the change detection, re-run, and fail on change?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep good idea.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could but then we loose the specific error around an invalid keys, I'll try and refactor common code but feel that error would be useful to have.

@ansibot ansibot added needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. support:core This issue/PR relates to code supported by the Ansible Engineering Team. and removed community_review In order to be merged, this PR must follow the community review workflow. module This issue/PR relates to a module. new_module This PR includes a new module. labels Jul 12, 2017
@dagwieers dagwieers mentioned this pull request Jul 12, 2017
Closed
@dagwieers
Copy link
Contributor

+label new_module

@ansibot ansibot added the new_module This PR includes a new module. label Jul 13, 2017
@ansibot ansibot removed the stale_ci This PR has been tested by CI more than one week ago. Close and re-open this PR to get it retested. label Jul 14, 2017
nitzmahone
nitzmahone reviewed Jul 14, 2017
View reviewed changes
lib/ansible/modules/windows/win_security_policy.py Outdated

EXAMPLES = r'''
- name: change the guest account name
win_secedit:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Examples need update to reflect rename

@nitzmahone nitzmahone merged commit 8e05d7d into ansible:devel Jul 14, 2017
AlanCoding pushed a commit to AlanCoding/ansible that referenced this pull request Jul 18, 2017
@jborean93 @AlanCoding
win_secedit: Added module with tests/diff mode (ansible#26332)
5d2e229 
* win_secedit: Added module with tests/diff mode

* fixed up test issues

* Added missing return value

* change for win_secedit based on review

* updated win_security_policy examples for rename
@jborean93 jborean93 deleted the win_secedit-module branch July 19, 2017 01:43
@ansible ansible locked and limited conversation to collaborators Apr 26, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@nitzmahone nitzmahone nitzmahone approved these changes

Assignees
No one assigned
Labels
affects_2.4 This issue/PR affects Ansible v2.4 needs_revision This PR fails CI tests or a maintainer has requested a review/revision of the PR. new_module This PR includes a new module. new_plugin This PR includes a new plugin. support:community This issue/PR relates to code supported by the Ansible community. support:core This issue/PR relates to code supported by the Ansible Engineering Team. windows Windows community
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@jborean93 @ansibot @dagwieers @nitzmahone @bcoca