5d15a539c7
* Add windows module win_rds_settings * Add windows module win_rds_rap * Add windows module win_rds_cap * Add tests for module win_rds_settings * Add tests for module win_rds_rap * Add tests for module win_rds_cap * Validate user and computer groups in module win_rds_cap * Validate user groups in module win_rds_rap * Support additional formats (UPN, Down-Level Login Name, SID and Login Name) for user and computer group names in module win_rds_cap * Support additional formats (UPN, Down-Level Login Name, SID and Login Name) for user group names in module win_rds_rap * Validate computer group parameter and support additional formats (UPN, Down-Level Login Name, SID and Login Name) in module win_rds_rap * Validate allowed ports parameter in module win_rds_rap * Ensure user group list is not empty in module win_rds_rap * Remove unwanted value in result object * Ensure user group list is not empty in module win_rds_cap * Ensure order parameter value never exceed the number of existing CAPs in module win_rds_cap * Add diff mode support to win_rds_cap * Add diff mode support to win_rds_rap * Add diff mode support to win_rds_settings * Add SSL bridging and messaging policy settings to module win_rds_settings * Fix copyright [skip ci] * Add missing trailing dots in documentation [skip ci] * Fix incorrect variable passed to Fail-Json * Minor changes and doc update * Avoid using Powershell aliases * Use WMI instead of PSProvider to handle group names to avoid conversion in UPN form * Use CIM instead of WMI cmdlets
254 lines
7.9 KiB
YAML
254 lines
7.9 KiB
YAML
---
|
|
- name: test create a new RAP (check mode)
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- administrators
|
|
- users@builtin
|
|
state: present
|
|
register: new_rap_check
|
|
check_mode: yes
|
|
|
|
- name: get result of create a new RAP (check mode)
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}")
|
|
register: new_rap_actual_check
|
|
|
|
- name: assert results of create a new RAP (check mode)
|
|
assert:
|
|
that:
|
|
- new_rap_check.changed == true
|
|
- new_rap_actual_check.stdout_lines[0] == "False"
|
|
|
|
- name: test create a new RAP
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- administrators
|
|
- users@builtin
|
|
state: present
|
|
register: new_rap
|
|
|
|
- name: get result of create a new RAP
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}")
|
|
register: new_rap_actual
|
|
|
|
- name: assert results of create a new RAP
|
|
assert:
|
|
that:
|
|
- new_rap.changed == true
|
|
- new_rap_actual.stdout_lines[0] == "True"
|
|
|
|
- name: test create a new RAP (idempotent)
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- administrators
|
|
- users@builtin
|
|
state: present
|
|
register: new_rap_again
|
|
|
|
- name: get result of create a new RAP (idempotent)
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}")
|
|
register: new_rap_actual_again
|
|
|
|
- name: assert results of create a new RAP (idempotent)
|
|
assert:
|
|
that:
|
|
- new_rap_again.changed == false
|
|
- new_rap_actual_again.stdout_lines[0] == "True"
|
|
|
|
- name: test edit a RAP
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
description: 'Description of {{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
# Test with different group name formats
|
|
- users@builtin
|
|
- .\guests
|
|
computer_group_type: ad_network_resource_group
|
|
computer_group: administrators
|
|
allowed_ports:
|
|
- 3389
|
|
- 3390
|
|
- 3391
|
|
state: disabled
|
|
register: edit_rap
|
|
|
|
- name: get result of edit a RAP
|
|
win_shell: |
|
|
Import-Module RemoteDesktopServices;
|
|
$rap_path = "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}"
|
|
$rap = @{}
|
|
Get-ChildItem -Path "$rap_path" | foreach { $rap.Add($_.Name,$_.CurrentValue) }
|
|
$rap.UserGroups = @(Get-ChildItem -Path "$rap_path\UserGroups" | Select -ExpandProperty Name)
|
|
$rap | ConvertTo-Json
|
|
register: edit_rap_actual_json
|
|
|
|
- name: parse result of edit a RAP.
|
|
set_fact:
|
|
edit_rap_actual: '{{ edit_rap_actual_json.stdout | from_json }}'
|
|
|
|
- name: assert results of edit a RAP
|
|
assert:
|
|
that:
|
|
- edit_rap.changed == true
|
|
- edit_rap_actual.Status == "0"
|
|
- edit_rap_actual.Description == "Description of {{ test_win_rds_rap_name }}"
|
|
- edit_rap_actual.PortNumbers == "3389,3390,3391"
|
|
- edit_rap_actual.UserGroups | length == 2
|
|
- edit_rap_actual.UserGroups[0] == "Users@BUILTIN"
|
|
- edit_rap_actual.UserGroups[1] == "Guests@BUILTIN"
|
|
- edit_rap_actual.ComputerGroupType == "1"
|
|
- edit_rap_actual.ComputerGroup == "Administrators@BUILTIN"
|
|
|
|
- name: test edit a RAP (indempotent)
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
description: 'Description of {{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- users@builtin
|
|
- guests@builtin
|
|
computer_group_type: ad_network_resource_group
|
|
computer_group: Administrators@BUILTIN
|
|
allowed_ports:
|
|
- 3389
|
|
- 3390
|
|
- 3391
|
|
state: disabled
|
|
register: edit_rap_again
|
|
|
|
- name: assert results of edit a RAP (indempotent)
|
|
assert:
|
|
that:
|
|
- edit_rap_again.changed == false
|
|
|
|
- name: test allow all ports
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
allowed_ports: any
|
|
register: edit_rap_allow_all_ports
|
|
|
|
- name: get result of allow all ports
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Get-Item "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}\PortNumbers").CurrentValue
|
|
register: edit_rap_allow_all_ports_actual
|
|
|
|
- name: assert results of allow all ports
|
|
assert:
|
|
that:
|
|
- edit_rap_allow_all_ports.changed == true
|
|
- edit_rap_allow_all_ports_actual.stdout_lines[0] == "*"
|
|
|
|
- name: test remove RAP (check mode)
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
state: absent
|
|
register: remove_rap_check
|
|
check_mode: yes
|
|
|
|
- name: get result of remove RAP (check mode)
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}")
|
|
register: remove_rap_actual_check
|
|
|
|
- name: assert results of remove RAP (check mode)
|
|
assert:
|
|
that:
|
|
- remove_rap_check.changed == true
|
|
- remove_rap_actual_check.stdout_lines[0] == "True"
|
|
|
|
- name: test remove RAP
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
state: absent
|
|
register: remove_rap
|
|
|
|
- name: get result of remove RAP
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}")
|
|
register: remove_rap_actual
|
|
|
|
- name: assert results of remove RAP
|
|
assert:
|
|
that:
|
|
- remove_rap.changed == true
|
|
- remove_rap_actual.stdout_lines[0] == "False"
|
|
|
|
- name: test remove RAP (idempotent)
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
state: absent
|
|
register: remove_rap_again
|
|
|
|
- name: get result of remove RAP (idempotent)
|
|
win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}")
|
|
register: remove_rap_actual_again
|
|
|
|
- name: assert results of remove RAP (idempotent)
|
|
assert:
|
|
that:
|
|
- remove_rap_again.changed == false
|
|
- remove_rap_actual_again.stdout_lines[0] == "False"
|
|
|
|
- name: fail when create a new RAP without user group
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
state: present
|
|
register: new_rap_without_group
|
|
check_mode: yes
|
|
failed_when: "new_rap_without_group.msg != 'User groups must be defined to create a new RAP.'"
|
|
|
|
- name: fail when create a new RAP with an empty user group list
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups: []
|
|
state: present
|
|
register: new_rap_empty_group_list
|
|
check_mode: yes
|
|
failed_when: "new_rap_empty_group_list.msg is not search('cannot be an empty list')"
|
|
|
|
- name: fail when create a new RAP with an invalid user group
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- fake_group
|
|
state: present
|
|
register: new_rap_invalid_group
|
|
check_mode: yes
|
|
failed_when: new_rap_invalid_group.changed != false or new_rap_invalid_group.msg is not search('is not a valid account')
|
|
|
|
- name: fail when create a new RAP with an invalid AD computer group
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- administrators
|
|
computer_group_type: ad_network_resource_group
|
|
computer_group: fake_ad_group
|
|
state: present
|
|
register: new_rap_invalid_ad_computer_group
|
|
check_mode: yes
|
|
failed_when: new_rap_invalid_ad_computer_group.changed != false or new_rap_invalid_ad_computer_group.msg is not search('is not a valid account')
|
|
|
|
- name: fail when create a new RAP with an invalid gateway managed computer group
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- administrators
|
|
computer_group_type: rdg_group
|
|
computer_group: fake_rdg_group
|
|
state: present
|
|
register: new_rap_invalid_rdg_computer_group
|
|
check_mode: yes
|
|
failed_when: new_rap_invalid_rdg_computer_group.changed != false or new_rap_invalid_rdg_computer_group.msg is not search('is not a valid gateway managed computer group')
|
|
|
|
- name: fail when create a new RAP with invalid port numbers
|
|
win_rds_rap:
|
|
name: '{{ test_win_rds_rap_name }}'
|
|
user_groups:
|
|
- administrators
|
|
allowed_ports:
|
|
- '{{ item }}'
|
|
state: present
|
|
loop:
|
|
- invalid_port_number
|
|
- 65536
|
|
register: new_rap_invalid_port
|
|
check_mode: yes
|
|
failed_when: new_rap_invalid_port.changed != false or new_rap_invalid_port.msg is not search('is not a valid port number')
|