win_scheduled_task: Add enhanced run option support (#24174)

* add enhanced run option support for win_scheduled_task

* changed run_level option to runlevel

* correct merge conflicts since task path fix

* changed run_level option to runlevel

* changed do_not_store_password to store_password, and other minor fixes

* conditional logic swap, and documentation change for password
This commit is contained in:
Andrew Saraceni 2017-07-10 00:18:17 -04:00 committed by Jordan Borean
commit 7d3951d065
3 changed files with 215 additions and 7 deletions

View file

@ -87,8 +87,10 @@ $executable = Get-AnsibleParam -obj $params -name "executable" -type "str" -alia
$frequency = Get-AnsibleParam -obj $params -name "frequency" -type "str" -validateset "once","daily","weekly" -failifempty $present
$time = Get-AnsibleParam -obj $params -name "time" -type "str" -failifempty $present
# TODO: We should default to the current user
$user = Get-AnsibleParam -obj $params -name "user" -type "str" -failifempty $present
$user = Get-AnsibleParam -obj $params -name "user" -default "$env:USERDOMAIN\$env:USERNAME" -type "str"
$password = Get-AnsibleParam -obj $params -name "password" -type "str"
$runlevel = Get-AnsibleParam -obj $params -name "runlevel" -default "limited" -type "str" -validateset "limited", "highest"
$store_password = Get-AnsibleParam -obj $params -name "store_password" -default $true -type "bool"
$weekly = $frequency -eq "weekly"
$days_of_week = Get-AnsibleParam -obj $params -name "days_of_week" -type "str" -failifempty $weekly
@ -165,7 +167,23 @@ try {
Exit-Json $result
}
$principal = New-ScheduledTaskPrincipal -UserId "$user" -LogonType ServiceAccount
# Handle RunAs/RunLevel options for the task
if ($store_password) {
# Specify direct credential and run-level values to add to Register-ScheduledTask
$registerRunOptionParams = @{
User = $user
RunLevel = $runlevel
}
if ($password) {
$registerRunOptionParams.Password = $password
}
}
else {
# Create a ScheduledTaskPrincipal for the task to run under
$principal = New-ScheduledTaskPrincipal -UserId $user -LogonType S4U -RunLevel $runlevel -Id Author
$registerRunOptionParams = @{Principal = $principal}
}
if ($enabled){
$settings = New-ScheduledTaskSettingsSet
@ -186,7 +204,7 @@ try {
$pathResults = Invoke-TaskPathCheck -Path $path
if (-not $check_mode) {
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $name -Description $description -TaskPath $path -Settings $settings -Principal $principal
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $name -Description $description -TaskPath $path -Settings $settings @registerRunOptionParams
}
$result.changed = $true
@ -200,7 +218,15 @@ try {
# Check task path prior to registering
$pathResults = Invoke-TaskPathCheck -Path $path
if ($task.Description -eq $description -and $task.TaskName -eq $name -and $task.TaskPath -eq $path -and $task.Actions.Execute -eq $executable -and $taskState -eq $enabled -and $task.Principal.UserId -eq $user) {
if ((!$store_password -and $task.Principal.LogonType -in @("S4U", "ServiceAccount")) -or ($store_password -and $task.Principal.LogonType -notin @("S4U", "Password") -and !$password)) {
$passwordStoreConsistent = $true
}
else {
$passwordStoreConsistent = $false
}
if ($task.Description -eq $description -and $task.TaskName -eq $name -and $task.TaskPath -eq $path -and $task.Actions.Execute -eq $executable -and
$taskState -eq $enabled -and $task.Principal.UserId -eq $user -and $task.Principal.RunLevel -eq $runlevel -and $passwordStoreConsistent) {
# No change in the task
$result.msg = "No change in task $name"
}
@ -209,7 +235,7 @@ try {
if (-not $check_mode) {
$oldPathResults = Invoke-TaskPathCheck -Path $task.TaskPath -Remove
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $name -Description $description -TaskPath $path -Settings $settings -Principal $principal
Register-ScheduledTask -Action $action -Trigger $trigger -TaskName $name -Description $description -TaskPath $path -Settings $settings @registerRunOptionParams
}
$result.changed = $true
$result.msg = "Updated task $name"