golden hour
/opt/saltstack/salt/lib/python3.10/site-packages/salt/states
⬆️ Go Up
Upload
File/Folder
Size
Actions
__init__.py
25 B
Del
OK
__pycache__
-
Del
OK
acme.py
5.08 KB
Del
OK
alias.py
2.49 KB
Del
OK
alternatives.py
6.75 KB
Del
OK
ansiblegate.py
7.93 KB
Del
OK
apache.py
3.95 KB
Del
OK
apache_conf.py
2.72 KB
Del
OK
apache_module.py
2.73 KB
Del
OK
apache_site.py
2.66 KB
Del
OK
aptpkg.py
1.42 KB
Del
OK
archive.py
68.24 KB
Del
OK
artifactory.py
6.84 KB
Del
OK
at.py
7.48 KB
Del
OK
augeas.py
10.57 KB
Del
OK
aws_sqs.py
2.59 KB
Del
OK
azurearm_compute.py
11.78 KB
Del
OK
azurearm_dns.py
26.05 KB
Del
OK
azurearm_network.py
89.12 KB
Del
OK
azurearm_resource.py
28.23 KB
Del
OK
beacon.py
7.58 KB
Del
OK
bigip.py
96.63 KB
Del
OK
blockdev.py
5.13 KB
Del
OK
boto3_elasticache.py
48.01 KB
Del
OK
boto3_elasticsearch.py
32.58 KB
Del
OK
boto3_route53.py
37.54 KB
Del
OK
boto3_sns.py
12.69 KB
Del
OK
boto_apigateway.py
82.83 KB
Del
OK
boto_asg.py
31.93 KB
Del
OK
boto_cfn.py
11.53 KB
Del
OK
boto_cloudfront.py
6.01 KB
Del
OK
boto_cloudtrail.py
13.18 KB
Del
OK
boto_cloudwatch_alarm.py
6.4 KB
Del
OK
boto_cloudwatch_event.py
12.33 KB
Del
OK
boto_cognitoidentity.py
13.69 KB
Del
OK
boto_datapipeline.py
18.5 KB
Del
OK
boto_dynamodb.py
29.32 KB
Del
OK
boto_ec2.py
71.98 KB
Del
OK
boto_elasticache.py
16.75 KB
Del
OK
boto_elasticsearch_domain.py
12.27 KB
Del
OK
boto_elb.py
55.1 KB
Del
OK
boto_elbv2.py
12.19 KB
Del
OK
boto_iam.py
69.16 KB
Del
OK
boto_iam_role.py
27.12 KB
Del
OK
boto_iot.py
25.33 KB
Del
OK
boto_kinesis.py
16.69 KB
Del
OK
boto_kms.py
12.11 KB
Del
OK
boto_lambda.py
35.52 KB
Del
OK
boto_lc.py
11.04 KB
Del
OK
boto_rds.py
26 KB
Del
OK
boto_route53.py
19.49 KB
Del
OK
boto_s3.py
9.32 KB
Del
OK
boto_s3_bucket.py
24.67 KB
Del
OK
boto_secgroup.py
32.62 KB
Del
OK
boto_sns.py
8.92 KB
Del
OK
boto_sqs.py
7.97 KB
Del
OK
boto_vpc.py
62.23 KB
Del
OK
bower.py
8.26 KB
Del
OK
btrfs.py
10.34 KB
Del
OK
cabal.py
5.73 KB
Del
OK
ceph.py
1.9 KB
Del
OK
chef.py
3.76 KB
Del
OK
chocolatey.py
16.15 KB
Del
OK
chronos_job.py
4.6 KB
Del
OK
cimc.py
14.32 KB
Del
OK
cisconso.py
3.14 KB
Del
OK
cloud.py
14.4 KB
Del
OK
cmd.py
40.92 KB
Del
OK
composer.py
8.38 KB
Del
OK
consul.py
5.4 KB
Del
OK
cron.py
23.39 KB
Del
OK
cryptdev.py
6.17 KB
Del
OK
csf.py
9.98 KB
Del
OK
cyg.py
7.05 KB
Del
OK
ddns.py
4.2 KB
Del
OK
debconfmod.py
6.33 KB
Del
OK
dellchassis.py
24.49 KB
Del
OK
disk.py
6.49 KB
Del
OK
docker_container.py
85.27 KB
Del
OK
docker_image.py
16.7 KB
Del
OK
docker_network.py
36.78 KB
Del
OK
docker_volume.py
6.72 KB
Del
OK
drac.py
4.17 KB
Del
OK
dvs.py
26.29 KB
Del
OK
elasticsearch.py
20.38 KB
Del
OK
elasticsearch_index.py
3.25 KB
Del
OK
elasticsearch_index_template.py
3.67 KB
Del
OK
environ.py
5.81 KB
Del
OK
eselect.py
2.27 KB
Del
OK
esxcluster.py
22.4 KB
Del
OK
esxdatacenter.py
4.44 KB
Del
OK
esxi.py
63.07 KB
Del
OK
esxvm.py
20.11 KB
Del
OK
etcd_mod.py
11 KB
Del
OK
ethtool.py
9.88 KB
Del
OK
event.py
2.48 KB
Del
OK
file.py
316.7 KB
Del
OK
firewall.py
1.33 KB
Del
OK
firewalld.py
26.08 KB
Del
OK
gem.py
7.13 KB
Del
OK
git.py
123.85 KB
Del
OK
github.py
27.25 KB
Del
OK
glance_image.py
2.26 KB
Del
OK
glassfish.py
21.47 KB
Del
OK
glusterfs.py
12.21 KB
Del
OK
gnomedesktop.py
7.47 KB
Del
OK
gpg.py
5.28 KB
Del
OK
grafana.py
12.11 KB
Del
OK
grafana4_dashboard.py
17.31 KB
Del
OK
grafana4_datasource.py
6.15 KB
Del
OK
grafana4_org.py
7.73 KB
Del
OK
grafana4_user.py
5.52 KB
Del
OK
grafana_dashboard.py
17.74 KB
Del
OK
grafana_datasource.py
5.31 KB
Del
OK
grains.py
15.57 KB
Del
OK
group.py
9.84 KB
Del
OK
heat.py
9.69 KB
Del
OK
helm.py
10.39 KB
Del
OK
hg.py
6.33 KB
Del
OK
highstate_doc.py
1.41 KB
Del
OK
host.py
8.64 KB
Del
OK
http.py
7.46 KB
Del
OK
icinga2.py
9.07 KB
Del
OK
idem.py
3.91 KB
Del
OK
ifttt.py
2.12 KB
Del
OK
incron.py
5.71 KB
Del
OK
influxdb08_database.py
2.85 KB
Del
OK
influxdb08_user.py
3.39 KB
Del
OK
influxdb_continuous_query.py
2.83 KB
Del
OK
influxdb_database.py
2.11 KB
Del
OK
influxdb_retention_policy.py
4.82 KB
Del
OK
influxdb_user.py
4.84 KB
Del
OK
infoblox_a.py
4.24 KB
Del
OK
infoblox_cname.py
4.19 KB
Del
OK
infoblox_host_record.py
6.59 KB
Del
OK
infoblox_range.py
6.85 KB
Del
OK
ini_manage.py
12.67 KB
Del
OK
ipmi.py
8.42 KB
Del
OK
ipset.py
9.66 KB
Del
OK
iptables.py
27.65 KB
Del
OK
jboss7.py
23.95 KB
Del
OK
jenkins.py
3.36 KB
Del
OK
junos.py
17.78 KB
Del
OK
kapacitor.py
6.46 KB
Del
OK
kernelpkg.py
6.42 KB
Del
OK
keyboard.py
2.01 KB
Del
OK
keystone.py
27.12 KB
Del
OK
keystone_domain.py
2.81 KB
Del
OK
keystone_endpoint.py
4.69 KB
Del
OK
keystone_group.py
3.25 KB
Del
OK
keystone_project.py
3.36 KB
Del
OK
keystone_role.py
2.33 KB
Del
OK
keystone_role_grant.py
4.08 KB
Del
OK
keystone_service.py
2.89 KB
Del
OK
keystone_user.py
3.47 KB
Del
OK
keystore.py
5.67 KB
Del
OK
kmod.py
8.59 KB
Del
OK
kubernetes.py
24.87 KB
Del
OK
layman.py
2.44 KB
Del
OK
ldap.py
19.78 KB
Del
OK
libcloud_dns.py
5.7 KB
Del
OK
libcloud_loadbalancer.py
5.66 KB
Del
OK
libcloud_storage.py
5.13 KB
Del
OK
linux_acl.py
24.42 KB
Del
OK
locale.py
2.52 KB
Del
OK
logadm.py
4.67 KB
Del
OK
logrotate.py
3.86 KB
Del
OK
loop.py
7.74 KB
Del
OK
lvm.py
13.33 KB
Del
OK
lvs_server.py
6.28 KB
Del
OK
lvs_service.py
4.38 KB
Del
OK
lxc.py
22.17 KB
Del
OK
lxd.py
7.88 KB
Del
OK
lxd_container.py
22.25 KB
Del
OK
lxd_image.py
10.59 KB
Del
OK
lxd_profile.py
7.11 KB
Del
OK
mac_assistive.py
1.55 KB
Del
OK
mac_keychain.py
5.59 KB
Del
OK
mac_xattr.py
3.15 KB
Del
OK
macdefaults.py
2.65 KB
Del
OK
macpackage.py
6.76 KB
Del
OK
makeconf.py
6.87 KB
Del
OK
marathon_app.py
4.45 KB
Del
OK
mdadm_raid.py
6.41 KB
Del
OK
memcached.py
3.95 KB
Del
OK
modjk.py
2.84 KB
Del
OK
modjk_worker.py
6.49 KB
Del
OK
module.py
18.64 KB
Del
OK
mongodb_database.py
1.65 KB
Del
OK
mongodb_user.py
6.26 KB
Del
OK
monit.py
2.68 KB
Del
OK
mount.py
50.32 KB
Del
OK
mssql_database.py
3 KB
Del
OK
mssql_login.py
3.64 KB
Del
OK
mssql_role.py
2.37 KB
Del
OK
mssql_user.py
3.51 KB
Del
OK
msteams.py
2.53 KB
Del
OK
mysql_database.py
6.05 KB
Del
OK
mysql_grants.py
8.49 KB
Del
OK
mysql_query.py
13.07 KB
Del
OK
mysql_user.py
9.51 KB
Del
OK
net_napalm_yang.py
9.15 KB
Del
OK
netacl.py
31.92 KB
Del
OK
netconfig.py
33.42 KB
Del
OK
netntp.py
12.51 KB
Del
OK
netsnmp.py
11.33 KB
Del
OK
netusers.py
16.1 KB
Del
OK
network.py
23.97 KB
Del
OK
neutron_network.py
3.96 KB
Del
OK
neutron_secgroup.py
4 KB
Del
OK
neutron_secgroup_rule.py
4.75 KB
Del
OK
neutron_subnet.py
4.29 KB
Del
OK
nexus.py
4.97 KB
Del
OK
nfs_export.py
4.92 KB
Del
OK
nftables.py
19.5 KB
Del
OK
npm.py
11.21 KB
Del
OK
ntp.py
2.12 KB
Del
OK
nxos.py
10.37 KB
Del
OK
nxos_upgrade.py
3.5 KB
Del
OK
openstack_config.py
3.26 KB
Del
OK
openvswitch_bridge.py
4.36 KB
Del
OK
openvswitch_db.py
2.24 KB
Del
OK
openvswitch_port.py
17.24 KB
Del
OK
opsgenie.py
4.07 KB
Del
OK
pagerduty.py
1.89 KB
Del
OK
pagerduty_escalation_policy.py
5.42 KB
Del
OK
pagerduty_schedule.py
6.09 KB
Del
OK
pagerduty_service.py
3.93 KB
Del
OK
pagerduty_user.py
1.18 KB
Del
OK
panos.py
48.13 KB
Del
OK
pbm.py
20.46 KB
Del
OK
pcs.py
36.46 KB
Del
OK
pdbedit.py
3.43 KB
Del
OK
pecl.py
3.65 KB
Del
OK
pip_state.py
38.55 KB
Del
OK
pkg.py
138.08 KB
Del
OK
pkgbuild.py
11.37 KB
Del
OK
pkgng.py
685 B
Del
OK
pkgrepo.py
27.53 KB
Del
OK
portage_config.py
5.01 KB
Del
OK
ports.py
5.65 KB
Del
OK
postgres_cluster.py
4.19 KB
Del
OK
postgres_database.py
6.08 KB
Del
OK
postgres_extension.py
5.68 KB
Del
OK
postgres_group.py
8.52 KB
Del
OK
postgres_initdb.py
2.84 KB
Del
OK
postgres_language.py
3.94 KB
Del
OK
postgres_privileges.py
7.86 KB
Del
OK
postgres_schema.py
4.34 KB
Del
OK
postgres_tablespace.py
6.62 KB
Del
OK
postgres_user.py
9.49 KB
Del
OK
powerpath.py
2.34 KB
Del
OK
probes.py
15.06 KB
Del
OK
process.py
1.32 KB
Del
OK
proxy.py
4.94 KB
Del
OK
pushover.py
3.13 KB
Del
OK
pyenv.py
6.07 KB
Del
OK
pyrax_queues.py
2.97 KB
Del
OK
quota.py
1.4 KB
Del
OK
rabbitmq_cluster.py
1.84 KB
Del
OK
rabbitmq_plugin.py
2.77 KB
Del
OK
rabbitmq_policy.py
4.59 KB
Del
OK
rabbitmq_upstream.py
7.9 KB
Del
OK
rabbitmq_user.py
8.89 KB
Del
OK
rabbitmq_vhost.py
3.04 KB
Del
OK
rbac_solaris.py
6.67 KB
Del
OK
rbenv.py
7.36 KB
Del
OK
rdp.py
1.28 KB
Del
OK
redismod.py
4.76 KB
Del
OK
reg.py
19.22 KB
Del
OK
restconf.py
6.41 KB
Del
OK
rsync.py
4.45 KB
Del
OK
rvm.py
6.56 KB
Del
OK
salt_proxy.py
1.34 KB
Del
OK
saltmod.py
33.12 KB
Del
OK
saltutil.py
8.91 KB
Del
OK
schedule.py
12.47 KB
Del
OK
selinux.py
18.61 KB
Del
OK
serverdensity_device.py
6.41 KB
Del
OK
service.py
37.89 KB
Del
OK
slack.py
4.98 KB
Del
OK
smartos.py
44.83 KB
Del
OK
smtp.py
2.3 KB
Del
OK
snapper.py
7.24 KB
Del
OK
solrcloud.py
4.48 KB
Del
OK
splunk.py
4.32 KB
Del
OK
splunk_search.py
3.17 KB
Del
OK
sqlite3.py
14.7 KB
Del
OK
ssh_auth.py
19.57 KB
Del
OK
ssh_known_hosts.py
7.92 KB
Del
OK
stateconf.py
494 B
Del
OK
status.py
2.21 KB
Del
OK
statuspage.py
17.29 KB
Del
OK
supervisord.py
10.48 KB
Del
OK
svn.py
8.14 KB
Del
OK
sysctl.py
4.11 KB
Del
OK
sysfs.py
2.13 KB
Del
OK
syslog_ng.py
2.97 KB
Del
OK
sysrc.py
2.82 KB
Del
OK
telemetry_alert.py
7.04 KB
Del
OK
test.py
13.09 KB
Del
OK
testinframod.py
1.35 KB
Del
OK
timezone.py
3.42 KB
Del
OK
tls.py
1.81 KB
Del
OK
tomcat.py
9.72 KB
Del
OK
trafficserver.py
8.82 KB
Del
OK
tuned.py
3.32 KB
Del
OK
uptime.py
1.87 KB
Del
OK
user.py
38.63 KB
Del
OK
vagrant.py
11.4 KB
Del
OK
vault.py
3.28 KB
Del
OK
vbox_guest.py
4.05 KB
Del
OK
victorops.py
3.32 KB
Del
OK
virt.py
80.41 KB
Del
OK
virtualenv_mod.py
11.21 KB
Del
OK
webutil.py
3.89 KB
Del
OK
win_certutil.py
4.8 KB
Del
OK
win_dacl.py
7.96 KB
Del
OK
win_dism.py
14.97 KB
Del
OK
win_dns_client.py
8.32 KB
Del
OK
win_firewall.py
6.87 KB
Del
OK
win_iis.py
31.56 KB
Del
OK
win_lgpo.py
24.99 KB
Del
OK
win_lgpo_reg.py
10.96 KB
Del
OK
win_license.py
1.6 KB
Del
OK
win_network.py
14.18 KB
Del
OK
win_path.py
6.39 KB
Del
OK
win_pki.py
5.56 KB
Del
OK
win_powercfg.py
3.79 KB
Del
OK
win_servermanager.py
10.4 KB
Del
OK
win_shortcut.py
7.81 KB
Del
OK
win_smtp_server.py
10.01 KB
Del
OK
win_snmp.py
6.64 KB
Del
OK
win_system.py
13.78 KB
Del
OK
win_wua.py
16.27 KB
Del
OK
win_wusa.py
3.53 KB
Del
OK
winrepo.py
2.74 KB
Del
OK
wordpress.py
4.82 KB
Del
OK
x509.py
27.86 KB
Del
OK
x509_v2.py
64.78 KB
Del
OK
xml.py
1.75 KB
Del
OK
xmpp.py
2.61 KB
Del
OK
zabbix_action.py
9.35 KB
Del
OK
zabbix_host.py
27.25 KB
Del
OK
zabbix_hostgroup.py
5.64 KB
Del
OK
zabbix_mediatype.py
16.89 KB
Del
OK
zabbix_template.py
35.14 KB
Del
OK
zabbix_user.py
17.6 KB
Del
OK
zabbix_usergroup.py
9.64 KB
Del
OK
zabbix_usermacro.py
9.69 KB
Del
OK
zabbix_valuemap.py
8.11 KB
Del
OK
zcbuildout.py
5.16 KB
Del
OK
zenoss.py
2.89 KB
Del
OK
zfs.py
34.48 KB
Del
OK
zk_concurrency.py
5.81 KB
Del
OK
zone.py
46.48 KB
Del
OK
zookeeper.py
11.55 KB
Del
OK
zpool.py
13.4 KB
Del
OK
Edit: win_lgpo.py
r""" Manage Windows Local Group Policy ================================= .. versionadded:: 2016.11.0 This state module allows you to configure local Group Policy on Windows. You can ensure the setting of a single policy or multiple policies in one pass. Single policies must specify the policy name, the setting, and the policy class (Machine/User/Both). Here are some examples for setting a single policy setting. Example single policy configuration: .. code-block:: yaml Ensure Account Lockout Duration: lgpo.set: - name: Account lockout duration - setting: 90 - policy_class: Machine Example using abbreviated form: .. code-block:: yaml Account lockout duration: lgpo.set: - setting: 120 - policy_class: Machine It is also possible to set multiple policies in a single state. This is done by setting the settings under either `computer_policy` or `user_policy`. Here are some examples for setting multiple policy settings in a single state. Multiple policy configuration .. code-block:: yaml Company Local Group Policy: lgpo.set: - computer_policy: Deny log on locally: - Guest Account lockout duration: 120 Account lockout threshold: 10 Reset account lockout counter after: 120 Enforce password history: 24 Maximum password age: 60 Minimum password age: 1 Minimum password length: 14 Password must meet complexity requirements: Enabled Store passwords using reversible encryption: Disabled Configure Automatic Updates: Configure automatic updating: 4 - Auto download and schedule the intsall Scheduled install day: 7 - Every Saturday Scheduled install time: 17:00 Specify intranet Microsoft update service location: Set the intranet update service for detecting updates: http://mywsus Set the intranet statistics server: http://mywsus - user_policy: Do not process the legacy run list: Enabled .. code-block:: text server_policy: lgpo.set: - computer_policy: Maximum password age: 60 Minimum password age: 1 Minimum password length: 14 Account lockout duration: 120 Account lockout threshold: 10 Reset account lockout counter after: 120 Manage auditing and security log: - "BUILTIN\\Administrators" Replace a process level token: - "NT AUTHORITY\\NETWORK SERVICE" - "NT AUTHORITY\\LOCAL SERVICE" "Accounts: Guest account status": Disabled "Accounts: Rename guest account": Not_4_U "Audit: Audit the use of Backup and Restore privilege": Enabled "Interactive logon: Do not display last user name": Enabled "Network\\DNS Client\\Dynamic update": Disabled "System\\Logon\\Do not display the Getting Started welcome screen at logon": Enabled "Windows Components\\Remote Desktop Services\\Remote Desktop Session Host\\Connections\\Select RDP transport protocols": "Select Transport Type": "Use both UDP and TCP" "Windows Components\\Windows Update\\Allow Automatic Updates immediate installation": Enabled "Windows Components\\Windows Update\\Allow non-administrators to receive update notifications": Disabled "Windows Components\\Windows Update\\Always automatically restart at the scheduled time": "The restart timer will give users this much time to save their work (minutes)": 15 "Windows Components\\Windows Update\\Automatic Updates detection frequency": "Check for updates at the following interval (hours)": 1 "Windows Components\\Windows Update\\Configure Automatic Updates": "Configure automatic updating": 4 - Auto download and schedule the install "Install during automatic maintenance": False "Scheduled install day": 7 - Every Saturday "Scheduled install time": "17:00" "Windows Components\\Windows Update\\Delay Restart for scheduled installations": "Wait the following period before proceeding with a scheduled restart (minutes)": 1 "Windows Components\\Windows Update\\No auto-restart with logged on users for scheduled automatic updates installations": Disabled "Windows Components\\Windows Update\\Re-prompt for restart with scheduled installations": "Wait the following period before prompting again with a scheduled restart (minutes)": 30 "Windows Components\\Windows Update\\Reschedule Automatic Updates scheduled installations": Disabled "Windows Components\\Windows Update\\Specify intranet Microsoft update service location": "Set the intranet update service for detecting updates": http://mywsus "Set the intranet statistics server": http://mywsus - cumulative_rights_assignments: True Some policy settings can't be set on their own an require that other policy settings are set at the same time. It can be difficult to figure out what additional settings need to be applied. The easiest way to do this is to modify the setting manually using the Group Policy Editor (`gpedit.msc`) on the machine. Then `get` the policy settings configured on that machine. Use the following command: .. code-block:: bash salt-call --local lgpo.get machine For example, if I want to set the Windows Update settings for a Windows Server 2016 machine I would go into the Group Policy Editor (`gpedit.msc`) and configure the group policy. That policy can be found at: Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Configure Automatic Updates. You have the option to "Enable" the policy and set some configuration options. In this example, just click "Enable" and accept the default configuration options. Click "OK" to apply the setting. Now run the `get` command as shown above. You will find the following in the minion return: .. code-block:: bash Windows Components\Windows Update\Configure Automatic Updates: ---------- Configure automatic updating: 3 - Auto download and notify for install Install during automatic maintenance: False Install updates for other Microsoft products: False Scheduled install day: 0 - Every day Scheduled install time: 03:00 This shows you that to enable the "Configure Automatic Updates" policy you also have to configure the following settings: - Configure automatic updating - Install during automatic maintenance - Install updates for other Microsoft products - Scheduled install day - Scheduled install time So, if you were writing a state for the above policy, it would look like this: .. code-block:: bash configure_windows_update_settings: lgpo.set: - computer_policy: Configure Automatic Updates: Configure automatic updating: 3 - Auto download and notify for install Install during automatic maintenance: False Install updates for other Microsoft products: False Scheduled install day: 0 - Every day Scheduled install time: 03:00 .. note:: It is important that you put names of policies and settings exactly as they are displayed in the return. That includes capitalization and punctuation such as periods, dashes, etc. This rule applies to both the setting name and the setting value. .. warning:: From time to time Microsoft updates the Administrative templates on the machine. This can cause the policy name to change or the list of settings that must be applied at the same time. These settings often change between versions of Windows as well. For example, Windows Server 2019 allows you to also specify a specific week of the month to apply the update. Another thing note is the long policy name returned by the `get` function: .. code-block:: bash Windows Components\Windows Update\Configure Automatic Updates: When we wrote the state for this policy we only used the final portion of the policy name, `Configure Automatic Updates`. This usually works fine, but if you are having problems, you may try the long policy name. When writing the long name in a state file either wrap the name in single quotes to make yaml see it as raw data, or escape the back slashes. .. code-block:: bash 'Windows Components\Windows Update\Configure Automatic Updates:' or Windows Components\\Windows Update\\Configure Automatic Updates: """ import logging import salt.utils.data import salt.utils.dictdiffer import salt.utils.json import salt.utils.stringutils import salt.utils.versions import salt.utils.win_functions log = logging.getLogger(__name__) __virtualname__ = "lgpo" __func_alias__ = {"set_": "set"} def __virtual__(): """ load this state if the win_lgpo module exists """ if "lgpo.set" in __salt__: return __virtualname__ return False, "lgpo module could not be loaded" def _compare_policies(new_policy, current_policy): """ Helper function that returns ``True`` if the policies are the same, otherwise ``False`` """ # Compared dicts, lists, and strings if isinstance(new_policy, (str, int)): return new_policy == current_policy elif isinstance(new_policy, list): if isinstance(current_policy, list): return salt.utils.data.compare_lists(new_policy, current_policy) == {} else: return False elif isinstance(new_policy, dict): if isinstance(current_policy, dict): return salt.utils.data.compare_dicts(new_policy, current_policy) == {} else: return False def _convert_to_unicode(data): """ Helper function that makes sure all items in the dictionary are unicode for comparing the existing state with the desired state. This function is only needed for Python 2 and can be removed once we've migrated to Python 3. The data returned by the current settings sometimes has a mix of unicode and string values (these don't matter in Py3). This causes the comparison to say it's not in the correct state even though it is. They basically compares apples to apples, etc. Also, in Python 2, the utf-16 encoded strings remain utf-16 encoded (each character separated by `/x00`) In Python 3 it returns a utf-8 string. This will just remove all the null bytes (`/x00`), again comparing apples to apples. """ if isinstance(data, str): data = data.replace("\x00", "") return salt.utils.stringutils.to_unicode(data) elif isinstance(data, dict): return {_convert_to_unicode(k): _convert_to_unicode(v) for k, v in data.items()} elif isinstance(data, list): return list(_convert_to_unicode(v) for v in data) else: return data def set_( name, setting=None, policy_class=None, computer_policy=None, user_policy=None, cumulative_rights_assignments=True, adml_language="en-US", ): """ Ensure the specified policy is set. .. warning:: The ``setting`` argument cannot be used in conjunction with the ``computer_policy`` or ``user_policy`` arguments Args: name (str): The name of a single policy to configure setting (str, dict, list): The configuration setting for the single named policy. If this argument is used the ``computer_policy`` / ``user_policy`` arguments will be ignored policy_class (str): The policy class of the single named policy to configure. This can ``machine``, ``user``, or ``both`` computer_policy (dict): A dictionary of containing the policy name and key/value pairs of a set of computer policies to configure. If this argument is used, the ``name`` / ``policy_class`` arguments will be ignored user_policy (dict): A dictionary of containing the policy name and key/value pairs of a set of user policies to configure. If this argument is used, the ``name`` / ``policy_class`` arguments will be ignored cumulative_rights_assignments (bool): If user rights assignments are being configured, determines if any user right assignment policies specified will be cumulative or explicit adml_language (str): The adml language to use for AMDX policy data/display conversions. Default is ``en-US`` """ ret = {"name": name, "result": True, "changes": {}, "comment": ""} policy_classes = ["machine", "computer", "user", "both"] class_map = { "computer": "Computer Configuration", "machine": "Computer Configuration", "user": "User Configuration", } if not setting and not computer_policy and not user_policy: msg = ( "At least one of the parameters setting, computer_policy, or " "user_policy must be specified." ) ret["result"] = False ret["comment"] = msg return ret if setting and not policy_class: msg = ( "A single policy setting was specified but the policy_class " "was not specified." ) ret["result"] = False ret["comment"] = msg return ret if setting and (computer_policy or user_policy): msg = ( "The setting and computer_policy/user_policy parameters are " "mutually exclusive. Please specify either a policy name and " "setting or a computer_policy and/or user_policy dict" ) ret["result"] = False ret["comment"] = msg return ret if policy_class and policy_class.lower() not in policy_classes: msg = "The policy_class parameter must be one of the following: {}" ret["result"] = False ret["comment"] = msg return ret if not setting: if computer_policy and not isinstance(computer_policy, dict): msg = "The computer_policy must be specified as a dict." ret["result"] = False ret["comment"] = msg return ret if user_policy and not isinstance(user_policy, dict): msg = "The user_policy must be specified as a dict." ret["result"] = False ret["comment"] = msg return ret else: user_policy = {} computer_policy = {} if policy_class.lower() == "both": user_policy[name] = setting computer_policy[name] = setting elif policy_class.lower() == "user": user_policy[name] = setting elif policy_class.lower() in ["machine", "computer"]: computer_policy[name] = setting pol_data = { "user": {"requested_policy": user_policy, "policy_lookup": {}}, "machine": {"requested_policy": computer_policy, "policy_lookup": {}}, } current_policy = {} deprecation_comments = [] for p_class, p_data in pol_data.items(): if p_data["requested_policy"]: for p_name, _ in p_data["requested_policy"].items(): lookup = __salt__["lgpo.get_policy_info"]( policy_name=p_name, policy_class=p_class, adml_language=adml_language, ) if lookup["policy_found"]: pol_data[p_class]["policy_lookup"][p_name] = lookup # Since we found the policy, let's get the current setting # as well current_policy.setdefault(class_map[p_class], {}) current_policy[class_map[p_class]][p_name] = __salt__[ "lgpo.get_policy" ]( policy_name=p_name, policy_class=p_class, adml_language=adml_language, return_value_only=True, ) # Validate element names if isinstance(p_data["requested_policy"][p_name], dict): valid_names = [] for element in lookup["policy_elements"]: valid_names.extend(element["element_aliases"]) for e_name in p_data["requested_policy"][p_name]: if e_name not in valid_names: new_e_name = e_name.split(":")[-1].strip() # If we find an invalid name, test the new # format. If found, add to deprecation comments # and bail if new_e_name in valid_names: msg = ( '"{}" is no longer valid.\n' 'Please use "{}" instead.' "".format(e_name, new_e_name) ) deprecation_comments.append(msg) else: msg = "Invalid element name: {}".format(e_name) ret["comment"] = "\n".join( [ret["comment"], msg] ).strip() ret["result"] = False else: ret["comment"] = "\n".join( [ret["comment"], lookup["message"]] ).strip() ret["result"] = False if not ret["result"]: if deprecation_comments: deprecation_comments.insert( 0, "The LGPO module changed the way it gets policy element names." ) deprecation_comments.append(ret["comment"]) ret["comment"] = "\n".join(deprecation_comments).strip() return ret log.debug("pol_data == %s", pol_data) log.debug("current policy == %s", current_policy) # compare policies policy_changes = [] for p_class, p_data in pol_data.items(): requested_policy = p_data.get("requested_policy") if requested_policy: for p_name, p_setting in requested_policy.items(): if p_name in current_policy[class_map[p_class]]: # compare the requested and current policies log.debug( "need to compare %s from current/requested policy", p_name ) # resolve user names in the requested policy and the current # policy so that we are comparing apples to apples if p_data["policy_lookup"][p_name]["rights_assignment"]: resolved_names = [] for name in p_data["requested_policy"][p_name]: resolved_names.append( salt.utils.win_functions.get_sam_name(name) ) p_data["requested_policy"][p_name] = resolved_names resolved_names = [] for name in current_policy[class_map[p_class]][p_name]: resolved_names.append( salt.utils.win_functions.get_sam_name(name) ) current_policy[class_map[p_class]][p_name] = resolved_names changes = False requested_policy_json = salt.utils.json.dumps( p_data["requested_policy"][p_name], sort_keys=True ) current_policy_json = salt.utils.json.dumps( current_policy[class_map[p_class]][p_name], sort_keys=True ) requested_policy_check = salt.utils.json.loads( requested_policy_json ) current_policy_check = salt.utils.json.loads(current_policy_json) # Are the requested and current policies identical policies_are_equal = _compare_policies( requested_policy_check, current_policy_check ) if not policies_are_equal: if ( p_data["policy_lookup"][p_name]["rights_assignment"] and cumulative_rights_assignments ): for user in p_data["requested_policy"][p_name]: if ( user not in current_policy[class_map[p_class]][p_name] ): user = salt.utils.win_functions.get_sam_name(user) if ( user not in current_policy[class_map[p_class]][ p_name ] ): changes = True else: changes = True if changes: log.debug("%s current policy != requested policy", p_name) log.debug( "We compared %s to %s", requested_policy_json, current_policy_json, ) policy_changes.append(p_name) else: msg = '"{}" is already set'.format(p_name) log.debug(msg) else: policy_changes.append(p_name) log.debug("policy %s is not set, we will configure it", p_name) if __opts__["test"]: if policy_changes: msg = "The following policies are set to change:\n{}".format( "\n".join(policy_changes) ) ret["result"] = None else: msg = "All specified policies are properly configured" deprecation_comments.append(msg) ret["comment"] = "\n".join(deprecation_comments).strip() else: if policy_changes: _ret = __salt__["lgpo.set"]( computer_policy=pol_data["machine"]["requested_policy"], user_policy=pol_data["user"]["requested_policy"], cumulative_rights_assignments=cumulative_rights_assignments, adml_language=adml_language, ) if _ret: ret["result"] = _ret new_policy = {} for p_class, p_data in pol_data.items(): if p_data["requested_policy"]: for p_name, p_setting in p_data["requested_policy"].items(): new_policy.setdefault(class_map[p_class], {}) new_policy[class_map[p_class]][p_name] = __salt__[ "lgpo.get_policy" ]( policy_name=p_name, policy_class=p_class, adml_language=adml_language, return_value_only=True, ) ret["changes"] = salt.utils.dictdiffer.deep_diff( old=current_policy, new=new_policy ) if ret["changes"]: msg = "The following policies changed:\n{}".format( "\n".join(policy_changes) ) else: msg = "Failed to set the following policies:\n{}".format( "\n".join(policy_changes) ) ret["result"] = False else: msg = ( "Errors occurred while attempting to configure policies: {}".format( _ret ) ) ret["result"] = False deprecation_comments.append(msg) ret["comment"] = "\n".join(deprecation_comments).strip() else: msg = "All specified policies are properly configured" deprecation_comments.append(msg) ret["comment"] = "\n".join(deprecation_comments).strip() return ret
Save