From 56f4bf44f53881162ec7a0f35526eaaa68fa9398 Mon Sep 17 00:00:00 2001
From: Chris Church <chris@ninemoreminutes.com>
Date: Tue, 30 Sep 2014 11:52:05 -0400
Subject: [PATCH] Add integration tests for win_user module.
---
test/integration/roles/test_win_user/defaults/main.yml | 5 +++++
test/integration/roles/test_win_user/files/lockout_user.ps1 | 17 +++++++++++++++++
test/integration/roles/test_win_user/tasks/main.yml | 400 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
test/integration/test_winrm.yml | 1 +
4 files changed, 423 insertions(+)
create mode 100644 test/integration/roles/test_win_user/defaults/main.yml
create mode 100644 test/integration/roles/test_win_user/files/lockout_user.ps1
create mode 100644 test/integration/roles/test_win_user/tasks/main.yml
diff --git a/test/integration/roles/test_win_user/defaults/main.yml b/test/integration/roles/test_win_user/defaults/main.yml
new file mode 100644
index 0000000..c6a18ed
--- /dev/null
+++ b/test/integration/roles/test_win_user/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+
+test_win_user_name: test_win_user
+test_win_user_password: "T35Tus3rP@ssW0rd"
+test_win_user_password2: "pa55wOrd4te5tU53R!"
diff --git a/test/integration/roles/test_win_user/files/lockout_user.ps1 b/test/integration/roles/test_win_user/files/lockout_user.ps1
new file mode 100644
index 0000000..e15f13f
--- /dev/null
+++ b/test/integration/roles/test_win_user/files/lockout_user.ps1
@@ -0,0 +1,17 @@
+trap
+{
+ Write-Error -ErrorRecord $_
+ exit 1;
+}
+
+$username = $args[0]
+[void][system.reflection.assembly]::LoadWithPartialName('System.DirectoryServices.AccountManagement')
+$pc = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext 'Machine', $env:COMPUTERNAME
+For ($i = 1; $i -le 10; $i++) {
+ try {
+ $pc.ValidateCredentials($username, 'b@DP@ssw0rd')
+ }
+ catch {
+ break
+ }
+}
diff --git a/test/integration/roles/test_win_user/tasks/main.yml b/test/integration/roles/test_win_user/tasks/main.yml
new file mode 100644
index 0000000..ebe8c5d
--- /dev/null
+++ b/test/integration/roles/test_win_user/tasks/main.yml
@@ -0,0 +1,400 @@
+# test code for the win_user module
+# (c) 2014, Chris Church <chris@ninemoreminutes.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+- name: remove existing test user if present
+ win_user: name="{{ test_win_user_name }}" state="absent"
+ register: win_user_remove_result
+
+- name: check user removal result
+ assert:
+ that:
+ - "win_user_remove_result.name"
+ - "win_user_remove_result.state == 'absent'"
+
+- name: try to remove test user again
+ win_user: name="{{ test_win_user_name }}" state="absent"
+ register: win_user_remove_result_again
+
+- name: check user removal result again
+ assert:
+ that:
+ - "not win_user_remove_result_again|changed"
+ - "win_user_remove_result_again.name"
+ - "win_user_remove_result_again.msg"
+ - "win_user_remove_result.state == 'absent'"
+
+- name: test missing user with query state
+ win_user: name="{{ test_win_user_name }}" state="query"
+ register: win_user_missing_query_result
+
+- name: check missing query result
+ assert:
+ that:
+ - "not win_user_missing_query_result|changed"
+ - "win_user_missing_query_result.name"
+ - "win_user_missing_query_result.msg"
+ - "win_user_missing_query_result.state == 'absent'"
+
+- name: test create user
+ win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password }}"
+ register: win_user_create_result
+
+- name: check user creation result
+ assert:
+ that:
+ - "win_user_create_result|changed"
+ - "win_user_create_result.name == '{{ test_win_user_name }}'"
+ - "win_user_create_result.fullname == '{{ test_win_user_name }}'"
+ - "win_user_create_result.path"
+ - "win_user_create_result.state == 'present'"
+
+- name: update user full name and description
+ win_user: name="{{ test_win_user_name }}" fullname="Test Ansible User" description="Test user account created by Ansible"
+ register: win_user_update_result
+
+- name: check full name and description update result
+ assert:
+ that:
+ - "win_user_update_result|changed"
+ - "win_user_update_result.fullname == 'Test Ansible User'"
+ - "win_user_update_result.description == 'Test user account created by Ansible'"
+
+- name: update user full name and description again with same values
+ win_user: name="{{ test_win_user_name }}" fullname="Test Ansible User" description="Test user account created by Ansible"
+ register: win_user_update_result_again
+
+- name: check full name and description result again
+ assert:
+ that:
+ - "not win_user_update_result_again|changed"
+ - "win_user_update_result_again.fullname == 'Test Ansible User'"
+ - "win_user_update_result_again.description == 'Test user account created by Ansible'"
+
+- name: test again with no options or changes
+ win_user: name="{{ test_win_user_name }}"
+ register: win_user_nochange_result
+
+- name: check no changes result
+ assert:
+ that:
+ - "not win_user_nochange_result|changed"
+
+- name: test again with query state
+ win_user: name="{{ test_win_user_name }}" state="query"
+ register: win_user_query_result
+
+- name: check query result
+ assert:
+ that:
+ - "not win_user_query_result|changed"
+ - "win_user_query_result.state == 'present'"
+ - "win_user_query_result.name == '{{ test_win_user_name }}'"
+ - "win_user_query_result.fullname == 'Test Ansible User'"
+ - "win_user_query_result.description == 'Test user account created by Ansible'"
+ - "win_user_query_result.path"
+ - "win_user_query_result.sid"
+ - "win_user_query_result.groups == []"
+
+- name: change user password
+ win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password2 }}"
+ register: win_user_password_result
+
+- name: check password change result
+ assert:
+ that:
+ - "win_user_password_result|changed"
+
+- name: change user password again to same value
+ win_user: name="{{ test_win_user_name }}" password="{{ test_win_user_password2 }}"
+ register: win_user_password_result_again
+
+- name: check password change result again
+ assert:
+ that:
+ - "not win_user_password_result_again|changed"
+
+- name: check update_password=on_create for existing user
+ win_user: name="{{ test_win_user_name }}" password="ThisP@ssW0rdShouldNotBeUsed" update_password=on_create
+ register: win_user_nopasschange_result
+
+- name: check password change with on_create flag result
+ assert:
+ that:
+ - "not win_user_nopasschange_result|changed"
+
+- name: set password expired flag
+ win_user: name="{{ test_win_user_name }}" password_expired=yes
+ register: win_user_password_expired_result
+
+- name: check password expired result
+ assert:
+ that:
+ - "win_user_password_expired_result|changed"
+ - "win_user_password_expired_result.password_expired"
+
+- name: clear password expired flag
+ win_user: name="{{ test_win_user_name }}" password_expired=no
+ register: win_user_clear_password_expired_result
+
+- name: check clear password expired result
+ assert:
+ that:
+ - "win_user_clear_password_expired_result|changed"
+ - "not win_user_clear_password_expired_result.password_expired"
+
+- name: set password never expires flag
+ win_user: name="{{ test_win_user_name }}" password_never_expires=yes
+ register: win_user_password_never_expires_result
+
+- name: check password never expires result
+ assert:
+ that:
+ - "win_user_password_never_expires_result|changed"
+ - "win_user_password_never_expires_result.password_never_expires"
+
+- name: clear password never expires flag
+ win_user: name="{{ test_win_user_name }}" password_never_expires=no
+ register: win_user_clear_password_never_expires_result
+
+- name: check clear password never expires result
+ assert:
+ that:
+ - "win_user_clear_password_never_expires_result|changed"
+ - "not win_user_clear_password_never_expires_result.password_never_expires"
+
+- name: set user cannot change password flag
+ win_user: name="{{ test_win_user_name }}" user_cannot_change_password=yes
+ register: win_user_cannot_change_password_result
+
+- name: check user cannot change password result
+ assert:
+ that:
+ - "win_user_cannot_change_password_result|changed"
+ - "win_user_cannot_change_password_result.user_cannot_change_password"
+
+- name: clear user cannot change password flag
+ win_user: name="{{ test_win_user_name }}" user_cannot_change_password=no
+ register: win_user_can_change_password_result
+
+- name: check clear user cannot change password result
+ assert:
+ that:
+ - "win_user_can_change_password_result|changed"
+ - "not win_user_can_change_password_result.user_cannot_change_password"
+
+- name: set account disabled flag
+ win_user: name="{{ test_win_user_name }}" account_disabled=true
+ register: win_user_account_disabled_result
+
+- name: check account disabled result
+ assert:
+ that:
+ - "win_user_account_disabled_result|changed"
+ - "win_user_account_disabled_result.account_disabled"
+
+- name: clear account disabled flag
+ win_user: name="{{ test_win_user_name }}" account_disabled=false
+ register: win_user_clear_account_disabled_result
+
+- name: check clear account disabled result
+ assert:
+ that:
+ - "win_user_clear_account_disabled_result|changed"
+ - "not win_user_clear_account_disabled_result.account_disabled"
+
+- name: attempt to set account locked flag
+ win_user: name="{{ test_win_user_name }}" account_locked=yes
+ register: win_user_set_account_locked_result
+ ignore_errors: true
+
+- name: verify that attempting to set account locked flag fails
+ assert:
+ that:
+ - "win_user_set_account_locked_result|failed"
+ - "not win_user_set_account_locked_result|changed"
+
+- name: attempt to lockout test account
+ script: lockout_user.ps1 "{{ test_win_user_name }}"
+
+- name: get user to check if account locked flag is set
+ win_user: name="{{ test_win_user_name }}" state="query"
+ register: win_user_account_locked_result
+
+- name: clear account locked flag if set
+ win_user: name="{{ test_win_user_name }}" account_locked=no
+ register: win_user_clear_account_locked_result
+ when: "win_user_account_locked_result.account_locked"
+
+- name: check clear account lockout result if account was locked
+ assert:
+ that:
+ - "win_user_clear_account_locked_result|changed"
+ - "not win_user_clear_account_locked_result.account_locked"
+ when: "win_user_account_locked_result.account_locked"
+
+- name: assign test user to a group
+ win_user: name="{{ test_win_user_name }}" groups="Users"
+ register: win_user_replace_groups_result
+
+- name: check assign user to group result
+ assert:
+ that:
+ - "win_user_replace_groups_result|changed"
+ - "win_user_replace_groups_result.groups|length == 1"
+ - "win_user_replace_groups_result.groups[0]['name'] == 'Users'"
+
+- name: assign test user to the same group
+ win_user:
+ name: "{{ test_win_user_name }}"
+ groups: ["Users"]
+ register: win_user_replace_groups_again_result
+
+- name: check assign user to group again result
+ assert:
+ that:
+ - "not win_user_replace_groups_again_result|changed"
+
+- name: add user to another group
+ win_user: name="{{ test_win_user_name }}" groups="Power Users" groups_action="add"
+ register: win_user_add_groups_result
+
+- name: check add user to another group result
+ assert:
+ that:
+ - "win_user_add_groups_result|changed"
+ - "win_user_add_groups_result.groups|length == 2"
+ - "win_user_add_groups_result.groups[0]['name'] in ('Users', 'Power Users')"
+ - "win_user_add_groups_result.groups[1]['name'] in ('Users', 'Power Users')"
+
+- name: add user to another group again
+ win_user:
+ name: "{{ test_win_user_name }}"
+ groups: "Power Users"
+ groups_action: add
+ register: win_user_add_groups_again_result
+
+- name: check add user to another group again result
+ assert:
+ that:
+ - "not win_user_add_groups_again_result|changed"
+
+- name: remove user from a group
+ win_user: name="{{ test_win_user_name }}" groups="Users" groups_action="remove"
+ register: win_user_remove_groups_result
+
+- name: check remove user from group result
+ assert:
+ that:
+ - "win_user_remove_groups_result|changed"
+ - "win_user_remove_groups_result.groups|length == 1"
+ - "win_user_remove_groups_result.groups[0]['name'] == 'Power Users'"
+
+- name: remove user from a group again
+ win_user:
+ name: "{{ test_win_user_name }}"
+ groups:
+ - "Users"
+ groups_action: remove
+ register: win_user_remove_groups_again_result
+
+- name: check remove user from group again result
+ assert:
+ that:
+ - "not win_user_remove_groups_again_result|changed"
+
+- name: reassign test user to multiple groups
+ win_user: name="{{ test_win_user_name }}" groups="Users, Guests" groups_action="replace"
+ register: win_user_reassign_groups_result
+
+- name: check reassign user groups result
+ assert:
+ that:
+ - "win_user_reassign_groups_result|changed"
+ - "win_user_reassign_groups_result.groups|length == 2"
+ - "win_user_reassign_groups_result.groups[0]['name'] in ('Users', 'Guests')"
+ - "win_user_reassign_groups_result.groups[1]['name'] in ('Users', 'Guests')"
+
+- name: reassign test user to multiple groups again
+ win_user:
+ name: "{{ test_win_user_name }}"
+ groups:
+ - "Users"
+ - "Guests"
+ groups_action: replace
+ register: win_user_reassign_groups_again_result
+
+- name: check reassign user groups again result
+ assert:
+ that:
+ - "not win_user_reassign_groups_again_result|changed"
+
+- name: remove user from all groups
+ win_user: name="{{ test_win_user_name }}" groups=""
+ register: win_user_remove_all_groups_result
+
+- name: check remove user from all groups result
+ assert:
+ that:
+ - "win_user_remove_all_groups_result|changed"
+ - "win_user_remove_all_groups_result.groups|length == 0"
+
+- name: remove user from all groups again
+ win_user:
+ name: "{{ test_win_user_name }}"
+ groups: []
+ register: win_user_remove_all_groups_again_result
+
+- name: check remove user from all groups again result
+ assert:
+ that:
+ - "not win_user_remove_all_groups_again_result|changed"
+
+- name: assign user to invalid group
+ win_user: name="{{ test_win_user_name }}" groups="Userz"
+ register: win_user_invalid_group_result
+ ignore_errors: true
+
+- name: check invalid group result
+ assert:
+ that:
+ - "win_user_invalid_group_result|failed"
+ - "win_user_invalid_group_result.msg"
+
+- name: remove test user when finished
+ win_user: name="{{ test_win_user_name }}" state="absent"
+ register: win_user_final_remove_result
+
+- name: check final user removal result
+ assert:
+ that:
+ - "win_user_final_remove_result|changed"
+ - "win_user_final_remove_result.name"
+ - "win_user_final_remove_result.msg"
+ - "win_user_final_remove_result.state == 'absent'"
+
+- name: test removed user with query state
+ win_user: name="{{ test_win_user_name }}" state="query"
+ register: win_user_removed_query_result
+
+- name: check removed query result
+ assert:
+ that:
+ - "not win_user_removed_query_result|changed"
+ - "win_user_removed_query_result.name"
+ - "win_user_removed_query_result.msg"
+ - "win_user_removed_query_result.state == 'absent'"
diff --git a/test/integration/test_winrm.yml b/test/integration/test_winrm.yml
index e2a282e..69d3b65 100644
--- a/test/integration/test_winrm.yml
+++ b/test/integration/test_winrm.yml
@@ -30,6 +30,7 @@
- { role: test_win_msi, tags: test_win_msi }
- { role: test_win_service, tags: test_win_service }
- { role: test_win_feature, tags: test_win_feature }
+ - { role: test_win_user, tags: test_win_user }
- { role: test_win_file, tags: test_win_file }
- { role: test_win_copy, tags: test_win_copy }
- { role: test_win_template, tags: test_win_template }
--
libgit2 0.26.0