Windows 4659 events tests

[Molter73]

Related issue
#642

Description

The added tests verify that Windows events with ID 4659 generate deleted events correctly.

In order to test this condition, the tests create a number of files and later deletes them by using the Windows del command interactively.

Results

[jesusjimsa]

LGTM!

[juliamagan]

GJ, but some changes are required

[juliamagan]

Variables with a single letter are not allowed, they should have descriptive names as parameters and metadata

[jotacarma90]

Done

[juliamagan]

A callback is a generic function, it should be placed in a common library as fim.py

[jotacarma90]

Done

[juliamagan]

Instead of this time delete the files, we could comment confirm deletion of files

[jotacarma90]

Done

[CamiRomero]

This PR is outdated, we work with this in a temporal branch tmp-642-windows-deferred-delete, where we update the test implemented here and applied a rebase of the stable tests from 2040-4.3-full-green branch.

I attached some details about the package used and executions.

Package Details

Version	Path
4.3.0	https://packages-dev.wazuh.com/staging/windows/wazuh-agent-4.3.0-0.40302.20211112.msi

The test execution results are:

Windows	Jenkins	Notes
R1	🔴

[jotacarma90]

After analyzing the problem, I have found that it is no longer necessary to check in this test that the process_name field does not appear, since the fix that has been given to this bug has finally been different from what was thought at first.
I have modified the callback that detects the deletion event so that it simply looks for a normal deletion.
PR ready for review!

[CamiRomero]

Jenkins branch	QA branch
4.3	642-windows-deferred-delete

Packages details

Type	Format	Architecture	Version	File name
Agent	Windows	x86_64	4.3.0	wazuh-agent-4.3.0-0.40302.20211112.msi

local_internal_options.conf

Agent

syscheck.debug=2
agent.debug=2
monitord.rotate_log=0
windows.debug=2

Windows Agent	Type	Status
Test Execution 1	Jenkins	🟢

[CamiRomero]

Jenkins branch	QA branch
4.3	642-windows-deferred-delete

Packages details

Type	Format	Version	File name
Agent	Windows	4.3.0	wazuh-agent-4.3.0-0.2204.msi
Agent	Solaris	4.3.0	wazuh-agent_v4.3.0-0.2204-sol11-i386.p5p
Agent	Macos	4.3.0	wazuh-agent-4.3.0-0.2204.pkg
Agent	Centos	4.3.0	wazuh-agent-4.3.0-0.2204.x86_64.rpm
Manager	Centos	4.3.0	wazuh-manager-4.3.0-0.2204.x86_64.rpm

local_internal_options.conf

Agent Windows

syscheck.debug=2
agent.debug=2
monitord.rotate_log=0
windows.debug=2

Agent Centos, macos, solaris

syscheck.debug=2
agent.debug=2
monitord.rotate_log=0

Manager

syscheck.debug=2
analysisd.debug=2
monitord.rotate_log=0

Test Results

OS	Type	Status	Notes
Centos Manager	Jenkins	🟢
Centos Manager	Jenkins	🟢
Centos Manager	Jenkins	🟢
Windows Agent	Jenkins	🟢
Windows Agent	Jenkins	🟢
Windows Agent	Jenkins	🟢
Windows Agent	Jenkins	🔴	test windows-deferred has passed but there are flaky tests according to the issue #1836
Windows Agent	Jenkins	🔴	test windows-deferred has passed but there are flaky tests according to the issue #1836
Centos Agent	Jenkins	🟢
Centos Agent	Jenkins	🟢
Centos Agent	Jenkins	🟢
Macos Agent	Jenkins	🟢
Macos Agent	Jenkins	🟢
Macos Agent	Jenkins	🟢
Solaris Agent	Jenkins	🟢
Solaris Agent	Jenkins	🟢
Solaris Agent	Jenkins	🟢

[snaow]

Try not to use hardcoded Popen and command execution within the test, better to create a framework function.