You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/win_user/tasks/main.yml

432 lines
15 KiB
YAML

# test code for the win_user module
# (c) 2014, Chris Church <chris@ninemoreminutes.com>
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: remove existing test user if present
win_user: name="{{ test_win_user_name }}" state="absent"
register: win_user_remove_result
- name: check user removal result
assert:
that:
- "win_user_remove_result.name"
- "win_user_remove_result.state == 'absent'"
- name: try to remove test user again
win_user: name="{{ test_win_user_name }}" state="absent"
register: win_user_remove_result_again
- name: check user removal result again
assert:
that:
- "not win_user_remove_result_again|changed"
- "win_user_remove_result_again.name"
- "win_user_remove_result_again.msg"
- "win_user_remove_result.state == 'absent'"
- name: test missing user with query state
win_user: name="{{ test_win_user_name }}" state="query"
register: win_user_missing_query_result
- name: check missing query result
assert:
that:
- "not win_user_missing_query_result|changed"
- "win_user_missing_query_result.name"
- "win_user_missing_query_result.msg"
- "win_user_missing_query_result.state == 'absent'"
- name: test create user
Fixes for WinRM/PowerShell support in v2. - Add support for inserting module args into PowerShell modules. Fixes #11661. - Support Windows paths containing spaces. Applies changes from #10727 to v2. Fixes #9999. Should also fix ansible/ansible-modules-core#944 and ansible/ansible-modules-core#1007. - Change how execution policy is set for running remote scripts. Applies changes from #11092 to v2. Also fixes ansible/ansible-modules-core#1776. - Use codepage 65001 (UTF-8) for WinRM connection instead of default (CP437), convert command to UTF-8 and results from UTF-8. Replaces changes from #10024. Fixes #11198. - Close WinRM connection when task completes. - Use win_stat, win_file and win_copy modules instead of stat, file and copy when called from within other action plugins (only when using WinRM+PowerShell). - Unquote Windows path arguments before passing to win_stat, win_file, win_copy and slurp modules (only when using WinRM/PowerShell). - Check for win_ping module to determine if core modules are missing (only when using WinRM/PowerShell). - Add stdout_lines to result from running low level commands (so stdout_lines is available when using raw/script). - Update copy action plugin to use shell functions for joining paths and checking for trailing slash. - Update fetch action plugin to unquote source path when using Windows paths. - Add win_copy and win_template action plugins that inherit from copy and template. - Support running .bat and .cmd scripts using default system encoding instead of UTF-8. - Always send PowerShell commands as base64-encoded blobs to allow for running simple PowerShell commands via raw. - Support running modules on Windows with interpreters other than PowerShell. - Update integration tests to support above changes and test unicode fixes. - Add test for win_user error from ansible/ansible-modules-core#1241 (fixed by ansible/ansible-modules-core#1774). - Add test for additional win_stat output values (implemented by ansible/ansible-modules-core#1473). - Add test for OS architecture and name from setup.ps1 (implemented by ansible/ansible-modules-core#1100). All WinRM integration tests pass for me with these changes.
9 years ago
win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password }}" fullname="Test User" description="Test user account" groups="Guests"
register: win_user_create_result
- name: check user creation result
assert:
that:
- "win_user_create_result|changed"
- "win_user_create_result.name == '{{ test_win_user_name }}'"
Fixes for WinRM/PowerShell support in v2. - Add support for inserting module args into PowerShell modules. Fixes #11661. - Support Windows paths containing spaces. Applies changes from #10727 to v2. Fixes #9999. Should also fix ansible/ansible-modules-core#944 and ansible/ansible-modules-core#1007. - Change how execution policy is set for running remote scripts. Applies changes from #11092 to v2. Also fixes ansible/ansible-modules-core#1776. - Use codepage 65001 (UTF-8) for WinRM connection instead of default (CP437), convert command to UTF-8 and results from UTF-8. Replaces changes from #10024. Fixes #11198. - Close WinRM connection when task completes. - Use win_stat, win_file and win_copy modules instead of stat, file and copy when called from within other action plugins (only when using WinRM+PowerShell). - Unquote Windows path arguments before passing to win_stat, win_file, win_copy and slurp modules (only when using WinRM/PowerShell). - Check for win_ping module to determine if core modules are missing (only when using WinRM/PowerShell). - Add stdout_lines to result from running low level commands (so stdout_lines is available when using raw/script). - Update copy action plugin to use shell functions for joining paths and checking for trailing slash. - Update fetch action plugin to unquote source path when using Windows paths. - Add win_copy and win_template action plugins that inherit from copy and template. - Support running .bat and .cmd scripts using default system encoding instead of UTF-8. - Always send PowerShell commands as base64-encoded blobs to allow for running simple PowerShell commands via raw. - Support running modules on Windows with interpreters other than PowerShell. - Update integration tests to support above changes and test unicode fixes. - Add test for win_user error from ansible/ansible-modules-core#1241 (fixed by ansible/ansible-modules-core#1774). - Add test for additional win_stat output values (implemented by ansible/ansible-modules-core#1473). - Add test for OS architecture and name from setup.ps1 (implemented by ansible/ansible-modules-core#1100). All WinRM integration tests pass for me with these changes.
9 years ago
- "win_user_create_result.fullname == 'Test User'"
- "win_user_create_result.description == 'Test user account'"
- "win_user_create_result.path"
- "win_user_create_result.state == 'present'"
- name: update user full name and description
win_user: name="{{ test_win_user_name }}" fullname="Test Ansible User" description="Test user account created by Ansible" groups=""
register: win_user_update_result
- name: check full name and description update result
assert:
that:
- "win_user_update_result|changed"
- "win_user_update_result.fullname == 'Test Ansible User'"
- "win_user_update_result.description == 'Test user account created by Ansible'"
- name: update user full name and description again with same values
win_user: name="{{ test_win_user_name }}" fullname="Test Ansible User" description="Test user account created by Ansible"
register: win_user_update_result_again
- name: check full name and description result again
assert:
that:
- "not win_user_update_result_again|changed"
- "win_user_update_result_again.fullname == 'Test Ansible User'"
- "win_user_update_result_again.description == 'Test user account created by Ansible'"
- name: test again with no options or changes
win_user: name="{{ test_win_user_name }}"
register: win_user_nochange_result
- name: check no changes result
assert:
that:
- "not win_user_nochange_result|changed"
- name: test again with query state
win_user: name="{{ test_win_user_name }}" state="query"
register: win_user_query_result
- name: check query result
assert:
that:
- "not win_user_query_result|changed"
- "win_user_query_result.state == 'present'"
- "win_user_query_result.name == '{{ test_win_user_name }}'"
- "win_user_query_result.fullname == 'Test Ansible User'"
- "win_user_query_result.description == 'Test user account created by Ansible'"
- "win_user_query_result.path"
- "win_user_query_result.sid"
- "win_user_query_result.groups == []"
- name: change user password
win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password2 }}"
register: win_user_password_result
- name: check password change result
assert:
that:
- "win_user_password_result|changed"
- name: change user password again to same value
win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password2 }}"
register: win_user_password_result_again
- name: check password change result again
assert:
that:
- "not win_user_password_result_again|changed"
- name: check update_password=on_create for existing user
win_user: name="{{ test_win_user_name }}" password="ThisP@ssW0rdShouldNotBeUsed" update_password=on_create
register: win_user_nopasschange_result
- name: check password change with on_create flag result
assert:
that:
- "not win_user_nopasschange_result|changed"
- name: set password expired flag
win_user: name="{{ test_win_user_name }}" password_expired=yes
register: win_user_password_expired_result
- name: check password expired result
assert:
that:
- "win_user_password_expired_result|changed"
- "win_user_password_expired_result.password_expired"
- name: set password when expired
win_user: name="{{ test_win_user_name }}" password={{ test_win_user_password2 }} update_password=always
register: win_user_can_set_password_on_expired
- name: check set password on expired result
assert:
that:
- win_user_can_set_password_on_expired|changed
- name: set password expired flag again
win_user: name="{{ test_win_user_name }}" password_expired=yes
register: win_user_password_expired_result
- name: check password expired result
assert:
that:
- "win_user_password_expired_result|changed"
- "win_user_password_expired_result.password_expired"
- name: clear password expired flag
win_user: name="{{ test_win_user_name }}" password_expired=no
register: win_user_clear_password_expired_result
- name: check clear password expired result
assert:
that:
- "win_user_clear_password_expired_result|changed"
- "not win_user_clear_password_expired_result.password_expired"
- name: set password never expires flag
win_user: name="{{ test_win_user_name }}" password_never_expires=yes
register: win_user_password_never_expires_result
- name: check password never expires result
assert:
that:
- "win_user_password_never_expires_result|changed"
- "win_user_password_never_expires_result.password_never_expires"
- name: clear password never expires flag
win_user: name="{{ test_win_user_name }}" password_never_expires=no
register: win_user_clear_password_never_expires_result
- name: check clear password never expires result
assert:
that:
- "win_user_clear_password_never_expires_result|changed"
- "not win_user_clear_password_never_expires_result.password_never_expires"
- name: set user cannot change password flag
win_user: name="{{ test_win_user_name }}" user_cannot_change_password=yes
register: win_user_cannot_change_password_result
- name: check user cannot change password result
assert:
that:
- "win_user_cannot_change_password_result|changed"
- "win_user_cannot_change_password_result.user_cannot_change_password"
- name: clear user cannot change password flag
win_user: name="{{ test_win_user_name }}" user_cannot_change_password=no
register: win_user_can_change_password_result
- name: check clear user cannot change password result
assert:
that:
- "win_user_can_change_password_result|changed"
- "not win_user_can_change_password_result.user_cannot_change_password"
- name: set account disabled flag
win_user: name="{{ test_win_user_name }}" account_disabled=true
register: win_user_account_disabled_result
- name: check account disabled result
assert:
that:
- "win_user_account_disabled_result|changed"
- "win_user_account_disabled_result.account_disabled"
- name: set password on disabled account
win_user: name="{{ test_win_user_name }}" password={{ test_win_user_password2 }} update_password=always
register: win_user_can_set_password_on_disabled
- name: check set password on disabled result
assert:
that:
- win_user_can_set_password_on_disabled|changed
- win_user_can_set_password_on_disabled.account_disabled
- name: clear account disabled flag
win_user: name="{{ test_win_user_name }}" account_disabled=false
register: win_user_clear_account_disabled_result
- name: check clear account disabled result
assert:
that:
- "win_user_clear_account_disabled_result|changed"
- "not win_user_clear_account_disabled_result.account_disabled"
- name: attempt to set account locked flag
win_user: name="{{ test_win_user_name }}" account_locked=yes
register: win_user_set_account_locked_result
ignore_errors: true
- name: verify that attempting to set account locked flag fails
assert:
that:
- "win_user_set_account_locked_result|failed"
- "not win_user_set_account_locked_result|changed"
- name: attempt to lockout test account
script: lockout_user.ps1 "{{ test_win_user_name }}"
- name: get user to check if account locked flag is set
win_user: name="{{ test_win_user_name }}" state="query"
register: win_user_account_locked_result
- name: clear account locked flag if set
win_user: name="{{ test_win_user_name }}" account_locked=no
register: win_user_clear_account_locked_result
when: "win_user_account_locked_result.account_locked"
- name: check clear account lockout result if account was locked
assert:
that:
- "win_user_clear_account_locked_result|changed"
- "not win_user_clear_account_locked_result.account_locked"
when: "win_user_account_locked_result.account_locked"
- name: assign test user to a group
win_user: name="{{ test_win_user_name }}" groups="Users"
register: win_user_replace_groups_result
- name: check assign user to group result
assert:
that:
- "win_user_replace_groups_result|changed"
- "win_user_replace_groups_result.groups|length == 1"
- "win_user_replace_groups_result.groups[0]['name'] == 'Users'"
- name: assign test user to the same group
win_user:
name: "{{ test_win_user_name }}"
groups: ["Users"]
register: win_user_replace_groups_again_result
- name: check assign user to group again result
assert:
that:
- "not win_user_replace_groups_again_result|changed"
- name: add user to another group
win_user: name="{{ test_win_user_name }}" groups="Power Users" groups_action="add"
register: win_user_add_groups_result
- name: check add user to another group result
assert:
that:
- "win_user_add_groups_result|changed"
- "win_user_add_groups_result.groups|length == 2"
- "win_user_add_groups_result.groups[0]['name'] in ('Users', 'Power Users')"
- "win_user_add_groups_result.groups[1]['name'] in ('Users', 'Power Users')"
- name: add user to another group again
win_user:
name: "{{ test_win_user_name }}"
groups: "Power Users"
groups_action: add
register: win_user_add_groups_again_result
- name: check add user to another group again result
assert:
that:
- "not win_user_add_groups_again_result|changed"
- name: remove user from a group
win_user: name="{{ test_win_user_name }}" groups="Users" groups_action="remove"
register: win_user_remove_groups_result
- name: check remove user from group result
assert:
that:
- "win_user_remove_groups_result|changed"
- "win_user_remove_groups_result.groups|length == 1"
- "win_user_remove_groups_result.groups[0]['name'] == 'Power Users'"
- name: remove user from a group again
win_user:
name: "{{ test_win_user_name }}"
groups:
- "Users"
groups_action: remove
register: win_user_remove_groups_again_result
- name: check remove user from group again result
assert:
that:
- "not win_user_remove_groups_again_result|changed"
- name: reassign test user to multiple groups
win_user: name="{{ test_win_user_name }}" groups="Users, Guests" groups_action="replace"
register: win_user_reassign_groups_result
- name: check reassign user groups result
assert:
that:
- "win_user_reassign_groups_result|changed"
- "win_user_reassign_groups_result.groups|length == 2"
- "win_user_reassign_groups_result.groups[0]['name'] in ('Users', 'Guests')"
- "win_user_reassign_groups_result.groups[1]['name'] in ('Users', 'Guests')"
- name: reassign test user to multiple groups again
win_user:
name: "{{ test_win_user_name }}"
groups:
- "Users"
- "Guests"
groups_action: replace
register: win_user_reassign_groups_again_result
- name: check reassign user groups again result
assert:
that:
- "not win_user_reassign_groups_again_result|changed"
- name: remove user from all groups
win_user: name="{{ test_win_user_name }}" groups=""
register: win_user_remove_all_groups_result
- name: check remove user from all groups result
assert:
that:
- "win_user_remove_all_groups_result|changed"
- "win_user_remove_all_groups_result.groups|length == 0"
- name: remove user from all groups again
win_user:
name: "{{ test_win_user_name }}"
groups: []
register: win_user_remove_all_groups_again_result
- name: check remove user from all groups again result
assert:
that:
- "not win_user_remove_all_groups_again_result|changed"
- name: assign user to invalid group
win_user: name="{{ test_win_user_name }}" groups="Userz"
register: win_user_invalid_group_result
ignore_errors: true
- name: check invalid group result
assert:
that:
- "win_user_invalid_group_result|failed"
- "win_user_invalid_group_result.msg"
- win_user_invalid_group_result.msg | match("group 'Userz' not found")
- name: remove test user when finished
win_user: name="{{ test_win_user_name }}" state="absent"
register: win_user_final_remove_result
- name: check final user removal result
assert:
that:
- "win_user_final_remove_result|changed"
- "win_user_final_remove_result.name"
- "win_user_final_remove_result.msg"
- "win_user_final_remove_result.state == 'absent'"
- name: test removed user with query state
win_user: name="{{ test_win_user_name }}" state="query"
register: win_user_removed_query_result
- name: check removed query result
assert:
that:
- "not win_user_removed_query_result|changed"
- "win_user_removed_query_result.name"
- "win_user_removed_query_result.msg"
- "win_user_removed_query_result.state == 'absent'"