win_acl_inheritance: Added tests and formatting improvements (#25382)

2025-07-22 21:00:22 -07:00 · 2017-06-20 02:47:35 +10:00 · 2017-06-20 02:47:35 +10:00 · 6d01168238
commit 6d01168238
parent c05d3c3821
5 changed files with 240 additions and 27 deletions
--- a/lib/ansible/modules/windows/win_acl_inheritance.ps1
+++ b/lib/ansible/modules/windows/win_acl_inheritance.ps1
@ -19,38 +19,39 @@
 # WANT_JSON
 # POWERSHELL_COMMON

-
-$params = Parse-Args $args;
+$params = Parse-Args $args -supports_check_mode $true
+$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -default $false

 $result = @{
    changed = $false
 }

-$path = Get-Attr $params "path" -failifempty $true
-$state = Get-Attr $params "state" "absent" -validateSet "present","absent" -resultobj $result
-$reorganize = Get-Attr $params "reorganize" "no" -validateSet "no","yes" -resultobj $result
-$reorganize = $reorganize | ConvertTo-Bool
+$path = Get-AnsibleParam -obj $params "path" -type "path" -failifempty $true
+$state = Get-AnsibleParam -obj $params "state" -type "str" -default "absent" -validateSet "present","absent" -resultobj $result
+$reorganize = Get-AnsibleParam -obj $params "reorganize" -type "bool" -default $false -resultobj $result

 If (-Not (Test-Path -Path $path)) {
    Fail-Json $result "$path file or directory does not exist on the host"
 }
 
 Try {
-    $objACL = Get-ACL $path
-    $inheritanceEnabled = !$objACL.AreAccessRulesProtected
+    $objACL = Get-ACL -Path $path
+    # AreAccessRulesProtected - $false if inheritance is set ,$true if inheritance is not set
+    $inheritanceDisabled = $objACL.AreAccessRulesProtected

-    If (($state -eq "present") -And !$inheritanceEnabled) {
+    If (($state -eq "present") -And $inheritanceDisabled) {
        # second parameter is ignored if first=$False
        $objACL.SetAccessRuleProtection($False, $False)

        If ($reorganize) {
-            # it won't work without intermediate save, state would be the same
-            Set-ACL $path $objACL
-            $objACL = Get-ACL $path
+            # it wont work without intermediate save, state would be the same
+            Set-ACL -Path $path -AclObject $objACL -WhatIf:$check_mode
+            $result.changed = $true
+            $objACL = Get-ACL -Path $path

            # convert explicit ACE to inherited ACE
            ForEach($inheritedRule in $objACL.Access) {
-                If (!$inheritedRule.IsInherited) {
+                If (-not $inheritedRule.IsInherited) {
                    Continue
                }

@ -66,22 +67,15 @@ Try {
            }
        }

-        Set-ACL $path $objACL
+        Set-ACL -Path $path -AclObject $objACL -WhatIf:$check_mode
+        $result.changed = $true
+    } Elseif (($state -eq "absent") -And (-not $inheritanceDisabled)) {
+        $objACL.SetAccessRuleProtection($True, $reorganize)
+        Set-ACL -Path $path -AclObject $objACL -WhatIf:$check_mode
        $result.changed = $true
    }
-    Elseif (($state -eq "absent") -And $inheritanceEnabled) {
-        If ($reorganize) {
-            $objACL.SetAccessRuleProtection($True, $True)
-        } Else {
-            $objACL.SetAccessRuleProtection($True, $False)
-        }
-
-        Set-ACL $path $objACL
-        $result.changed = $true
-    }
-}
-Catch {
-    Fail-Json $result "an error occurred when attempting to disable inheritance"
+} Catch {
+    Fail-Json $result "an error occurred when attempting to disable inheritance: $($_.Exception.Message)"
 }
 
 Exit-Json $result