--- - name: test out invalid options test_invalid_requires: register: invalid_options - name: assert test out invalid options assert: that: - invalid_options is successful - invalid_options.output == "output" - name: test out invalid os version test_min_os_version: register: invalid_os_version ignore_errors: yes - name: assert test out invalid os version assert: that: - invalid_os_version is failed - '"This module cannot run on this OS as it requires a minimum version of 20.0, actual was " in invalid_os_version.msg' - name: test out invalid powershell version test_min_ps_version: register: invalid_ps_version ignore_errors: yes - name: assert test out invalid powershell version assert: that: - invalid_ps_version is failed - '"This module cannot run as it requires a minimum PowerShell version of 20.0.0.0, actual was " in invalid_ps_version.msg' - name: test out become requires without become_user set test_all_options: register: become_system - name: assert become requires without become_user set assert: that: - become_system is successful - become_system.output == "S-1-5-18" - set_fact: become_test_username: ansible_become_test gen_pw: password123! + {{ lookup('password', '/dev/null chars=ascii_letters,digits length=8') }} - name: create unprivileged user win_user: name: "{{ become_test_username }}" password: "{{ gen_pw }}" update_password: always groups: Users register: become_test_user_result - name: execute tests and ensure that test user is deleted regardless of success/failure block: - name: ensure current user is not the become user win_shell: whoami register: whoami_out - name: verify output assert: that: - not whoami_out.stdout_lines[0].endswith(become_test_username) - name: get become user profile dir so we can clean it up later vars: &become_vars ansible_become_user: "{{ become_test_username }}" ansible_become_password: "{{ gen_pw }}" ansible_become_method: runas ansible_become: yes win_shell: $env:USERPROFILE register: profile_dir_out - name: ensure profile dir contains test username (eg, if become fails silently, prevent deletion of real user profile) assert: that: - become_test_username in profile_dir_out.stdout_lines[0] - name: test out become requires when become_user set test_all_options: vars: *become_vars register: become_system - name: assert become requires when become_user set assert: that: - become_system is successful - become_system.output == become_test_user_result.sid always: - name: ensure test user is deleted win_user: name: "{{ become_test_username }}" state: absent - name: ensure test user profile is deleted # NB: have to work around powershell limitation of long filenames until win_file fixes it win_shell: rmdir /S /Q {{ profile_dir_out.stdout_lines[0] }} args: executable: cmd.exe when: become_test_username in profile_dir_out.stdout_lines[0]