104 lines
3 KiB
YAML
104 lines
3 KiB
YAML
|
---
|
||
|
- name: test out invalid options
|
||
|
test_invalid_requires:
|
||
|
register: invalid_options
|
||
|
|
||
|
- name: assert test out invalid options
|
||
|
assert:
|
||
|
that:
|
||
|
- invalid_options|success
|
||
|
- invalid_options.output == "output"
|
||
|
|
||
|
- name: test out invalid os version
|
||
|
test_min_os_version:
|
||
|
register: invalid_os_version
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- name: assert test out invalid os version
|
||
|
assert:
|
||
|
that:
|
||
|
- invalid_os_version|failed
|
||
|
- '"This module cannot run on this OS as it requires a minimum version of 20.0, actual was " in invalid_os_version.msg'
|
||
|
|
||
|
- name: test out invalid powershell version
|
||
|
test_min_ps_version:
|
||
|
register: invalid_ps_version
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- name: assert test out invalid powershell version
|
||
|
assert:
|
||
|
that:
|
||
|
- invalid_ps_version|failed
|
||
|
- '"This module cannot run as it requires a minimum PowerShell version of 20.0.0.0, actual was " in invalid_ps_version.msg'
|
||
|
|
||
|
- name: test out become requires without become_user set
|
||
|
test_all_options:
|
||
|
register: become_system
|
||
|
|
||
|
- name: assert become requires without become_user set
|
||
|
assert:
|
||
|
that:
|
||
|
- become_system|success
|
||
|
- become_system.output == "S-1-5-18"
|
||
|
|
||
|
- set_fact:
|
||
|
become_test_username: ansible_become_test
|
||
|
gen_pw: password123! + {{ lookup('password', '/dev/null chars=ascii_letters,digits length=8') }}
|
||
|
|
||
|
- name: create unprivileged user
|
||
|
win_user:
|
||
|
name: "{{ become_test_username }}"
|
||
|
password: "{{ gen_pw }}"
|
||
|
update_password: always
|
||
|
groups: Users
|
||
|
register: become_test_user_result
|
||
|
|
||
|
- name: execute tests and ensure that test user is deleted regardless of success/failure
|
||
|
block:
|
||
|
- name: ensure current user is not the become user
|
||
|
win_shell: whoami
|
||
|
register: whoami_out
|
||
|
|
||
|
- name: verify output
|
||
|
assert:
|
||
|
that:
|
||
|
- not whoami_out.stdout_lines[0].endswith(become_test_username)
|
||
|
|
||
|
- name: get become user profile dir so we can clean it up later
|
||
|
vars: &become_vars
|
||
|
ansible_become_user: "{{ become_test_username }}"
|
||
|
ansible_become_password: "{{ gen_pw }}"
|
||
|
ansible_become_method: runas
|
||
|
ansible_become: yes
|
||
|
win_shell: $env:USERPROFILE
|
||
|
register: profile_dir_out
|
||
|
|
||
|
- name: ensure profile dir contains test username (eg, if become fails silently, prevent deletion of real user profile)
|
||
|
assert:
|
||
|
that:
|
||
|
- become_test_username in profile_dir_out.stdout_lines[0]
|
||
|
|
||
|
- name: test out become requires when become_user set
|
||
|
test_all_options:
|
||
|
vars: *become_vars
|
||
|
register: become_system
|
||
|
|
||
|
- name: assert become requires when become_user set
|
||
|
assert:
|
||
|
that:
|
||
|
- become_system|success
|
||
|
- become_system.output == become_test_user_result.sid
|
||
|
|
||
|
always:
|
||
|
- name: ensure test user is deleted
|
||
|
win_user:
|
||
|
name: "{{ become_test_username }}"
|
||
|
state: absent
|
||
|
|
||
|
- name: ensure test user profile is deleted
|
||
|
# NB: have to work around powershell limitation of long filenames until win_file fixes it
|
||
|
win_shell: rmdir /S /Q {{ profile_dir_out.stdout_lines[0] }}
|
||
|
args:
|
||
|
executable: cmd.exe
|
||
|
when: become_test_username in profile_dir_out.stdout_lines[0]
|