Windows Privileges - moved util code to it's own C# util (#48897)

* Windows Privileges - moved util code to it's own C# util * Rename Enabler class to PrivilegeEnabler to remove ambiguity * rename Utils to PrivilegeUtil * fix missing util name changes
2026-05-07 05:42:50 +00:00 · 2018-12-14 12:00:46 +10:00
parent 695feea541
commit 4019d4f6d1
9 changed files with 811 additions and 488 deletions
--- a/test/integration/targets/win_module_utils/library/privilege_util_test.ps1
+++ b/test/integration/targets/win_module_utils/library/privilege_util_test.ps1
@@ -1,21 +1,18 @@
 #!powershell

-#Requires -Module Ansible.ModuleUtils.Legacy
+#AnsibleRequires -CSharpUtil Ansible.Basic
 #Requires -Module Ansible.ModuleUtils.PrivilegeUtil

-$ErrorActionPreference = "Stop"
-
-$result = @{
-    changed = $false
-}
-
-Import-PrivilegeUtil
+$module = [Ansible.Basic.AnsibleModule]::Create($args, @{})

 Function Assert-Equals($actual, $expected) {
    if ($actual -cne $expected) {
        $call_stack = (Get-PSCallStack)[1]
-        $error_msg = "AssertionError:`r`nActual: `"$actual`" != Expected: `"$expected`"`r`nLine: $($call_stack.ScriptLineNumber), Method: $($call_stack.Position.Text)"
-        Fail-Json -obj $result -message $error_msg
+        $module.Result.actual = $actual
+        $module.Result.expected = $expected
+        $module.Result.line = $call_stack.ScriptLineNumber
+        $module.Result.method = $call_stack.Position.Text
+        $module.FailJson("AssertionError: actual != expected")
    }
 }

@@ -63,11 +60,7 @@ foreach ($raw_privilege in $raw_privilege_output) {
    $split = $raw_privilege.TrimEnd() -split " "
    $actual_privileges."$($split[0])" = ($split[-1] -eq "Enabled")
 }
-$process = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess()
-
-### Test variables ###
-Assert-Equals -actual ($ansible_privilege_util_namespaces -is [array]) -expected $true
-Assert-Equals -actual ($ansible_privilege_util_code -is [String]) -expected $true
+$process = [Ansible.Privilege.PrivilegeUtil]::GetCurrentProcess()

 ### Test PS cmdlets ###
 # test ps Get-AnsiblePrivilege
@@ -81,16 +74,16 @@ foreach ($privilege in $total_privileges) {
 }

 # test c# GetAllPrivilegeInfo
-$actual = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process)
+$actual = [Ansible.Privilege.PrivilegeUtil]::GetAllPrivilegeInfo($process)
 Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
 Assert-Equals -actual $actual.Count -expected $actual_privileges.Count
 foreach ($privilege in $total_privileges) {
    if ($actual_privileges.ContainsKey($privilege)) {
        $actual_value = $actual.$privilege
        if ($actual_privileges.$privilege) {
-            Assert-Equals -actual $actual_value.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) -expected $true
+            Assert-Equals -actual $actual_value.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled) -expected $true
        } else {
-            Assert-Equals -actual $actual_value.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) -expected $false
+            Assert-Equals -actual $actual_value.HasFlag([Ansible.Privilege.PrivilegeAttributes]::Enabled) -expected $false
        }
    }
 }
@@ -114,51 +107,6 @@ Set-AnsiblePrivilege -Name SeUndockPrivilege -Value $false
 $actual = Get-AnsiblePrivilege -Name SeUndockPrivilege
 Assert-Equals -actual $actual -expected $false

-### Test C# code ###
-# test CheckPrivilegeName
-Assert-Equals -actual ([Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($total_privileges[0])) -expected $true
-Assert-Equals -actual ([Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName("SeFake")) -expected $false
+$module.Result.data = "success"
+$module.ExitJson()

-# test DisablePrivilege
-# ensure we start in an enabled state
-Set-AnsiblePrivilege -Name SeTimeZonePrivilege -Value $true
-$actual = [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, "SeTimeZonePrivilege")
-Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
-Assert-Equals -actual $actual.Count -expected 1
-Assert-Equals -actual $actual.SeTimeZonePrivilege -expected $true
-
-$actual = [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, "SeTimeZonePrivilege")
-Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
-Assert-Equals -actual $actual.Count -expected 0
-
-# test DisableAllPrivileges
-$actual_disable_all = [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process)
-Assert-Equals -actual $actual_disable_all.GetType().Name -expected 'Dictionary`2'
-
-$actual = [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process)
-Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
-Assert-Equals -actual $actual.Count -expected 0
-
-# test EnablePrivilege
-$actual = [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, "SeTimeZonePrivilege")
-Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
-Assert-Equals -actual $actual.Count -expected 1
-Assert-Equals -actual $actual.SeTimeZonePrivilege -expected $false
-
-$actual = [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, "SeTimeZonePrivilege")
-Assert-Equals -actual $actual.GetType().Name -expected 'Dictionary`2'
-Assert-Equals -actual $actual.Count -expected 0
-
-# test SetTokenPrivileges
-$actual = [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $actual_disable_all)
-Assert-Equals -actual $actual_disable_all.GetType().Name -expected 'Dictionary`2'
-Assert-Equals -actual $actual.ContainsKey("SeTimeZonePrivilege") -expected $false
-Assert-Equals -actual $actual.Count -expected $actual_disable_all.Count
-
-# test RemovePrivilege
-[Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, "SeTimeZonePrivilege")
-$actual = Get-AnsiblePrivilege -Name SeTimeZonePrivilege
-Assert-Equals -actual $actual -expected $null
-
-$result.data = "success"
-Exit-Json -obj $result