1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/integration/targets/win_mapped_drive/tasks/main.yml
Jordan Borean a568bbed3c
win_mapped_drive - refactor module and docs (#48642)
* win_mapped_drive - refactor module and docs

* Updated code to work with become and split tokens

* use win_credential_manager instead of cmdkey

* updated credential manager module name

* harden the system token impersonation process
2018-11-22 08:12:41 +10:00

99 lines
3 KiB
YAML

---
# test setup
- name: gather facts required by the tests
setup:
gather_subset: platform
- name: ensure mapped drive is deleted before test
win_mapped_drive:
letter: '{{test_win_mapped_drive_letter}}'
state: absent
- name: ensure temp mapped drive user exist
win_user:
name: '{{test_win_mapped_drive_temp_user}}'
password: '{{test_win_mapped_drive_temp_password}}'
state: present
groups:
- Administrators
- name: ensure temp folders exist
win_file:
path: '{{item}}'
state: directory
with_items:
- '{{test_win_mapped_drive_local_path}}'
- '{{test_win_mapped_drive_local_path2}}'
# can't use win_share as it doesnt't support Server 2008 and 2008 R2
- name: ensure shares exist
win_shell: $share = Get-WmiObject -Class Win32_Share | Where-Object { $_.Name -eq '{{item.name}}' }; if (-not $share) { $share = [wmiClass]'Win32_Share'; $share.Create('{{item.path}}', '{{item.name}}', 0) }
with_items:
- { name: '{{test_win_mapped_drive_path}}', path: '{{test_win_mapped_drive_local_path}}' }
- { name: '{{test_win_mapped_drive_path2}}', path: '{{test_win_mapped_drive_local_path2}}' }
# This ensures we test out the split token/become behaviour
- name: ensure builtin Administrator has a split token
win_regedit:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
name: FilterAdministratorToken
data: 1
type: dword
register: admin_uac
- name: reboot to apply Admin approval mode setting
win_reboot:
when: admin_uac is changed
- block:
# tests
- include_tasks: tests.yml
# test cleanup
always:
- name: remove stored credential
win_credential:
name: '{{ ansible_hostname }}'
type: domain_password
state: absent
vars:
ansible_become: yes
ansible_become_method: runas
ansible_become_user: '{{ ansible_user }}'
ansible_become_pass: '{{ ansible_password }}'
- name: ensure mapped drive is deleted at the end of the test
win_mapped_drive:
letter: '{{test_win_mapped_drive_letter}}'
state: absent
- name: ensure shares are removed
win_shell: $share = Get-WmiObject -Class Win32_Share | Where-Object { $_.Name -eq '{{item}}' }; if ($share) { $share.Delete() }
with_items:
- '{{test_win_mapped_drive_path}}'
- '{{test_win_mapped_drive_path2}}'
- name: ensure temp folders are deleted
win_file:
path: '{{item}}'
state: absent
with_items:
- '{{test_win_mapped_drive_local_path}}'
- '{{test_win_mapped_drive_local_path2}}'
- name: ensure temp mapped driver user is deleted
win_user:
name: '{{test_win_mapped_drive_temp_user}}'
state: absent
- name: disable Admin approval mode if changed in test
win_regedit:
path: HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
name: FilterAdministratorToken
data: 0
type: dword
when: admin_uac is changed
- name: reboot to apply Admin approval mode setting
win_reboot:
when: admin_uac is changed