1--- 2- name: test create a new RAP (check mode) 3 win_rds_rap: 4 name: '{{ test_win_rds_rap_name }}' 5 user_groups: 6 - administrators 7 - users@builtin 8 state: present 9 register: new_rap_check 10 check_mode: yes 11 12- name: get result of create a new RAP (check mode) 13 win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}") 14 register: new_rap_actual_check 15 16- name: assert results of create a new RAP (check mode) 17 assert: 18 that: 19 - new_rap_check.changed == true 20 - new_rap_actual_check.stdout_lines[0] == "False" 21 22- name: test create a new RAP 23 win_rds_rap: 24 name: '{{ test_win_rds_rap_name }}' 25 user_groups: 26 - administrators 27 - users@builtin 28 state: present 29 register: new_rap 30 31- name: get result of create a new RAP 32 win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}") 33 register: new_rap_actual 34 35- name: assert results of create a new RAP 36 assert: 37 that: 38 - new_rap.changed == true 39 - new_rap_actual.stdout_lines[0] == "True" 40 41- name: test create a new RAP (idempotent) 42 win_rds_rap: 43 name: '{{ test_win_rds_rap_name }}' 44 user_groups: 45 - administrators 46 - users@builtin 47 state: present 48 register: new_rap_again 49 50- name: get result of create a new RAP (idempotent) 51 win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}") 52 register: new_rap_actual_again 53 54- name: assert results of create a new RAP (idempotent) 55 assert: 56 that: 57 - new_rap_again.changed == false 58 - new_rap_actual_again.stdout_lines[0] == "True" 59 60- name: test edit a RAP 61 win_rds_rap: 62 name: '{{ test_win_rds_rap_name }}' 63 description: 'Description of {{ test_win_rds_rap_name }}' 64 user_groups: 65 # Test with different group name formats 66 - users@builtin 67 - .\guests 68 computer_group_type: ad_network_resource_group 69 computer_group: administrators 70 allowed_ports: 71 - 3389 72 - 3390 73 - 3391 74 state: disabled 75 register: edit_rap 76 77- name: get result of edit a RAP 78 win_shell: | 79 Import-Module RemoteDesktopServices; 80 $rap_path = "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}" 81 $rap = @{} 82 Get-ChildItem -Path "$rap_path" | foreach { $rap.Add($_.Name,$_.CurrentValue) } 83 $rap.UserGroups = @(Get-ChildItem -Path "$rap_path\UserGroups" | Select -ExpandProperty Name) 84 $rap | ConvertTo-Json 85 register: edit_rap_actual_json 86 87- name: parse result of edit a RAP. 88 set_fact: 89 edit_rap_actual: '{{ edit_rap_actual_json.stdout | from_json }}' 90 91- name: assert results of edit a RAP 92 assert: 93 that: 94 - edit_rap.changed == true 95 - edit_rap_actual.Status == "0" 96 - edit_rap_actual.Description == "Description of {{ test_win_rds_rap_name }}" 97 - edit_rap_actual.PortNumbers == "3389,3390,3391" 98 - edit_rap_actual.UserGroups | length == 2 99 - edit_rap_actual.UserGroups[0] == "Users@BUILTIN" 100 - edit_rap_actual.UserGroups[1] == "Guests@BUILTIN" 101 - edit_rap_actual.ComputerGroupType == "1" 102 - edit_rap_actual.ComputerGroup == "Administrators@BUILTIN" 103 104- name: test edit a RAP (indempotent) 105 win_rds_rap: 106 name: '{{ test_win_rds_rap_name }}' 107 description: 'Description of {{ test_win_rds_rap_name }}' 108 user_groups: 109 - users@builtin 110 - guests@builtin 111 computer_group_type: ad_network_resource_group 112 computer_group: Administrators@BUILTIN 113 allowed_ports: 114 - 3389 115 - 3390 116 - 3391 117 state: disabled 118 register: edit_rap_again 119 120- name: assert results of edit a RAP (indempotent) 121 assert: 122 that: 123 - edit_rap_again.changed == false 124 125- name: test allow all ports 126 win_rds_rap: 127 name: '{{ test_win_rds_rap_name }}' 128 allowed_ports: any 129 register: edit_rap_allow_all_ports 130 131- name: get result of allow all ports 132 win_shell: Import-Module RemoteDesktopServices; Write-Host (Get-Item "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}\PortNumbers").CurrentValue 133 register: edit_rap_allow_all_ports_actual 134 135- name: assert results of allow all ports 136 assert: 137 that: 138 - edit_rap_allow_all_ports.changed == true 139 - edit_rap_allow_all_ports_actual.stdout_lines[0] == "*" 140 141- name: test remove RAP (check mode) 142 win_rds_rap: 143 name: '{{ test_win_rds_rap_name }}' 144 state: absent 145 register: remove_rap_check 146 check_mode: yes 147 148- name: get result of remove RAP (check mode) 149 win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}") 150 register: remove_rap_actual_check 151 152- name: assert results of remove RAP (check mode) 153 assert: 154 that: 155 - remove_rap_check.changed == true 156 - remove_rap_actual_check.stdout_lines[0] == "True" 157 158- name: test remove RAP 159 win_rds_rap: 160 name: '{{ test_win_rds_rap_name }}' 161 state: absent 162 register: remove_rap 163 164- name: get result of remove RAP 165 win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}") 166 register: remove_rap_actual 167 168- name: assert results of remove RAP 169 assert: 170 that: 171 - remove_rap.changed == true 172 - remove_rap_actual.stdout_lines[0] == "False" 173 174- name: test remove RAP (idempotent) 175 win_rds_rap: 176 name: '{{ test_win_rds_rap_name }}' 177 state: absent 178 register: remove_rap_again 179 180- name: get result of remove RAP (idempotent) 181 win_shell: Import-Module RemoteDesktopServices; Write-Host (Test-Path "RDS:\GatewayServer\RAP\{{ test_win_rds_rap_name }}") 182 register: remove_rap_actual_again 183 184- name: assert results of remove RAP (idempotent) 185 assert: 186 that: 187 - remove_rap_again.changed == false 188 - remove_rap_actual_again.stdout_lines[0] == "False" 189 190- name: fail when create a new RAP without user group 191 win_rds_rap: 192 name: '{{ test_win_rds_rap_name }}' 193 state: present 194 register: new_rap_without_group 195 check_mode: yes 196 failed_when: "new_rap_without_group.msg != 'User groups must be defined to create a new RAP.'" 197 198- name: fail when create a new RAP with an empty user group list 199 win_rds_rap: 200 name: '{{ test_win_rds_rap_name }}' 201 user_groups: [] 202 state: present 203 register: new_rap_empty_group_list 204 check_mode: yes 205 failed_when: "new_rap_empty_group_list.msg is not search('cannot be an empty list')" 206 207- name: fail when create a new RAP with an invalid user group 208 win_rds_rap: 209 name: '{{ test_win_rds_rap_name }}' 210 user_groups: 211 - fake_group 212 state: present 213 register: new_rap_invalid_group 214 check_mode: yes 215 failed_when: new_rap_invalid_group.changed != false or new_rap_invalid_group.msg is not search('is not a valid account') 216 217- name: fail when create a new RAP with an invalid AD computer group 218 win_rds_rap: 219 name: '{{ test_win_rds_rap_name }}' 220 user_groups: 221 - administrators 222 computer_group_type: ad_network_resource_group 223 computer_group: fake_ad_group 224 state: present 225 register: new_rap_invalid_ad_computer_group 226 check_mode: yes 227 failed_when: new_rap_invalid_ad_computer_group.changed != false or new_rap_invalid_ad_computer_group.msg is not search('is not a valid account') 228 229- name: fail when create a new RAP with an invalid gateway managed computer group 230 win_rds_rap: 231 name: '{{ test_win_rds_rap_name }}' 232 user_groups: 233 - administrators 234 computer_group_type: rdg_group 235 computer_group: fake_rdg_group 236 state: present 237 register: new_rap_invalid_rdg_computer_group 238 check_mode: yes 239 failed_when: new_rap_invalid_rdg_computer_group.changed != false or new_rap_invalid_rdg_computer_group.msg is not search('is not a valid gateway managed computer group') 240 241- name: fail when create a new RAP with invalid port numbers 242 win_rds_rap: 243 name: '{{ test_win_rds_rap_name }}' 244 user_groups: 245 - administrators 246 allowed_ports: 247 - '{{ item }}' 248 state: present 249 loop: 250 - invalid_port_number 251 - 65536 252 register: new_rap_invalid_port 253 check_mode: yes 254 failed_when: new_rap_invalid_port.changed != false or new_rap_invalid_port.msg is not search('is not a valid port number') 255