0a3da471f5
* Begin rewrite of win_iis_webbinding
Add integration testing, check mode and idempotency
Add support for SNI
Fix replacing SSL cert on existing bindings
* finished up initial rewrite of win_iis_webbinding
* updated test to remove tests as filters
* updated win_iis_webbinding docs
* fix more doc/formatting issues win_iis_webbinding
* Removed string empty defaults for certs. Added a few new helpful
comments.
* Revert "Removed string empty defaults for certs. Added a few new helpful"
This reverts commit 48f35faea8
.
459 lines
16 KiB
YAML
459 lines
16 KiB
YAML
##############
|
|
### CM Add ###
|
|
##############
|
|
#changed true, check nothing present
|
|
- name: CM add https binding no header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
|
|
register: https_no_header
|
|
check_mode: yes
|
|
|
|
- name: CM get binding info no header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: get_https_no_header
|
|
changed_when: false
|
|
|
|
- name: CM add https binding with header and SNI
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
ssl_flags: 1
|
|
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
|
|
register: https_header
|
|
check_mode: yes
|
|
|
|
- name: CM get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: CM assert changed, but not added
|
|
assert:
|
|
that:
|
|
- https_no_header is changed
|
|
- https_no_header.operation_type == 'added'
|
|
- https_no_header.binding_info is none
|
|
- get_https_no_header.binding is not defined
|
|
- https_header is changed
|
|
- https_header.operation_type == 'added'
|
|
- https_header.binding_info is none
|
|
- get_https_header.binding is not defined
|
|
|
|
###########
|
|
### Add ###
|
|
###########
|
|
#changed true, new bindings present
|
|
- name: add https binding no header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
|
|
register: https_no_header
|
|
|
|
- name: get binding info no header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: get_https_no_header
|
|
changed_when: false
|
|
|
|
- name: add https binding with header SNI
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
ssl_flags: 1
|
|
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
|
|
register: https_header
|
|
|
|
- name: get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: assert changed and added
|
|
assert:
|
|
that:
|
|
- https_no_header is changed
|
|
- https_no_header.operation_type == 'added'
|
|
- https_no_header.binding_info is defined
|
|
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
|
|
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
|
|
- https_no_header.binding_info.port == {{ https_vars.port }}
|
|
- https_no_header.binding_info.hostheader == ''
|
|
- https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
|
|
- https_header is changed
|
|
- https_header.operation_type == 'added'
|
|
- https_header.binding_info is defined
|
|
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
|
|
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
|
|
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
|
|
- https_header.binding_info.port == {{ https_header_vars.port }}
|
|
- https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
|
|
- https_header.binding_info.sslFlags == 1
|
|
|
|
################
|
|
### Idem Add ###
|
|
################
|
|
#changed false
|
|
- name: idem add https binding no header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
protocol: https
|
|
ip: '*'
|
|
port: 443
|
|
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
|
|
register: https_no_header
|
|
|
|
- name: idem add https binding with header and SNI
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
host_header: test.com
|
|
protocol: https
|
|
ip: '*'
|
|
port: 443
|
|
ssl_flags: 1
|
|
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
|
|
register: https_header
|
|
|
|
- name: idem assert not changed
|
|
assert:
|
|
that:
|
|
- https_no_header is not changed
|
|
- https_header is not changed
|
|
|
|
#################
|
|
### CM Modify ###
|
|
#################
|
|
# changed true, verify no changes occurred
|
|
|
|
#modify sni
|
|
- name: CM modify https binding with header, change cert
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
ssl_flags: 1
|
|
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
|
|
register: https_header
|
|
check_mode: yes
|
|
|
|
- name: get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: CM assert changed but old cert
|
|
assert:
|
|
that:
|
|
- https_header is changed
|
|
- https_header.operation_type == 'updated'
|
|
- https_header.binding_info is defined
|
|
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
|
|
- https_header.binding_info.port == {{ https_header_vars.port }}
|
|
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
|
|
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
|
|
- https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
|
|
- https_header.binding_info.sslFlags == 1
|
|
- get_https_header.binding is defined
|
|
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
|
|
- get_https_header.binding.port == {{ https_header_vars.port }}
|
|
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
|
|
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
|
|
- get_https_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
|
|
- get_https_header.binding.sslFlags == 1
|
|
|
|
##############
|
|
### Modify ###
|
|
##############
|
|
# modify ssl flags
|
|
- name: modify https binding with header, change cert
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
ssl_flags: 1
|
|
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
|
|
register: https_header
|
|
|
|
- name: get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: modify assert changed and new cert
|
|
assert:
|
|
that:
|
|
- https_header is changed
|
|
- https_header.operation_type == 'updated'
|
|
- https_header.binding_info is defined
|
|
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
|
|
- https_header.binding_info.port == {{ https_header_vars.port }}
|
|
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
|
|
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
|
|
- https_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
|
|
- https_header.binding_info.sslFlags == 1
|
|
- get_https_header.binding is defined
|
|
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
|
|
- get_https_header.binding.port == {{ https_header_vars.port }}
|
|
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
|
|
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
|
|
- get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
|
|
- get_https_header.binding.sslFlags == 1
|
|
|
|
###################
|
|
### Idem Modify ###
|
|
###################
|
|
#changed false
|
|
|
|
#idem modify ssl flags
|
|
- name: idem modify https binding with header, enable SNI and change cert
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: present
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
ssl_flags: 1
|
|
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
|
|
register: https_header
|
|
|
|
- name: idem assert not changed
|
|
assert:
|
|
that:
|
|
- https_header is not changed
|
|
|
|
#################
|
|
### CM Remove ###
|
|
#################
|
|
#changed true, bindings still present
|
|
- name: cm remove https binding no header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: https_no_header
|
|
check_mode: yes
|
|
|
|
- name: get binding info no header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: get_https_no_header
|
|
changed_when: false
|
|
|
|
- name: cm remove https binding with header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: https_header
|
|
check_mode: yes
|
|
|
|
- name: get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: cm remove assert changed, but still present
|
|
assert:
|
|
that:
|
|
- https_no_header is changed
|
|
- https_no_header.operation_type == 'removed'
|
|
- https_no_header.binding_info is defined
|
|
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
|
|
- https_no_header.binding_info.port == {{ https_vars.port }}
|
|
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
|
|
- get_https_no_header.binding is defined
|
|
- get_https_no_header.binding.ip == "{{ https_vars.ip }}"
|
|
- get_https_no_header.binding.port == {{ https_vars.port }}
|
|
- get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
|
|
- get_https_no_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
|
|
- https_header is changed
|
|
- https_header.binding_info is defined
|
|
- https_header.operation_type == 'removed'
|
|
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
|
|
- https_header.binding_info.port == {{ https_header_vars.port }}
|
|
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
|
|
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
|
|
- get_https_header.binding is defined
|
|
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
|
|
- get_https_header.binding.port == {{ https_header_vars.port }}
|
|
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
|
|
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
|
|
- get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
|
|
|
|
##############
|
|
### remove ###
|
|
##############
|
|
#changed true, bindings gone
|
|
- name: remove https binding no header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: https_no_header
|
|
|
|
- name: get binding info no header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: get_https_no_header
|
|
changed_when: false
|
|
|
|
- name: remove https binding with header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: https_header
|
|
|
|
- name: get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: remove assert changed and gone
|
|
assert:
|
|
that:
|
|
- https_no_header is changed
|
|
- https_no_header.binding_info is defined
|
|
- https_no_header.operation_type == 'removed'
|
|
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
|
|
- https_no_header.binding_info.port == {{ https_vars.port }}
|
|
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
|
|
- get_https_no_header.binding is not defined
|
|
- https_header is changed
|
|
- https_header.binding_info is defined
|
|
- https_header.operation_type == 'removed'
|
|
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
|
|
- https_header.binding_info.port == {{ https_header_vars.port }}
|
|
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
|
|
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
|
|
- get_https_header.binding is not defined
|
|
|
|
###################
|
|
### remove idem ###
|
|
###################
|
|
#change false, bindings gone
|
|
- name: idem remove https binding no header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: https_no_header
|
|
|
|
- name: get binding info no header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
protocol: "{{ https_vars.protocol }}"
|
|
ip: "{{ https_vars.ip }}"
|
|
port: "{{ https_vars.port }}"
|
|
register: get_https_no_header
|
|
changed_when: false
|
|
|
|
- name: idem remove https binding with header
|
|
win_iis_webbinding:
|
|
name: "{{ test_iis_site_name }}"
|
|
state: absent
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: https_header
|
|
|
|
- name: get binding info header
|
|
test_get_webbindings:
|
|
name: "{{ test_iis_site_name }}"
|
|
host_header: "{{ https_header_vars.header }}"
|
|
protocol: "{{ https_header_vars.protocol }}"
|
|
ip: "{{ https_header_vars.ip }}"
|
|
port: "{{ https_header_vars.port }}"
|
|
register: get_https_header
|
|
changed_when: false
|
|
|
|
- name: idem remove assert changed and gone
|
|
assert:
|
|
that:
|
|
- https_no_header is not changed
|
|
- https_no_header.binding_info is not defined
|
|
- get_https_no_header.binding is not defined
|
|
- https_header is not changed
|
|
- https_header.binding_info is not defined
|
|
- get_https_header.binding is not defined
|