You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/win_exec_wrapper/tasks/main.yml

321 lines
9.8 KiB
YAML

This file contains ambiguous Unicode characters!

This file contains ambiguous Unicode characters that may be confused with others in your current locale. If your use case is intentional and legitimate, you can safely ignore this warning. Use the Escape button to highlight these characters.

---
- name: fetch current target date/time for log filtering
raw: '[datetime]::now | Out-String'
register: test_starttime
- name: test normal module execution
test_fail:
register: normal
- name: assert test normal module execution
assert:
that:
- not normal is failed
- name: test fail module execution
test_fail:
data: fail
register: fail_module
ignore_errors: yes
- name: assert test fail module execution
assert:
that:
- fail_module is failed
- fail_module.msg == "fail message"
- not fail_module.exception is defined
- name: test module with exception thrown
test_fail:
data: throw
register: throw_module
ignore_errors: yes
- name: assert test module with exception thrown
assert:
that:
- throw_module is failed
- 'throw_module.msg == "Unhandled exception while executing module: module is thrown"'
- '"throw [ArgumentException]\"module is thrown\"" in throw_module.exception'
- name: test module with error msg
test_fail:
data: error
register: error_module
ignore_errors: yes
vars:
# Running with coverage means the module is run from a script and not as a psuedo script in a pipeline. This
# results in a different error message being returned so we disable coverage collection for this task.
_ansible_coverage_remote_output: ''
- name: assert test module with error msg
assert:
that:
- error_module is failed
- 'error_module.msg == "Unhandled exception while executing module: error"'
- '"Write-Error -Message $data" in error_module.exception'
- name: test module with cmdlet error
test_fail:
data: cmdlet_error
register: cmdlet_error
ignore_errors: yes
- name: assert test module with cmdlet error
assert:
that:
- cmdlet_error is failed
- 'cmdlet_error.msg == "Unhandled exception while executing module: Cannot find drive. A drive with the name ''fake'' does not exist."'
- '"Get-Item -Path \"fake:\\path\"" in cmdlet_error.exception'
- name: test module with .NET exception
test_fail:
data: dotnet_exception
register: dotnet_exception
ignore_errors: yes
- name: assert test module with .NET exception
assert:
that:
- dotnet_exception is failed
- 'dotnet_exception.msg == "Unhandled exception while executing module: Exception calling \"GetFullPath\" with \"1\" argument(s): \"The path is not of a legal form.\""'
- '"[System.IO.Path]::GetFullPath($null)" in dotnet_exception.exception'
- name: test module with function exception
test_fail:
data: function_throw
register: function_exception
ignore_errors: yes
vars:
_ansible_coverage_remote_output: ''
- name: assert test module with function exception
assert:
that:
- function_exception is failed
- 'function_exception.msg == "Unhandled exception while executing module: exception in function"'
- '"throw \"exception in function\"" in function_exception.exception'
- '"at Test-ThrowException, <No file>: line" in function_exception.exception'
- name: test module with fail process but Exit-Json
test_fail:
data: proc_exit_fine
register: proc_exit_fine
- name: assert test module with fail process but Exit-Json
assert:
that:
- not proc_exit_fine is failed
- name: test module with fail process but Fail-Json
test_fail:
data: proc_exit_fail
register: proc_exit_fail
ignore_errors: yes
- name: assert test module with fail process but Fail-Json
assert:
that:
- proc_exit_fail is failed
- proc_exit_fail.msg == "proc_exit_fail"
- not proc_exit_fail.exception is defined
- name: test out invalid options
test_invalid_requires:
register: invalid_options
- name: assert test out invalid options
assert:
that:
- invalid_options is successful
- invalid_options.output == "output"
- name: test out invalid os version
test_min_os_version:
register: invalid_os_version
ignore_errors: yes
- name: assert test out invalid os version
assert:
that:
- invalid_os_version is failed
- '"This module cannot run on this OS as it requires a minimum version of 20.0, actual was " in invalid_os_version.msg'
- name: test out invalid powershell version
test_min_ps_version:
register: invalid_ps_version
ignore_errors: yes
- name: assert test out invalid powershell version
assert:
that:
- invalid_ps_version is failed
- '"This module cannot run as it requires a minimum PowerShell version of 20.0.0.0, actual was " in invalid_ps_version.msg'
- name: test out environment block for task
win_shell: set
args:
executable: cmd.exe
environment:
String: string value
Int: 1234
Bool: True
double_quote: 'double " quote'
single_quote: "single ' quote"
hyphen-var: abc@123
'_-(){}[]<>*+-/\?"''!@#$%^&|;:i,.`~0': '_-(){}[]<>*+-/\?"''!@#$%^&|;:i,.`~0'
'key': 'value'
register: environment_block
- name: assert environment block for task
assert:
that:
- '"String=string value" in environment_block.stdout_lines'
- '"Int=1234" in environment_block.stdout_lines'
- '"Bool=True" in environment_block.stdout_lines'
- '"double_quote=double \" quote" in environment_block.stdout_lines'
- '"single_quote=single '' quote" in environment_block.stdout_lines'
- '"hyphen-var=abc@123" in environment_block.stdout_lines'
# yaml escaping rules - (\\ == \), (\" == "), ('' == ')
- '"_-(){}[]<>*+-/\\?\"''!@#$%^&|;:i,.`~0=_-(){}[]<>*+-/\\?\"''!@#$%^&|;:i,.`~0" in environment_block.stdout_lines'
- '"key=value" in environment_block.stdout_lines'
- name: test out become requires without become_user set
test_all_options:
register: become_system
- name: assert become requires without become_user set
assert:
that:
- become_system is successful
- become_system.output == "S-1-5-18"
- set_fact:
become_test_username: ansible_become_test
gen_pw: "{{ 'password123!' + lookup('password', '/dev/null chars=ascii_letters,digits length=8') }}"
- name: execute tests and ensure that test user is deleted regardless of success/failure
block:
- name: create unprivileged user
win_user:
name: "{{ become_test_username }}"
password: "{{ gen_pw }}"
update_password: always
groups: Users
register: become_test_user_result
- name: create tempdir for test user
win_file:
path: C:\Windows\TEMP\test-dir
state: directory
- name: deny delete permissions on new temp dir for test user
win_acl:
path: C:\Windows\TEMP\test-dir
user: '{{ become_test_user_result.sid }}'
type: '{{ item.type }}'
rights: '{{ item.rights }}'
loop:
- type: allow
rights: ListDirectory, CreateFiles, CreateDirectories, ReadAttributes, ReadExtendedAttributes, WriteData, WriteAttributes, WriteExtendedAttributes, Synchronize
- type: deny
rights: DeleteSubdirectoriesAndFiles, Delete
- name: ensure current user is not the become user
win_shell: whoami
register: whoami_out
- name: verify output
assert:
that:
- not whoami_out.stdout_lines[0].endswith(become_test_username)
- name: get become user profile dir so we can clean it up later
vars: &become_vars
ansible_become_user: "{{ become_test_username }}"
ansible_become_password: "{{ gen_pw }}"
ansible_become_method: runas
ansible_become: yes
win_shell: $env:USERPROFILE
register: profile_dir_out
- name: ensure profile dir contains test username (eg, if become fails silently, prevent deletion of real user profile)
assert:
that:
- become_test_username in profile_dir_out.stdout_lines[0]
- name: test out become requires when become_user set
test_all_options:
vars: *become_vars
register: become_system
- name: assert become requires when become_user set
assert:
that:
- become_system is successful
- become_system.output == become_test_user_result.sid
- name: run module with tempdir with no delete access
win_ping:
register: temp_deletion_warning
vars:
<<: *become_vars
ansible_remote_tmp: C:\Windows\TEMP\test-dir
- name: assert warning about tmpdir deletion is present
assert:
that:
- temp_deletion_warning.warnings | count == 1
- >-
temp_deletion_warning.warnings[0] is
regex("(?i).*Failed to cleanup temporary directory 'C:\\\\Windows\\\\TEMP\\\\test-dir\\\\.*' used for compiling C# code\\. Files may still be present after the task is complete\\..*")
always:
- name: ensure test user is deleted
win_user:
name: "{{ become_test_username }}"
state: absent
- name: ensure test user profile is deleted
# NB: have to work around powershell limitation of long filenames until win_file fixes it
win_shell: rmdir /S /Q {{ profile_dir_out.stdout_lines[0] }}
args:
executable: cmd.exe
when: become_test_username in profile_dir_out.stdout_lines[0] | default("")
- name: remove test tempdir
win_file:
path: C:\Windows\TEMP\test-dir
state: absent
- name: test common functions in exec
test_common_functions:
register: common_functions_res
- name: assert test common functions in exec
assert:
that:
- not common_functions_res is failed
- common_functions_res.msg == "good"
- name: get PS events containing module args or envvars created since test start
raw: |
$dt=[datetime]"{{ test_starttime.stdout|trim }}"
(Get-WinEvent -LogName Microsoft-Windows-Powershell/Operational |
? { $_.TimeCreated -ge $dt -and $_.Message -match "fail_module|hyphen-var" }).Count
register: ps_log_count
- name: assert no PS events contain module args or envvars
assert:
that:
- ps_log_count.stdout | int == 0
- name: test module that sets HadErrors with no error records
test_rc_1:
register: module_had_errors
- name: assert test module that sets HadErrors with no error records
assert:
that:
- module_had_errors.rc == 0