30b25d53d2
* add pure state functionality for win_group_membership * fixing typos in docs * fix syntax for adding removed array depending on state * remove trailing whitespace from docs * fix issue in testing pure (again) * adding note for pure being added in Ansible 2.8
320 lines
No EOL
11 KiB
YAML
320 lines
No EOL
11 KiB
YAML
# Test code for win_group_membership
|
|
|
|
# Copyright: (c) 2017, Andrew Saraceni <andrew.saraceni@gmail.com>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
- name: Look up built-in Administrator account name (-500 user whose domain == computer name)
|
|
raw: $machine_sid = (Get-CimInstance Win32_UserAccount -Filter "Domain='$env:COMPUTERNAME'")[0].SID -replace '(S-1-5-21-\d+-\d+-\d+)-\d+', '$1'; (Get-CimInstance Win32_UserAccount -Filter "SID='$machine_sid-500'").Name
|
|
check_mode: no
|
|
register: admin_account_result
|
|
|
|
- set_fact:
|
|
admin_account_name: "{{ admin_account_result.stdout_lines[0] }}"
|
|
|
|
- name: Remove potentially leftover group members
|
|
win_group_membership:
|
|
name: "{{ win_local_group }}"
|
|
members:
|
|
- "{{ admin_account_name }}"
|
|
- "{{ win_local_user }}"
|
|
- NT AUTHORITY\SYSTEM
|
|
- NT AUTHORITY\NETWORK SERVICE
|
|
state: absent
|
|
|
|
|
|
- name: Add user to fake group
|
|
win_group_membership:
|
|
name: FakeGroup
|
|
members:
|
|
- "{{ admin_account_name }}"
|
|
state: present
|
|
register: add_user_to_fake_group
|
|
failed_when: add_user_to_fake_group.changed != false or add_user_to_fake_group.msg != "Could not find local group FakeGroup"
|
|
|
|
|
|
- name: Add fake local user
|
|
win_group_membership:
|
|
name: "{{ win_local_group }}"
|
|
members:
|
|
- FakeUser
|
|
state: present
|
|
register: add_fake_local_user
|
|
failed_when: add_fake_local_user.changed != false or add_fake_local_user.msg is not search("account_name FakeUser is not a valid account, cannot get SID.*")
|
|
|
|
|
|
- name: Add users to group
|
|
win_group_membership: &wgm_present
|
|
name: "{{ win_local_group }}"
|
|
members:
|
|
- "{{ admin_account_name }}"
|
|
- "{{ win_local_user }}"
|
|
- NT AUTHORITY\SYSTEM
|
|
state: present
|
|
register: add_users_to_group
|
|
|
|
- name: Test add_users_to_group (normal mode)
|
|
assert:
|
|
that:
|
|
- add_users_to_group.changed == true
|
|
- add_users_to_group.added == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
- add_users_to_group.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test add_users_to_group (check-mode)
|
|
assert:
|
|
that:
|
|
- add_users_to_group.changed == true
|
|
- add_users_to_group.added == []
|
|
- add_users_to_group.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Add users to group (again)
|
|
win_group_membership: *wgm_present
|
|
register: add_users_to_group_again
|
|
|
|
- name: Test add_users_to_group_again (normal mode)
|
|
assert:
|
|
that:
|
|
- add_users_to_group_again.changed == false
|
|
- add_users_to_group_again.added == []
|
|
- add_users_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
when: not in_check_mode
|
|
|
|
|
|
- name: Add different syntax users to group (again)
|
|
win_group_membership:
|
|
<<: *wgm_present
|
|
members:
|
|
- '{{ ansible_hostname }}\{{ admin_account_name }}'
|
|
- '.\{{ win_local_user }}'
|
|
register: add_different_syntax_users_to_group_again
|
|
|
|
- name: Test add_different_syntax_users_to_group_again (normal mode)
|
|
assert:
|
|
that:
|
|
- add_different_syntax_users_to_group_again.changed == false
|
|
- add_different_syntax_users_to_group_again.added == []
|
|
- add_different_syntax_users_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test add_different_syntax_users_to_group_again (check-mode)
|
|
assert:
|
|
that:
|
|
- add_different_syntax_users_to_group_again.changed == true
|
|
- add_different_syntax_users_to_group_again.added == []
|
|
- add_different_syntax_users_to_group_again.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Add another user to group
|
|
win_group_membership: &wgma_present
|
|
<<: *wgm_present
|
|
members:
|
|
- NT AUTHORITY\NETWORK SERVICE
|
|
register: add_another_user_to_group
|
|
|
|
- name: Test add_another_user_to_group (normal mode)
|
|
assert:
|
|
that:
|
|
- add_another_user_to_group.changed == true
|
|
- add_another_user_to_group.added == ["NT AUTHORITY\\NETWORK SERVICE"]
|
|
- add_another_user_to_group.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test add_another_user_to_group (check-mode)
|
|
assert:
|
|
that:
|
|
- add_another_user_to_group.changed == true
|
|
- add_another_user_to_group.added == []
|
|
- add_another_user_to_group.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Add another user to group (again)
|
|
win_group_membership: *wgma_present
|
|
register: add_another_user_to_group_again
|
|
|
|
- name: Test add_another_user_to_group_1_again (normal mode)
|
|
assert:
|
|
that:
|
|
- add_another_user_to_group_again.changed == false
|
|
- add_another_user_to_group_again.added == []
|
|
- add_another_user_to_group_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
|
|
when: not in_check_mode
|
|
|
|
|
|
- name: Remove users from group
|
|
win_group_membership: &wgm_absent
|
|
<<: *wgm_present
|
|
state: absent
|
|
register: remove_users_from_group
|
|
|
|
- name: Test remove_users_from_group (normal mode)
|
|
assert:
|
|
that:
|
|
- remove_users_from_group.changed == true
|
|
- remove_users_from_group.removed == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
- remove_users_from_group.members == ["NT AUTHORITY\\NETWORK SERVICE"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test remove_users_from_group (check-mode)
|
|
assert:
|
|
that:
|
|
- remove_users_from_group.changed == false
|
|
- remove_users_from_group.removed == []
|
|
- remove_users_from_group.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Remove users from group (again)
|
|
win_group_membership: *wgm_absent
|
|
register: remove_users_from_group_again
|
|
|
|
- name: Test remove_users_from_group_again (normal mode)
|
|
assert:
|
|
that:
|
|
- remove_users_from_group_again.changed == false
|
|
- remove_users_from_group_again.removed == []
|
|
- remove_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
|
|
when: not in_check_mode
|
|
|
|
|
|
- name: Remove different syntax users from group (again)
|
|
win_group_membership:
|
|
<<: *wgm_absent
|
|
members:
|
|
- '{{ ansible_hostname }}\{{ admin_account_name }}'
|
|
- '.\{{ win_local_user }}'
|
|
register: remove_different_syntax_users_from_group_again
|
|
|
|
- name: Test remove_different_syntax_users_from_group_again (normal mode)
|
|
assert:
|
|
that:
|
|
- remove_different_syntax_users_from_group_again.changed == false
|
|
- remove_different_syntax_users_from_group_again.removed == []
|
|
- remove_different_syntax_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test add_different_syntax_users_to_group_again (check-mode)
|
|
assert:
|
|
that:
|
|
- remove_different_syntax_users_from_group_again.changed == false
|
|
- remove_different_syntax_users_from_group_again.removed == []
|
|
- remove_different_syntax_users_from_group_again.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Remove another user from group
|
|
win_group_membership: &wgma_absent
|
|
<<: *wgm_absent
|
|
members:
|
|
- NT AUTHORITY\NETWORK SERVICE
|
|
register: remove_another_user_from_group
|
|
|
|
- name: Test remove_another_user_from_group (normal mode)
|
|
assert:
|
|
that:
|
|
- remove_another_user_from_group.changed == true
|
|
- remove_another_user_from_group.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
|
|
- remove_another_user_from_group.members == []
|
|
when: not in_check_mode
|
|
|
|
- name: Test remove_another_user_from_group (check-mode)
|
|
assert:
|
|
that:
|
|
- remove_another_user_from_group.changed == false
|
|
- remove_another_user_from_group.removed == []
|
|
- remove_another_user_from_group.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Remove another user from group (again)
|
|
win_group_membership: *wgma_absent
|
|
register: remove_another_user_from_group_again
|
|
|
|
- name: Test remove_another_user_from_group_again (normal mode)
|
|
assert:
|
|
that:
|
|
- remove_another_user_from_group_again.changed == false
|
|
- remove_another_user_from_group_again.removed == []
|
|
- remove_another_user_from_group_again.members == []
|
|
when: not in_check_mode
|
|
|
|
|
|
- name: Setup users for pure testing
|
|
win_group_membership:
|
|
<<: *wgm_present
|
|
members:
|
|
- "{{ admin_account_name }}"
|
|
- NT AUTHORITY\NETWORK SERVICE
|
|
|
|
|
|
- name: Define users as pure
|
|
win_group_membership: &wgm_pure
|
|
<<: *wgm_present
|
|
state: pure
|
|
register: define_users_as_pure
|
|
|
|
- name: Test define_users_as_pure (normal mode)
|
|
assert:
|
|
that:
|
|
- define_users_as_pure.changed == true
|
|
- define_users_as_pure.added == ["{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
- define_users_as_pure.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
|
|
- define_users_as_pure.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test define_users_as_pure (check-mode)
|
|
assert:
|
|
that:
|
|
- define_users_as_pure.changed == true
|
|
- define_users_as_pure.added == []
|
|
- define_users_as_pure.removed == []
|
|
- define_users_as_pure.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Define users as pure (again)
|
|
win_group_membership: *wgm_pure
|
|
register: define_users_as_pure_again
|
|
|
|
- name: Test define_users_as_pure_again (normal mode)
|
|
assert:
|
|
that:
|
|
- define_users_as_pure_again.changed == false
|
|
- define_users_as_pure_again.added == []
|
|
- define_users_as_pure_again.removed == []
|
|
- define_users_as_pure_again.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}", "NT AUTHORITY\\SYSTEM"]
|
|
when: not in_check_mode
|
|
|
|
|
|
- name: Define different syntax users as pure
|
|
win_group_membership:
|
|
<<: *wgm_pure
|
|
members:
|
|
- '{{ ansible_hostname }}\{{ admin_account_name }}'
|
|
- '.\{{ win_local_user }}'
|
|
register: define_different_syntax_users_as_pure
|
|
|
|
- name: Test define_different_syntax_users_as_pure (normal mode)
|
|
assert:
|
|
that:
|
|
- define_different_syntax_users_as_pure.changed == true
|
|
- define_different_syntax_users_as_pure.added == []
|
|
- define_different_syntax_users_as_pure.removed == ["NT AUTHORITY\\SYSTEM"]
|
|
- define_different_syntax_users_as_pure.members == ["{{ ansible_hostname }}\\{{ admin_account_name }}", "{{ ansible_hostname }}\\{{ win_local_user }}"]
|
|
when: not in_check_mode
|
|
|
|
- name: Test define_different_syntax_users_as_pure (check-mode)
|
|
assert:
|
|
that:
|
|
- define_different_syntax_users_as_pure.changed == true
|
|
- define_different_syntax_users_as_pure.added == []
|
|
- define_different_syntax_users_as_pure.removed == []
|
|
- define_different_syntax_users_as_pure.members == []
|
|
when: in_check_mode
|
|
|
|
|
|
- name: Teardown remaining pure users
|
|
win_group_membership: *wgm_absent |