Added random sampling in acceptance tests. Minor refactoring

manifests/cis.pp

@@ -45,7 +45,7 @@
       recurse => true,
       source  => 'puppet:///modules/cis_security_hardening_windows/user_grouppolicy/',
       replace => false,
-      notify  => [Exec['grouppolicy dir attributes']],
+      notify  => Exec['grouppolicy dir attributes'],
     }
     # Ensure that the GroupPolicy directory is hidden as per default
     exec { 'grouppolicy dir attributes':
@@ -85,17 +85,17 @@
   }
 
   # Create final enforced_rules by removing any excluded rules using description only
-  $enforced_rules = $total_rules.filter |$rule, $value| {
+  $enforced_rules = $total_rules.filter | String $rule, Hash $value| {
     !($rule in $cis_exclude_rules_real)
   }
 
   # Remove the rule title from the hashes so the registry resource can apply them
   $enforced_rules.each | String $title, Hash $rule = {} | {
     $rule.each |String $key, Hash $value = {} | {
-      $regpath = regsubst($key, /\\[^\\]+$/,'')
-      if (!defined(Registry_key[$regpath]) and ($value['ensure'] !=absent)) {
+      $regpath = regsubst($key, /\\[^\\]+$/, '')
+      if !defined(Registry_key[$regpath]) and $value['ensure'] != 'absent' {
         registry_key { $regpath:
-          ensure => $value['ensure'],
+          ensure => 'present',
         }
       }
       registry_value {

manifests/init.pp

@@ -93,10 +93,10 @@
 
   # Apply any misc registry hash values
   $misc_registry.each | String $key, Hash $value = {} | {
-    $regpath = regsubst($key, /\\[^\\]+$/,'')
-    if (!defined(Registry_key[$regpath]) and ($value['ensure'] !=absent)) {
+    $regpath = regsubst($key, /\\[^\\]+$/, '')
+    if !defined(Registry_key[$regpath]) and $value['ensure'] != 'absent' {
       registry_key { $regpath:
-        ensure => $value['ensure'],
+        ensure => 'present',
       }
     }
     registry_value { $key:

metadata.json

@@ -58,4 +58,4 @@
   "pdk-version": "3.0.1",
   "template-url": "pdk-default#3.0.0",
   "template-ref": "tags/3.0.0-0-g5bfc1c0"
-}
+}

spec/acceptance/cis_security_hardening_windows_spec.rb

@@ -13,7 +13,7 @@
 
 describe 'cis_security_hardening_windows acceptance testing' do
   context 'Configure the master and run puppet on agents' do
-    puts "\e[0;32m \nAdding agents and class to nodeset on Master \e[0m\n"
+    print_stage('Adding agents and class to nodeset on Master')
     agents.each do |agent|
       pp = <<-SITE_PP
         node '#{agent.node_name}' {
@@ -31,7 +31,7 @@
 
     # Copy environment specific overrides for acceptance testing
     if File.file?("#{PROJECT_ROOT}/spec/acceptance/overrides.yaml")
-      puts "\e[0;32m \nCopying environment specific hiera overrides from spec/acceptance/overrides.yaml to master\e[0m\n"
+      print_stage('Copying environment specific hiera overrides from spec/acceptance/overrides.yaml to master')
       scp_to(master, "#{PROJECT_ROOT}/spec/acceptance/overrides.yaml", "/etc/puppetlabs/code/environments/#{ENVIRONMENT}/data/overrides.yaml")
     end
 
@@ -40,7 +40,7 @@
     on(master, "chmod -R g+rX,o-rwX #{env_path}")
 
     # Run puppet on agents
-    puts "\e[0;32m \nRunning Puppet on agents \e[0m\n"
+    print_stage('Running Puppet on agents')
     include_examples 'run idempotently'
   end
 

spec/acceptance/shared_examples/windows_tests.rb

@@ -1,4 +1,7 @@
 shared_examples 'windows tests' do |agent:, _agent_ip:|
+  # Number of combined registry entries to select
+  reg_entries_to_test = 50
+
   # Users tests
   describe user('user') do
     it { is_expected.to exist }
@@ -43,8 +46,13 @@
     %r{Remote Desktop Services UserMode Port Redirector},
   ]
 
-  # Iterate over combined data
-  registry_combined_data.each do |title, hash|
+  # Convert registry_combined_data to an array and randomly select 50 entries
+  random_registry_entries = registry_combined_data.to_a.sample(reg_entries_to_test)
+
+  print_stage("Verifying registry with a random sample of #{reg_entries_to_test} entries")
+
+  # Iterate over the randomly selected entries
+  random_registry_entries.each do |title, hash|
     # Skip the iteration if the title matches any pattern in the exclusion list due to remote requirements for testing and complex data values
     next if exclusion_patterns.any? { |pattern| title.match?(pattern) }
 

spec/spec_helper_acceptance.rb

@@ -72,6 +72,7 @@ def print_stage(h)
   puts "\e[0;32m---------------------------------------------------------------------------------\e[0m"
   puts "\e[0;36m#{h}\e[0m"
   puts "\e[0;32m---------------------------------------------------------------------------------\e[0m"
+  puts "\n"
 end
 
 # As each dependency is installed from fixtures, add the latest version to an array (uses the 5th line of output so that only primary dependencies are written to metadata.json