4fe08441be
* Warn on tests used as filters * Update docs, add aliases for tests that fit more gramatically with test syntax * Fix rst formatting * Add successful filter, alias of success * Remove renamed_deprecation, it was overkill * Make directory alias for is_dir * Update tests to use proper jinja test syntax * Update additional documentation, living outside of YAML files, to reflect proper jinja test syntax * Add conversion script, porting guide updates, and changelog updates * Update newly added uses of tests as filters * No underscore variable * Convert recent tests as filter changes to win_stat * Fix some changes related to rebasing a few integration tests * Make tests_as_filters_warning explicitly accept the name of the test, instead of inferring the name * Add test for tests_as_filters_warning * Update tests as filters in newly added/modified tests * Address recent changes to several integration tests * Address recent changes in cs_vpc
436 lines
14 KiB
YAML
436 lines
14 KiB
YAML
---
|
|
- name: create test user
|
|
win_user:
|
|
name: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
state: present
|
|
groups:
|
|
- Administrators
|
|
|
|
- name: task with password principal (check mode)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: password
|
|
update_password: no
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_password_check
|
|
check_mode: yes
|
|
|
|
- name: get result of task with password principal (check mode)
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_password_result_check
|
|
|
|
- name: assert results of task with password principal (check mode)
|
|
assert:
|
|
that:
|
|
- task_with_password_check is changed
|
|
- task_with_password_result_check.task_exists == False
|
|
|
|
- name: task with password principal
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: password
|
|
update_password: no
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_password
|
|
|
|
- name: get result of task with password principal
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_password_result
|
|
|
|
- name: assert results of task with password principal
|
|
assert:
|
|
that:
|
|
- task_with_password is changed
|
|
- task_with_password_result.task_exists == True
|
|
- task_with_password_result.principal.group_id == None
|
|
- task_with_password_result.principal.logon_type == "TASK_LOGON_PASSWORD"
|
|
- task_with_password_result.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_password_result.principal.user_id.endswith(test_scheduled_task_user)
|
|
|
|
- name: task with password principal (idempotent)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: password
|
|
update_password: no
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_password_again
|
|
|
|
- name: assert results of task with password principal (idempotent)
|
|
assert:
|
|
that:
|
|
- task_with_password_again is not changed
|
|
|
|
- name: task with password principal force pass change
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: password
|
|
update_password: yes
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_password_force_update
|
|
|
|
- name: assert results of task with password principal force pass change
|
|
assert:
|
|
that:
|
|
- task_with_password_force_update is changed
|
|
|
|
- name: task with s4u principal (check mode)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: s4u
|
|
update_password: no
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_s4u_check
|
|
check_mode: yes
|
|
|
|
- name: get result of task with s4u principal (check mode)
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_s4u_result_check
|
|
|
|
- name: assert results of task with s4u principal (check mode)
|
|
assert:
|
|
that:
|
|
- task_with_s4u_check is changed
|
|
- task_with_s4u_result_check.task_exists == True
|
|
- task_with_s4u_result_check.principal.group_id == None
|
|
- task_with_s4u_result_check.principal.logon_type == "TASK_LOGON_PASSWORD"
|
|
- task_with_s4u_result_check.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_s4u_result_check.principal.user_id.endswith(test_scheduled_task_user)
|
|
|
|
- name: task with s4u principal
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: s4u
|
|
update_password: no
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_s4u
|
|
|
|
- name: get result of task with s4u principal
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_s4u_result
|
|
|
|
- name: assert results of task with s4u principal
|
|
assert:
|
|
that:
|
|
- task_with_s4u is changed
|
|
- task_with_s4u_result.task_exists == True
|
|
- task_with_s4u_result.principal.group_id == None
|
|
- task_with_s4u_result.principal.logon_type == "TASK_LOGON_S4U"
|
|
- task_with_s4u_result.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_s4u_result.principal.user_id.endswith(test_scheduled_task_user)
|
|
|
|
- name: task with s4u principal (idempotent)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
password: '{{test_scheduled_task_pass}}'
|
|
logon_type: s4u
|
|
update_password: no
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_s4u_again
|
|
|
|
- name: assert results of task with s4u principal (idempotent)
|
|
assert:
|
|
that:
|
|
- task_with_s4u_again is not changed
|
|
|
|
- name: task with interactive principal (check mode)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
logon_type: interactive_token
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_interactive_check
|
|
check_mode: yes
|
|
|
|
- name: get result of task with interactive principal (check mode)
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_interactive_result_check
|
|
|
|
- name: assert results of task with interactive principal (check mode)
|
|
assert:
|
|
that:
|
|
- task_with_interactive_check is changed
|
|
- task_with_interactive_result_check.task_exists == True
|
|
- task_with_interactive_result_check.principal.group_id == None
|
|
- task_with_interactive_result_check.principal.logon_type == "TASK_LOGON_S4U"
|
|
- task_with_interactive_result_check.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_interactive_result_check.principal.user_id.endswith(test_scheduled_task_user)
|
|
|
|
- name: task with interactive principal
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
logon_type: interactive_token
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_interactive
|
|
|
|
- name: get result of task with interactive principal
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_interactive_result
|
|
|
|
- name: assert results of task with interactive principal
|
|
assert:
|
|
that:
|
|
- task_with_interactive is changed
|
|
- task_with_interactive_result.task_exists == True
|
|
- task_with_interactive_result.principal.group_id == None
|
|
- task_with_interactive_result.principal.logon_type == "TASK_LOGON_INTERACTIVE_TOKEN"
|
|
- task_with_interactive_result.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_interactive_result.principal.user_id.endswith(test_scheduled_task_user)
|
|
|
|
- name: task with interactive principal (idempotent)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: '{{test_scheduled_task_user}}'
|
|
logon_type: interactive_token
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_interactive_again
|
|
|
|
- name: assert results of task with interactive principal (idempotent)
|
|
assert:
|
|
that:
|
|
- task_with_interactive_again is not changed
|
|
|
|
- name: task with group principal (check mode)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
group: Administrators
|
|
logon_type: group
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_group_check
|
|
check_mode: yes
|
|
|
|
- name: get result of task with group principal (check mode)
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_group_result_check
|
|
|
|
- name: assert results of task with group principal (check mode)
|
|
assert:
|
|
that:
|
|
- task_with_group_check is changed
|
|
- task_with_group_result_check.task_exists == True
|
|
- task_with_group_result_check.principal.group_id == None
|
|
- task_with_group_result_check.principal.logon_type == "TASK_LOGON_INTERACTIVE_TOKEN"
|
|
- task_with_group_result_check.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_group_result_check.principal.user_id.endswith(test_scheduled_task_user)
|
|
|
|
- name: task with group principal
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
group: Administrators
|
|
logon_type: group
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_group
|
|
|
|
- name: get result of task with group principal
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_group_result
|
|
|
|
- name: assert results of task with group principal
|
|
assert:
|
|
that:
|
|
- task_with_group is changed
|
|
- task_with_group_result.task_exists == True
|
|
- task_with_group_result.principal.group_id == "BUILTIN\\Administrators"
|
|
- task_with_group_result.principal.logon_type == "TASK_LOGON_GROUP"
|
|
- task_with_group_result.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_group_result.principal.user_id == None
|
|
|
|
- name: task with group principal (idempotent)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
group: Administrators
|
|
logon_type: group
|
|
actions:
|
|
- path: cmd.exe
|
|
register: task_with_group_again
|
|
|
|
- name: assert results of task with group principal (idempotent)
|
|
assert:
|
|
that:
|
|
- task_with_group_again is not changed
|
|
|
|
- name: task with service account principal (check mode)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: System
|
|
logon_type: service_account
|
|
action:
|
|
- path: cmd.exe
|
|
register: task_with_service_check
|
|
check_mode: yes
|
|
|
|
- name: get result of task with service account principal (check mode)
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_service_result_check
|
|
|
|
- name: assert results of task with service account principal (check mode)
|
|
assert:
|
|
that:
|
|
- task_with_service_check is changed
|
|
- task_with_service_result_check.task_exists == True
|
|
- task_with_service_result_check.principal.group_id == "BUILTIN\\Administrators"
|
|
- task_with_service_result_check.principal.logon_type == "TASK_LOGON_GROUP"
|
|
- task_with_service_result_check.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_service_result_check.principal.user_id == None
|
|
|
|
- name: task with service account principal
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: System
|
|
logon_type: service_account
|
|
action:
|
|
- path: cmd.exe
|
|
register: task_with_service
|
|
|
|
- name: get result of task with service account principal
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_service_result
|
|
|
|
- name: assert results of task with service account principal
|
|
assert:
|
|
that:
|
|
- task_with_service is changed
|
|
- task_with_service_result.task_exists == True
|
|
- task_with_service_result.principal.group_id == None
|
|
- task_with_service_result.principal.logon_type == "TASK_LOGON_SERVICE_ACCOUNT"
|
|
- task_with_service_result.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
- task_with_service_result.principal.user_id == "NT AUTHORITY\\SYSTEM"
|
|
|
|
- name: task with service account principal (idempotent)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
username: System
|
|
logon_type: service_account
|
|
action:
|
|
- path: cmd.exe
|
|
register: task_with_service_again
|
|
|
|
- name: assert results of task with service account principal (idempotent)
|
|
assert:
|
|
that:
|
|
- task_with_service_again is not changed
|
|
|
|
- name: task with highest privilege (check mode)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
run_level: highest
|
|
username: System
|
|
logon_type: service_account
|
|
action:
|
|
- path: cmd.exe
|
|
register: task_with_highest_privilege_check
|
|
check_mode: yes
|
|
|
|
- name: get result of task with highest privilege (check mode)
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_highest_privilege_result_check
|
|
|
|
- name: assert results of task with highest privilege (check mode)
|
|
assert:
|
|
that:
|
|
- task_with_highest_privilege_check is changed
|
|
- task_with_highest_privilege_result_check.principal.run_level == "TASK_RUNLEVEL_LUA"
|
|
|
|
- name: task with highest privilege
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
run_level: highest
|
|
username: System
|
|
logon_type: service_account
|
|
action:
|
|
- path: cmd.exe
|
|
register: task_with_highest_privilege
|
|
|
|
- name: get result of task with highest privilege
|
|
win_scheduled_task_stat:
|
|
path: \
|
|
name: '{{test_scheduled_task_name}}'
|
|
register: task_with_highest_privilege_result
|
|
|
|
- name: assert results of task with highest privilege
|
|
assert:
|
|
that:
|
|
- task_with_highest_privilege is changed
|
|
- task_with_highest_privilege_result.principal.run_level == "TASK_RUNLEVEL_HIGHEST"
|
|
|
|
- name: task with highest privilege (idempotent)
|
|
win_scheduled_task:
|
|
name: '{{test_scheduled_task_name}}'
|
|
state: present
|
|
run_level: highest
|
|
username: System
|
|
logon_type: service_account
|
|
action:
|
|
- path: cmd.exe
|
|
register: task_with_highest_privilege_again
|
|
|
|
- name: assert results of task with highest privilege (idempotent)
|
|
assert:
|
|
that:
|
|
- task_with_highest_privilege_again is not changed
|