############## ### CM Add ### ############## #changed true, check nothing present - name: CM add https binding no header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" certificate_hash: "{{ thumbprint1.stdout_lines[0] }}" register: https_no_header check_mode: yes - name: CM get binding info no header test_get_webbindings: name: "{{ test_iis_site_name }}" protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: get_https_no_header changed_when: false - name: CM add https binding with header and SNI win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" ssl_flags: 1 certificate_hash: "{{ thumbprint1.stdout_lines[0] }}" register: https_header check_mode: yes - name: CM get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: CM assert changed, but not added assert: that: - https_no_header is changed - https_no_header.operation_type == 'added' - https_no_header.binding_info is none - get_https_no_header.binding is not defined - https_header is changed - https_header.operation_type == 'added' - https_header.binding_info is none - get_https_header.binding is not defined ########### ### Add ### ########### #changed true, new bindings present - name: add https binding no header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" certificate_hash: "{{ thumbprint1.stdout_lines[0] }}" register: https_no_header - name: get binding info no header test_get_webbindings: name: "{{ test_iis_site_name }}" protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: get_https_no_header changed_when: false - name: add https binding with header SNI win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" ssl_flags: 1 certificate_hash: "{{ thumbprint1.stdout_lines[0] }}" register: https_header - name: get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: assert changed and added assert: that: - https_no_header is changed - https_no_header.operation_type == 'added' - https_no_header.binding_info is defined - https_no_header.binding_info.protocol == "{{ https_vars.protocol }}" - https_no_header.binding_info.ip == "{{ https_vars.ip }}" - https_no_header.binding_info.port == {{ https_vars.port }} - https_no_header.binding_info.hostheader == '' - https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}" - https_header is changed - https_header.operation_type == 'added' - https_header.binding_info is defined - https_header.binding_info.hostheader == "{{ https_header_vars.header }}" - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}" - https_header.binding_info.ip == "{{ https_header_vars.ip }}" - https_header.binding_info.port == {{ https_header_vars.port }} - https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}" - https_header.binding_info.sslFlags == 1 ################ ### Idem Add ### ################ #changed false - name: idem add https binding no header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present protocol: https ip: '*' port: 443 certificate_hash: "{{ thumbprint1.stdout_lines[0] }}" register: https_no_header - name: idem add https binding with header and SNI win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present host_header: test.com protocol: https ip: '*' port: 443 ssl_flags: 1 certificate_hash: "{{ thumbprint1.stdout_lines[0] }}" register: https_header - name: idem assert not changed assert: that: - https_no_header is not changed - https_header is not changed ################# ### CM Modify ### ################# # changed true, verify no changes occurred #modify sni - name: CM modify https binding with header, change cert win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" ssl_flags: 1 certificate_hash: "{{ thumbprint2.stdout_lines[0] }}" register: https_header check_mode: yes - name: get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: CM assert changed but old cert assert: that: - https_header is changed - https_header.operation_type == 'updated' - https_header.binding_info is defined - https_header.binding_info.ip == "{{ https_header_vars.ip }}" - https_header.binding_info.port == {{ https_header_vars.port }} - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}" - https_header.binding_info.hostheader == "{{ https_header_vars.header }}" - https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}" - https_header.binding_info.sslFlags == 1 - get_https_header.binding is defined - get_https_header.binding.ip == "{{ https_header_vars.ip }}" - get_https_header.binding.port == {{ https_header_vars.port }} - get_https_header.binding.protocol == "{{ https_header_vars.protocol }}" - get_https_header.binding.hostheader == "{{ https_header_vars.header }}" - get_https_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}" - get_https_header.binding.sslFlags == 1 ############## ### Modify ### ############## # modify ssl flags - name: modify https binding with header, change cert win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" ssl_flags: 1 certificate_hash: "{{ thumbprint2.stdout_lines[0] }}" register: https_header - name: get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: modify assert changed and new cert assert: that: - https_header is changed - https_header.operation_type == 'updated' - https_header.binding_info is defined - https_header.binding_info.ip == "{{ https_header_vars.ip }}" - https_header.binding_info.port == {{ https_header_vars.port }} - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}" - https_header.binding_info.hostheader == "{{ https_header_vars.header }}" - https_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}" - https_header.binding_info.sslFlags == 1 - get_https_header.binding is defined - get_https_header.binding.ip == "{{ https_header_vars.ip }}" - get_https_header.binding.port == {{ https_header_vars.port }} - get_https_header.binding.protocol == "{{ https_header_vars.protocol }}" - get_https_header.binding.hostheader == "{{ https_header_vars.header }}" - get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}" - get_https_header.binding.sslFlags == 1 ################### ### Idem Modify ### ################### #changed false #idem modify ssl flags - name: idem modify https binding with header, enable SNI and change cert win_iis_webbinding: name: "{{ test_iis_site_name }}" state: present host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" ssl_flags: 1 certificate_hash: "{{ thumbprint2.stdout_lines[0] }}" register: https_header - name: idem assert not changed assert: that: - https_header is not changed ################# ### CM Remove ### ################# #changed true, bindings still present - name: cm remove https binding no header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: absent protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: https_no_header check_mode: yes - name: get binding info no header test_get_webbindings: name: "{{ test_iis_site_name }}" protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: get_https_no_header changed_when: false - name: cm remove https binding with header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: absent host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: https_header check_mode: yes - name: get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: cm remove assert changed, but still present assert: that: - https_no_header is changed - https_no_header.operation_type == 'removed' - https_no_header.binding_info is defined - https_no_header.binding_info.ip == "{{ https_vars.ip }}" - https_no_header.binding_info.port == {{ https_vars.port }} - https_no_header.binding_info.protocol == "{{ https_vars.protocol }}" - get_https_no_header.binding is defined - get_https_no_header.binding.ip == "{{ https_vars.ip }}" - get_https_no_header.binding.port == {{ https_vars.port }} - get_https_no_header.binding.protocol == "{{ https_vars.protocol }}" - get_https_no_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}" - https_header is changed - https_header.binding_info is defined - https_header.operation_type == 'removed' - https_header.binding_info.ip == "{{ https_header_vars.ip }}" - https_header.binding_info.port == {{ https_header_vars.port }} - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}" - https_header.binding_info.hostheader == "{{ https_header_vars.header }}" - get_https_header.binding is defined - get_https_header.binding.ip == "{{ https_header_vars.ip }}" - get_https_header.binding.port == {{ https_header_vars.port }} - get_https_header.binding.protocol == "{{ https_header_vars.protocol }}" - get_https_header.binding.hostheader == "{{ https_header_vars.header }}" - get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}" ############## ### remove ### ############## #changed true, bindings gone - name: remove https binding no header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: absent protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: https_no_header - name: get binding info no header test_get_webbindings: name: "{{ test_iis_site_name }}" protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: get_https_no_header changed_when: false - name: remove https binding with header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: absent host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: https_header - name: get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: remove assert changed and gone assert: that: - https_no_header is changed - https_no_header.binding_info is defined - https_no_header.operation_type == 'removed' - https_no_header.binding_info.ip == "{{ https_vars.ip }}" - https_no_header.binding_info.port == {{ https_vars.port }} - https_no_header.binding_info.protocol == "{{ https_vars.protocol }}" - get_https_no_header.binding is not defined - https_header is changed - https_header.binding_info is defined - https_header.operation_type == 'removed' - https_header.binding_info.ip == "{{ https_header_vars.ip }}" - https_header.binding_info.port == {{ https_header_vars.port }} - https_header.binding_info.protocol == "{{ https_header_vars.protocol }}" - https_header.binding_info.hostheader == "{{ https_header_vars.header }}" - get_https_header.binding is not defined ################### ### remove idem ### ################### #change false, bindings gone - name: idem remove https binding no header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: absent protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: https_no_header - name: get binding info no header test_get_webbindings: name: "{{ test_iis_site_name }}" protocol: "{{ https_vars.protocol }}" ip: "{{ https_vars.ip }}" port: "{{ https_vars.port }}" register: get_https_no_header changed_when: false - name: idem remove https binding with header win_iis_webbinding: name: "{{ test_iis_site_name }}" state: absent host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: https_header - name: get binding info header test_get_webbindings: name: "{{ test_iis_site_name }}" host_header: "{{ https_header_vars.header }}" protocol: "{{ https_header_vars.protocol }}" ip: "{{ https_header_vars.ip }}" port: "{{ https_header_vars.port }}" register: get_https_header changed_when: false - name: idem remove assert changed and gone assert: that: - https_no_header is not changed - https_no_header.binding_info is not defined - get_https_no_header.binding is not defined - https_header is not changed - https_header.binding_info is not defined - get_https_header.binding is not defined