From fa0c3ce1e6bb7d7fcbc1928a58f0253a879d051b Mon Sep 17 00:00:00 2001
From: Davin Taddeo <davin@chef.io>
Date: Wed, 30 Sep 2020 14:17:37 -0400
Subject: fix for the windows_audit_policy resource and added some tests for it
 into the windows end-to-end kitchen testing.

Signed-off-by: Davin Taddeo <davin@chef.io>
---
 lib/chef/resource/windows_audit_policy.rb | 50 ++++++++++++++++---------------
 1 file changed, 26 insertions(+), 24 deletions(-)

(limited to 'lib/chef/resource')

diff --git a/lib/chef/resource/windows_audit_policy.rb b/lib/chef/resource/windows_audit_policy.rb
index 230dd3eb80..5bc844f46d 100644
--- a/lib/chef/resource/windows_audit_policy.rb
+++ b/lib/chef/resource/windows_audit_policy.rb
@@ -152,30 +152,6 @@ class Chef
       property :audit_base_directories, [true, false],
                description: "Setting this audit policy option to true will force the system to assign a System Access Control List to named objects to enable auditing of container objects such as directories."
 
-      def subcategory_configured?(sub_cat, success_value, failure_value)
-        setting = if success_value && failure_value
-                    "Success and Failure$"
-                  elsif success_value && !failure_value
-                    "Success$"
-                  elsif !success_value && failure_value
-                    "(Failure$)&!(Success and Failure$)"
-                  else
-                    "No Auditing"
-                  end
-        powershell_exec(<<-CODE).result
-          $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
-          if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
-        CODE
-      end
-
-      def option_configured?(option_name, option_setting)
-        setting = option_setting ? "Enabled$" : "Disabled$"
-        powershell_exec(<<-CODE).result
-          $auditpol_config = auditpol /get /option:#{option_name}
-          if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
-        CODE
-      end
-
       action :set do
         unless new_resource.subcategory.nil?
           new_resource.subcategory.each do |subcategory|
@@ -225,6 +201,32 @@ class Chef
           end
         end
       end
+
+      action_class do
+        def subcategory_configured?(sub_cat, success_value, failure_value)
+          setting = if success_value && failure_value
+                      "Success and Failure$"
+                    elsif success_value && !failure_value
+                      "Success$"
+                    elsif !success_value && failure_value
+                      "#{sub_cat} \\s+ Failure$"
+                    else
+                      "No Auditing"
+                    end
+          powershell_exec!(<<-CODE).result
+            $auditpol_config = auditpol /get /subcategory:"#{sub_cat}"
+            if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
+          CODE
+        end
+  
+        def option_configured?(option_name, option_setting)
+          setting = option_setting ? "Enabled$" : "Disabled$"
+          powershell_exec!(<<-CODE).result
+            $auditpol_config = auditpol /get /option:#{option_name}
+            if ($auditpol_config | Select-String "#{setting}") { return $true } else { return $false }
+          CODE
+        end
+      end
     end
   end
 end
-- 
cgit v1.2.1