New Module: Manage Windows local group membership (win_group_member) (#26307)

* initial commit for win_group_member module * fix variable name change for split_adspath * correct ordering of examples/return data to match documentation verbiage * change tests setup/teardown to use new group rather than an inbult group
2026-05-06 13:22:48 +00:00 · 2017-07-31 14:10:57 -04:00
parent a01884ca2f
commit 7b3d893f2d
5 changed files with 621 additions and 0 deletions
--- a/test/integration/targets/win_group_member/aliases
+++ b/test/integration/targets/win_group_member/aliases
@@ -0,0 +1 @@
+windows/ci/group3
--- a/test/integration/targets/win_group_member/tasks/main.yml
+++ b/test/integration/targets/win_group_member/tasks/main.yml
@@ -0,0 +1,31 @@
+- name: Gather facts
+  setup:
+
+- name: Remove potentially leftover test group
+  win_group: &wg_absent
+    name: WinGroupMemberTest
+    state: absent
+
+- name: Add new test group
+  win_group:
+    name: WinGroupMemberTest
+    state: present
+
+- name: Run tests for win_group_member
+  block:
+
+  - name: Test in normal mode
+    include_tasks: tests.yml
+    vars:
+      win_local_group: WinGroupMemberTest
+      in_check_mode: no
+
+  - name: Test in check-mode
+    include_tasks: tests.yml
+    vars:
+      win_local_group: WinGroupMemberTest
+      in_check_mode: yes
+    check_mode: yes
+
+- name: Remove test group
+  win_group: *wg_absent
--- a/test/integration/targets/win_group_member/tasks/tests.yml
+++ b/test/integration/targets/win_group_member/tasks/tests.yml
@@ -0,0 +1,258 @@
+# Test code for win_group_member
+
+# (c) 2017, Andrew Saraceni <andrew.saraceni@gmail.com>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: Remove potentially leftover group members
+  win_group_member:
+    name: "{{ win_local_group }}"
+    members:
+      - Administrator
+      - Guest
+      - NT AUTHORITY\SYSTEM
+      - NT AUTHORITY\NETWORK SERVICE
+    state: absent
+
+
+- name: Add user to fake group
+  win_group_member:
+    name: FakeGroup
+    members:
+      - Administrator
+    state: present
+  register: add_user_to_fake_group
+  failed_when: add_user_to_fake_group.changed != false or add_user_to_fake_group.msg != "Could not find local group FakeGroup"
+
+
+- name: Add fake local user
+  win_group_member:
+    name: "{{ win_local_group }}"
+    members:
+      - FakeUser
+    state: present
+  register: add_fake_local_user
+  failed_when: add_fake_local_user.changed != false or add_fake_local_user.msg != "Could not resolve group member FakeUser"
+
+
+- name: Add fake FQDN domain user
+  win_group_member:
+    name: "{{ win_local_group }}"
+    members:
+      - FakeUser@domain.fake
+    state: present
+  register: add_fake_fqdn_domain_user
+  failed_when: add_fake_fqdn_domain_user.changed != false or add_fake_fqdn_domain_user.msg != "Could not resolve NetBIOS name for domain domain.fake"
+
+
+- name: Add users to group
+  win_group_member: &wgm_present
+    name: "{{ win_local_group }}"
+    members:
+      - Administrator
+      - Guest
+      - NT AUTHORITY\SYSTEM
+    state: present
+  register: add_users_to_group
+
+- name: Test add_users_to_group (normal mode)
+  assert:
+    that:
+    - add_users_to_group.changed == true
+    - add_users_to_group.added == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
+    - add_users_to_group.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
+  when: not in_check_mode
+
+- name: Test add_users_to_group (check-mode)
+  assert:
+    that:
+    - add_users_to_group.changed == true
+    - add_users_to_group.added == []
+    - add_users_to_group.members == []
+  when: in_check_mode
+
+
+- name: Add users to group (again)
+  win_group_member: *wgm_present
+  register: add_users_to_group_again
+
+- name: Test add_users_to_group_again (normal mode)
+  assert:
+    that:
+    - add_users_to_group_again.changed == false
+    - add_users_to_group_again.added == []
+    - add_users_to_group_again.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
+  when: not in_check_mode
+
+
+- name: Add different syntax users to group (again)
+  win_group_member:
+    <<: *wgm_present
+    members:
+      - "{{ ansible_hostname }}\\Administrator"
+      - .\Guest
+  register: add_different_syntax_users_to_group_again
+
+- name: Test add_different_syntax_users_to_group_again (normal mode)
+  assert:
+    that:
+    - add_different_syntax_users_to_group_again.changed == false
+    - add_different_syntax_users_to_group_again.added == []
+    - add_different_syntax_users_to_group_again.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
+  when: not in_check_mode
+
+- name: Test add_different_syntax_users_to_group_again (check-mode)
+  assert:
+    that:
+    - add_different_syntax_users_to_group_again.changed == true
+    - add_different_syntax_users_to_group_again.added == []
+    - add_different_syntax_users_to_group_again.members == []
+  when: in_check_mode
+
+
+- name: Add another user to group
+  win_group_member: &wgma_present
+    <<: *wgm_present
+    members:
+      - NT AUTHORITY\NETWORK SERVICE
+  register: add_another_user_to_group
+
+- name: Test add_another_user_to_group (normal mode)
+  assert:
+    that:
+    - add_another_user_to_group.changed == true
+    - add_another_user_to_group.added == ["NT AUTHORITY\\NETWORK SERVICE"]
+    - add_another_user_to_group.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
+  when: not in_check_mode
+
+- name: Test add_another_user_to_group (check-mode)
+  assert:
+    that:
+    - add_another_user_to_group.changed == true
+    - add_another_user_to_group.added == []
+    - add_another_user_to_group.members == []
+  when: in_check_mode
+
+
+- name: Add another user to group (again)
+  win_group_member: *wgma_present
+  register: add_another_user_to_group_again
+
+- name: Test add_another_user_to_group_1_again (normal mode)
+  assert:
+    that:
+    - add_another_user_to_group_again.changed == false
+    - add_another_user_to_group_again.added == []
+    - add_another_user_to_group_again.members == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM", "NT AUTHORITY\\NETWORK SERVICE"]
+  when: not in_check_mode
+
+
+- name: Remove users from group
+  win_group_member: &wgm_absent
+    <<: *wgm_present
+    state: absent
+  register: remove_users_from_group
+
+- name: Test remove_users_from_group (normal mode)
+  assert:
+    that:
+    - remove_users_from_group.changed == true
+    - remove_users_from_group.removed == ["Administrator", "Guest", "NT AUTHORITY\\SYSTEM"]
+    - remove_users_from_group.members == ["NT AUTHORITY\\NETWORK SERVICE"]
+  when: not in_check_mode
+
+- name: Test remove_users_from_group (check-mode)
+  assert:
+    that:
+    - remove_users_from_group.changed == false
+    - remove_users_from_group.removed == []
+    - remove_users_from_group.members == []
+  when: in_check_mode
+
+
+- name: Remove users from group (again)
+  win_group_member: *wgm_absent
+  register: remove_users_from_group_again
+
+- name: Test remove_users_from_group_again (normal mode)
+  assert:
+    that:
+    - remove_users_from_group_again.changed == false
+    - remove_users_from_group_again.removed == []
+    - remove_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
+  when: not in_check_mode
+
+
+- name: Remove different syntax users from group (again)
+  win_group_member:
+    <<: *wgm_absent
+    members:
+      - "{{ ansible_hostname }}\\Administrator"
+      - .\Guest
+  register: remove_different_syntax_users_from_group_again
+
+- name: Test remove_different_syntax_users_from_group_again (normal mode)
+  assert:
+    that:
+    - remove_different_syntax_users_from_group_again.changed == false
+    - remove_different_syntax_users_from_group_again.removed == []
+    - remove_different_syntax_users_from_group_again.members == ["NT AUTHORITY\\NETWORK SERVICE"]
+  when: not in_check_mode
+
+- name: Test add_different_syntax_users_to_group_again (check-mode)
+  assert:
+    that:
+    - remove_different_syntax_users_from_group_again.changed == false
+    - remove_different_syntax_users_from_group_again.removed == []
+    - remove_different_syntax_users_from_group_again.members == []
+  when: in_check_mode
+
+
+- name: Remove another user from group
+  win_group_member: &wgma_absent
+    <<: *wgm_absent
+    members:
+      - NT AUTHORITY\NETWORK SERVICE
+  register: remove_another_user_from_group
+
+- name: Test remove_another_user_from_group (normal mode)
+  assert:
+    that:
+    - remove_another_user_from_group.changed == true
+    - remove_another_user_from_group.removed == ["NT AUTHORITY\\NETWORK SERVICE"]
+    - remove_another_user_from_group.members == []
+  when: not in_check_mode
+
+- name: Test remove_another_user_from_group (check-mode)
+  assert:
+    that:
+    - remove_another_user_from_group.changed == false
+    - remove_another_user_from_group.removed == []
+    - remove_another_user_from_group.members == []
+  when: in_check_mode
+
+
+- name: Remove another user from group (again)
+  win_group_member: *wgma_absent
+  register: remove_another_user_from_group_again
+
+- name: Test remove_another_user_from_group_again (normal mode)
+  assert:
+    that:
+    - remove_another_user_from_group_again.changed == false
+    - remove_another_user_from_group_again.removed == []
+    - remove_another_user_from_group_again.members == []
+  when: not in_check_mode