From 570da1bae636c14091e1e2b2ff65e55f48f6e872 Mon Sep 17 00:00:00 2001 From: Daniel-Sanchez-Fabregas <33929811+Daniel-Sanchez-Fabregas@users.noreply.github.com> Date: Wed, 3 Apr 2019 23:28:05 +0200 Subject: [PATCH] Support cross-domain on win_domain_computer module (#54774) * Support cross-domain on win_domain_computer module * Fix documentation false typo 'seealso' --- .../modules/windows/win_domain_computer.ps1 | 29 +++++++++++++++---- .../modules/windows/win_domain_computer.py | 20 +++++++++++++ 2 files changed, 44 insertions(+), 5 deletions(-) diff --git a/lib/ansible/modules/windows/win_domain_computer.ps1 b/lib/ansible/modules/windows/win_domain_computer.ps1 index ed37aacfba..b09d5f65bd 100644 --- a/lib/ansible/modules/windows/win_domain_computer.ps1 +++ b/lib/ansible/modules/windows/win_domain_computer.ps1 @@ -26,7 +26,21 @@ If (-not $sam_account_name.EndsWith("$")) { } $enabled = Get-AnsibleParam -obj $params -name "enabled" -type "bool" -default $true $description = Get-AnsibleParam -obj $params -name "description" -default $null +$domain_username = Get-AnsibleParam -obj $params -name "domain_username" -type "str" +$domain_password = Get-AnsibleParam -obj $params -name "domain_password" -type "str" -failifempty ($domain_username -ne $null) +$domain_server = Get-AnsibleParam -obj $params -name "domain_server" -type "str" $state = Get-AnsibleParam -obj $params -name "state" -ValidateSet "present","absent" -default "present" + +$extra_args = @{} +if ($domain_username -ne $null) { + $domain_password = ConvertTo-SecureString $domain_password -AsPlainText -Force + $credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $domain_username, $domain_password + $extra_args.Credential = $credential +} +if ($domain_server -ne $null) { + $extra_args.Server = $domain_server +} + If ($state -eq "present") { $dns_hostname = Get-AnsibleParam -obj $params -name "dns_hostname" -failifempty $true -resultobj $result $ou = Get-AnsibleParam -obj $params -name "ou" -failifempty $true -resultobj $result @@ -55,7 +69,8 @@ Function Get-InitialState($desired_state) { $computer = Try { Get-ADComputer ` -Identity $desired_state.name ` - -Properties DistinguishedName,DNSHostName,Enabled,Name,SamAccountName,Description,ObjectClass + -Properties DistinguishedName,DNSHostName,Enabled,Name,SamAccountName,Description,ObjectClass ` + @extra_args } Catch { $null } If ($computer) { $initial_state = [ordered]@{ @@ -88,7 +103,8 @@ Function Set-ConstructedState($initial_state, $desired_state) { -DNSHostName $desired_state.dns_hostname ` -Enabled $desired_state.enabled ` -Description $desired_state.description ` - -WhatIf:$check_mode + -WhatIf:$check_mode ` + @extra_args } Catch { Fail-Json -obj $result -message "Failed to set the AD object $($desired_state.name): $($_.Exception.Message)" } @@ -100,7 +116,8 @@ Function Set-ConstructedState($initial_state, $desired_state) { Move-ADObject ` -TargetPath $desired_state.ou ` -Confirm:$False ` - -WhatIf:$check_mode + -WhatIf:$check_mode ` + @extra_args } Catch { Fail-Json -obj $result -message "Failed to move the AD object $($desired_state.name) to $($desired_state.ou) OU: $($_.Exception.Message)" } @@ -118,7 +135,8 @@ Function Add-ConstructedState($desired_state) { -Path $desired_state.ou ` -Enabled $desired_state.enabled ` -Description $desired_state.description ` - -WhatIf:$check_mode + -WhatIf:$check_mode ` + @extra_args } Catch { Fail-Json -obj $result -message "Failed to create the AD object $($desired_state.name): $($_.Exception.Message)" } @@ -133,7 +151,8 @@ Function Remove-ConstructedState($initial_state) { | Remove-ADObject ` -Recursive ` -Confirm:$False ` - -WhatIf:$check_mode + -WhatIf:$check_mode ` + @extra_args } Catch { Fail-Json -obj $result -message "Failed to remove the AD object $($desired_state.name): $($_.Exception.Message)" } diff --git a/lib/ansible/modules/windows/win_domain_computer.py b/lib/ansible/modules/windows/win_domain_computer.py index 13a149ce9f..8b91e99b41 100644 --- a/lib/ansible/modules/windows/win_domain_computer.py +++ b/lib/ansible/modules/windows/win_domain_computer.py @@ -63,6 +63,26 @@ options: - The LDAP display name for this property is dNSHostName. - Required when I(state=present). type: str + domain_username: + description: + - The username to use when interacting with AD. + - If this is not set then the user Ansible used to log in with will be + used instead when using CredSSP or Kerberos with credential delegation. + type: str + version_added: '2.8' + domain_password: + description: + - The password for I(username). + type: str + version_added: '2.8' + domain_server: + description: + - Specifies the Active Directory Domain Services instance to connect to. + - Can be in the form of an FQDN or NetBIOS name. + - If not specified then the value is based on the domain of the computer + running PowerShell. + type: str + version_added: '2.8' state: description: - Specified whether the computer should be C(present) or C(absent) in