ansible/test/integration/targets/win_iis_webbinding/tasks/https-ge6.2.yml
nwsparks 0a3da471f5 win_iis_webbinding rewrite (#33958)
* Begin rewrite of win_iis_webbinding
Add integration testing, check mode and idempotency
Add support for SNI
Fix replacing SSL cert on existing bindings

* finished up initial rewrite of win_iis_webbinding

* updated test to remove tests as filters

* updated win_iis_webbinding docs

* fix more doc/formatting issues win_iis_webbinding

* Removed string empty defaults for certs. Added a few new helpful
comments.

* Revert "Removed string empty defaults for certs. Added a few new helpful"

This reverts commit 48f35faea8d5294b34e1aa842a95c9352b90257f.
2018-01-01 19:30:18 -05:00

459 lines
16 KiB
YAML

##############
### CM Add ###
##############
#changed true, check nothing present
- name: CM add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
check_mode: yes
- name: CM get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: CM add https binding with header and SNI
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_header
check_mode: yes
- name: CM get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: CM assert changed, but not added
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'added'
- https_no_header.binding_info is none
- get_https_no_header.binding is not defined
- https_header is changed
- https_header.operation_type == 'added'
- https_header.binding_info is none
- get_https_header.binding is not defined
###########
### Add ###
###########
#changed true, new bindings present
- name: add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: add https binding with header SNI
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: assert changed and added
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'added'
- https_no_header.binding_info is defined
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.hostheader == ''
- https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header is changed
- https_header.operation_type == 'added'
- https_header.binding_info is defined
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header.binding_info.sslFlags == 1
################
### Idem Add ###
################
#changed false
- name: idem add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: https
ip: '*'
port: 443
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
- name: idem add https binding with header and SNI
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: test.com
protocol: https
ip: '*'
port: 443
ssl_flags: 1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_header
- name: idem assert not changed
assert:
that:
- https_no_header is not changed
- https_header is not changed
#################
### CM Modify ###
#################
# changed true, verify no changes occurred
#modify sni
- name: CM modify https binding with header, change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
check_mode: yes
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: CM assert changed but old cert
assert:
that:
- https_header is changed
- https_header.operation_type == 'updated'
- https_header.binding_info is defined
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header.binding_info.sslFlags == 1
- get_https_header.binding is defined
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
- get_https_header.binding.port == {{ https_header_vars.port }}
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- get_https_header.binding.sslFlags == 1
##############
### Modify ###
##############
# modify ssl flags
- name: modify https binding with header, change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: modify assert changed and new cert
assert:
that:
- https_header is changed
- https_header.operation_type == 'updated'
- https_header.binding_info is defined
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- https_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
- https_header.binding_info.sslFlags == 1
- get_https_header.binding is defined
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
- get_https_header.binding.port == {{ https_header_vars.port }}
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
- get_https_header.binding.sslFlags == 1
###################
### Idem Modify ###
###################
#changed false
#idem modify ssl flags
- name: idem modify https binding with header, enable SNI and change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
- name: idem assert not changed
assert:
that:
- https_header is not changed
#################
### CM Remove ###
#################
#changed true, bindings still present
- name: cm remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
check_mode: yes
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: cm remove https binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: https_header
check_mode: yes
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: cm remove assert changed, but still present
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'removed'
- https_no_header.binding_info is defined
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding is defined
- get_https_no_header.binding.ip == "{{ https_vars.ip }}"
- get_https_no_header.binding.port == {{ https_vars.port }}
- get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header is changed
- https_header.binding_info is defined
- https_header.operation_type == 'removed'
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding is defined
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
- get_https_header.binding.port == {{ https_header_vars.port }}
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
##############
### remove ###
##############
#changed true, bindings gone
- name: remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: remove https binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: remove assert changed and gone
assert:
that:
- https_no_header is changed
- https_no_header.binding_info is defined
- https_no_header.operation_type == 'removed'
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding is not defined
- https_header is changed
- https_header.binding_info is defined
- https_header.operation_type == 'removed'
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding is not defined
###################
### remove idem ###
###################
#change false, bindings gone
- name: idem remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: idem remove https binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: idem remove assert changed and gone
assert:
that:
- https_no_header is not changed
- https_no_header.binding_info is not defined
- get_https_no_header.binding is not defined
- https_header is not changed
- https_header.binding_info is not defined
- get_https_header.binding is not defined