437 lines
14 KiB
YAML
437 lines
14 KiB
YAML
|
---
|
||
|
- name: create test user
|
||
|
win_user:
|
||
|
name: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
state: present
|
||
|
groups:
|
||
|
- Administrators
|
||
|
|
||
|
- name: task with password principal (check mode)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: password
|
||
|
update_password: no
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_password_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: get result of task with password principal (check mode)
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_password_result_check
|
||
|
|
||
|
- name: assert results of task with password principal (check mode)
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_password_check|changed
|
||
|
- task_with_password_result_check.task_exists == False
|
||
|
|
||
|
- name: task with password principal
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: password
|
||
|
update_password: no
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_password
|
||
|
|
||
|
- name: get result of task with password principal
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_password_result
|
||
|
|
||
|
- name: assert results of task with password principal
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_password|changed
|
||
|
- task_with_password_result.task_exists == True
|
||
|
- task_with_password_result.task.principal.GroupId == None
|
||
|
- task_with_password_result.task.principal.LogonType == "TASK_LOGON_PASSWORD"
|
||
|
- task_with_password_result.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_password_result.task.principal.UserId.endswith(test_scheduled_task_user)
|
||
|
|
||
|
- name: task with password principal (idempotent)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: password
|
||
|
update_password: no
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_password_again
|
||
|
|
||
|
- name: assert results of task with password principal (idempotent)
|
||
|
assert:
|
||
|
that:
|
||
|
- not task_with_password_again|changed
|
||
|
|
||
|
- name: task with password principal force pass change
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: password
|
||
|
update_password: yes
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_password_force_update
|
||
|
|
||
|
- name: assert results of task with password principal force pass change
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_password_force_update|changed
|
||
|
|
||
|
- name: task with s4u principal (check mode)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: s4u
|
||
|
update_password: no
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_s4u_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: get result of task with s4u principal (check mode)
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_s4u_result_check
|
||
|
|
||
|
- name: assert results of task with s4u principal (check mode)
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_s4u_check|changed
|
||
|
- task_with_s4u_result_check.task_exists == True
|
||
|
- task_with_s4u_result_check.task.principal.GroupId == None
|
||
|
- task_with_s4u_result_check.task.principal.LogonType == "TASK_LOGON_PASSWORD"
|
||
|
- task_with_s4u_result_check.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_s4u_result_check.task.principal.UserId.endswith(test_scheduled_task_user)
|
||
|
|
||
|
- name: task with s4u principal
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: s4u
|
||
|
update_password: no
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_s4u
|
||
|
|
||
|
- name: get result of task with s4u principal
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_s4u_result
|
||
|
|
||
|
- name: assert results of task with s4u principal
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_s4u|changed
|
||
|
- task_with_s4u_result.task_exists == True
|
||
|
- task_with_s4u_result.task.principal.GroupId == None
|
||
|
- task_with_s4u_result.task.principal.LogonType == "TASK_LOGON_S4U"
|
||
|
- task_with_s4u_result.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_s4u_result.task.principal.UserId.endswith(test_scheduled_task_user)
|
||
|
|
||
|
- name: task with s4u principal (idempotent)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
password: '{{test_scheduled_task_pass}}'
|
||
|
logon_type: s4u
|
||
|
update_password: no
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_s4u_again
|
||
|
|
||
|
- name: assert results of task with s4u principal (idempotent)
|
||
|
assert:
|
||
|
that:
|
||
|
- not task_with_s4u_again|changed
|
||
|
|
||
|
- name: task with interactive principal (check mode)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
logon_type: interactive_token
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_interactive_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: get result of task with interactive principal (check mode)
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_interactive_result_check
|
||
|
|
||
|
- name: assert results of task with interactive principal (check mode)
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_interactive_check|changed
|
||
|
- task_with_interactive_result_check.task_exists == True
|
||
|
- task_with_interactive_result_check.task.principal.GroupId == None
|
||
|
- task_with_interactive_result_check.task.principal.LogonType == "TASK_LOGON_S4U"
|
||
|
- task_with_interactive_result_check.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_interactive_result_check.task.principal.UserId.endswith(test_scheduled_task_user)
|
||
|
|
||
|
- name: task with interactive principal
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
logon_type: interactive_token
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_interactive
|
||
|
|
||
|
- name: get result of task with interactive principal
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_interactive_result
|
||
|
|
||
|
- name: assert results of task with interactive principal
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_interactive|changed
|
||
|
- task_with_interactive_result.task_exists == True
|
||
|
- task_with_interactive_result.task.principal.GroupId == None
|
||
|
- task_with_interactive_result.task.principal.LogonType == "TASK_LOGON_INTERACTIVE_TOKEN"
|
||
|
- task_with_interactive_result.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_interactive_result.task.principal.UserId.endswith(test_scheduled_task_user)
|
||
|
|
||
|
- name: task with interactive principal (idempotent)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: '{{test_scheduled_task_user}}'
|
||
|
logon_type: interactive_token
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_interactive_again
|
||
|
|
||
|
- name: assert results of task with interactive principal (idempotent)
|
||
|
assert:
|
||
|
that:
|
||
|
- not task_with_interactive_again|changed
|
||
|
|
||
|
- name: task with group principal (check mode)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
group: Administrators
|
||
|
logon_type: group
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_group_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: get result of task with group principal (check mode)
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_group_result_check
|
||
|
|
||
|
- name: assert results of task with group principal (check mode)
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_group_check|changed
|
||
|
- task_with_group_result_check.task_exists == True
|
||
|
- task_with_group_result_check.task.principal.GroupId == None
|
||
|
- task_with_group_result_check.task.principal.LogonType == "TASK_LOGON_INTERACTIVE_TOKEN"
|
||
|
- task_with_group_result_check.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_group_result_check.task.principal.UserId.endswith(test_scheduled_task_user)
|
||
|
|
||
|
- name: task with group principal
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
group: Administrators
|
||
|
logon_type: group
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_group
|
||
|
|
||
|
- name: get result of task with group principal
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_group_result
|
||
|
|
||
|
- name: assert results of task with group principal
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_group|changed
|
||
|
- task_with_group_result.task_exists == True
|
||
|
- task_with_group_result.task.principal.GroupId == "BUILTIN\\Administrators"
|
||
|
- task_with_group_result.task.principal.LogonType == "TASK_LOGON_GROUP"
|
||
|
- task_with_group_result.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_group_result.task.principal.UserId == None
|
||
|
|
||
|
- name: task with group principal (idempotent)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
group: Administrators
|
||
|
logon_type: group
|
||
|
actions:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_group_again
|
||
|
|
||
|
- name: assert results of task with group principal (idempotent)
|
||
|
assert:
|
||
|
that:
|
||
|
- not task_with_group_again|changed
|
||
|
|
||
|
- name: task with service account principal (check mode)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: System
|
||
|
logon_type: service_account
|
||
|
action:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_service_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: get result of task with service account principal (check mode)
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_service_result_check
|
||
|
|
||
|
- name: assert results of task with service account principal (check mode)
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_service_check|changed
|
||
|
- task_with_service_result_check.task_exists == True
|
||
|
- task_with_service_result_check.task.principal.GroupId == "BUILTIN\\Administrators"
|
||
|
- task_with_service_result_check.task.principal.LogonType == "TASK_LOGON_GROUP"
|
||
|
- task_with_service_result_check.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_service_result_check.task.principal.UserId == None
|
||
|
|
||
|
- name: task with service account principal
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: System
|
||
|
logon_type: service_account
|
||
|
action:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_service
|
||
|
|
||
|
- name: get result of task with service account principal
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_service_result
|
||
|
|
||
|
- name: assert results of task with service account principal
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_service|changed
|
||
|
- task_with_service_result.task_exists == True
|
||
|
- task_with_service_result.task.principal.GroupId == None
|
||
|
- task_with_service_result.task.principal.LogonType == "TASK_LOGON_SERVICE_ACCOUNT"
|
||
|
- task_with_service_result.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
- task_with_service_result.task.principal.UserId == "NT AUTHORITY\\SYSTEM"
|
||
|
|
||
|
- name: task with service account principal (idempotent)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
username: System
|
||
|
logon_type: service_account
|
||
|
action:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_service_again
|
||
|
|
||
|
- name: assert results of task with service account principal (idempotent)
|
||
|
assert:
|
||
|
that:
|
||
|
- not task_with_service_again|changed
|
||
|
|
||
|
- name: task with highest privilege (check mode)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
run_level: highest
|
||
|
username: System
|
||
|
logon_type: service_account
|
||
|
action:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_highest_privilege_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- name: get result of task with highest privilege (check mode)
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_highest_privilege_result_check
|
||
|
|
||
|
- name: assert results of task with highest privilege (check mode)
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_highest_privilege_check|changed
|
||
|
- task_with_highest_privilege_result_check.task.principal.RunLevel == "TASK_RUNLEVEL_LUA"
|
||
|
|
||
|
- name: task with highest privilege
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
run_level: highest
|
||
|
username: System
|
||
|
logon_type: service_account
|
||
|
action:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_highest_privilege
|
||
|
|
||
|
- name: get result of task with highest privilege
|
||
|
test_task_stat:
|
||
|
path: \
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
register: task_with_highest_privilege_result
|
||
|
|
||
|
- name: assert results of task with highest privilege
|
||
|
assert:
|
||
|
that:
|
||
|
- task_with_highest_privilege|changed
|
||
|
- task_with_highest_privilege_result.task.principal.RunLevel == "TASK_RUNLEVEL_HIGHEST"
|
||
|
|
||
|
- name: task with highest privilege (idempotent)
|
||
|
win_scheduled_task:
|
||
|
name: '{{test_scheduled_task_name}}'
|
||
|
state: present
|
||
|
run_level: highest
|
||
|
username: System
|
||
|
logon_type: service_account
|
||
|
action:
|
||
|
- path: cmd.exe
|
||
|
register: task_with_highest_privilege_again
|
||
|
|
||
|
- name: assert results of task with highest privilege (idempotent)
|
||
|
assert:
|
||
|
that:
|
||
|
- not task_with_highest_privilege_again|changed
|