win_iis_webapplication: add authentication parameters (#56033)
* add connect_as, username, password parameters add tests * fixed reference to undefined variable. added version added to new options. * add changelog fragment * fix line endings * use ansible facts to determine os version remove unused iis version check test checksum of iis configuration after backup * correct assertion * added more cleanup tasks. * version added is now 2.10 * skip server 2008 r2 for now * run tests on server 2012 and higher
This commit is contained in:
parent
40071e5db3
commit
8ff6e4c68e
8 changed files with 236 additions and 0 deletions
|
@ -0,0 +1,2 @@
|
|||
minor_changes:
|
||||
- "win_iis_webapplication - add new options ``connect_as``, ``username``, ``password``."
|
|
@ -13,6 +13,9 @@ $site = Get-AnsibleParam -obj $params -name "site" -type "str" -failifempty $tru
|
|||
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "absent","present"
|
||||
$physical_path = Get-AnsibleParam -obj $params -name "physical_path" -type "str" -aliases "path"
|
||||
$application_pool = Get-AnsibleParam -obj $params -name "application_pool" -type "str"
|
||||
$connect_as = Get-AnsibleParam -obj $params -name 'connect_as' -type 'str' -validateset 'specific_user', 'pass_through'
|
||||
$username = Get-AnsibleParam -obj $params -name "username" -type "str" -failifempty ($connect_as -eq 'specific_user')
|
||||
$password = Get-AnsibleParam -obj $params -name "password" -type "str" -failifempty ($connect_as -eq 'specific_user')
|
||||
|
||||
$result = @{
|
||||
application_pool = $application_pool
|
||||
|
@ -90,6 +93,29 @@ try {
|
|||
$result.changed = $true
|
||||
}
|
||||
}
|
||||
|
||||
# Change username and password if needed
|
||||
$app_user = Get-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'userName'
|
||||
$app_pass = Get-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'password'
|
||||
if ($connect_as -eq 'pass_through') {
|
||||
if ($app_user -ne '') {
|
||||
Clear-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'userName' -WhatIf:$check_mode
|
||||
$result.changed = $true
|
||||
}
|
||||
if ($app_pass -ne '') {
|
||||
Clear-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'password' -WhatIf:$check_mode
|
||||
$result.changed = $true
|
||||
}
|
||||
} elseif ($connect_as -eq 'specific_user') {
|
||||
if ($app_user -ne $username) {
|
||||
Set-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'userName' -Value $username -WhatIf:$check_mode
|
||||
$result.changed = $true
|
||||
}
|
||||
if ($app_pass -ne $password) {
|
||||
Set-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'password' -Value $password -WhatIf:$check_mode
|
||||
$result.changed = $true
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch {
|
||||
Fail-Json $result $_.Exception.Message
|
||||
|
@ -98,6 +124,13 @@ try {
|
|||
# When in check-mode or on removal, this may fail
|
||||
$application = Get-WebApplication -Site $site -Name $name
|
||||
if ($application) {
|
||||
$app_user = Get-ItemProperty -Path "IIS:\Sites\$($site)\$($name)" -Name 'userName'
|
||||
if ($app_user -eq '') {
|
||||
$result.connect_as = 'pass_through'
|
||||
} else {
|
||||
$result.connect_as = 'specific_user'
|
||||
}
|
||||
|
||||
$result.physical_path = $application.PhysicalPath
|
||||
$result.application_pool = $application.ApplicationPool
|
||||
}
|
||||
|
|
|
@ -42,6 +42,26 @@ options:
|
|||
- The application pool in which the new site executes.
|
||||
- If not specified, the application pool of the current website will be used.
|
||||
type: str
|
||||
connect_as:
|
||||
description:
|
||||
- The type of authentication to use for this application. Either C(pass_through) or C(specific_user)
|
||||
- If C(pass_through), IIS will use the identity of the user or application pool identity to access the file system or network.
|
||||
- If C(specific_user), IIS will use the credentials provided in I(username) and I(password) to access the file system or network.
|
||||
type: str
|
||||
choices: [pass_through, specific_user]
|
||||
version_added: '2.10'
|
||||
username:
|
||||
description:
|
||||
- Specifies the user name of an account that can access configuration files and content for this application.
|
||||
- Required when I(connect_as) is set to C(specific_user).
|
||||
type: str
|
||||
version_added: '2.10'
|
||||
password:
|
||||
description:
|
||||
- The password associated with I(username).
|
||||
- Required when I(connect_as) is set to C(specific_user).
|
||||
type: str
|
||||
version_added: '2.10'
|
||||
seealso:
|
||||
- module: win_iis_virtualdirectory
|
||||
- module: win_iis_webapppool
|
||||
|
@ -71,4 +91,9 @@ physical_path:
|
|||
returned: success
|
||||
type: str
|
||||
sample: C:\apps\acme\api
|
||||
connect_as:
|
||||
description: How IIS will try to authenticate to the physical_path.
|
||||
returned: when the application exists
|
||||
type: str
|
||||
sample: specific_user
|
||||
'''
|
||||
|
|
1
test/integration/targets/win_iis_webapplication/aliases
Normal file
1
test/integration/targets/win_iis_webapplication/aliases
Normal file
|
@ -0,0 +1 @@
|
|||
shippable/windows/group3
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
|
||||
test_app_name: TestApp
|
||||
|
||||
test_site_name: 'Test Site'
|
||||
|
||||
test_user: testuser
|
||||
test_password: testpass
|
||||
|
||||
test_physical_path: "{{ remote_tmp_dir }}"
|
||||
test_apppool: 'testapppool'
|
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
dependencies:
|
||||
- setup_remote_tmp_dir
|
|
@ -0,0 +1,70 @@
|
|||
---
|
||||
# Cannot use win_feature to install IIS on Server 2008.
|
||||
# Run a brief check and skip hosts that don't support
|
||||
# that operation
|
||||
|
||||
# Run on Server 2012 and higher
|
||||
- block:
|
||||
- name: ensure IIS features are installed
|
||||
win_feature:
|
||||
name: Web-Server
|
||||
state: present
|
||||
include_management_tools: True
|
||||
register: feature_install
|
||||
|
||||
- name: reboot after feature install
|
||||
win_reboot:
|
||||
when: feature_install.reboot_required
|
||||
|
||||
# may be possible that copy corrupts the file
|
||||
- name: Get iis configuration checksum
|
||||
win_stat:
|
||||
path: '{{ ansible_env.SystemRoot }}\System32\inetsrv\config\applicationHost.config'
|
||||
checksum_algorithm: sha1
|
||||
register: stat_result
|
||||
|
||||
- name: take a copy of the original iis configuration
|
||||
win_copy:
|
||||
src: '{{ ansible_env.SystemRoot }}\System32\inetsrv\config\applicationHost.config'
|
||||
dest: '{{ ansible_env.TEMP }}\applicationHost.config'
|
||||
remote_src: yes
|
||||
register: copy_result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "stat_result.stat.checksum == copy_result.checksum"
|
||||
|
||||
# Tests
|
||||
- name: run tests on hosts that support it
|
||||
include_tasks: tests.yml
|
||||
|
||||
always:
|
||||
# Cleanup
|
||||
- name: remove test application
|
||||
win_iis_webapplication:
|
||||
state: absent
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
|
||||
- name: remove test application pool
|
||||
win_iis_webapppool:
|
||||
name: "{{ test_apppool }}"
|
||||
state: absent
|
||||
|
||||
- name: remove test site
|
||||
win_iis_website:
|
||||
name: "{{ test_site_name }}"
|
||||
state: absent
|
||||
|
||||
- name: restore iis configuration
|
||||
win_copy:
|
||||
src: '{{ ansible_env.TEMP }}\applicationHost.config'
|
||||
dest: '{{ ansible_env.SystemRoot }}\System32\inetsrv\config\applicationHost.config'
|
||||
remote_src: yes
|
||||
register: copy_result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- "stat_result.stat.checksum == copy_result.checksum"
|
||||
|
||||
when: ansible_distribution_version is version('6.2','ge')
|
|
@ -0,0 +1,91 @@
|
|||
---
|
||||
- name: test site exists, but stopped in case of duplicate web binding
|
||||
win_iis_website:
|
||||
name: "{{ test_site_name }}"
|
||||
state: stopped
|
||||
physical_path: 'C:\inetpub\wwwroot'
|
||||
|
||||
- name: test app is absent (baseline)
|
||||
win_iis_webapplication:
|
||||
state: absent
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
|
||||
- name: create test app
|
||||
win_iis_webapplication:
|
||||
state: present
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
physical_path: "{{ test_physical_path }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'result.changed == true'
|
||||
- 'result.physical_path == test_physical_path'
|
||||
|
||||
- name: create test app (idempotent)
|
||||
win_iis_webapplication:
|
||||
state: present
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
physical_path: "{{ test_physical_path }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'result.changed == false'
|
||||
- 'result.physical_path == test_physical_path'
|
||||
|
||||
- name: set test app credentials
|
||||
win_iis_webapplication:
|
||||
state: present
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
connect_as: specific_user
|
||||
username: "{{ test_user }}"
|
||||
password: "{{ test_password }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'result.changed == true'
|
||||
- 'result.physical_path == test_physical_path'
|
||||
- "result.connect_as == 'specific_user'"
|
||||
|
||||
- name: set test app credentials (idempotent)
|
||||
win_iis_webapplication:
|
||||
state: present
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
connect_as: specific_user
|
||||
username: "{{ test_user }}"
|
||||
password: "{{ test_password }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'result.changed == false'
|
||||
- 'result.physical_path == test_physical_path'
|
||||
- "result.connect_as == 'specific_user'"
|
||||
|
||||
- name: create new test application pool
|
||||
win_iis_webapppool:
|
||||
name: "{{ test_apppool }}"
|
||||
state: present
|
||||
|
||||
- name: change app pool and use pass through authentication
|
||||
win_iis_webapplication:
|
||||
state: present
|
||||
site: "{{ test_site_name }}"
|
||||
name: "{{ test_app_name }}"
|
||||
connect_as: pass_through
|
||||
application_pool: "{{ test_apppool }}"
|
||||
register: result
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- 'result.changed == true'
|
||||
- 'result.physical_path == test_physical_path'
|
||||
- "result.connect_as == 'pass_through'"
|
||||
- "result.application_pool == test_apppool"
|
Loading…
Reference in a new issue