ansible/test/integration/targets/win_credential/tasks/tests.yml
Jordan Borean c40f41d519
win_credential - fix encoding for text based secrets (#54695)
* win_credential - fix encoding for text based secrets

* Fix py2 encoding issues
2019-04-02 09:29:05 +10:00

592 lines
17 KiB
YAML

---
- name: fail to run the module without become
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username
secret: password
state: present
register: fail_no_become
failed_when: '"Failed to access the user''s credential store, run the module with become" not in fail_no_become.msg'
- name: create domain user credential (check mode)
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username
secret: password
state: present
register: domain_user_check
check_mode: True
vars: &become_vars
ansible_become: True
ansible_become_method: runas
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}'
- name: get result of create domain user credential (check mode)
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: domain_user_actual_check
vars: *become_vars
- name: asset create domain user credential (check mode)
assert:
that:
- domain_user_check is changed
- not domain_user_actual_check.exists
- name: create domain user credential
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username
secret: password
state: present
register: domain_user
vars: *become_vars
- name: get result of create domain user credential
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: domain_user_actual
vars: *become_vars
- name: asset create domain user credential
assert:
that:
- domain_user is changed
- domain_user_actual.exists
- domain_user_actual.alias == None
- domain_user_actual.attributes == []
- domain_user_actual.comment == None
- domain_user_actual.name == test_hostname
- domain_user_actual.persistence == "LocalMachine"
- domain_user_actual.secret == ""
- domain_user_actual.type == "DomainPassword"
- domain_user_actual.username == "DOMAIN\\username"
- name: create domain user credential again always update
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username
secret: password
state: present
register: domain_user_again_always
vars: *become_vars
- name: create domain user credential again on_create
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username
secret: password
update_secret: on_create
state: present
register: domain_user_again_on_create
vars: *become_vars
- name: assert create domain user credential again
assert:
that:
- domain_user_again_always is changed
- not domain_user_again_on_create is changed
- name: update credential (check mode)
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username2
alias: ansible
attributes:
- name: attribute 1
data: attribute 1 value
- name: attribute 2
data: '{{ "attribute 2 value" | b64encode }}'
data_format: base64
comment: Credential comment
persistence: enterprise
state: present
register: update_cred_check
check_mode: True
vars: *become_vars
- name: get result of update credential (check mode)
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: update_cred_actual_check
vars: *become_vars
- name: assert update credential (check mode)
assert:
that:
- update_cred_check is changed
- update_cred_actual_check.exists
- update_cred_actual_check.alias == None
- update_cred_actual_check.attributes == []
- update_cred_actual_check.comment == None
- update_cred_actual_check.name == test_hostname
- update_cred_actual_check.persistence == "LocalMachine"
- update_cred_actual_check.secret == ""
- update_cred_actual_check.type == "DomainPassword"
- update_cred_actual_check.username == "DOMAIN\\username"
- name: update credential
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username2
alias: ansible
attributes:
- name: attribute 1
data: attribute 1 value
- name: attribute 2
data: '{{ "attribute 2 value" | b64encode }}'
data_format: base64
comment: Credential comment
persistence: enterprise
state: present
register: update_cred
vars: *become_vars
- name: get result of update credential
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: update_cred_actual
vars: *become_vars
- name: assert update credential
assert:
that:
- update_cred is changed
- update_cred_actual.exists
- update_cred_actual.alias == "ansible"
- update_cred_actual.attributes|count == 2
- update_cred_actual.attributes[0].name == "attribute 1"
- update_cred_actual.attributes[0].data == "attribute 1 value"|b64encode
- update_cred_actual.attributes[1].name == "attribute 2"
- update_cred_actual.attributes[1].data == "attribute 2 value"|b64encode
- update_cred_actual.comment == "Credential comment"
- update_cred_actual.name == test_hostname
- update_cred_actual.persistence == "Enterprise"
- update_cred_actual.secret == ""
- update_cred_actual.type == "DomainPassword"
- update_cred_actual.username == "DOMAIN\\username2"
- name: update credential again
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username2
alias: ansible
attributes:
- name: attribute 1
data: attribute 1 value
- name: attribute 2
data: '{{ "attribute 2 value" | b64encode }}'
data_format: base64
comment: Credential comment
persistence: enterprise
state: present
register: update_cred_again
vars: *become_vars
- name: assert update credential again
assert:
that:
- not update_cred_again is changed
- name: add new attribute
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username2
alias: ansible
attributes:
- name: attribute 1
data: attribute 1 value
- name: attribute 2
data: '{{ "attribute 2 value" | b64encode }}'
data_format: base64
- name: attribute 3
data: attribute 3 value
comment: Credential comment
persistence: enterprise
state: present
register: add_attribute
vars: *become_vars
- name: get result of add new attribute
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: add_attribute_actual
vars: *become_vars
- name: assert add new attribute
assert:
that:
- add_attribute is changed
- add_attribute_actual.attributes|count == 3
- add_attribute_actual.attributes[0].name == "attribute 1"
- add_attribute_actual.attributes[0].data == "attribute 1 value"|b64encode
- add_attribute_actual.attributes[1].name == "attribute 2"
- add_attribute_actual.attributes[1].data == "attribute 2 value"|b64encode
- add_attribute_actual.attributes[2].name == "attribute 3"
- add_attribute_actual.attributes[2].data == "attribute 3 value"|b64encode
- name: remove attribute
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username2
alias: ansible
attributes:
- name: attribute 1
data: attribute 1 value
- name: attribute 2
data: '{{ "attribute 2 value" | b64encode }}'
data_format: base64
comment: Credential comment
persistence: enterprise
state: present
register: remove_attribute
vars: *become_vars
- name: get result of remove attribute
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: remove_attribute_actual
vars: *become_vars
- name: assert remove attribute
assert:
that:
- remove_attribute is changed
- remove_attribute_actual.attributes|count == 2
- remove_attribute_actual.attributes[0].name == "attribute 1"
- remove_attribute_actual.attributes[0].data == "attribute 1 value"|b64encode
- remove_attribute_actual.attributes[1].name == "attribute 2"
- remove_attribute_actual.attributes[1].data == "attribute 2 value"|b64encode
- name: edit attribute
win_credential:
name: '{{ test_hostname }}'
type: domain_password
username: DOMAIN\username2
alias: ansible
attributes:
- name: attribute 1
data: attribute 1 value new
- name: attribute 2
data: '{{ "attribute 2 value" | b64encode }}'
data_format: base64
comment: Credential comment
persistence: enterprise
state: present
register: edit_attribute
vars: *become_vars
- name: get result of edit attribute
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: edit_attribute_actual
vars: *become_vars
- name: assert remove attribute
assert:
that:
- edit_attribute is changed
- edit_attribute_actual.attributes|count == 2
- edit_attribute_actual.attributes[0].name == "attribute 1"
- edit_attribute_actual.attributes[0].data == "attribute 1 value new"|b64encode
- edit_attribute_actual.attributes[1].name == "attribute 2"
- edit_attribute_actual.attributes[1].data == "attribute 2 value"|b64encode
- name: remove credential (check mode)
win_credential:
name: '{{ test_hostname }}'
type: domain_password
state: absent
register: remove_cred_check
check_mode: True
vars: *become_vars
- name: get result of remove credential (check mode)
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: remove_cred_actual_check
vars: *become_vars
- name: assert remove credential (check mode)
assert:
that:
- remove_cred_check is changed
- remove_cred_actual_check.exists
- name: remove credential
win_credential:
name: '{{ test_hostname }}'
type: domain_password
state: absent
register: remove_cred
vars: *become_vars
- name: get result of remove credential
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_password
register: remove_cred_actual
vars: *become_vars
- name: assert remove credential
assert:
that:
- remove_cred is changed
- not remove_cred_actual.exists
- name: remove credential again
win_credential:
name: '{{ test_hostname }}'
type: domain_password
state: absent
register: remove_cred_again
vars: *become_vars
- name: assert remove credential again
assert:
that:
- not remove_cred_again is changed
- name: create generic password (check mode)
win_credential:
name: '{{ test_hostname }}'
type: generic_password
persistence: enterprise
username: genericuser
secret: genericpass
state: present
register: generic_password_check
check_mode: True
vars: *become_vars
- name: get result of create generic password (check mode)
test_cred_facts:
name: '{{ test_hostname }}'
type: generic_password
register: generic_password_actual_check
vars: *become_vars
- name: assert result of create generic password (check mode)
assert:
that:
- generic_password_check is changed
- not generic_password_actual_check.exists
- name: create generic password
win_credential:
name: '{{ test_hostname }}'
type: generic_password
persistence: enterprise
username: genericuser
secret: genericpass
state: present
register: generic_password
vars: *become_vars
- name: get result of create generic password
test_cred_facts:
name: '{{ test_hostname }}'
type: generic_password
register: generic_password_actual
vars: *become_vars
- name: set encoded password result
set_fact:
encoded_pass: '{{ "genericpass" | string | b64encode(encoding="utf-16-le") }}'
- name: assert create generic password
assert:
that:
- generic_password is changed
- generic_password_actual.exists
- generic_password_actual.alias == None
- generic_password_actual.attributes == []
- generic_password_actual.comment == None
- generic_password_actual.name == test_hostname
- generic_password_actual.persistence == "Enterprise"
- generic_password_actual.secret == encoded_pass
- generic_password_actual.type == "Generic"
- generic_password_actual.username == "genericuser"
- name: create generic password again
win_credential:
name: '{{ test_hostname }}'
type: generic_password
persistence: enterprise
username: genericuser
secret: genericpass
state: present
register: generic_password_again
vars: *become_vars
- name: assert create generic password again
assert:
that:
- not generic_password_again is changed
- name: fail to create certificate cred with invalid thumbprint
win_credential:
name: '{{ test_hostname }}'
type: domain_certificate
username: 00112233445566778899AABBCCDDEEFF00112233
state: present
register: fail_invalid_cert
failed_when: fail_invalid_cert.msg != "Failed to find certificate with the thumbprint 00112233445566778899AABBCCDDEEFF00112233 in the CurrentUser\\My store"
vars: *become_vars
- name: create domain certificate cred (check mode)
win_credential:
name: '{{ test_hostname }}'
type: domain_certificate
username: '{{ cert_thumbprint }}'
state: present
register: domain_cert_check
check_mode: True
vars: *become_vars
- name: get result of create domain certificate cred (check mode)
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_certificate
register: domain_cert_actual_check
vars: *become_vars
- name: assert create domain certificate cred (check mode)
assert:
that:
- domain_cert_check is changed
- not domain_cert_actual_check.exists
- name: create domain certificate cred
win_credential:
name: '{{ test_hostname }}'
type: domain_certificate
username: '{{ cert_thumbprint }}'
state: present
register: domain_cert
vars: *become_vars
- name: get result of create domain certificate cred
test_cred_facts:
name: '{{ test_hostname }}'
type: domain_certificate
register: domain_cert_actual
vars: *become_vars
- name: assert create domain certificate cred
assert:
that:
- domain_cert is changed
- domain_cert_actual.exists
- domain_cert_actual.alias == None
- domain_cert_actual.attributes == []
- domain_cert_actual.comment == None
- domain_cert_actual.name == test_hostname
- domain_cert_actual.persistence == "LocalMachine"
- domain_cert_actual.secret == ""
- domain_cert_actual.type == "DomainCertificate"
- domain_cert_actual.username == cert_thumbprint
- name: create domain certificate cred again
win_credential:
name: '{{ test_hostname }}'
type: domain_certificate
username: '{{ cert_thumbprint }}'
state: present
register: domain_cert_again
vars: *become_vars
- name: assert create domain certificate cred again
assert:
that:
- not domain_cert_again is changed
- name: create generic certificate cred (check mode)
win_credential:
name: '{{ test_hostname }}'
type: generic_certificate
username: '{{ cert_thumbprint }}'
secret: '{{ "pin code" | b64encode }}'
secret_format: base64
state: present
register: generic_cert_check
check_mode: True
vars: *become_vars
- name: get result of create generic certificate cred (check mode)
test_cred_facts:
name: '{{ test_hostname }}'
type: generic_certificate
register: generic_cert_actual_check
vars: *become_vars
- name: assert create generic certificate cred (check mode)
assert:
that:
- generic_cert_check is changed
- not generic_cert_actual_check.exists
- name: create generic certificate cred
win_credential:
name: '{{ test_hostname }}'
type: generic_certificate
username: '{{ cert_thumbprint }}'
secret: '{{ "pin code" | b64encode }}'
secret_format: base64
state: present
register: generic_cert
vars: *become_vars
- name: get result of create generic certificate cred
test_cred_facts:
name: '{{ test_hostname }}'
type: generic_certificate
register: generic_cert_actual
vars: *become_vars
- name: assert create generic certificate cred
assert:
that:
- generic_cert is changed
- generic_cert_actual.exists
- generic_cert_actual.alias == None
- generic_cert_actual.attributes == []
- generic_cert_actual.comment == None
- generic_cert_actual.name == test_hostname
- generic_cert_actual.persistence == "LocalMachine"
- generic_cert_actual.secret == "pin code" | b64encode
- generic_cert_actual.type == "GenericCertificate"
- generic_cert_actual.username == cert_thumbprint
- name: create generic certificate cred again
win_credential:
name: '{{ test_hostname }}'
type: generic_certificate
username: '{{ cert_thumbprint }}'
state: present
register: generic_cert_again
vars: *become_vars
- name: assert create generic certificate cred again
assert:
that:
- not generic_cert_again is changed