1#!/usr/local/bin/python3.8 2# -*- coding: utf-8 -*- 3 4# Copyright: (c) 2018, Kevin Subileau (@ksubileau) 5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 6 7DOCUMENTATION = r''' 8--- 9module: win_rds_rap 10short_description: Manage Resource Authorization Policies (RAP) on a Remote Desktop Gateway server 11description: 12 - Creates, removes and configures a Remote Desktop resource authorization policy (RD RAP). 13 - A RD RAP allows you to specify the network resources (computers) that users can connect 14 to remotely through a Remote Desktop Gateway server. 15author: 16 - Kevin Subileau (@ksubileau) 17options: 18 name: 19 description: 20 - Name of the resource authorization policy. 21 required: yes 22 state: 23 description: 24 - The state of resource authorization policy. 25 - If C(absent) will ensure the policy is removed. 26 - If C(present) will ensure the policy is configured and exists. 27 - If C(enabled) will ensure the policy is configured, exists and enabled. 28 - If C(disabled) will ensure the policy is configured, exists, but disabled. 29 type: str 30 choices: [ absent, disabled, enabled, present ] 31 default: present 32 description: 33 description: 34 - Optional description of the resource authorization policy. 35 type: str 36 user_groups: 37 description: 38 - List of user groups that are associated with this resource authorization policy (RAP). 39 A user must belong to one of these groups to access the RD Gateway server. 40 - Required when a new RAP is created. 41 type: list 42 allowed_ports: 43 description: 44 - List of port numbers through which connections are allowed for this policy. 45 - To allow connections through any port, specify 'any'. 46 type: list 47 computer_group_type: 48 description: 49 - 'The computer group type:' 50 - 'C(rdg_group): RD Gateway-managed group' 51 - 'C(ad_network_resource_group): Active Directory Domain Services network resource group' 52 - 'C(allow_any): Allow users to connect to any network resource.' 53 type: str 54 choices: [ rdg_group, ad_network_resource_group, allow_any ] 55 computer_group: 56 description: 57 - The computer group name that is associated with this resource authorization policy (RAP). 58 - This is required when I(computer_group_type) is C(rdg_group) or C(ad_network_resource_group). 59 type: str 60requirements: 61 - Windows Server 2008R2 (6.1) or higher. 62 - The Windows Feature "RDS-Gateway" must be enabled. 63seealso: 64- module: community.windows.win_rds_cap 65- module: community.windows.win_rds_rap 66- module: community.windows.win_rds_settings 67''' 68 69EXAMPLES = r''' 70- name: Create a new RDS RAP 71 community.windows.win_rds_rap: 72 name: My RAP 73 description: Allow all users to connect to any resource through ports 3389 and 3390 74 user_groups: 75 - BUILTIN\users 76 computer_group_type: allow_any 77 allowed_ports: 78 - 3389 79 - 3390 80 state: enabled 81''' 82 83RETURN = r''' 84''' 85