1#!/usr/local/bin/python3.8
2# -*- coding: utf-8 -*-
3
4# Copyright: (c) 2018, Kevin Subileau (@ksubileau)
5# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
6
7DOCUMENTATION = r'''
8---
9module: win_rds_rap
10short_description: Manage Resource Authorization Policies (RAP) on a Remote Desktop Gateway server
11description:
12  - Creates, removes and configures a Remote Desktop resource authorization policy (RD RAP).
13  - A RD RAP allows you to specify the network resources (computers) that users can connect
14    to remotely through a Remote Desktop Gateway server.
15author:
16  - Kevin Subileau (@ksubileau)
17options:
18  name:
19    description:
20      - Name of the resource authorization policy.
21    required: yes
22  state:
23    description:
24      - The state of resource authorization policy.
25      - If C(absent) will ensure the policy is removed.
26      - If C(present) will ensure the policy is configured and exists.
27      - If C(enabled) will ensure the policy is configured, exists and enabled.
28      - If C(disabled) will ensure the policy is configured, exists, but disabled.
29    type: str
30    choices: [ absent, disabled, enabled, present ]
31    default: present
32  description:
33    description:
34      - Optional description of the resource authorization policy.
35    type: str
36  user_groups:
37    description:
38      - List of user groups that are associated with this resource authorization policy (RAP).
39        A user must belong to one of these groups to access the RD Gateway server.
40      - Required when a new RAP is created.
41    type: list
42  allowed_ports:
43    description:
44      - List of port numbers through which connections are allowed for this policy.
45      - To allow connections through any port, specify 'any'.
46    type: list
47  computer_group_type:
48    description:
49      - 'The computer group type:'
50      - 'C(rdg_group): RD Gateway-managed group'
51      - 'C(ad_network_resource_group): Active Directory Domain Services network resource group'
52      - 'C(allow_any): Allow users to connect to any network resource.'
53    type: str
54    choices: [ rdg_group, ad_network_resource_group, allow_any ]
55  computer_group:
56    description:
57      - The computer group name that is associated with this resource authorization policy (RAP).
58      - This is required when I(computer_group_type) is C(rdg_group) or C(ad_network_resource_group).
59    type: str
60requirements:
61  - Windows Server 2008R2 (6.1) or higher.
62  - The Windows Feature "RDS-Gateway" must be enabled.
63seealso:
64- module: community.windows.win_rds_cap
65- module: community.windows.win_rds_rap
66- module: community.windows.win_rds_settings
67'''
68
69EXAMPLES = r'''
70- name: Create a new RDS RAP
71  community.windows.win_rds_rap:
72    name: My RAP
73    description: Allow all users to connect to any resource through ports 3389 and 3390
74    user_groups:
75      - BUILTIN\users
76    computer_group_type: allow_any
77    allowed_ports:
78      - 3389
79      - 3390
80    state: enabled
81'''
82
83RETURN = r'''
84'''
85