From 7fec0b69a082aaeec72fee0612766aa42f6b1b4d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Thu, 18 Apr 2024 07:52:35 +0200 Subject: Merging upstream version 9.4.0+dfsg. Signed-off-by: Daniel Baumann --- .../integration/targets/computer/tasks/tests.yml | 6 + .../integration/targets/group/tasks/tests.yml | 20 +- .../inventory_ldap/roles/test/tasks/main.yml | 19 +- .../integration/targets/membership/ansible.cfg | 1 + .../integration/targets/membership/tasks/main.yml | 17 ++ .../integration/targets/object/tasks/tests.yml | 107 +++++++++ .../tests/integration/targets/user/tasks/tests.yml | 243 ++++++++++++++++++++- 7 files changed, 406 insertions(+), 7 deletions(-) (limited to 'ansible_collections/microsoft/ad/tests/integration') diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml index fb4eee366..2a403c3d5 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml +++ b/ansible_collections/microsoft/ad/tests/integration/targets/computer/tasks/tests.yml @@ -122,6 +122,7 @@ trusted_for_delegation: true upn: MyComputer@{{ domain_realm }} path: CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }} + protect_from_deletion: true register: custom_comp - set_fact: @@ -137,6 +138,7 @@ - msDS-AllowedToActOnBehalfOfOtherIdentity - msDS-SupportedEncryptionTypes - objectSid + - ProtectedFromAccidentalDeletion - sAMAccountName - servicePrincipalName - userAccountControl @@ -174,6 +176,7 @@ - custom_comp_actual.objects[0]['msDS-SupportedEncryptionTypes_AnsibleFlags'] == ["AES128_CTS_HMAC_SHA1_96", "AES256_CTS_HMAC_SHA1_96"] - custom_comp_actual.objects[0].sAMAccountName == 'SamMyComputer$' - custom_comp_actual.objects[0].ObjectClass == 'computer' + - custom_comp_actual.objects[0].ProtectedFromAccidentalDeletion == true - custom_comp_actual.objects[0].servicePrincipalName == 'HTTP/MyComputer' - custom_comp_actual.objects[0].userPrincipalName == 'MyComputer@' ~ domain_realm - '"ADS_UF_ACCOUNTDISABLE" in custom_comp_actual.objects[0].userAccountControl_AnsibleFlags' @@ -197,6 +200,7 @@ sam_account_name: MyComputer2$ trusted_for_delegation: false upn: mycomputer@{{ domain_realm }} + protect_from_deletion: false register: change_comp - name: get result of change computer with custom options @@ -207,6 +211,7 @@ - location - msDS-AllowedToActOnBehalfOfOtherIdentity - msDS-SupportedEncryptionTypes + - ProtectedFromAccidentalDeletion - sAMAccountName - userAccountControl - userPrincipalName @@ -235,6 +240,7 @@ - change_comp_actual.objects[0].location == 'comp location' - change_comp_actual.objects[0]['msDS-SupportedEncryptionTypes'] == 20 - change_comp_actual.objects[0]['msDS-SupportedEncryptionTypes_AnsibleFlags'] == ["RC4_HMAC", "AES256_CTS_HMAC_SHA1_96"] + - change_comp_actual.objects[0].ProtectedFromAccidentalDeletion == false - change_comp_actual.objects[0].sAMAccountName == 'MyComputer2$' - change_comp_actual.objects[0].userPrincipalName == 'mycomputer@' ~ domain_realm - '"ADS_UF_ACCOUNTDISABLE" not in change_comp_actual.objects[0].userAccountControl_AnsibleFlags' diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml index bdb1b95b7..b40041b0d 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml +++ b/ansible_collections/microsoft/ad/tests/integration/targets/group/tasks/tests.yml @@ -88,6 +88,14 @@ - 3 - 4 + - name: create test group with long name + group: + name: MyGroup2-ReallyLongGroupNameHere + state: present + scope: global + path: '{{ ou_info.distinguished_name }}' + register: test_group + - name: fail to find members to add to a group group: name: MyGroup @@ -109,6 +117,7 @@ add: - my_user_1 - '{{ test_users.results[2].sid }}' + - MyGroup2-ReallyLongGroupNameHere register: add_member_check check_mode: true @@ -133,6 +142,7 @@ add: - my_user_1 - '{{ test_users.results[2].sid }}' + - MyGroup2-ReallyLongGroupNameHere register: add_member - name: get result of add members to a group @@ -146,9 +156,10 @@ assert: that: - add_member is changed - - add_member_actual.objects[0].member | length == 2 + - add_member_actual.objects[0].member | length == 3 - test_users.results[0].distinguished_name in add_member_actual.objects[0].member - test_users.results[2].distinguished_name in add_member_actual.objects[0].member + - test_group.distinguished_name in add_member_actual.objects[0].member - name: add members to a group - idempotent group: @@ -158,6 +169,7 @@ add: - user_1@{{ domain_realm }} - '{{ test_users.results[2].object_guid }}' + - MyGroup2-ReallyLongGroupNameHere register: add_member_again - name: assert add members to a group - idempotent @@ -186,7 +198,8 @@ assert: that: - remove_member is changed - - remove_member_actual.objects[0].member == test_users.results[2].distinguished_name + - test_users.results[2].distinguished_name in remove_member_actual.objects[0].member + - test_group.distinguished_name in remove_member_actual.objects[0].member - name: remove member from a group - idempotent group: @@ -226,9 +239,10 @@ assert: that: - add_remove_member is changed - - add_remove_member_actual.objects[0].member | length == 2 + - add_remove_member_actual.objects[0].member | length == 3 - test_users.results[0].distinguished_name in add_remove_member_actual.objects[0].member - test_users.results[1].distinguished_name in add_remove_member_actual.objects[0].member + - test_group.distinguished_name in add_remove_member_actual.objects[0].member - name: set members group: diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/inventory_ldap/roles/test/tasks/main.yml b/ansible_collections/microsoft/ad/tests/integration/targets/inventory_ldap/roles/test/tasks/main.yml index 86b6d75e9..7e0bb2e2b 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/inventory_ldap/roles/test/tasks/main.yml +++ b/ansible_collections/microsoft/ad/tests/integration/targets/inventory_ldap/roles/test/tasks/main.yml @@ -93,6 +93,23 @@ assert: that: *default-assertion +- import_tasks: invoke.yml + vars: + scenario: LDAP through lookup templates + inventory: + plugin: microsoft.ad.ldap + server: !unsafe '{{ lookup("ansible.builtin.env", "LDAP_SERVER") }}' + username: !unsafe '{{ lookup("ansible.builtin.env", "LDAP_USERNAME") }}' + password: !unsafe '{{ lookup("ansible.builtin.env", "LDAP_PASSWORD") }}' + environment: + LDAP_SERVER: '{{ ldap_server }}' + LDAP_USERNAME: '{{ ldap_user }}' + LDAP_PASSWORD: '{{ ldap_pass }}' + +- name: assert LDAP through lookup templates + assert: + that: *default-assertion + - import_tasks: invoke.yml vars: scenario: LDAPS @@ -434,7 +451,7 @@ nothing_member: this_member: this raw_member: raw - computer_membership: this | map("regex_search", '^CN=(?P.+?)((?') | flatten + computer_membership: this | microsoft.ad.parse_dn | map(attribute="0.1") compose: host_var: computer_sid groups: diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/membership/ansible.cfg b/ansible_collections/microsoft/ad/tests/integration/targets/membership/ansible.cfg index 3a986973e..50093ac61 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/membership/ansible.cfg +++ b/ansible_collections/microsoft/ad/tests/integration/targets/membership/ansible.cfg @@ -1,3 +1,4 @@ [defaults] inventory = inventory.yml retry_files_enabled = False +callback_result_format = yaml diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml b/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml index e4fa96c8e..f66985da9 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml +++ b/ansible_collections/microsoft/ad/tests/integration/targets/membership/tasks/main.yml @@ -26,6 +26,23 @@ Get-ADComputer -Filter { Name -ne 'DC' } -Properties DistinguishedName, Name, Enabled | Select-Object -Property DistinguishedName, Name, Enabled +- name: join domain invalid OU + membership: + dns_domain_name: '{{ domain_realm }}' + domain_admin_user: '{{ domain_user_upn }}' + domain_admin_password: '{{ domain_password }}' + domain_ou_path: CN=Invalid,{{ domain_dn_base }} + state: domain + reboot: true + ignore_errors: true + register: join_domain_invalid_ou + +- name: assert join domain invalid OU + assert: + that: + - join_domain_invalid_ou is failed + - join_domain_invalid_ou.msg.endswith('Check domain_ou_path is pointing to a valid OU in the target domain.') + - name: join domain - check mode membership: dns_domain_name: '{{ domain_realm }}' diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/object/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/object/tasks/tests.yml index b642ce6eb..b18160926 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/object/tasks/tests.yml +++ b/ansible_collections/microsoft/ad/tests/integration/targets/object/tasks/tests.yml @@ -441,6 +441,59 @@ - move_ou_actual.objects[0].DistinguishedName == 'OU=TestOU 2,' ~ sub_ous.results[0].distinguished_name - move_ou_actual.objects[0].ProtectedFromAccidentalDeletion == true +- name: do not move object in non default path without path - check + object: + name: TestOU 2 + identity: '{{ sub_ous.results[1].object_guid }}' + type: organizationalUnit + attributes: + set: + description: Test comment + register: dont_move_no_path_check + check_mode: true + +- name: get result of do not move object in non default path without path - check + object_info: + identity: '{{ sub_ous.results[1].object_guid }}' + properties: + - description + register: dont_move_no_path_check_actual + +- name: assert do not move object in non default path without path - check + assert: + that: + - dont_move_no_path_check is changed + - dont_move_no_path_check.distinguished_name == 'OU=TestOU 2,' ~ sub_ous.results[0].distinguished_name + - dont_move_no_path_check_actual.objects[0].Name == 'TestOU 2' + - dont_move_no_path_check_actual.objects[0].DistinguishedName == 'OU=TestOU 2,' ~ sub_ous.results[0].distinguished_name + - dont_move_no_path_check_actual.objects[0].Description == None + +- name: do not move object in non default path without path + object: + name: TestOU 2 + identity: '{{ sub_ous.results[1].object_guid }}' + type: organizationalUnit + attributes: + set: + description: Test comment + register: dont_move_no_path + +- name: get result of do not move object in non default path without path + object_info: + identity: '{{ sub_ous.results[1].object_guid }}' + properties: + - description + register: dont_move_no_path_actual + +- name: assert do not move object in non default path without path - check + assert: + that: + - dont_move_no_path is changed + - dont_move_no_path.distinguished_name == 'OU=TestOU 2,' ~ sub_ous.results[0].distinguished_name + - dont_move_no_path_actual.objects[0].Name == 'TestOU 2' + - dont_move_no_path_actual.objects[0].DistinguishedName == 'OU=TestOU 2,' ~ sub_ous.results[0].distinguished_name + - dont_move_no_path_actual.objects[0].Description == 'Test comment' + - name: remove object that is protected from deletion - check object: name: My, Container @@ -1444,3 +1497,57 @@ assert: that: - not unset_normal_again is changed + +- name: move object back into the default path - check + object: + name: My, Container + identity: '{{ object_identity }}' + type: container + path: microsoft.ad.default_path + register: move_into_default_check + check_mode: true + +- name: get result of move object back into the default path - check + object_info: + identity: '{{ object_identity }}' + register: move_into_default_check_actual + +- name: assert move object back into the default path - check + assert: + that: + - move_into_default_check is changed + - move_into_default_check.distinguished_name == 'CN=My\, Container,' ~ setup_domain_info.output[0].defaultNamingContext + - move_into_default_check_actual.objects[0].DistinguishedName == 'CN=My\, Container,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext + +- name: move object back into the default path + object: + name: My, Container + identity: '{{ object_identity }}' + type: container + path: microsoft.ad.default_path + register: move_into_default + +- name: get result of move object back into the default path + object_info: + identity: '{{ object_identity }}' + register: move_into_default_actual + +- name: assert move object back into the default path + assert: + that: + - move_into_default is changed + - move_into_default.distinguished_name == 'CN=My\, Container,' ~ setup_domain_info.output[0].defaultNamingContext + - move_into_default_actual.objects[0].DistinguishedName == 'CN=My\, Container,' ~ setup_domain_info.output[0].defaultNamingContext + +- name: move object back into the default path - idempotent + object: + name: My, Container + identity: '{{ object_identity }}' + type: container + path: microsoft.ad.default_path + register: move_into_default_again + +- name: assert move object back into the default path - idempotent + assert: + that: + - not move_into_default_again is changed diff --git a/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml b/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml index e06c54959..98718da6f 100644 --- a/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml +++ b/ansible_collections/microsoft/ad/tests/integration/targets/user/tasks/tests.yml @@ -177,11 +177,125 @@ that: - not move_user_again is changed +- name: update user not in default path by identity - check + user: + name: MyUser2 + identity: '{{ object_sid }}' + firstname: first name + register: dont_move_no_path_check + check_mode: true + +- name: get result of update user not in default path by identity - check + object_info: + identity: '{{ object_identity }}' + properties: + - givenName + register: dont_move_no_path_check_actual + check_mode: true + +- name: assert update user not in default path by identity - check + assert: + that: + - dont_move_no_path_check is changed + - dont_move_no_path_check.distinguished_name == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext + - dont_move_no_path_check_actual.objects[0].DistinguishedName == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext + - dont_move_no_path_check_actual.objects[0].Name == 'MyUser2' + - dont_move_no_path_check_actual.objects[0].givenName == None + +- name: update user not in default path by identity + user: + name: MyUser2 + identity: '{{ object_sid }}' + firstname: first name + register: dont_move_no_path + +- name: get result of update user not in default path by identity + object_info: + identity: '{{ object_identity }}' + properties: + - givenName + register: dont_move_no_path_actual + check_mode: true + +- name: assert update user not in default path by identity - check + assert: + that: + - dont_move_no_path is changed + - dont_move_no_path.distinguished_name == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext + - dont_move_no_path_actual.objects[0].DistinguishedName == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext + - dont_move_no_path_actual.objects[0].Name == 'MyUser2' + - dont_move_no_path_actual.objects[0].givenName == 'first name' + +- name: update user without name + user: + identity: MyUser + firstname: first name + register: check_by_identity + +- name: assert update user without name + assert: + that: + - not check_by_identity is changed + - check_by_identity.distinguished_name == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext + +- name: move user back - check + user: + name: MyUser + identity: MyUser + path: microsoft.ad.default_path + register: move_with_path_sentinel_check + check_mode: true + +- name: get result of move user back - check + object_info: + identity: '{{ object_identity }}' + properties: + - sAMAccountName + register: move_with_path_sentinel_check_actual + +- name: assert move user back - check + assert: + that: + - move_with_path_sentinel_check is changed + - move_with_path_sentinel_check.distinguished_name == 'CN=MyUser,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext + - move_with_path_sentinel_check_actual.objects[0].DistinguishedName == 'CN=MyUser2,' ~ setup_domain_info.output[0].defaultNamingContext + - move_with_path_sentinel_check_actual.objects[0].Name == 'MyUser2' + - move_with_path_sentinel_check_actual.objects[0].sAMAccountName == 'MyUser' + - name: move user back user: name: MyUser - identity: MyUser # By sAMAccountName - path: CN=Users,{{ setup_domain_info.output[0].defaultNamingContext }} + identity: MyUser + path: microsoft.ad.default_path + register: move_with_path_sentinel + +- name: get result of move user back + object_info: + identity: '{{ object_identity }}' + properties: + - sAMAccountName + register: move_with_path_sentinel_actual + +- name: assert move user back + assert: + that: + - move_with_path_sentinel is changed + - move_with_path_sentinel.distinguished_name == 'CN=MyUser,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext + - move_with_path_sentinel_actual.objects[0].DistinguishedName == 'CN=MyUser,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext + - move_with_path_sentinel_actual.objects[0].Name == 'MyUser' + - move_with_path_sentinel_actual.objects[0].sAMAccountName == 'MyUser' + +- name: move user back - idempotent + user: + name: MyUser + identity: MyUser + path: microsoft.ad.default_path + register: move_with_path_sentinel_again + +- name: assert move user back - idempotent + assert: + that: + - not move_with_path_sentinel_again is changed - name: update password from blank - skip for on_create user: @@ -274,6 +388,29 @@ - always_update_password is changed - always_update_password_actual.objects[0].pwdLastSet > change_pass_actual.objects[0].pwdLastSet +- name: expire account for subsequent password check + user: + name: MyUser + attributes: + set: + accountExpires: + type: date_time + value: '2000-01-01T00:00:00.0000000Z' + +# There's no way to validate a password on an expired account, this will +# result in a change even if the password is the same +- name: update password for expired account + user: + name: MyUser + password: Password123! + update_password: when_changed + register: update_password_on_expired_account + +- name: assert update password for expired account + assert: + that: + - update_password_on_expired_account is changed + - name: remove user - check user: name: MyUser @@ -392,6 +529,7 @@ password_never_expires: true path: '{{ setup_domain_info.output[0].defaultNamingContext }}' postal_code: 4000 + protect_from_deletion: false sam_account_name: MyUserSam spn: set: @@ -404,6 +542,9 @@ attributes: set: comment: My comment + accountExpires: + type: date_time + value: '3023-07-31T00:00:00.0000000Z' register: create_user_check check_mode: true @@ -441,6 +582,7 @@ password_never_expires: true path: '{{ setup_domain_info.output[0].defaultNamingContext }}' postal_code: 4000 + protect_from_deletion: false sam_account_name: MyUserSam spn: set: @@ -453,6 +595,9 @@ attributes: set: comment: My comment + accountExpires: + type: date_time + value: '3023-07-31T00:00:00.0000000Z' register: create_user - set_fact: @@ -463,6 +608,7 @@ object_info: identity: '{{ object_identity }}' properties: + - accountExpires - c - comment - company @@ -476,6 +622,7 @@ - objectSid - postalcode - primaryGroupID + - ProtectedFromAccidentalDeletion - pwdLastSet - sAMAccountName - servicePrincipalName @@ -512,6 +659,7 @@ - create_user_actual.objects[0].Description == 'User Description' - create_user_actual.objects[0].DisplayName == 'User Name' - create_user_actual.objects[0].DistinguishedName == 'CN=MyUser,' ~ setup_domain_info.output[0].defaultNamingContext + - create_user_actual.objects[0].accountExpires == 448921440000000000 - create_user_actual.objects[0].c == 'au' - create_user_actual.objects[0].comment == 'My comment' - create_user_actual.objects[0].company == 'Red Hat' @@ -522,6 +670,7 @@ - create_user_actual.objects[0].memberOf == 'CN=Domain Admins,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext - create_user_actual.objects[0].postalcode == '4000' - create_user_actual.objects[0].primaryGroupID == 513 # Domain Users + - create_user_actual.objects[0].ProtectedFromAccidentalDeletion == false - create_user_actual.objects[0].pwdLastSet > 0 - create_user_actual.objects[0].sAMAccountName == 'MyUserSam' - create_user_actual.objects[0].servicePrincipalName == 'HTTP/MyUser' @@ -555,6 +704,7 @@ password_never_expires: true path: '{{ setup_domain_info.output[0].defaultNamingContext }}' postal_code: 4000 + protect_from_deletion: false sam_account_name: MyUserSam spn: set: @@ -568,6 +718,9 @@ attributes: set: comment: My comment + accountExpires: + type: date_time + value: '3023-07-31T00:00:00.0000000Z' register: create_user_again - name: assert create user with extra info - idempotent @@ -575,6 +728,27 @@ that: - not create_user_again is changed +- name: update user by identity + user: + identity: MyUserSam + postal_code: 4001 + register: update_by_identity + +- name: get result of update user by identity + object_info: + identity: '{{ object_identity }}' + properties: + - postalcode + register: update_by_identity_actual + +- name: assert create user with extra info + assert: + that: + - update_by_identity is changed + - update_by_identity_actual.objects | length == 1 + - update_by_identity_actual.objects[0].DistinguishedName == 'CN=MyUser,' ~ setup_domain_info.output[0].defaultNamingContext + - update_by_identity_actual.objects[0].postalcode == '4001' + - name: update user settings - check user: name: MyUser @@ -609,6 +783,9 @@ attributes: set: comment: My Comment + accountExpires: + type: date_time + value: '3023-07-31T00:00:00.0000001Z' register: update_user_check check_mode: true @@ -616,6 +793,7 @@ object_info: identity: '{{ object_identity }}' properties: + - accountExpires - c - comment - company @@ -629,6 +807,7 @@ - objectSid - postalcode - primaryGroupID + - ProtectedFromAccidentalDeletion - pwdLastSet - sAMAccountName - servicePrincipalName @@ -649,6 +828,7 @@ - update_user_check_actual.objects[0].Description == 'User Description' - update_user_check_actual.objects[0].DisplayName == 'User Name' - update_user_check_actual.objects[0].DistinguishedName == 'CN=MyUser,' ~ setup_domain_info.output[0].defaultNamingContext + - update_user_check_actual.objects[0].accountExpires == 448921440000000000 - update_user_check_actual.objects[0].c == 'au' - update_user_check_actual.objects[0].comment == 'My comment' - update_user_check_actual.objects[0].company == 'Red Hat' @@ -657,8 +837,9 @@ - update_user_check_actual.objects[0].mail == 'user@EMAIL.COM' # Domain Users is the primaryGroupID entry - update_user_check_actual.objects[0].memberOf == 'CN=Domain Admins,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext - - update_user_check_actual.objects[0].postalcode == '4000' + - update_user_check_actual.objects[0].postalcode == '4001' - update_user_check_actual.objects[0].primaryGroupID == 513 # Domain Users + - update_user_check_actual.objects[0].ProtectedFromAccidentalDeletion == false - update_user_check_actual.objects[0].pwdLastSet > 0 - update_user_check_actual.objects[0].sAMAccountName == 'MyUserSam' - update_user_check_actual.objects[0].servicePrincipalName == 'HTTP/MyUser' @@ -703,12 +884,16 @@ attributes: set: comment: My Comment + accountExpires: + type: date_time + value: '3023-07-31T00:00:00.0000001Z' register: update_user - name: get result of update user settings object_info: identity: '{{ object_identity }}' properties: + - accountExpires - c - comment - company @@ -757,6 +942,7 @@ - update_user_actual.objects[0].Description == 'User description' - update_user_actual.objects[0].DisplayName == 'User name' - update_user_actual.objects[0].DistinguishedName == 'CN=MyUser,' ~ setup_domain_info.output[0].defaultNamingContext + - update_user_actual.objects[0].accountExpires == 448921440000000001 - update_user_actual.objects[0].c == 'us' - update_user_actual.objects[0].comment == 'My Comment' - update_user_actual.objects[0].company == 'Ansible' @@ -1063,3 +1249,54 @@ that: - spn_add is changed - spn_add_actual.objects[0].servicePrincipalName == ['HTTP/fake', 'HTTP/host.domain:8080', 'HTTP/host'] + +- name: remove user for next test + user: + identity: '{{ object_identity }}' + state: absent + +- name: create user by identity - check + user: + identity: UserId + password: Password123 + state: present + register: create_user_by_id_check + check_mode: true + +- name: get result of create user by identity - check + object_info: + ldap_filter: (sAMAccountName=MyUser) + register: create_user_by_id_actual_check + +- name: assert create user by identity - check + assert: + that: + - create_user_by_id_check is changed + - create_user_by_id_check.distinguished_name == 'CN=UserId,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext + - create_user_by_id_actual_check.objects == [] + +- name: create user by identity + user: + identity: UserId + password: Password123 + state: present + register: create_user_by_id + +- set_fact: + object_identity: '{{ create_user_by_id.object_guid }}' + +- name: get result for create user by identity + object_info: + identity: '{{ object_identity }}' + properties: + - sAMAccountName + register: create_user_by_id_actual + +- name: assert create user by identity + assert: + that: + - create_user_by_id is changed + - create_user_by_id.distinguished_name == 'CN=UserId,CN=Users,' ~ setup_domain_info.output[0].defaultNamingContext + - create_user_by_id_actual.objects[0].DistinguishedName == create_user_by_id.distinguished_name + - create_user_by_id_actual.objects[0].Name == 'UserId' + - create_user_by_id_actual.objects[0].sAMAccountName == 'UserId' -- cgit v1.2.3