internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-06 05:12:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

win_iis_webbinding rewrite (#33958)

Browse Source 
* Begin rewrite of win_iis_webbinding
Add integration testing, check mode and idempotency
Add support for SNI
Fix replacing SSL cert on existing bindings

* finished up initial rewrite of win_iis_webbinding

* updated test to remove tests as filters

* updated win_iis_webbinding docs

* fix more doc/formatting issues win_iis_webbinding

* Removed string empty defaults for certs. Added a few new helpful
comments.

* Revert "Removed string empty defaults for certs. Added a few new helpful"

This reverts commit 48f35faea8d5294b34e1aa842a95c9352b90257f.
This commit is contained in:
nwsparks
2018-01-01 19:30:18 -05:00
committed by ansibot
parent e3b49a7aeb
commit 0a3da471f5
11 changed files with 2153 additions and 171 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
test/integration/targets/win_iis_webbinding/aliases Normal file
View File

@@ -0,0 +1 @@
windows/ci/group2

30
test/integration/targets/win_iis_webbinding/defaults/main.yml Normal file
View File

@@ -0,0 +1,30 @@
test_iis_site_name: default web site
http_vars:
protocol: http
port: 80
ip: '*'
http_header_vars:
protocol: http
port: 80
ip: '*'
header: test.com
https_vars:
protocol: https
port: 443
ip: '*'
https_header_vars:
protocol: https
port: 443
ip: '*'
header: test.com
ssl_flags: 1
https_wc_vars:
protocol: https
port: 443
ip: '127.0.0.1'
header: wc.test.com

122
test/integration/targets/win_iis_webbinding/library/test_get_webbindings.ps1 Normal file
View File

@@ -0,0 +1,122 @@
#!powershell
# Copyright: (c) 2017, Noah Sparks <nsparks@outlook.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#Requires -Module Ansible.ModuleUtils.Legacy
#
$params = Parse-Args -arguments $args -supports_check_mode $true
$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false
$name = Get-AnsibleParam $params -name "name" -type str -failifempty $true -aliases 'website'
#$state = Get-AnsibleParam $params "state" -default "present" -validateSet "present","absent"
$host_header = Get-AnsibleParam $params -name "host_header" -type str
$protocol = Get-AnsibleParam $params -name "protocol" -type str -default 'http'
$port = Get-AnsibleParam $params -name "port" -type int -default '80'
$ip = Get-AnsibleParam $params -name "ip" -default '*'
$certificateHash = Get-AnsibleParam $params -name "certificate_hash" -type str
$certificateStoreName = Get-AnsibleParam $params -name "certificate_store_name" -type str
$sslFlags = Get-AnsibleParam $params -name "ssl_flags" -type int -default '0' -ValidateSet '0','1','2','3'
$result = @{
changed = $false
}
function Create-BindingInfo {
$ht = @{
'bindingInformation' = $args[0].bindingInformation
'ip' = $args[0].bindingInformation.split(':')[0]
'port' = [int]$args[0].bindingInformation.split(':')[1]
'hostheader' = $args[0].bindingInformation.split(':')[2]
'isDsMapperEnabled' = $args[0].isDsMapperEnabled
'protocol' = $args[0].protocol
'certificateStoreName' = $args[0].certificateStoreName
'certificateHash' = $args[0].certificateHash
}
#handle sslflag support
If ([version][System.Environment]::OSVersion.Version -lt [version]'6.2')
{
$ht.sslFlags = 'not supported'
}
Else
{
$ht.sslFlags = [int]$args[0].sslFlags
}
Return $ht
}
# Used instead of get-webbinding to ensure we always return a single binding
# pass it $binding_parameters hashtable
function Get-SingleWebBinding {
$bind_search_splat = @{
'name' = $args[0].name
'protocol' = $args[0].protocol
'port' = $args[0].port
'ip' = $args[0].ip
'hostheader' = $args[0].hostheader
}
# if no bindings exist, get-webbinding fails with an error that can't be ignored via error actions on older systems
# let's ignore that specific error
If (-not $bind_search_splat['hostheader'])
{
Try {
Get-WebBinding @bind_search_splat | Where-Object {$_.BindingInformation.Split(':')[-1] -eq [string]::Empty}
}
Catch {
If (-not $_.Exception.Message.CompareTo('Cannot process argument because the value of argument "obj" is null. Change the value of argument "obj" to a non-null value'))
{
Throw $_.Exception.Message
}
}
}
Else
{
Try {
Get-WebBinding @bind_search_splat
}
Catch {
If (-not $_.Exception.Message.CompareTo('Cannot process argument because the value of argument "obj" is null. Change the value of argument "obj" to a non-null value'))
{
Throw $_.Exception.Message
}
}
}
}
# create binding search splat
$binding_parameters = @{
Name = $name
Protocol = $protocol
Port = $port
IPAddress = $ip
}
# insert host header to search if specified, otherwise it will return * (all bindings matching protocol/ip)
If ($host_header)
{
$binding_parameters.HostHeader = $host_header
}
# Get bindings matching parameters
Try {
$current_bindings = Get-SingleWebBinding $binding_parameters
}
Catch {
Fail-Json -obj $result -message "Failed to retrieve bindings with Get-SingleWebBinding - $($_.Exception.Message)"
}
If ($current_bindings)
{
Try {
$binding_info = Create-BindingInfo $current_bindings
}
Catch {
Fail-Json -obj $result -message "Failed to create binding info - $($_.Exception.Message)"
}
$result.binding = $binding_info
}
exit-json -obj $result

74
test/integration/targets/win_iis_webbinding/tasks/failures.yml Normal file
View File

@@ -0,0 +1,74 @@
- name: failure check bind with host header but no wc or sni
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: test.com
protocol: https
ip: '*'
port: 443
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
ssl_flags: 0
register: failure
failed_when:
- failure.msg != "You cannot specify host headers with SSL unless it is a wildcard certificate."
- failure.msg != "You cannot specify host headers with SSL unless it is a wildcard certificate or SNI is enabled."
- debug:
var: failure
verbosity: 1
- block:
- name: get all websites from server
raw: powershell.exe "(get-website).name"
register: existing_sites
- name: ensure all sites are removed for clean testing
win_iis_website:
name: "{{ item }}"
state: absent
with_items:
- "{{ existing_sites.stdout_lines }}"
- name: add sites
win_iis_website:
name: "{{ item.name }}"
state: started
ip: 127.0.0.1
port: "{{ item.port }}"
physical_path: c:\inetpub\wwwroot
with_items:
- {name: testconflict1, port: 8080}
- {name: testconflict2, port: 8081}
- name: add https binding to testconflict1
win_iis_webbinding:
name: testconflict1
state: present
protocol: https
port: 443
ip: 127.0.0.1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
- name: add https binding to testconflict2 (expect failure)
win_iis_webbinding:
name: testconflict2
state: present
protocol: https
ip: 127.0.0.1
port: 443
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: failure
failed_when: '"A conflicting binding has been found on the same ip" not in failure.msg'
- debug:
var: failure
verbosity: 1
always:
- name: remove websites
win_iis_website:
name: "{{ item }}"
state: absent
with_items:
- testconflict1
- testconflict2

372
test/integration/targets/win_iis_webbinding/tasks/http.yml Normal file
View File

@@ -0,0 +1,372 @@
#cm add
#changed true, check nothing present
- name: CM add http binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: http_no_header
check_mode: yes
- name: CM get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: get_http_no_header
changed_when: false
- name: CM add http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: http_header
check_mode: yes
- name: CM get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: get_http_header
changed_when: false
- name: CM assert changed, but not added
assert:
that:
- http_no_header is changed
- http_no_header.binding_info is none
- get_http_no_header.binding is not defined
- http_header is changed
- http_header.binding_info is none
- get_http_header.binding is not defined
#add
#changed true, new bindings present
- name: add http binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: http_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: get_http_no_header
changed_when: false
- name: add http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: http_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: get_http_header
changed_when: false
- name: assert changed and added
assert:
that:
- http_no_header is changed
- http_no_header.binding_info is defined
- http_no_header.operation_type == 'added'
- http_no_header.binding_info.ip == "{{ http_vars.ip }}"
- http_no_header.binding_info.port == {{ http_vars.port }}
- http_no_header.binding_info.protocol == "{{ http_vars.protocol }}"
- http_header is changed
- http_header.binding_info is defined
- http_header.operation_type == 'added'
- http_header.binding_info.ip == "{{ http_header_vars.ip }}"
- http_header.binding_info.port == {{ http_header_vars.port }}
- http_header.binding_info.protocol == "{{ http_header_vars.protocol }}"
- http_header.binding_info.hostheader == "{{ http_header_vars.header }}"
#add idem
#changed false
- name: idem add http binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: http_no_header
- name: idem add http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: http_header
- name: idem assert not changed
assert:
that:
- http_no_header is not changed
- http_header is not changed
#modify
#can't test modify for http, it will add a new binding instead since
#there's no way to match existing bindings against the new parameters
#cm remove
#changed true, bindings still present
- name: cm remove http binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: http_no_header
check_mode: yes
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: get_http_no_header
changed_when: false
- name: cm remove http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: http_header
check_mode: yes
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: get_http_header
changed_when: false
- name: cm remove assert changed, but still present
assert:
that:
- http_no_header is changed
- http_no_header.binding_info is defined
- http_no_header.operation_type == 'removed'
- http_no_header.binding_info.ip == "{{ http_vars.ip }}"
- http_no_header.binding_info.port == {{ http_vars.port }}
- http_no_header.binding_info.protocol == "{{ http_vars.protocol }}"
- get_http_no_header.binding is defined
- get_http_no_header.binding.ip == "{{ http_vars.ip }}"
- get_http_no_header.binding.port == {{ http_vars.port }}
- get_http_no_header.binding.protocol == "{{ http_vars.protocol }}"
- http_header is changed
- http_header.binding_info is defined
- http_header.operation_type == 'removed'
- http_header.binding_info.ip == "{{ http_header_vars.ip }}"
- http_header.binding_info.port == {{ http_header_vars.port }}
- http_header.binding_info.protocol == "{{ http_header_vars.protocol }}"
- http_header.binding_info.hostheader == "{{ http_header_vars.header }}"
- get_http_header.binding is defined
- get_http_header.binding.ip == "{{ http_header_vars.ip }}"
- get_http_header.binding.port == {{ http_header_vars.port }}
- get_http_header.binding.protocol == "{{ http_header_vars.protocol }}"
- get_http_header.binding.hostheader == "{{ http_header_vars.header }}"
#remove
#changed true, bindings gone
- name: remove http binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: http_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: get_http_no_header
changed_when: false
- name: remove http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: http_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: get_http_header
changed_when: false
- name: remove assert changed and gone
assert:
that:
- http_no_header is changed
- http_no_header.operation_type == 'removed'
- http_no_header.binding_info is defined
- http_no_header.binding_info.ip == "{{ http_vars.ip }}"
- http_no_header.binding_info.port == {{ http_vars.port }}
- http_no_header.binding_info.protocol == "{{ http_vars.protocol }}"
- get_http_no_header.binding is not defined
- http_header is changed
- http_header.binding_info is defined
- http_header.operation_type == 'removed'
- http_header.binding_info.ip == "{{ http_header_vars.ip }}"
- http_header.binding_info.port == {{ http_header_vars.port }}
- http_header.binding_info.protocol == "{{ http_header_vars.protocol }}"
- http_header.binding_info.hostheader == "{{ http_header_vars.header }}"
- get_http_header.binding is not defined
#remove idem
#change false, bindings gone
- name: idem remove http binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: http_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ http_vars.protocol }}"
ip: "{{ http_vars.ip }}"
port: "{{ http_vars.port }}"
register: get_http_no_header
changed_when: false
- name: idem remove http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: http_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ http_header_vars.header }}"
protocol: "{{ http_header_vars.protocol }}"
ip: "{{ http_header_vars.ip }}"
port: "{{ http_header_vars.port }}"
register: get_http_header
changed_when: false
- name: idem remove assert changed and gone
assert:
that:
- http_no_header is not changed
- http_no_header.binding_info is not defined
- get_http_no_header.binding is not defined
- http_header is not changed
- http_header.binding_info is not defined
- get_http_header.binding is not defined
#bulk remove cm
#add multiple bindings - verify they're present
- name: bulk add http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ item }}"
protocol: http
ip: '*'
port: 80
register: http_header
with_items:
- test1.com
- test2.com
- test3.com
- name: assert that 3 bindings were added
assert:
that:
- http_header is changed
- http_header | json_query('results[*].binding_info') | length == 3
#cm remove with host_header: '*' - verify changed true and that bulk remove tries to get them all
#remove with host_header: '*'
- name: bulk remove http binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: '*'
protocol: http
ip: '*'
port: 80
register: http_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ item }}"
protocol: http
ip: '*'
port: 80
register: get_http_header
changed_when: false
with_items:
- test1.com
- test2.com
- test3.com
- name: bulk remove assert that bindings are gone
assert:
that:
- http_header is changed
- http_header.binding_info | length == 3

459
test/integration/targets/win_iis_webbinding/tasks/https-ge6.2.yml Normal file
View File

@@ -0,0 +1,459 @@
##############
### CM Add ###
##############
#changed true, check nothing present
- name: CM add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
check_mode: yes
- name: CM get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: CM add https binding with header and SNI
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_header
check_mode: yes
- name: CM get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: CM assert changed, but not added
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'added'
- https_no_header.binding_info is none
- get_https_no_header.binding is not defined
- https_header is changed
- https_header.operation_type == 'added'
- https_header.binding_info is none
- get_https_header.binding is not defined
###########
### Add ###
###########
#changed true, new bindings present
- name: add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: add https binding with header SNI
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: assert changed and added
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'added'
- https_no_header.binding_info is defined
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.hostheader == ''
- https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header is changed
- https_header.operation_type == 'added'
- https_header.binding_info is defined
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header.binding_info.sslFlags == 1
################
### Idem Add ###
################
#changed false
- name: idem add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: https
ip: '*'
port: 443
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
- name: idem add https binding with header and SNI
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: test.com
protocol: https
ip: '*'
port: 443
ssl_flags: 1
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_header
- name: idem assert not changed
assert:
that:
- https_no_header is not changed
- https_header is not changed
#################
### CM Modify ###
#################
# changed true, verify no changes occurred
#modify sni
- name: CM modify https binding with header, change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
check_mode: yes
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: CM assert changed but old cert
assert:
that:
- https_header is changed
- https_header.operation_type == 'updated'
- https_header.binding_info is defined
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- https_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header.binding_info.sslFlags == 1
- get_https_header.binding is defined
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
- get_https_header.binding.port == {{ https_header_vars.port }}
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- get_https_header.binding.sslFlags == 1
##############
### Modify ###
##############
# modify ssl flags
- name: modify https binding with header, change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: modify assert changed and new cert
assert:
that:
- https_header is changed
- https_header.operation_type == 'updated'
- https_header.binding_info is defined
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- https_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
- https_header.binding_info.sslFlags == 1
- get_https_header.binding is defined
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
- get_https_header.binding.port == {{ https_header_vars.port }}
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
- get_https_header.binding.sslFlags == 1
###################
### Idem Modify ###
###################
#changed false
#idem modify ssl flags
- name: idem modify https binding with header, enable SNI and change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
ssl_flags: 1
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
- name: idem assert not changed
assert:
that:
- https_header is not changed
#################
### CM Remove ###
#################
#changed true, bindings still present
- name: cm remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
check_mode: yes
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: cm remove https binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: https_header
check_mode: yes
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: cm remove assert changed, but still present
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'removed'
- https_no_header.binding_info is defined
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding is defined
- get_https_no_header.binding.ip == "{{ https_vars.ip }}"
- get_https_no_header.binding.port == {{ https_vars.port }}
- get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- https_header is changed
- https_header.binding_info is defined
- https_header.operation_type == 'removed'
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding is defined
- get_https_header.binding.ip == "{{ https_header_vars.ip }}"
- get_https_header.binding.port == {{ https_header_vars.port }}
- get_https_header.binding.protocol == "{{ https_header_vars.protocol }}"
- get_https_header.binding.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
##############
### remove ###
##############
#changed true, bindings gone
- name: remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: remove https binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: remove assert changed and gone
assert:
that:
- https_no_header is changed
- https_no_header.binding_info is defined
- https_no_header.operation_type == 'removed'
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding is not defined
- https_header is changed
- https_header.binding_info is defined
- https_header.operation_type == 'removed'
- https_header.binding_info.ip == "{{ https_header_vars.ip }}"
- https_header.binding_info.port == {{ https_header_vars.port }}
- https_header.binding_info.protocol == "{{ https_header_vars.protocol }}"
- https_header.binding_info.hostheader == "{{ https_header_vars.header }}"
- get_https_header.binding is not defined
###################
### remove idem ###
###################
#change false, bindings gone
- name: idem remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: idem remove https binding with header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: https_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
host_header: "{{ https_header_vars.header }}"
protocol: "{{ https_header_vars.protocol }}"
ip: "{{ https_header_vars.ip }}"
port: "{{ https_header_vars.port }}"
register: get_https_header
changed_when: false
- name: idem remove assert changed and gone
assert:
that:
- https_no_header is not changed
- https_no_header.binding_info is not defined
- get_https_no_header.binding is not defined
- https_header is not changed
- https_header.binding_info is not defined
- get_https_header.binding is not defined

423
test/integration/targets/win_iis_webbinding/tasks/https-lt6.2.yml Normal file
View File

@@ -0,0 +1,423 @@
##############
### CM Add ###
##############
#changed true, check nothing present
- name: CM add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
check_mode: yes
- name: CM get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: CM assert changed, but not added
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'added'
- https_no_header.binding_info is none
- get_https_no_header.binding is not defined
###########
### Add ###
###########
#changed true, new bindings present
- name: add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
- name: assert changed and added
assert:
that:
- https_no_header is changed
- https_no_header.binding_info is defined
- https_no_header.operation_type == 'added'
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- https_no_header.binding_info.hostheader == ''
- https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
################
### Idem Add ###
################
#changed false
- name: idem add https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint1.stdout_lines[0] }}"
register: https_no_header
- name: idem assert not changed
assert:
that:
- https_no_header is not changed
#################
### CM Modify ###
#################
# changed true, verify no changes occurred
#modify sni
- name: CM modify https binding change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_no_header
check_mode: yes
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: CM assert changed but old cert
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'updated'
- https_no_header.binding_info is defined
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- https_no_header.binding_info.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
- get_https_no_header.binding is defined
- get_https_no_header.binding.ip == "{{ https_vars.ip }}"
- get_https_no_header.binding.port == {{ https_vars.port }}
- get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding.certificateHash == "{{ thumbprint1.stdout_lines[0] }}"
##############
### Modify ###
##############
# modify ssl flags
- name: modify https binding, change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_no_header
- name: get binding info header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: modify assert changed and new cert
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'updated'
- https_no_header.binding_info is defined
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- https_no_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
- get_https_no_header.binding is defined
- get_https_no_header.binding.ip == "{{ https_vars.ip }}"
- get_https_no_header.binding.port == {{ https_vars.port }}
- get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding.hostheader == ''
- get_https_no_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
###################
### Idem Modify ###
###################
#changed false
#idem modify ssl flags
- name: idem modify https binding and change cert
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: present
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
certificate_hash: "{{ thumbprint2.stdout_lines[0] }}"
register: https_header
- name: idem assert not changed
assert:
that:
- https_header is not changed
#################
### CM Remove ###
#################
#changed true, bindings still present
- name: cm remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
check_mode: yes
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: cm remove assert changed, but still present
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'removed'
- https_no_header.binding_info is defined
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- https_no_header.binding_info.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
- get_https_no_header.binding is defined
- get_https_no_header.binding.ip == "{{ https_vars.ip }}"
- get_https_no_header.binding.port == {{ https_vars.port }}
- get_https_no_header.binding.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding.certificateHash == "{{ thumbprint2.stdout_lines[0] }}"
##############
### remove ###
##############
#changed true, bindings gone
- name: remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: remove assert changed and gone
assert:
that:
- https_no_header is changed
- https_no_header.operation_type == 'removed'
- https_no_header.binding_info is defined
- https_no_header.binding_info.ip == "{{ https_vars.ip }}"
- https_no_header.binding_info.port == {{ https_vars.port }}
- https_no_header.binding_info.protocol == "{{ https_vars.protocol }}"
- get_https_no_header.binding is not defined
###################
### remove idem ###
###################
#change false, bindings gone
- name: idem remove https binding no header
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: https_no_header
- name: get binding info no header
test_get_webbindings:
name: "{{ test_iis_site_name }}"
protocol: "{{ https_vars.protocol }}"
ip: "{{ https_vars.ip }}"
port: "{{ https_vars.port }}"
register: get_https_no_header
changed_when: false
- name: idem remove assert changed and gone
assert:
that:
- https_no_header is not changed
- https_no_header.binding_info is not defined
- get_https_no_header.binding is not defined
##################
### WC Testing ###
##################
# Unfortunately this does not work due to some strange errors
# that are caused when using a self signed wildcard cert.
# I'm leaving this here in case someone finds a solution in the
# future.
# - name: add https binding wildcard with header
# win_iis_webbinding:
# name: "{{ test_iis_site_name }}"
# state: present
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# certificate_hash: "{{ thumbprint_wc.stdout_lines[0] }}"
# register: https_header
# - name: assert changed and added
# assert:
# that:
# - https_header is changed
# - https_header.added is defined
# - https_header.added.ip == "{{ https_wc_vars.ip }}"
# - https_header.added.port == {{ https_wc_vars.port }}
# - https_header.added.protocol == "{{ https_wc_vars.protocol }}"
# - https_header.added.hostheader == "{{ https_wc_vars.header }}"
# - https_header.added.certificateHash == "{{ thumbprint_wc.stdout_lines[0] }}"
# - name: idem add https binding wildcard with header
# win_iis_webbinding:
# name: "{{ test_iis_site_name }}"
# state: present
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# certificate_hash: "{{ thumbprint_wc.stdout_lines[0] }}"
# register: https_header
# - name: cm remove wildcard https binding
# win_iis_webbinding:
# name: "{{ test_iis_site_name }}"
# state: absent
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# register: https_header
# check_mode: yes
# - name: get binding info header
# test_get_webbindings:
# name: "{{ test_iis_site_name }}"
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# register: get_https_header
# changed_when: false
# - name: cm remove assert changed, but still present
# assert:
# that:
# - https_header is changed
# - https_header.removed is defined
# - https_header.removed.ip == "{{ https_wc_vars.ip }}"
# - https_header.removed.port == {{ https_wc_vars.port }}
# - https_header.removed.protocol == "{{ https_wc_vars.protocol }}"
# - https_header.removed.hostheader == "{{ https_wc_vars.header }}"
# - https_header.removed.certificateHash == "{{ thumbprint_wc.stdout_lines[0] }}"
# - get_https_header.binding is defined
# - get_https_header.removed.ip == "{{ https_wc_vars.ip }}"
# - get_https_header.removed.port == {{ https_wc_vars.port }}
# - get_https_header.removed.protocol == "{{ https_wc_vars.protocol }}"
# - get_https_header.removed.hostheader == "{{ https_wc_vars.header }}"
# - get_https_header.removed.certificateHash == "{{ thumbprint_wc.stdout_lines[0] }}"
# - name: remove wildcard https binding
# win_iis_webbinding:
# name: "{{ test_iis_site_name }}"
# state: absent
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# register: https_header
# - name: get binding info header
# test_get_webbindings:
# name: "{{ test_iis_site_name }}"
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# register: get_https_header
# changed_when: false
# - name: remove assert changed and gone
# assert:
# that:
# - https_header is changed
# - https_header.removed is defined
# - https_header.removed.ip == "{{ https_wc_vars.ip }}"
# - https_header.removed.port == {{ https_wc_vars.port }}
# - https_header.removed.protocol == "{{ https_wc_vars.protocol }}"
# - https_header.removed.hostheader == "{{ https_wc_vars.header }}"
# - https_header.removed.certificateHash == "{{ thumbprint_wc.stdout_lines[0] }}"
# - get_https_header.binding is not defined
# - name: idem remove wildcard https binding
# win_iis_webbinding:
# name: "{{ test_iis_site_name }}"
# state: absent
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# register: https_header
# - name: get binding info header
# test_get_webbindings:
# name: "{{ test_iis_site_name }}"
# host_header: "{{ https_wc_vars.header }}"
# protocol: "{{ https_wc_vars.protocol }}"
# ip: "{{ https_wc_vars.ip }}"
# port: "{{ https_wc_vars.port }}"
# register: get_https_header
# changed_when: false
# - name: idem remove assert changed and gone
# assert:
# that:
# - https_header is not changed
# - https_header.removed is not defined
# - get_https_header.binding is not defined

62
test/integration/targets/win_iis_webbinding/tasks/main.yml Normal file
View File

@@ -0,0 +1,62 @@
---
# Cannot use win_feature to install IIS on Server 2008.
# Run a brief check and skip hosts that don't support
# that operation
#seems "raw" is the only module that works on 2008 non-r2. win_command and win_shell both failed
- name: register os version (seems integration tests don't gather this fact)
raw: powershell.exe "gwmi Win32_OperatingSystem | select -expand version"
register: os_version
changed_when: False
- block:
- include_tasks: setup.yml
- include_tasks: http.yml
- include_tasks: https-lt6.2.yml
when: os_version.stdout_lines[0] | version_compare('6.2','lt')
- include_tasks: https-ge6.2.yml
when: os_version.stdout_lines[0] | version_compare('6.2','ge')
- include_tasks: failures.yml
always:
- name: get all websites from server
raw: powershell.exe "(get-website).name"
register: existing_sites
- name: ensure all sites are removed for clean testing
win_iis_website:
name: "{{ item }}"
state: absent
with_items:
- "{{ existing_sites.stdout_lines }}"
- name: cleanup certreq files
win_file:
path: "{{ item }}"
state: absent
with_items:
- c:\windows\temp\certreq1.txt
- c:\windows\temp\certreq2.txt
- c:\windows\temp\certreqwc.txt
- c:\windows\temp\certreqresp1.txt
- c:\windows\temp\certreqresp2.txt
- c:\windows\temp\certreqrespwc.txt
- name: remove certs
raw: 'remove-item cert:\localmachine\my\{{ item }} -force -ea silentlycontinue'
with_items:
- "{{ thumbprint1.stdout_lines[0] }}"
- "{{ thumbprint2.stdout_lines[0] }}"
- "{{ thumbprint_wc.stdout_lines[0] }}"
- name: remove IIS features after test
win_feature:
name: Web-Server
state: absent
includ_sub_features: True
include_management_tools: True
register: feature_uninstall
- name: reboot after feature install
win_reboot:
when: feature_uninstall.reboot_required
when: os_version.stdout_lines[0] | version_compare('6.1','gt')

88
test/integration/targets/win_iis_webbinding/tasks/setup.yml Normal file
View File

@@ -0,0 +1,88 @@
- name: reboot before feature install to ensure server is in clean state
win_reboot:
- name: ensure IIS features are installed
win_feature:
name: Web-Server
state: present
includ_sub_features: True
include_management_tools: True
register: feature_install
- name: reboot after feature install
win_reboot:
when: feature_install.reboot_required
- name: get all websites from server
raw: powershell.exe "(get-website).name"
register: existing_sites
- name: ensure all sites are removed for clean testing
win_iis_website:
name: "{{ item }}"
state: absent
with_items:
- "{{ existing_sites.stdout_lines }}"
- name: add testing site {{ test_iis_site_name }}
win_iis_website:
name: "{{ test_iis_site_name }}"
physical_path: c:\inetpub\wwwroot
- name: ensure all bindings are removed prior to starting testing
win_iis_webbinding:
name: "{{ test_iis_site_name }}"
state: absent
protocol: "{{ item.protocol }}"
port: "{{ item.port }}"
host_header: '*'
with_items:
- {protocol: http, port: 80}
- {protocol: https, port: 443}
- name: copy certreq file
win_copy:
content: |-
[NewRequest]
Subject = "CN={{ item.name }}"
KeyLength = 2048
KeyAlgorithm = RSA
MachineKeySet = true
RequestType = Cert
dest: "{{ item.dest }}"
with_items:
- {name: test.com, dest: 'c:\windows\temp\certreq1.txt'}
- {name: test1.com, dest: 'c:\windows\temp\certreq2.txt'}
- {name: '*.test.com', dest: 'c:\windows\temp\certreqwc.txt'}
- name: make sure response files are absent
win_file:
path: "{{ item }}"
state: absent
with_items:
- 'c:\windows\temp\certreqresp1.txt'
- 'c:\windows\temp\certreqresp2.txt'
- 'c:\windows\temp\certreqrespwc.txt'
- name: create self signed cert from certreq
win_command: certreq -new -machine {{ item.req }} {{ item.resp }}
with_items:
- {req: 'c:\windows\temp\certreq1.txt', resp: 'c:\windows\temp\certreqresp1.txt'}
- {req: 'c:\windows\temp\certreq2.txt', resp: 'c:\windows\temp\certreqresp2.txt'}
- {req: 'c:\windows\temp\certreqwc.txt', resp: 'c:\windows\temp\certreqrespwc.txt'}
- name: register certificate thumbprint1
raw: '(gci Cert:\LocalMachine\my | ? {$_.subject -eq "CN=test.com"})[0].Thumbprint'
register: thumbprint1
- name: register certificate thumbprint2
raw: '(gci Cert:\LocalMachine\my | ? {$_.subject -eq "CN=test1.com"})[0].Thumbprint'
register: thumbprint2
- name: register certificate thumbprint_wc
raw: '(gci Cert:\LocalMachine\my | ? {$_.subject -eq "CN=*.test.com"})[0].Thumbprint'
register: thumbprint_wc
- debug: var=thumbprint1.stdout
- debug: var=thumbprint2.stdout
- debug: var=thumbprint_wc.stdout