From 2dcaa108d8eb388512096bc5da9032c9bf81af04 Mon Sep 17 00:00:00 2001 From: PRASOON KARUNAN V <12897753+kvprasoon@users.noreply.github.com> Date: Thu, 5 Dec 2019 04:57:08 +0530 Subject: [PATCH] Adding new module win_auto_logon (#63414) * add new modul * correct password var * fix for linting issues * add return values documentation * linting fixes * Get tests working and simplify a bit --- .../modules/windows/win_auto_logon.ps1 | 83 +++++++++++++++++++ lib/ansible/modules/windows/win_auto_logon.py | 61 ++++++++++++++ .../targets/win_auto_logon/aliases | 1 + .../targets/win_auto_logon/tasks/main.yml | 36 ++++++++ 4 files changed, 181 insertions(+) create mode 100644 lib/ansible/modules/windows/win_auto_logon.ps1 create mode 100644 lib/ansible/modules/windows/win_auto_logon.py create mode 100644 test/integration/targets/win_auto_logon/aliases create mode 100644 test/integration/targets/win_auto_logon/tasks/main.yml diff --git a/lib/ansible/modules/windows/win_auto_logon.ps1 b/lib/ansible/modules/windows/win_auto_logon.ps1 new file mode 100644 index 00000000000..25d3bdfbfbe --- /dev/null +++ b/lib/ansible/modules/windows/win_auto_logon.ps1 @@ -0,0 +1,83 @@ +#!powershell + +# Copyright: (c) 2019, Prasoon Karunan V (@prasoonkarunan) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + + +# All helper methods are written in a binary module and has to be loaded for consuming them. +#AnsibleRequires -CSharpUtil Ansible.Basic + +Set-StrictMode -Version 2.0 + +$spec = @{ + options = @{ + password = @{type = "str"; no_log = $true} + state = @{type = "str"; choices = "absent","present"; default = "present"} + username = @{type = "str"} + } + required_if = @( + , @("state", "present", @("username", "password")) + ) +} + +$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec) +$password = $module.params.password +$state = $module.params.state +$username = $module.params.username +$domain = $null + +if ($username) { + # Try and get the Netlogon form of the username specified. Translating to and from a SID gives us an NTAccount + # in the Netlogon form that we desire. + $ntAccount = New-Object -TypeName System.Security.Principal.NTAccount -ArgumentList $username + try { + $accountSid = $ntAccount.Translate([System.Security.Principal.SecurityIdentifier]) + } catch [System.Security.Principal.IdentityNotMappedException] { + $module.FailJson("Failed to find a local or domain user with the name '$username'", $_) + } + $ntAccount = $accountSid.Translate([System.Security.Principal.NTAccount]) + + $domain, $username = $ntAccount.Value -split '\\' +} + +#Build ParamHash + +$autoAdminLogon = 1 +if($state -eq 'absent'){ + $autoadminlogon = 0 +} +$autoLogonKeyList = @{ + DefaultPassword = $password + DefaultUserName = $username + DefaultDomain = $domain + AutoAdminLogon = $autoAdminLogon +} +$actionTaken = $null +$autoLogonRegPath = 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\' +$autoLogonKeyRegList = Get-ItemProperty -LiteralPath $autoLogonRegPath -Name $autoLogonKeyList.GetEnumerator().Name -ErrorAction SilentlyContinue + +Foreach($key in $autoLogonKeyList.GetEnumerator().Name){ + $currentKeyValue = $autoLogonKeyRegList | Select-Object -ExpandProperty $key -ErrorAction SilentlyContinue + if (-not [String]::IsNullOrEmpty($currentKeyValue)) { + $expectedValue = $autoLogonKeyList[$key] + if(($state -eq 'present') -and ($currentKeyValue -ne $expectedValue)) { + Set-ItemProperty -LiteralPath $autoLogonRegPath -Name $key -Value $autoLogonKeyList[$key] -Force + $actionTaken = $true + } + elseif($state -eq 'absent') { + $actionTaken = $true + Remove-ItemProperty -LiteralPath $autoLogonRegPath -Name $key -Force + } + } + else { + if ($state -eq 'present') { + $actionTaken = $true + New-ItemProperty -LiteralPath $autoLogonRegPath -Name $key -Value $autoLogonKeyList[$key] -Force | Out-Null + } + } +} +if($actionTaken){ + $module.Result.changed = $true +} + +$module.ExitJson() diff --git a/lib/ansible/modules/windows/win_auto_logon.py b/lib/ansible/modules/windows/win_auto_logon.py new file mode 100644 index 00000000000..fe31b2961f0 --- /dev/null +++ b/lib/ansible/modules/windows/win_auto_logon.py @@ -0,0 +1,61 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- + +# Copyright: (c) 2019, Prasoon Karunan V (@prasoonkarunan) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + +DOCUMENTATION = r''' +--- +module: win_auto_logon +short_description: Adds or Sets auto logon registry keys. +description: + - Used to apply auto logon registry setting. +version_added: "2.10" +options: + username: + description: + - Username to login automatically. + - Must be set when C(state=present). + - This can be the Netlogon or UPN of a domain account and is + automatically parsed to the C(DefaultUserName) and C(DefaultDomainName) + registry properties. + type: str + password: + description: + - Password to be used for automatic login. + - Must be set when C(state=present). + - Value of this input will be used as password for I(username). + type: str + state: + description: + - Whether the registry key should be C(present) or C(absent). + type: str + choices: [ absent, present ] + default: present +author: + - Prasoon Karunan V (@prasoonkarunan) +''' + +EXAMPLES = r''' +- name: Set autologon for user1 + win_auto_logon: + username: User1 + password: str0ngp@ssword + +- name: Set autologon for abc.com\user1 + win_auto_logon: + username: abc.com\User1 + password: str0ngp@ssword + +- name: Remove autologon for user1 + win_auto_logon: + state: absent +''' + +RETURN = r''' +# +''' diff --git a/test/integration/targets/win_auto_logon/aliases b/test/integration/targets/win_auto_logon/aliases new file mode 100644 index 00000000000..4cd27b3cb2f --- /dev/null +++ b/test/integration/targets/win_auto_logon/aliases @@ -0,0 +1 @@ +shippable/windows/group1 diff --git a/test/integration/targets/win_auto_logon/tasks/main.yml b/test/integration/targets/win_auto_logon/tasks/main.yml new file mode 100644 index 00000000000..0636d7128f9 --- /dev/null +++ b/test/integration/targets/win_auto_logon/tasks/main.yml @@ -0,0 +1,36 @@ +# Copyright: (c) 2019, Prasoon Karunan V (@prasoonkarunan) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +- name: Set autologon registry keys + win_auto_logon: + username: "{{ ansible_user }}" + password: "{{ ansible_password }}" + state: present + register: win_auto_logon_create_registry_key_set + +- name: check win_auto_logon_create_registry_key_set is changed + assert: + that: + - win_auto_logon_create_registry_key_set is changed + +- name: Set autologon registry keys with missing input + win_auto_logon: + username: "{{ ansible_user }}" + state: present + register: win_auto_logon_create_registry_key_missing_input + ignore_errors: true + +- name: check win_auto_logon_create_registry_key_missing_input is failed + assert: + that: + - win_auto_logon_create_registry_key_missing_input is failed + +- name: Remove autologon registry keys + win_auto_logon: + state: absent + register: win_auto_logon_create_registry_key_remove + +- name: check win_auto_logon_create_registry_key_remove is changed + assert: + that: + - win_auto_logon_create_registry_key_remove is changed