ansible/test/integration/targets/win_group_membership/tasks/tests.yml
Andrew Saraceni 30b25d53d2 Add "pure" state functionality for win_group_membership (#51298)
* add pure state functionality for win_group_membership

* fixing typos in docs

* fix syntax for adding removed array depending on state

* remove trailing whitespace from docs

* fix issue in testing pure (again)

* adding note for pure being added in Ansible 2.8
2019-01-31 11:48:49 +10:00

320 lines
No EOL
11 KiB
YAML

# Test code for win_group_membership
# Copyright: (c) 2017, Andrew Saraceni <andrew.saraceni@gmail.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Look up built-in Administrator account name (-500 user whose domain == computer name)
raw: $machine_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1'; (Get-CimInstance Win32_UserAccount -Filter "SID='$machine_sid-500'").Name
check_mode: no
register: admin_account_result
- set_fact:
admin_account_name: "{{ admin_account_result.stdout_lines[0] }}"
- name: Remove potentially leftover group members
win_group_membership:
name: "{{ win_local_group }}"
members:
- "{{ admin_account_name }}"
- "{{ win_local_user }}"
- NT AUTHORITY\SYSTEM
- NT AUTHORITY\NETWORK SERVICE
state: absent
- name: Add user to fake group
win_group_membership:
name: FakeGroup
members:
- "{{ admin_account_name }}"
state: present
register: add_user_to_fake_group
failed_when: add_user_to_fake_group.changed != false or add_user_to_fake_group.msg != "Could not find local group FakeGroup"
- name: Add fake local user
win_group_membership:
name: "{{ win_local_group }}"
members:
- FakeUser
state: present
register: add_fake_local_user
failed_when: add_fake_local_user.changed != false or add_fake_local_user.msg is not search("account_name FakeUser is not a valid account, cannot get SID.*")
- name: Add users to group
win_group_membership: &wgm_present
name: "{{ win_local_group }}"
members:
- "{{ admin_account_name }}"
- "{{ win_local_user }}"
- NT AUTHORITY\SYSTEM
state: present
register: add_users_to_group
- name: Test add_users_to_group (normal mode)
assert:
that:
- add_users_to_group.changed == true
- add_users_to_group.added == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
- add_users_to_group.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when: not in_check_mode
- name: Test add_users_to_group (check-mode)
assert:
that:
- add_users_to_group.changed == true
- add_users_to_group.added == []
- add_users_to_group.members == []
when: in_check_mode
- name: Add users to group (again)
win_group_membership: *wgm_present
register: add_users_to_group_again
- name: Test add_users_to_group_again (normal mode)
assert:
that:
- add_users_to_group_again.changed == false
- add_users_to_group_again.added == []
- add_users_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when: not in_check_mode
- name: Add different syntax users to group (again)
win_group_membership:
<<: *wgm_present
members:
- '{{ ansible_hostname }}\{{ admin_account_name }}'
- '.\{{ win_local_user }}'
register: add_different_syntax_users_to_group_again
- name: Test add_different_syntax_users_to_group_again (normal mode)
assert:
that:
- add_different_syntax_users_to_group_again.changed == false
- add_different_syntax_users_to_group_again.added == []
- add_different_syntax_users_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when: not in_check_mode
- name: Test add_different_syntax_users_to_group_again (check-mode)
assert:
that:
- add_different_syntax_users_to_group_again.changed == true
- add_different_syntax_users_to_group_again.added == []
- add_different_syntax_users_to_group_again.members == []
when: in_check_mode
- name: Add another user to group
win_group_membership: &wgma_present
<<: *wgm_present
members:
- NT AUTHORITY\NETWORK SERVICE
register: add_another_user_to_group
- name: Test add_another_user_to_group (normal mode)
assert:
that:
- add_another_user_to_group.changed == true
- add_another_user_to_group.added == ["NT AUTHORITY\\NETWORK SERVICE"]
- add_another_user_to_group.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
when: not in_check_mode
- name: Test add_another_user_to_group (check-mode)
assert:
that:
- add_another_user_to_group.changed == true
- add_another_user_to_group.added == []
- add_another_user_to_group.members == []
when: in_check_mode
- name: Add another user to group (again)
win_group_membership: *wgma_present
register: add_another_user_to_group_again
- name: Test add_another_user_to_group_1_again (normal mode)
assert:
that:
- add_another_user_to_group_again.changed == false
- add_another_user_to_group_again.added == []
- add_another_user_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
when: not in_check_mode
- name: Remove users from group
win_group_membership: &wgm_absent
<<: *wgm_present
state: absent
register: remove_users_from_group
- name: Test remove_users_from_group (normal mode)
assert:
that:
- remove_users_from_group.changed == true
- remove_users_from_group.removed == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
- remove_users_from_group.members == ["NT AUTHORITY\\NETWORK SERVICE"]
when: not in_check_mode
- name: Test remove_users_from_group (check-mode)
assert:
that:
- remove_users_from_group.changed == false
- remove_users_from_group.removed == []
- remove_users_from_group.members == []
when: in_check_mode
- name: Remove users from group (again)
win_group_membership: *wgm_absent
register: remove_users_from_group_again
- name: Test remove_users_from_group_again (normal mode)
assert:
that:
- remove_users_from_group_again.changed == false
- remove_users_from_group_again.removed == []
- remove_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
when: not in_check_mode
- name: Remove different syntax users from group (again)
win_group_membership:
<<: *wgm_absent
members:
- '{{ ansible_hostname }}\{{ admin_account_name }}'
- '.\{{ win_local_user }}'
register: remove_different_syntax_users_from_group_again
- name: Test remove_different_syntax_users_from_group_again (normal mode)
assert:
that:
- remove_different_syntax_users_from_group_again.changed == false
- remove_different_syntax_users_from_group_again.removed == []
- remove_different_syntax_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
when: not in_check_mode
- name: Test add_different_syntax_users_to_group_again (check-mode)
assert:
that:
- remove_different_syntax_users_from_group_again.changed == false
- remove_different_syntax_users_from_group_again.removed == []
- remove_different_syntax_users_from_group_again.members == []
when: in_check_mode
- name: Remove another user from group
win_group_membership: &wgma_absent
<<: *wgm_absent
members:
- NT AUTHORITY\NETWORK SERVICE
register: remove_another_user_from_group
- name: Test remove_another_user_from_group (normal mode)
assert:
that:
- remove_another_user_from_group.changed == true
- remove_another_user_from_group.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
- remove_another_user_from_group.members == []
when: not in_check_mode
- name: Test remove_another_user_from_group (check-mode)
assert:
that:
- remove_another_user_from_group.changed == false
- remove_another_user_from_group.removed == []
- remove_another_user_from_group.members == []
when: in_check_mode
- name: Remove another user from group (again)
win_group_membership: *wgma_absent
register: remove_another_user_from_group_again
- name: Test remove_another_user_from_group_again (normal mode)
assert:
that:
- remove_another_user_from_group_again.changed == false
- remove_another_user_from_group_again.removed == []
- remove_another_user_from_group_again.members == []
when: not in_check_mode
- name: Setup users for pure testing
win_group_membership:
<<: *wgm_present
members:
- "{{ admin_account_name }}"
- NT AUTHORITY\NETWORK SERVICE
- name: Define users as pure
win_group_membership: &wgm_pure
<<: *wgm_present
state: pure
register: define_users_as_pure
- name: Test define_users_as_pure (normal mode)
assert:
that:
- define_users_as_pure.changed == true
- define_users_as_pure.added == ["{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
- define_users_as_pure.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
- define_users_as_pure.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when: not in_check_mode
- name: Test define_users_as_pure (check-mode)
assert:
that:
- define_users_as_pure.changed == true
- define_users_as_pure.added == []
- define_users_as_pure.removed == []
- define_users_as_pure.members == []
when: in_check_mode
- name: Define users as pure (again)
win_group_membership: *wgm_pure
register: define_users_as_pure_again
- name: Test define_users_as_pure_again (normal mode)
assert:
that:
- define_users_as_pure_again.changed == false
- define_users_as_pure_again.added == []
- define_users_as_pure_again.removed == []
- define_users_as_pure_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
when: not in_check_mode
- name: Define different syntax users as pure
win_group_membership:
<<: *wgm_pure
members:
- '{{ ansible_hostname }}\{{ admin_account_name }}'
- '.\{{ win_local_user }}'
register: define_different_syntax_users_as_pure
- name: Test define_different_syntax_users_as_pure (normal mode)
assert:
that:
- define_different_syntax_users_as_pure.changed == true
- define_different_syntax_users_as_pure.added == []
- define_different_syntax_users_as_pure.removed == ["NT AUTHORITY\\SYSTEM"]
- define_different_syntax_users_as_pure.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}"]
when: not in_check_mode
- name: Test define_different_syntax_users_as_pure (check-mode)
assert:
that:
- define_different_syntax_users_as_pure.changed == true
- define_different_syntax_users_as_pure.added == []
- define_different_syntax_users_as_pure.removed == []
- define_different_syntax_users_as_pure.members == []
when: in_check_mode
- name: Teardown remaining pure users
win_group_membership: *wgm_absent