From 56f4bf44f53881162ec7a0f35526eaaa68fa9398 Mon Sep 17 00:00:00 2001 From: Chris Church Date: Tue, 30 Sep 2014 11:52:05 -0400 Subject: [PATCH] Add integration tests for win_user module. --- .../roles/test_win_user/defaults/main.yml | 5 + .../test_win_user/files/lockout_user.ps1 | 17 + .../roles/test_win_user/tasks/main.yml | 400 ++++++++++++++++++ test/integration/test_winrm.yml | 1 + 4 files changed, 423 insertions(+) create mode 100644 test/integration/roles/test_win_user/defaults/main.yml create mode 100644 test/integration/roles/test_win_user/files/lockout_user.ps1 create mode 100644 test/integration/roles/test_win_user/tasks/main.yml diff --git a/test/integration/roles/test_win_user/defaults/main.yml b/test/integration/roles/test_win_user/defaults/main.yml new file mode 100644 index 00000000000..c6a18ed3a30 --- /dev/null +++ b/test/integration/roles/test_win_user/defaults/main.yml @@ -0,0 +1,5 @@ +--- + +test_win_user_name: test_win_user +test_win_user_password: "T35Tus3rP@ssW0rd" +test_win_user_password2: "pa55wOrd4te5tU53R!" diff --git a/test/integration/roles/test_win_user/files/lockout_user.ps1 b/test/integration/roles/test_win_user/files/lockout_user.ps1 new file mode 100644 index 00000000000..e15f13f3bf2 --- /dev/null +++ b/test/integration/roles/test_win_user/files/lockout_user.ps1 @@ -0,0 +1,17 @@ +trap +{ + Write-Error -ErrorRecord $_ + exit 1; +} + +$username = $args[0] +[void][system.reflection.assembly]::LoadWithPartialName('System.DirectoryServices.AccountManagement') +$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $env:COMPUTERNAME +For ($i = 1; $i -le 10; $i++) { + try { + $pc.ValidateCredentials($username, 'b@DP@ssw0rd') + } + catch { + break + } +} diff --git a/test/integration/roles/test_win_user/tasks/main.yml b/test/integration/roles/test_win_user/tasks/main.yml new file mode 100644 index 00000000000..ebe8c5da3e8 --- /dev/null +++ b/test/integration/roles/test_win_user/tasks/main.yml @@ -0,0 +1,400 @@ +# test code for the win_user module +# (c) 2014, Chris Church + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: remove existing test user if present + win_user: name="{{ test_win_user_name }}" state="absent" + register: win_user_remove_result + +- name: check user removal result + assert: + that: + - "win_user_remove_result.name" + - "win_user_remove_result.state == 'absent'" + +- name: try to remove test user again + win_user: name="{{ test_win_user_name }}" state="absent" + register: win_user_remove_result_again + +- name: check user removal result again + assert: + that: + - "not win_user_remove_result_again|changed" + - "win_user_remove_result_again.name" + - "win_user_remove_result_again.msg" + - "win_user_remove_result.state == 'absent'" + +- name: test missing user with query state + win_user: name="{{ test_win_user_name }}" state="query" + register: win_user_missing_query_result + +- name: check missing query result + assert: + that: + - "not win_user_missing_query_result|changed" + - "win_user_missing_query_result.name" + - "win_user_missing_query_result.msg" + - "win_user_missing_query_result.state == 'absent'" + +- name: test create user + win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password }}" + register: win_user_create_result + +- name: check user creation result + assert: + that: + - "win_user_create_result|changed" + - "win_user_create_result.name == '{{ test_win_user_name }}'" + - "win_user_create_result.fullname == '{{ test_win_user_name }}'" + - "win_user_create_result.path" + - "win_user_create_result.state == 'present'" + +- name: update user full name and description + win_user: name="{{ test_win_user_name }}" fullname="Test Ansible User" description="Test user account created by Ansible" + register: win_user_update_result + +- name: check full name and description update result + assert: + that: + - "win_user_update_result|changed" + - "win_user_update_result.fullname == 'Test Ansible User'" + - "win_user_update_result.description == 'Test user account created by Ansible'" + +- name: update user full name and description again with same values + win_user: name="{{ test_win_user_name }}" fullname="Test Ansible User" description="Test user account created by Ansible" + register: win_user_update_result_again + +- name: check full name and description result again + assert: + that: + - "not win_user_update_result_again|changed" + - "win_user_update_result_again.fullname == 'Test Ansible User'" + - "win_user_update_result_again.description == 'Test user account created by Ansible'" + +- name: test again with no options or changes + win_user: name="{{ test_win_user_name }}" + register: win_user_nochange_result + +- name: check no changes result + assert: + that: + - "not win_user_nochange_result|changed" + +- name: test again with query state + win_user: name="{{ test_win_user_name }}" state="query" + register: win_user_query_result + +- name: check query result + assert: + that: + - "not win_user_query_result|changed" + - "win_user_query_result.state == 'present'" + - "win_user_query_result.name == '{{ test_win_user_name }}'" + - "win_user_query_result.fullname == 'Test Ansible User'" + - "win_user_query_result.description == 'Test user account created by Ansible'" + - "win_user_query_result.path" + - "win_user_query_result.sid" + - "win_user_query_result.groups == []" + +- name: change user password + win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password2 }}" + register: win_user_password_result + +- name: check password change result + assert: + that: + - "win_user_password_result|changed" + +- name: change user password again to same value + win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password2 }}" + register: win_user_password_result_again + +- name: check password change result again + assert: + that: + - "not win_user_password_result_again|changed" + +- name: check update_password=on_create for existing user + win_user: name="{{ test_win_user_name }}" password="ThisP@ssW0rdShouldNotBeUsed" update_password=on_create + register: win_user_nopasschange_result + +- name: check password change with on_create flag result + assert: + that: + - "not win_user_nopasschange_result|changed" + +- name: set password expired flag + win_user: name="{{ test_win_user_name }}" password_expired=yes + register: win_user_password_expired_result + +- name: check password expired result + assert: + that: + - "win_user_password_expired_result|changed" + - "win_user_password_expired_result.password_expired" + +- name: clear password expired flag + win_user: name="{{ test_win_user_name }}" password_expired=no + register: win_user_clear_password_expired_result + +- name: check clear password expired result + assert: + that: + - "win_user_clear_password_expired_result|changed" + - "not win_user_clear_password_expired_result.password_expired" + +- name: set password never expires flag + win_user: name="{{ test_win_user_name }}" password_never_expires=yes + register: win_user_password_never_expires_result + +- name: check password never expires result + assert: + that: + - "win_user_password_never_expires_result|changed" + - "win_user_password_never_expires_result.password_never_expires" + +- name: clear password never expires flag + win_user: name="{{ test_win_user_name }}" password_never_expires=no + register: win_user_clear_password_never_expires_result + +- name: check clear password never expires result + assert: + that: + - "win_user_clear_password_never_expires_result|changed" + - "not win_user_clear_password_never_expires_result.password_never_expires" + +- name: set user cannot change password flag + win_user: name="{{ test_win_user_name }}" user_cannot_change_password=yes + register: win_user_cannot_change_password_result + +- name: check user cannot change password result + assert: + that: + - "win_user_cannot_change_password_result|changed" + - "win_user_cannot_change_password_result.user_cannot_change_password" + +- name: clear user cannot change password flag + win_user: name="{{ test_win_user_name }}" user_cannot_change_password=no + register: win_user_can_change_password_result + +- name: check clear user cannot change password result + assert: + that: + - "win_user_can_change_password_result|changed" + - "not win_user_can_change_password_result.user_cannot_change_password" + +- name: set account disabled flag + win_user: name="{{ test_win_user_name }}" account_disabled=true + register: win_user_account_disabled_result + +- name: check account disabled result + assert: + that: + - "win_user_account_disabled_result|changed" + - "win_user_account_disabled_result.account_disabled" + +- name: clear account disabled flag + win_user: name="{{ test_win_user_name }}" account_disabled=false + register: win_user_clear_account_disabled_result + +- name: check clear account disabled result + assert: + that: + - "win_user_clear_account_disabled_result|changed" + - "not win_user_clear_account_disabled_result.account_disabled" + +- name: attempt to set account locked flag + win_user: name="{{ test_win_user_name }}" account_locked=yes + register: win_user_set_account_locked_result + ignore_errors: true + +- name: verify that attempting to set account locked flag fails + assert: + that: + - "win_user_set_account_locked_result|failed" + - "not win_user_set_account_locked_result|changed" + +- name: attempt to lockout test account + script: lockout_user.ps1 "{{ test_win_user_name }}" + +- name: get user to check if account locked flag is set + win_user: name="{{ test_win_user_name }}" state="query" + register: win_user_account_locked_result + +- name: clear account locked flag if set + win_user: name="{{ test_win_user_name }}" account_locked=no + register: win_user_clear_account_locked_result + when: "win_user_account_locked_result.account_locked" + +- name: check clear account lockout result if account was locked + assert: + that: + - "win_user_clear_account_locked_result|changed" + - "not win_user_clear_account_locked_result.account_locked" + when: "win_user_account_locked_result.account_locked" + +- name: assign test user to a group + win_user: name="{{ test_win_user_name }}" groups="Users" + register: win_user_replace_groups_result + +- name: check assign user to group result + assert: + that: + - "win_user_replace_groups_result|changed" + - "win_user_replace_groups_result.groups|length == 1" + - "win_user_replace_groups_result.groups[0]['name'] == 'Users'" + +- name: assign test user to the same group + win_user: + name: "{{ test_win_user_name }}" + groups: ["Users"] + register: win_user_replace_groups_again_result + +- name: check assign user to group again result + assert: + that: + - "not win_user_replace_groups_again_result|changed" + +- name: add user to another group + win_user: name="{{ test_win_user_name }}" groups="Power Users" groups_action="add" + register: win_user_add_groups_result + +- name: check add user to another group result + assert: + that: + - "win_user_add_groups_result|changed" + - "win_user_add_groups_result.groups|length == 2" + - "win_user_add_groups_result.groups[0]['name'] in ('Users', 'Power Users')" + - "win_user_add_groups_result.groups[1]['name'] in ('Users', 'Power Users')" + +- name: add user to another group again + win_user: + name: "{{ test_win_user_name }}" + groups: "Power Users" + groups_action: add + register: win_user_add_groups_again_result + +- name: check add user to another group again result + assert: + that: + - "not win_user_add_groups_again_result|changed" + +- name: remove user from a group + win_user: name="{{ test_win_user_name }}" groups="Users" groups_action="remove" + register: win_user_remove_groups_result + +- name: check remove user from group result + assert: + that: + - "win_user_remove_groups_result|changed" + - "win_user_remove_groups_result.groups|length == 1" + - "win_user_remove_groups_result.groups[0]['name'] == 'Power Users'" + +- name: remove user from a group again + win_user: + name: "{{ test_win_user_name }}" + groups: + - "Users" + groups_action: remove + register: win_user_remove_groups_again_result + +- name: check remove user from group again result + assert: + that: + - "not win_user_remove_groups_again_result|changed" + +- name: reassign test user to multiple groups + win_user: name="{{ test_win_user_name }}" groups="Users, Guests" groups_action="replace" + register: win_user_reassign_groups_result + +- name: check reassign user groups result + assert: + that: + - "win_user_reassign_groups_result|changed" + - "win_user_reassign_groups_result.groups|length == 2" + - "win_user_reassign_groups_result.groups[0]['name'] in ('Users', 'Guests')" + - "win_user_reassign_groups_result.groups[1]['name'] in ('Users', 'Guests')" + +- name: reassign test user to multiple groups again + win_user: + name: "{{ test_win_user_name }}" + groups: + - "Users" + - "Guests" + groups_action: replace + register: win_user_reassign_groups_again_result + +- name: check reassign user groups again result + assert: + that: + - "not win_user_reassign_groups_again_result|changed" + +- name: remove user from all groups + win_user: name="{{ test_win_user_name }}" groups="" + register: win_user_remove_all_groups_result + +- name: check remove user from all groups result + assert: + that: + - "win_user_remove_all_groups_result|changed" + - "win_user_remove_all_groups_result.groups|length == 0" + +- name: remove user from all groups again + win_user: + name: "{{ test_win_user_name }}" + groups: [] + register: win_user_remove_all_groups_again_result + +- name: check remove user from all groups again result + assert: + that: + - "not win_user_remove_all_groups_again_result|changed" + +- name: assign user to invalid group + win_user: name="{{ test_win_user_name }}" groups="Userz" + register: win_user_invalid_group_result + ignore_errors: true + +- name: check invalid group result + assert: + that: + - "win_user_invalid_group_result|failed" + - "win_user_invalid_group_result.msg" + +- name: remove test user when finished + win_user: name="{{ test_win_user_name }}" state="absent" + register: win_user_final_remove_result + +- name: check final user removal result + assert: + that: + - "win_user_final_remove_result|changed" + - "win_user_final_remove_result.name" + - "win_user_final_remove_result.msg" + - "win_user_final_remove_result.state == 'absent'" + +- name: test removed user with query state + win_user: name="{{ test_win_user_name }}" state="query" + register: win_user_removed_query_result + +- name: check removed query result + assert: + that: + - "not win_user_removed_query_result|changed" + - "win_user_removed_query_result.name" + - "win_user_removed_query_result.msg" + - "win_user_removed_query_result.state == 'absent'" diff --git a/test/integration/test_winrm.yml b/test/integration/test_winrm.yml index e2a282e061f..69d3b652a6f 100644 --- a/test/integration/test_winrm.yml +++ b/test/integration/test_winrm.yml @@ -30,6 +30,7 @@ - { role: test_win_msi, tags: test_win_msi } - { role: test_win_service, tags: test_win_service } - { role: test_win_feature, tags: test_win_feature } + - { role: test_win_user, tags: test_win_user } - { role: test_win_file, tags: test_win_file } - { role: test_win_copy, tags: test_win_copy } - { role: test_win_template, tags: test_win_template }