win_reboot: fix 2.6 issues and better handle post reboot reboot (#42330)

* win_reboot: fix 2.6 issues and better handle post reboot reboot * changed winrm _reset to reset * Add handler to reset calls when .reset() throws an AnsibleError on older hosts * Moving back to _reset to get the issue fixed
2025-07-28 07:31:23 -07:00 · 2018-07-11 09:12:29 +10:00 · 2018-07-11 09:12:29 +10:00 · 940d4a0e89
commit 940d4a0e89
parent 780c8986af
7 changed files with 128 additions and 18 deletions
--- a/test/integration/targets/win_reboot/aliases
+++ b/test/integration/targets/win_reboot/aliases
@ -0,0 +1,2 @@
+windows/ci/group1
+windows/ci/smoketest
--- a/test/integration/targets/win_reboot/tasks/main.yml
+++ b/test/integration/targets/win_reboot/tasks/main.yml
@ -0,0 +1,73 @@
+---
+- name: reboot with defaults
+  win_reboot:
+
+- name: schedule a reboot for sometime in the future
+  win_command: shutdown.exe /r /t 599
+
+- name: reboot with a shutdown already scheduled
+  win_reboot:
+
+# test a reboot that reboots again during the test_command phase
+- name: create test file
+  win_file:
+    path: '{{win_output_dir}}\win_reboot_test'
+    state: touch
+
+- name: reboot with secondary reboot stage
+  win_reboot:
+    test_command: powershell.exe -NoProfile -EncodedCommand {{lookup('template', 'post_reboot.ps1')|b64encode(encoding='utf-16-le')}}
+
+# try and reboot the host with a non admin user, we expect an error here
+# this requires a bit of setup to create the user and allow it to connect
+# over WinRM
+- name: create password fact
+  set_fact:
+    standard_user: ansible_user_test
+    standard_pass: password123! + {{ lookup('password', '/dev/null chars=ascii_letters,digits length=8') }}
+
+- name: get original SDDL for WinRM listener
+  win_shell: (Get-Item -Path WSMan:\localhost\Service\RootSDDL).Value
+  register: original_sddl
+
+- name: create standard user
+  win_user:
+    name: '{{standard_user}}'
+    password: '{{standard_pass}}'
+    update_password: always
+    groups: Users
+    state: present
+  register: user_res
+
+- name: add standard user to WinRM listener
+  win_shell: |
+    $sid = New-Object -TypeName System.Security.Principal.SecurityIdentifier -ArgumentList "{{user_res.sid}}"
+    $sd = New-Object -TypeName System.Security.AccessControl.CommonSecurityDescriptor -ArgumentList $false, $false, "{{original_sddl.stdout_lines[0]}}"
+    $sd.DiscretionaryAcl.AddAccess(
+        [System.Security.AccessControl.AccessControlType]::Allow,
+        $sid,
+        (0x80000000 -bor 0x20000000),
+        [System.Security.AccessControl.InheritanceFlags]::None,
+        [System.Security.AccessControl.PropagationFlags]::None
+    )
+    $new_sddl = $sd.GetSddlForm([System.Security.AccessControl.AccessControlSections]::All)
+    Set-Item -Path WSMan:\localhost\Service\RootSDDL -Value $new_sddl -Force
+
+- block:
+  - name: fail to reboot with non admin user
+    win_reboot:
+    vars:
+      ansible_user: '{{standard_user}}'
+      ansible_password: '{{standard_pass}}'
+      ansible_winrm_transport: ntlm
+    register: fail_shutdown
+    failed_when: fail_shutdown.msg != "Shutdown command failed, error text was 'Access is denied.(5)\n'"
+
+  always:
+  - name: set the original SDDL to the WinRM listener
+    win_shell: Set-Item -Path WSMan:\localhost\Service\RootSDDL -Value "{{original_sddl.stdout_lines[0]}}" -Force
+
+  - name: remove standard user
+    win_user:
+      name: '{{standard_user}}'
+      state: absent
--- a/test/integration/targets/win_reboot/templates/post_reboot.ps1
+++ b/test/integration/targets/win_reboot/templates/post_reboot.ps1
@ -0,0 +1,8 @@
+if (Test-Path -Path '{{win_output_dir}}\win_reboot_test') {
+    New-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager' `
+        -Name PendingFileRenameOperations `
+        -Value @("\??\{{win_output_dir}}\win_reboot_test`0") `
+        -PropertyType MultiString
+    Restart-Computer -Force
+    exit 1
+}
--- a/test/units/plugins/connection/test_winrm.py
+++ b/test/units/plugins/connection/test_winrm.py
@ -204,6 +204,7 @@ class TestConnectionWinRM(object):

        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options=options, direct=direct)
+        conn._build_winrm_kwargs()

        for attr, expected in expected.items():
            actual = getattr(conn, attr)
@ -236,6 +237,7 @@ class TestWinRMKerbAuth(object):
        new_stdin = StringIO()
        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options=options)
+        conn._build_winrm_kwargs()

        conn._kerb_auth("user@domain", "pass")
        mock_calls = mock_popen.mock_calls
@ -264,6 +266,7 @@ class TestWinRMKerbAuth(object):
        new_stdin = StringIO()
        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options=options)
+        conn._build_winrm_kwargs()

        conn._kerb_auth("user@domain", "pass")
        mock_calls = mock_pexpect.mock_calls
@ -292,6 +295,7 @@ class TestWinRMKerbAuth(object):
        conn = connection_loader.get('winrm', pc, new_stdin)
        options = {"_extras": {}, "ansible_winrm_kinit_cmd": "/fake/kinit"}
        conn.set_options(var_options=options)
+        conn._build_winrm_kwargs()

        with pytest.raises(AnsibleConnectionFailure) as err:
            conn._kerb_auth("user@domain", "pass")
@ -314,6 +318,7 @@ class TestWinRMKerbAuth(object):
        conn = connection_loader.get('winrm', pc, new_stdin)
        options = {"_extras": {}, "ansible_winrm_kinit_cmd": "/fake/kinit"}
        conn.set_options(var_options=options)
+        conn._build_winrm_kwargs()

        with pytest.raises(AnsibleConnectionFailure) as err:
            conn._kerb_auth("user@domain", "pass")
@ -337,6 +342,7 @@ class TestWinRMKerbAuth(object):
        new_stdin = StringIO()
        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options={"_extras": {}})
+        conn._build_winrm_kwargs()

        with pytest.raises(AnsibleConnectionFailure) as err:
            conn._kerb_auth("invaliduser", "pass")
@ -361,6 +367,7 @@ class TestWinRMKerbAuth(object):
        new_stdin = StringIO()
        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options={"_extras": {}})
+        conn._build_winrm_kwargs()

        with pytest.raises(AnsibleConnectionFailure) as err:
            conn._kerb_auth("invaliduser", "pass")
@ -383,6 +390,7 @@ class TestWinRMKerbAuth(object):
        new_stdin = StringIO()
        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options={"_extras": {}})
+        conn._build_winrm_kwargs()

        with pytest.raises(AnsibleConnectionFailure) as err:
            conn._kerb_auth("username", "password")
@ -407,6 +415,7 @@ class TestWinRMKerbAuth(object):
        new_stdin = StringIO()
        conn = connection_loader.get('winrm', pc, new_stdin)
        conn.set_options(var_options={"_extras": {}})
+        conn._build_winrm_kwargs()

        with pytest.raises(AnsibleConnectionFailure) as err:
            conn._kerb_auth("username", "password")