diff --git a/changelogs/fragments/win_domain_computer-idempotence.yaml b/changelogs/fragments/win_domain_computer-idempotence.yaml new file mode 100644 index 0000000000..1e9851c088 --- /dev/null +++ b/changelogs/fragments/win_domain_computer-idempotence.yaml @@ -0,0 +1,2 @@ +bugfixes: +- win_domain_computer - Fix idempotence checks when ``sAMAccountName`` is different from ``name`` diff --git a/lib/ansible/modules/windows/win_domain_computer.ps1 b/lib/ansible/modules/windows/win_domain_computer.ps1 index 86c380e8ff..3da4a6f785 100644 --- a/lib/ansible/modules/windows/win_domain_computer.ps1 +++ b/lib/ansible/modules/windows/win_domain_computer.ps1 @@ -59,6 +59,7 @@ If ($state -eq "present") { } Else { $desired_state = [ordered]@{ name = $name + sam_account_name = $sam_account_name state = $state } } @@ -68,7 +69,7 @@ Function Get-InitialState($desired_state) { # Test computer exists $computer = Try { Get-ADComputer ` - -Identity $desired_state.name ` + -Identity $desired_state.sam_account_name ` -Properties DistinguishedName,DNSHostName,Enabled,Name,SamAccountName,Description,ObjectClass ` @extra_args } Catch { $null } @@ -87,6 +88,7 @@ Function Get-InitialState($desired_state) { } Else { $initial_state = [ordered]@{ name = $desired_state.name + sam_account_name = $desired_state.sam_account_name state = "absent" } } @@ -112,7 +114,7 @@ Function Set-ConstructedState($initial_state, $desired_state) { If ($initial_state.distinguished_name -cne $desired_state.distinguished_name) { # Move computer to OU Try { - Get-ADComputer -Identity $desired_state.name @extra_args | + Get-ADComputer -Identity $desired_state.sam_account_name @extra_args | Move-ADObject ` -TargetPath $desired_state.ou ` -Confirm:$False ` @@ -147,7 +149,7 @@ Function Add-ConstructedState($desired_state) { # ------------------------------------------------------------------------------ Function Remove-ConstructedState($initial_state) { Try { - Get-ADComputer -Identity $initial_state.name @extra_args | + Get-ADComputer -Identity $initial_state.sam_account_name @extra_args | Remove-ADObject ` -Recursive ` -Confirm:$False ` diff --git a/lib/ansible/modules/windows/win_domain_computer.py b/lib/ansible/modules/windows/win_domain_computer.py index 8b91e99b41..f95cc5cd72 100644 --- a/lib/ansible/modules/windows/win_domain_computer.py +++ b/lib/ansible/modules/windows/win_domain_computer.py @@ -104,7 +104,7 @@ EXAMPLES = r''' - name: Add linux computer to Active Directory OU using a windows machine win_domain_computer: name: one_linux_server.my_org.local - sam_account_name: linux_server + sam_account_name: linux_server$ dns_hostname: one_linux_server.my_org.local ou: "OU=servers,DC=my_org,DC=local" description: Example of linux server diff --git a/test/integration/targets/win_domain_computer/aliases b/test/integration/targets/win_domain_computer/aliases new file mode 100644 index 0000000000..ad7ccf7ada --- /dev/null +++ b/test/integration/targets/win_domain_computer/aliases @@ -0,0 +1 @@ +unsupported diff --git a/test/integration/targets/win_domain_computer/tasks/main.yml b/test/integration/targets/win_domain_computer/tasks/main.yml new file mode 100644 index 0000000000..98f18acac2 --- /dev/null +++ b/test/integration/targets/win_domain_computer/tasks/main.yml @@ -0,0 +1,71 @@ +# this won't run in Ansible's integration tests until we get a domain set up +# these are here if someone wants to run the module tests locally on their own +# domain. +# Requirements: +# LDAP Base path set in defaults/main.yml like DC=ansible,DC=local +# Custom OU path set in defaults/main.yml like OU=ou1,DC=ansible,DC=local +--- +- name: run win_domain_users test + hosts: win_domain_computer_testing_host + vars: + test_win_domain_computer_ldap_base: "{{ test_ad_ou }}" + test_win_domain_computer_ou_path: "{{ test_ad_group_ou }}" + test_win_domain_computer_name: "test_computer.{{ test_domain_name }}" + tasks: + + - name: ensure the computer is deleted before the test + win_domain_computer: + name: '{{ test_win_domain_computer_name }}' + state: absent + + # -------------------------------------------------------------------------- + + - name: Test computer with long name and distinct sam_account_name + vars: + test_win_domain_computer_long_name: '{{ test_win_domain_computer_name }}_with_long_name' + test_win_domain_computer_sam_account_name: '{{ test_win_domain_computer_name }}$' + block: + + # ---------------------------------------------------------------------- + - name: create computer with long name and distinct sam_account_name + win_domain_computer: + name: '{{ test_win_domain_computer_long_name }}' + sam_account_name: '{{ test_win_domain_computer_sam_account_name }}' + enabled: yes + state: present + register: create_distinct_sam_account_name + check_mode: yes + + - name: get actual computer with long name and distinct sam_account_name + win_command: powershell.exe "Import-Module ActiveDirectory; Get-ADComputer -Identity '{{ test_win_domain_computer_sam_account_name }}'" + register: create_distinct_sam_account_name_check + ignore_errors: True + + - name: assert create computer with long name and distinct sam_account_name + assert: + that: + - create_distinct_sam_account_name is changed + - create_distinct_sam_account_name_check.rc == 1 + + - name: (Idempotence) create computer with long name and distinct sam_account_name + win_domain_computer: + name: '{{ test_win_domain_computer_long_name }}' + sam_account_name: '{{ test_win_domain_computer_sam_account_name }}' + enabled: yes + state: present + register: create_distinct_sam_account_name_idempotence + check_mode: yes + + - name: (Idempotence) assert create computer with long name and distinct sam_account_name + assert: + that: + - create_distinct_sam_account_name_idempotence is not changed + + - name: ensure the test group is deleted after the test + win_domain_computer: + name: '{{ test_win_domain_computer_long_name }}' + sam_account_name: '{{ test_win_domain_computer_sam_account_name }}' + state: absent + ignore_protection: True + + # ----------------------------------------------------------------------