c40f41d519
* win_credential - fix encoding for text based secrets * Fix py2 encoding issues
592 lines
17 KiB
YAML
592 lines
17 KiB
YAML
---
|
|
- name: fail to run the module without become
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username
|
|
secret: password
|
|
state: present
|
|
register: fail_no_become
|
|
failed_when: '"Failed to access the user''s credential store, run the module with become" not in fail_no_become.msg'
|
|
|
|
- name: create domain user credential (check mode)
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username
|
|
secret: password
|
|
state: present
|
|
register: domain_user_check
|
|
check_mode: True
|
|
vars: &become_vars
|
|
ansible_become: True
|
|
ansible_become_method: runas
|
|
ansible_become_user: '{{ ansible_user }}'
|
|
ansible_become_pass: '{{ ansible_password }}'
|
|
|
|
- name: get result of create domain user credential (check mode)
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: domain_user_actual_check
|
|
vars: *become_vars
|
|
|
|
- name: asset create domain user credential (check mode)
|
|
assert:
|
|
that:
|
|
- domain_user_check is changed
|
|
- not domain_user_actual_check.exists
|
|
|
|
- name: create domain user credential
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username
|
|
secret: password
|
|
state: present
|
|
register: domain_user
|
|
vars: *become_vars
|
|
|
|
- name: get result of create domain user credential
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: domain_user_actual
|
|
vars: *become_vars
|
|
|
|
- name: asset create domain user credential
|
|
assert:
|
|
that:
|
|
- domain_user is changed
|
|
- domain_user_actual.exists
|
|
- domain_user_actual.alias == None
|
|
- domain_user_actual.attributes == []
|
|
- domain_user_actual.comment == None
|
|
- domain_user_actual.name == test_hostname
|
|
- domain_user_actual.persistence == "LocalMachine"
|
|
- domain_user_actual.secret == ""
|
|
- domain_user_actual.type == "DomainPassword"
|
|
- domain_user_actual.username == "DOMAIN\\username"
|
|
|
|
- name: create domain user credential again always update
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username
|
|
secret: password
|
|
state: present
|
|
register: domain_user_again_always
|
|
vars: *become_vars
|
|
|
|
- name: create domain user credential again on_create
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username
|
|
secret: password
|
|
update_secret: on_create
|
|
state: present
|
|
register: domain_user_again_on_create
|
|
vars: *become_vars
|
|
|
|
- name: assert create domain user credential again
|
|
assert:
|
|
that:
|
|
- domain_user_again_always is changed
|
|
- not domain_user_again_on_create is changed
|
|
|
|
- name: update credential (check mode)
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username2
|
|
alias: ansible
|
|
attributes:
|
|
- name: attribute 1
|
|
data: attribute 1 value
|
|
- name: attribute 2
|
|
data: '{{ "attribute 2 value" | b64encode }}'
|
|
data_format: base64
|
|
comment: Credential comment
|
|
persistence: enterprise
|
|
state: present
|
|
register: update_cred_check
|
|
check_mode: True
|
|
vars: *become_vars
|
|
|
|
- name: get result of update credential (check mode)
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: update_cred_actual_check
|
|
vars: *become_vars
|
|
|
|
- name: assert update credential (check mode)
|
|
assert:
|
|
that:
|
|
- update_cred_check is changed
|
|
- update_cred_actual_check.exists
|
|
- update_cred_actual_check.alias == None
|
|
- update_cred_actual_check.attributes == []
|
|
- update_cred_actual_check.comment == None
|
|
- update_cred_actual_check.name == test_hostname
|
|
- update_cred_actual_check.persistence == "LocalMachine"
|
|
- update_cred_actual_check.secret == ""
|
|
- update_cred_actual_check.type == "DomainPassword"
|
|
- update_cred_actual_check.username == "DOMAIN\\username"
|
|
|
|
- name: update credential
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username2
|
|
alias: ansible
|
|
attributes:
|
|
- name: attribute 1
|
|
data: attribute 1 value
|
|
- name: attribute 2
|
|
data: '{{ "attribute 2 value" | b64encode }}'
|
|
data_format: base64
|
|
comment: Credential comment
|
|
persistence: enterprise
|
|
state: present
|
|
register: update_cred
|
|
vars: *become_vars
|
|
|
|
- name: get result of update credential
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: update_cred_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert update credential
|
|
assert:
|
|
that:
|
|
- update_cred is changed
|
|
- update_cred_actual.exists
|
|
- update_cred_actual.alias == "ansible"
|
|
- update_cred_actual.attributes|count == 2
|
|
- update_cred_actual.attributes[0].name == "attribute 1"
|
|
- update_cred_actual.attributes[0].data == "attribute 1 value"|b64encode
|
|
- update_cred_actual.attributes[1].name == "attribute 2"
|
|
- update_cred_actual.attributes[1].data == "attribute 2 value"|b64encode
|
|
- update_cred_actual.comment == "Credential comment"
|
|
- update_cred_actual.name == test_hostname
|
|
- update_cred_actual.persistence == "Enterprise"
|
|
- update_cred_actual.secret == ""
|
|
- update_cred_actual.type == "DomainPassword"
|
|
- update_cred_actual.username == "DOMAIN\\username2"
|
|
|
|
- name: update credential again
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username2
|
|
alias: ansible
|
|
attributes:
|
|
- name: attribute 1
|
|
data: attribute 1 value
|
|
- name: attribute 2
|
|
data: '{{ "attribute 2 value" | b64encode }}'
|
|
data_format: base64
|
|
comment: Credential comment
|
|
persistence: enterprise
|
|
state: present
|
|
register: update_cred_again
|
|
vars: *become_vars
|
|
|
|
- name: assert update credential again
|
|
assert:
|
|
that:
|
|
- not update_cred_again is changed
|
|
|
|
- name: add new attribute
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username2
|
|
alias: ansible
|
|
attributes:
|
|
- name: attribute 1
|
|
data: attribute 1 value
|
|
- name: attribute 2
|
|
data: '{{ "attribute 2 value" | b64encode }}'
|
|
data_format: base64
|
|
- name: attribute 3
|
|
data: attribute 3 value
|
|
comment: Credential comment
|
|
persistence: enterprise
|
|
state: present
|
|
register: add_attribute
|
|
vars: *become_vars
|
|
|
|
- name: get result of add new attribute
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: add_attribute_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert add new attribute
|
|
assert:
|
|
that:
|
|
- add_attribute is changed
|
|
- add_attribute_actual.attributes|count == 3
|
|
- add_attribute_actual.attributes[0].name == "attribute 1"
|
|
- add_attribute_actual.attributes[0].data == "attribute 1 value"|b64encode
|
|
- add_attribute_actual.attributes[1].name == "attribute 2"
|
|
- add_attribute_actual.attributes[1].data == "attribute 2 value"|b64encode
|
|
- add_attribute_actual.attributes[2].name == "attribute 3"
|
|
- add_attribute_actual.attributes[2].data == "attribute 3 value"|b64encode
|
|
|
|
- name: remove attribute
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username2
|
|
alias: ansible
|
|
attributes:
|
|
- name: attribute 1
|
|
data: attribute 1 value
|
|
- name: attribute 2
|
|
data: '{{ "attribute 2 value" | b64encode }}'
|
|
data_format: base64
|
|
comment: Credential comment
|
|
persistence: enterprise
|
|
state: present
|
|
register: remove_attribute
|
|
vars: *become_vars
|
|
|
|
- name: get result of remove attribute
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: remove_attribute_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert remove attribute
|
|
assert:
|
|
that:
|
|
- remove_attribute is changed
|
|
- remove_attribute_actual.attributes|count == 2
|
|
- remove_attribute_actual.attributes[0].name == "attribute 1"
|
|
- remove_attribute_actual.attributes[0].data == "attribute 1 value"|b64encode
|
|
- remove_attribute_actual.attributes[1].name == "attribute 2"
|
|
- remove_attribute_actual.attributes[1].data == "attribute 2 value"|b64encode
|
|
|
|
- name: edit attribute
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
username: DOMAIN\username2
|
|
alias: ansible
|
|
attributes:
|
|
- name: attribute 1
|
|
data: attribute 1 value new
|
|
- name: attribute 2
|
|
data: '{{ "attribute 2 value" | b64encode }}'
|
|
data_format: base64
|
|
comment: Credential comment
|
|
persistence: enterprise
|
|
state: present
|
|
register: edit_attribute
|
|
vars: *become_vars
|
|
|
|
- name: get result of edit attribute
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: edit_attribute_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert remove attribute
|
|
assert:
|
|
that:
|
|
- edit_attribute is changed
|
|
- edit_attribute_actual.attributes|count == 2
|
|
- edit_attribute_actual.attributes[0].name == "attribute 1"
|
|
- edit_attribute_actual.attributes[0].data == "attribute 1 value new"|b64encode
|
|
- edit_attribute_actual.attributes[1].name == "attribute 2"
|
|
- edit_attribute_actual.attributes[1].data == "attribute 2 value"|b64encode
|
|
|
|
- name: remove credential (check mode)
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
state: absent
|
|
register: remove_cred_check
|
|
check_mode: True
|
|
vars: *become_vars
|
|
|
|
- name: get result of remove credential (check mode)
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: remove_cred_actual_check
|
|
vars: *become_vars
|
|
|
|
- name: assert remove credential (check mode)
|
|
assert:
|
|
that:
|
|
- remove_cred_check is changed
|
|
- remove_cred_actual_check.exists
|
|
|
|
- name: remove credential
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
state: absent
|
|
register: remove_cred
|
|
vars: *become_vars
|
|
|
|
- name: get result of remove credential
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
register: remove_cred_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert remove credential
|
|
assert:
|
|
that:
|
|
- remove_cred is changed
|
|
- not remove_cred_actual.exists
|
|
|
|
- name: remove credential again
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_password
|
|
state: absent
|
|
register: remove_cred_again
|
|
vars: *become_vars
|
|
|
|
- name: assert remove credential again
|
|
assert:
|
|
that:
|
|
- not remove_cred_again is changed
|
|
|
|
- name: create generic password (check mode)
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_password
|
|
persistence: enterprise
|
|
username: genericuser
|
|
secret: genericpass
|
|
state: present
|
|
register: generic_password_check
|
|
check_mode: True
|
|
vars: *become_vars
|
|
|
|
- name: get result of create generic password (check mode)
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_password
|
|
register: generic_password_actual_check
|
|
vars: *become_vars
|
|
|
|
- name: assert result of create generic password (check mode)
|
|
assert:
|
|
that:
|
|
- generic_password_check is changed
|
|
- not generic_password_actual_check.exists
|
|
|
|
- name: create generic password
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_password
|
|
persistence: enterprise
|
|
username: genericuser
|
|
secret: genericpass
|
|
state: present
|
|
register: generic_password
|
|
vars: *become_vars
|
|
|
|
- name: get result of create generic password
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_password
|
|
register: generic_password_actual
|
|
vars: *become_vars
|
|
|
|
- name: set encoded password result
|
|
set_fact:
|
|
encoded_pass: '{{ "genericpass" | string | b64encode(encoding="utf-16-le") }}'
|
|
|
|
- name: assert create generic password
|
|
assert:
|
|
that:
|
|
- generic_password is changed
|
|
- generic_password_actual.exists
|
|
- generic_password_actual.alias == None
|
|
- generic_password_actual.attributes == []
|
|
- generic_password_actual.comment == None
|
|
- generic_password_actual.name == test_hostname
|
|
- generic_password_actual.persistence == "Enterprise"
|
|
- generic_password_actual.secret == encoded_pass
|
|
- generic_password_actual.type == "Generic"
|
|
- generic_password_actual.username == "genericuser"
|
|
|
|
- name: create generic password again
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_password
|
|
persistence: enterprise
|
|
username: genericuser
|
|
secret: genericpass
|
|
state: present
|
|
register: generic_password_again
|
|
vars: *become_vars
|
|
|
|
- name: assert create generic password again
|
|
assert:
|
|
that:
|
|
- not generic_password_again is changed
|
|
|
|
- name: fail to create certificate cred with invalid thumbprint
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_certificate
|
|
username: 00112233445566778899AABBCCDDEEFF00112233
|
|
state: present
|
|
register: fail_invalid_cert
|
|
failed_when: fail_invalid_cert.msg != "Failed to find certificate with the thumbprint 00112233445566778899AABBCCDDEEFF00112233 in the CurrentUser\\My store"
|
|
vars: *become_vars
|
|
|
|
- name: create domain certificate cred (check mode)
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_certificate
|
|
username: '{{ cert_thumbprint }}'
|
|
state: present
|
|
register: domain_cert_check
|
|
check_mode: True
|
|
vars: *become_vars
|
|
|
|
- name: get result of create domain certificate cred (check mode)
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_certificate
|
|
register: domain_cert_actual_check
|
|
vars: *become_vars
|
|
|
|
- name: assert create domain certificate cred (check mode)
|
|
assert:
|
|
that:
|
|
- domain_cert_check is changed
|
|
- not domain_cert_actual_check.exists
|
|
|
|
- name: create domain certificate cred
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_certificate
|
|
username: '{{ cert_thumbprint }}'
|
|
state: present
|
|
register: domain_cert
|
|
vars: *become_vars
|
|
|
|
- name: get result of create domain certificate cred
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_certificate
|
|
register: domain_cert_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert create domain certificate cred
|
|
assert:
|
|
that:
|
|
- domain_cert is changed
|
|
- domain_cert_actual.exists
|
|
- domain_cert_actual.alias == None
|
|
- domain_cert_actual.attributes == []
|
|
- domain_cert_actual.comment == None
|
|
- domain_cert_actual.name == test_hostname
|
|
- domain_cert_actual.persistence == "LocalMachine"
|
|
- domain_cert_actual.secret == ""
|
|
- domain_cert_actual.type == "DomainCertificate"
|
|
- domain_cert_actual.username == cert_thumbprint
|
|
|
|
- name: create domain certificate cred again
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: domain_certificate
|
|
username: '{{ cert_thumbprint }}'
|
|
state: present
|
|
register: domain_cert_again
|
|
vars: *become_vars
|
|
|
|
- name: assert create domain certificate cred again
|
|
assert:
|
|
that:
|
|
- not domain_cert_again is changed
|
|
|
|
- name: create generic certificate cred (check mode)
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_certificate
|
|
username: '{{ cert_thumbprint }}'
|
|
secret: '{{ "pin code" | b64encode }}'
|
|
secret_format: base64
|
|
state: present
|
|
register: generic_cert_check
|
|
check_mode: True
|
|
vars: *become_vars
|
|
|
|
- name: get result of create generic certificate cred (check mode)
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_certificate
|
|
register: generic_cert_actual_check
|
|
vars: *become_vars
|
|
|
|
- name: assert create generic certificate cred (check mode)
|
|
assert:
|
|
that:
|
|
- generic_cert_check is changed
|
|
- not generic_cert_actual_check.exists
|
|
|
|
- name: create generic certificate cred
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_certificate
|
|
username: '{{ cert_thumbprint }}'
|
|
secret: '{{ "pin code" | b64encode }}'
|
|
secret_format: base64
|
|
state: present
|
|
register: generic_cert
|
|
vars: *become_vars
|
|
|
|
- name: get result of create generic certificate cred
|
|
test_cred_facts:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_certificate
|
|
register: generic_cert_actual
|
|
vars: *become_vars
|
|
|
|
- name: assert create generic certificate cred
|
|
assert:
|
|
that:
|
|
- generic_cert is changed
|
|
- generic_cert_actual.exists
|
|
- generic_cert_actual.alias == None
|
|
- generic_cert_actual.attributes == []
|
|
- generic_cert_actual.comment == None
|
|
- generic_cert_actual.name == test_hostname
|
|
- generic_cert_actual.persistence == "LocalMachine"
|
|
- generic_cert_actual.secret == "pin code" | b64encode
|
|
- generic_cert_actual.type == "GenericCertificate"
|
|
- generic_cert_actual.username == cert_thumbprint
|
|
|
|
- name: create generic certificate cred again
|
|
win_credential:
|
|
name: '{{ test_hostname }}'
|
|
type: generic_certificate
|
|
username: '{{ cert_thumbprint }}'
|
|
state: present
|
|
register: generic_cert_again
|
|
vars: *become_vars
|
|
|
|
- name: assert create generic certificate cred again
|
|
assert:
|
|
that:
|
|
- not generic_cert_again is changed
|