2017-08-01 22:06:39 -04:00
# Test code for win_group_membership
2017-07-31 14:10:57 -04:00
2018-06-26 20:54:27 -04:00
# Copyright: (c) 2017, Andrew Saraceni <andrew.saraceni@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
2017-07-31 14:10:57 -04:00
2018-01-25 02:56:58 -08:00
- name : Look up built-in Administrator account name (-500 user whose domain == computer name)
raw : $machine_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1'; (Get-CimInstance Win32_UserAccount -Filter "SID='$machine_sid-500'").Name
check_mode : no
register : admin_account_result
- set_fact :
admin_account_name : "{{ admin_account_result.stdout_lines[0] }}"
2017-07-31 14:10:57 -04:00
- name : Remove potentially leftover group members
2017-08-01 22:06:39 -04:00
win_group_membership :
2017-07-31 14:10:57 -04:00
name : "{{ win_local_group }}"
members :
2018-01-25 02:56:58 -08:00
- "{{ admin_account_name }}"
2018-06-26 20:54:27 -04:00
- "{{ win_local_user }}"
2017-07-31 14:10:57 -04:00
- NT AUTHORITY\SYSTEM
- NT AUTHORITY\NETWORK SERVICE
state : absent
- name : Add user to fake group
2017-08-01 22:06:39 -04:00
win_group_membership :
2017-07-31 14:10:57 -04:00
name : FakeGroup
members :
2018-01-25 02:56:58 -08:00
- "{{ admin_account_name }}"
2017-07-31 14:10:57 -04:00
state : present
register : add_user_to_fake_group
failed_when : add_user_to_fake_group.changed != false or add_user_to_fake_group.msg != "Could not find local group FakeGroup"
- name : Add fake local user
2017-08-01 22:06:39 -04:00
win_group_membership :
2017-07-31 14:10:57 -04:00
name : "{{ win_local_group }}"
members :
- FakeUser
state : present
register : add_fake_local_user
2018-06-26 20:54:27 -04:00
failed_when : add_fake_local_user.changed != false or add_fake_local_user.msg is not search("account_name FakeUser is not a valid account, cannot get SID.*")
2017-07-31 14:10:57 -04:00
- name : Add users to group
2017-08-01 22:06:39 -04:00
win_group_membership : &wgm_present
2017-07-31 14:10:57 -04:00
name : "{{ win_local_group }}"
members :
2018-01-25 02:56:58 -08:00
- "{{ admin_account_name }}"
2018-06-26 20:54:27 -04:00
- "{{ win_local_user }}"
2017-07-31 14:10:57 -04:00
- NT AUTHORITY\SYSTEM
state : present
register : add_users_to_group
- name : Test add_users_to_group (normal mode)
assert :
that :
- add_users_to_group.changed == true
2018-06-26 20:54:27 -04:00
- add_users_to_group.added == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
- add_users_to_group.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
2017-07-31 14:10:57 -04:00
when : not in_check_mode
- name : Test add_users_to_group (check-mode)
assert :
that :
- add_users_to_group.changed == true
- add_users_to_group.added == []
- add_users_to_group.members == []
when : in_check_mode
- name : Add users to group (again)
2017-08-01 22:06:39 -04:00
win_group_membership : *wgm_present
2017-07-31 14:10:57 -04:00
register : add_users_to_group_again
- name : Test add_users_to_group_again (normal mode)
assert :
that :
- add_users_to_group_again.changed == false
- add_users_to_group_again.added == []
2018-06-26 20:54:27 -04:00
- add_users_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
2017-07-31 14:10:57 -04:00
when : not in_check_mode
- name : Add different syntax users to group (again)
2017-08-01 22:06:39 -04:00
win_group_membership :
2017-07-31 14:10:57 -04:00
<< : *wgm_present
members :
2018-01-25 02:56:58 -08:00
- '{{ ansible_hostname }}\{{ admin_account_name }}'
2018-06-26 20:54:27 -04:00
- '.\{{ win_local_user }}'
2017-07-31 14:10:57 -04:00
register : add_different_syntax_users_to_group_again
- name : Test add_different_syntax_users_to_group_again (normal mode)
assert :
that :
- add_different_syntax_users_to_group_again.changed == false
- add_different_syntax_users_to_group_again.added == []
2018-06-26 20:54:27 -04:00
- add_different_syntax_users_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
2017-07-31 14:10:57 -04:00
when : not in_check_mode
- name : Test add_different_syntax_users_to_group_again (check-mode)
assert :
that :
- add_different_syntax_users_to_group_again.changed == true
- add_different_syntax_users_to_group_again.added == []
- add_different_syntax_users_to_group_again.members == []
when : in_check_mode
- name : Add another user to group
2017-08-01 22:06:39 -04:00
win_group_membership : &wgma_present
2017-07-31 14:10:57 -04:00
<< : *wgm_present
members :
- NT AUTHORITY\NETWORK SERVICE
register : add_another_user_to_group
- name : Test add_another_user_to_group (normal mode)
assert :
that :
- add_another_user_to_group.changed == true
- add_another_user_to_group.added == ["NT AUTHORITY\\NETWORK SERVICE"]
2018-06-26 20:54:27 -04:00
- add_another_user_to_group.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
2017-07-31 14:10:57 -04:00
when : not in_check_mode
- name : Test add_another_user_to_group (check-mode)
assert :
that :
- add_another_user_to_group.changed == true
- add_another_user_to_group.added == []
- add_another_user_to_group.members == []
when : in_check_mode
- name : Add another user to group (again)
2017-08-01 22:06:39 -04:00
win_group_membership : *wgma_present
2017-07-31 14:10:57 -04:00
register : add_another_user_to_group_again
- name : Test add_another_user_to_group_1_again (normal mode)
assert :
that :
- add_another_user_to_group_again.changed == false
- add_another_user_to_group_again.added == []
2018-06-26 20:54:27 -04:00
- add_another_user_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
2017-07-31 14:10:57 -04:00
when : not in_check_mode
- name : Remove users from group
2017-08-01 22:06:39 -04:00
win_group_membership : &wgm_absent
2017-07-31 14:10:57 -04:00
<< : *wgm_present
state : absent
register : remove_users_from_group
- name : Test remove_users_from_group (normal mode)
assert :
that :
- remove_users_from_group.changed == true
2018-06-26 20:54:27 -04:00
- remove_users_from_group.removed == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
2017-07-31 14:10:57 -04:00
- remove_users_from_group.members == ["NT AUTHORITY\\NETWORK SERVICE"]
when : not in_check_mode
- name : Test remove_users_from_group (check-mode)
assert :
that :
- remove_users_from_group.changed == false
- remove_users_from_group.removed == []
- remove_users_from_group.members == []
when : in_check_mode
- name : Remove users from group (again)
2017-08-01 22:06:39 -04:00
win_group_membership : *wgm_absent
2017-07-31 14:10:57 -04:00
register : remove_users_from_group_again
- name : Test remove_users_from_group_again (normal mode)
assert :
that :
- remove_users_from_group_again.changed == false
- remove_users_from_group_again.removed == []
- remove_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
when : not in_check_mode
- name : Remove different syntax users from group (again)
2017-08-01 22:06:39 -04:00
win_group_membership :
2017-07-31 14:10:57 -04:00
<< : *wgm_absent
members :
2018-01-25 02:56:58 -08:00
- '{{ ansible_hostname }}\{{ admin_account_name }}'
2018-06-26 20:54:27 -04:00
- '.\{{ win_local_user }}'
2017-07-31 14:10:57 -04:00
register : remove_different_syntax_users_from_group_again
- name : Test remove_different_syntax_users_from_group_again (normal mode)
assert :
that :
- remove_different_syntax_users_from_group_again.changed == false
- remove_different_syntax_users_from_group_again.removed == []
- remove_different_syntax_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
when : not in_check_mode
- name : Test add_different_syntax_users_to_group_again (check-mode)
assert :
that :
- remove_different_syntax_users_from_group_again.changed == false
- remove_different_syntax_users_from_group_again.removed == []
- remove_different_syntax_users_from_group_again.members == []
when : in_check_mode
- name : Remove another user from group
2017-08-01 22:06:39 -04:00
win_group_membership : &wgma_absent
2017-07-31 14:10:57 -04:00
<< : *wgm_absent
members :
- NT AUTHORITY\NETWORK SERVICE
register : remove_another_user_from_group
- name : Test remove_another_user_from_group (normal mode)
assert :
that :
- remove_another_user_from_group.changed == true
- remove_another_user_from_group.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
- remove_another_user_from_group.members == []
when : not in_check_mode
- name : Test remove_another_user_from_group (check-mode)
assert :
that :
- remove_another_user_from_group.changed == false
- remove_another_user_from_group.removed == []
- remove_another_user_from_group.members == []
when : in_check_mode
- name : Remove another user from group (again)
2017-08-01 22:06:39 -04:00
win_group_membership : *wgma_absent
2017-07-31 14:10:57 -04:00
register : remove_another_user_from_group_again
- name : Test remove_another_user_from_group_again (normal mode)
assert :
that :
- remove_another_user_from_group_again.changed == false
- remove_another_user_from_group_again.removed == []
- remove_another_user_from_group_again.members == []
2019-01-30 20:48:49 -05:00
when : not in_check_mode
- name : Setup users for pure testing
win_group_membership :
<< : *wgm_present
members :
- "{{ admin_account_name }}"
- NT AUTHORITY\NETWORK SERVICE
- name : Define users as pure
win_group_membership : &wgm_pure
<< : *wgm_present
state : pure
register : define_users_as_pure
- name : Test define_users_as_pure (normal mode)
assert :
that :
- define_users_as_pure.changed == true
- define_users_as_pure.added == ["{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
- define_users_as_pure.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
- define_users_as_pure.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when : not in_check_mode
- name : Test define_users_as_pure (check-mode)
assert :
that :
- define_users_as_pure.changed == true
- define_users_as_pure.added == []
- define_users_as_pure.removed == []
- define_users_as_pure.members == []
when : in_check_mode
- name : Define users as pure (again)
win_group_membership : *wgm_pure
register : define_users_as_pure_again
- name : Test define_users_as_pure_again (normal mode)
assert :
that :
- define_users_as_pure_again.changed == false
- define_users_as_pure_again.added == []
- define_users_as_pure_again.removed == []
- define_users_as_pure_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when : not in_check_mode
- name : Define different syntax users as pure
win_group_membership :
<< : *wgm_pure
members :
- '{{ ansible_hostname }}\{{ admin_account_name }}'
- '.\{{ win_local_user }}'
register : define_different_syntax_users_as_pure
- name : Test define_different_syntax_users_as_pure (normal mode)
assert :
that :
- define_different_syntax_users_as_pure.changed == true
- define_different_syntax_users_as_pure.added == []
- define_different_syntax_users_as_pure.removed == ["NT AUTHORITY\\SYSTEM"]
- define_different_syntax_users_as_pure.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}"]
when : not in_check_mode
- name : Test define_different_syntax_users_as_pure (check-mode)
assert :
that :
- define_different_syntax_users_as_pure.changed == true
- define_different_syntax_users_as_pure.added == []
- define_different_syntax_users_as_pure.removed == []
- define_different_syntax_users_as_pure.members == []
when : in_check_mode
- name : Teardown remaining pure users
win_group_membership : *wgm_absent