ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-22 12:50:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

win_share: Add integration tests and various fixes (#25691)

Browse source 
* win_share: Add integration tests and various fixes

* docs and comments updates based on PR review

* fixed up documentation issue with URL
This commit is contained in:
Jordan Borean 2017-06-27 12:07:22 +10:00 committed by GitHub
commit b41c42cf0d
6 changed files with 623 additions and 52 deletions
Download patch file Download diff file Expand all files Collapse all files

139
lib/ansible/modules/windows/win_share.ps1
View file

@ -111,26 +111,37 @@ Function NormalizeAccounts
$result = @{
changed = $false
actions = @() # More for debug purposes
}
$params = Parse-Args $args
$params = Parse-Args $args -supports_check_mode $true
# While the -SmbShare cmdlets have a -WhatIf parameter, they don't honor it, need to skip the cmdlet if in check mode
$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false
$name = Get-AnsibleParam -obj $params -name "name" -type "str" -failifempty $true
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "present","absent"
if (-not (Get-Command -Name Get-SmbShare -ErrorAction SilentlyContinue)) {
Fail-Json $result "The current host does not support the -SmbShare cmdlets required by this module. Please run on Server 2012 or Windows 8 and later"
}
Try {
$share = Get-SmbShare $name -ErrorAction SilentlyContinue
$share = Get-SmbShare -Name $name -ErrorAction SilentlyContinue
If ($state -eq "absent") {
If ($share) {
Remove-SmbShare -Force -Name $name
# See message around -WhatIf where $check_mode is defined
if (-not $check_mode) {
Remove-SmbShare -Force -Name $name
}
$result.actions += "Remove-SmbShare -Force -Name $name"
$result.changed = $true
}
}
Else {
} Else {
$path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true
$description = Get-AnsibleParam -obj $params -name "description" -type "str" -default ""
$permissionList = Get-AnsibleParam -obj $params -name "list" -type "bool" -default "no" -validateset "no","yes" -resultobj $result
$permissionList = Get-AnsibleParam -obj $params -name "list" -type "bool" -default $false
$folderEnum = if ($permissionList) { "Unrestricted" } else { "AccessBased" }
$permissionRead = Get-AnsibleParam -obj $params -name "read" -type "str" -default "" | NormalizeAccounts
@ -139,6 +150,7 @@ Try {
$permissionDeny = Get-AnsibleParam -obj $params -name "deny" -type "str" -default "" | NormalizeAccounts
$cachingMode = Get-AnsibleParam -obj $params -name "caching_mode" -type "str" -default "Manual" -validateSet "BranchCache","Documents","Manual","None","Programs","Unknown"
$encrypt = Get-AnsibleParam -obj $params -name "encrypt" -type "bool" -default $false
If (-Not (Test-Path -Path $path)) {
Fail-Json $result "$path directory does not exist on the host"
@ -149,32 +161,53 @@ Try {
# need to (re-)create share
If (-not $share) {
New-SmbShare -Name $name -Path $path
$share = Get-SmbShare $name -ErrorAction SilentlyContinue
if (-not $check_mode) {
New-SmbShare -Name $name -Path $path
}
$share = Get-SmbShare -Name $name -ErrorAction SilentlyContinue
$result.changed = $true
$result.actions += "New-SmbShare -Name $name -Path $path"
}
If ($share.Path -ne $path) {
Remove-SmbShare -Force -Name $name
New-SmbShare -Name $name -Path $path
$share = Get-SmbShare $name -ErrorAction SilentlyContinue
if (-not $check_mode) {
Remove-SmbShare -Force -Name $name
New-SmbShare -Name $name -Path $path
}
$share = Get-SmbShare -Name $name -ErrorAction SilentlyContinue
$result.changed = $true
$result.actions += "Remove-SmbShare -Force -Name $name"
$result.actions += "New-SmbShare -Name $name -Path $path"
}
# updates
If ($share.Description -ne $description) {
Set-SmbShare -Force -Name $name -Description $description
if (-not $check_mode) {
Set-SmbShare -Force -Name $name -Description $description
}
$result.changed = $true
$result.actions += "Set-SmbShare -Force -Name $name -Description $description"
}
If ($share.FolderEnumerationMode -ne $folderEnum) {
Set-SmbShare -Force -Name $name -FolderEnumerationMode $folderEnum
if (-not $check_mode) {
Set-SmbShare -Force -Name $name -FolderEnumerationMode $folderEnum
}
$result.changed = $true
$result.actions += "Set-SmbShare -Force -Name $name -FolderEnumerationMode $folderEnum"
}
if ($share.CachingMode -ne $cachingMode) {
Set-SmbShare -Force -Name $name -CachingMode $cachingMode
if (-not $check_mode) {
Set-SmbShare -Force -Name $name -CachingMode $cachingMode
}
$result.changed = $true
$result.actions += "Set-SmbShare -Force -Name $name -CachingMode $cachingMode"
}
if ($share.EncryptData -ne $encrypt) {
if (-not $check_mode) {
Set-SmbShare -Force -Name $name -EncryptData $encrypt
}
$result.changed = $true
$result.actions += "Set-SmbShare -Force -Name $name -EncryptData $encrypt"
}
# clean permissions that imply others
@ -190,38 +223,57 @@ Try {
$permissions = Get-SmbShareAccess -Name $name
ForEach ($permission in $permissions) {
If ($permission.AccessControlType -eq "Deny") {
If (!$permissionDeny.Contains($permission.AccountName)) {
Unblock-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
$result.changed = $true
$cim_count = 0
foreach ($count in $permissions) {
$cim_count++
}
}
ElseIf ($permission.AccessControlType -eq "Allow") {
If ($permission.AccessRight -eq "Full") {
If (!$permissionFull.Contains($permission.AccountName)) {
Revoke-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
# Don't remove the Deny entry for Everyone if there are no other permissions set (cim_count == 1)
if (-not ($permission.AccountName -eq 'Everyone' -and $cim_count -eq 1)) {
If (-not ($permissionDeny.Contains($permission.AccountName))) {
if (-not $check_mode) {
Unblock-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
}
$result.changed = $true
$result.actions += "Unblock-SmbShareAccess -Force -Name $name -AccountName $($permission.AccountName)"
} else {
# Remove from the deny list as it already has the permissions
$permissionDeny.remove($permission.AccountName)
}
}
} ElseIf ($permission.AccessControlType -eq "Allow") {
If ($permission.AccessRight -eq "Full") {
If (-not ($permissionFull.Contains($permission.AccountName))) {
if (-not $check_mode) {
Revoke-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
}
$result.changed = $true
$result.actions += "Revoke-SmbShareAccess -Force -Name $name -AccountName $($permission.AccountName)"
Continue
}
# user got requested permissions
$permissionFull.remove($permission.AccountName)
}
ElseIf ($permission.AccessRight -eq "Change") {
If (!$permissionChange.Contains($permission.AccountName)) {
Revoke-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
} ElseIf ($permission.AccessRight -eq "Change") {
If (-not ($permissionChange.Contains($permission.AccountName))) {
if (-not $check_mode) {
Revoke-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
}
$result.changed = $true
$result.actions += "Revoke-SmbShareAccess -Force -Name $name -AccountName $($permission.AccountName)"
Continue
}
# user got requested permissions
$permissionChange.remove($permission.AccountName)
}
ElseIf ($permission.AccessRight -eq "Read") {
If (!$permissionRead.Contains($permission.AccountName)) {
Revoke-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
} ElseIf ($permission.AccessRight -eq "Read") {
If (-not ($permissionRead.Contains($permission.AccountName))) {
if (-not $check_mode) {
Revoke-SmbShareAccess -Force -Name $name -AccountName $permission.AccountName
}
$result.changed = $true
$result.actions += "Revoke-SmbShareAccess -Force -Name $name -AccountName $($permission.AccountName)"
Continue
}
@ -234,24 +286,35 @@ Try {
# add missing permissions
ForEach ($user in $permissionRead) {
Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight "Read"
if (-not $check_mode) {
Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight "Read"
}
$result.changed = $true
$result.actions += "Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight Read"
}
ForEach ($user in $permissionChange) {
Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight "Change"
if (-not $check_mode) {
Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight "Change"
}
$result.changed = $true
$result.actions += "Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight Change"
}
ForEach ($user in $permissionFull) {
Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight "Full"
if (-not $check_mode) {
Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight "Full"
}
$result.changed = $true
$result.actions += "Grant-SmbShareAccess -Force -Name $name -AccountName $user -AccessRight Full"
}
ForEach ($user in $permissionDeny) {
Block-SmbShareAccess -Force -Name $name -AccountName $user
if (-not $check_mode) {
Block-SmbShareAccess -Force -Name $name -AccountName $user
}
$result.changed = $true
$result.actions += "Block-SmbShareAccess -Force -Name $name -AccountName $user"
}
}
}
Catch {
} Catch {
Fail-Json $result "an error occurred when attempting to create share $($name): $($_.Exception.Message)"
}

42
lib/ansible/modules/windows/win_share.py
View file

@ -32,21 +32,25 @@ module: win_share
version_added: "2.1"
short_description: Manage Windows shares
description:
- Add, modify or remove Windows share and set share permissions.
- Add, modify or remove Windows share and set share permissions.
requirements:
- Windows 8.1 / Windows 2012 or newer
- As this module used newer cmdlets like New-SmbShare this can only run on
Windows 8 / Windows 2012 or newer.
- This is due to the reliance on the WMI provider MSFT_SmbShare
U(https://msdn.microsoft.com/en-us/library/hh830471) which was only added
with these Windows releases.
options:
name:
description:
- Share name
- Share name.
required: True
path:
description:
- Share directory
- Share directory.
required: True
state:
description:
- Specify whether to add C(present) or remove C(absent) the specified share
- Specify whether to add C(present) or remove C(absent) the specified share.
choices:
- present
- absent
@ -56,10 +60,9 @@ options:
- Share description
list:
description:
- Specify whether to allow or deny file listing, in case user got no permission on share
choices:
- yes
- no
- Specify whether to allow or deny file listing, in case user got no permission on share.
type: bool
default: 'no'
read:
description:
- Specify user list that should get read access on share, separated by comma.
@ -84,7 +87,14 @@ options:
- Unknown
default: "Manual"
version_added: "2.3"
author: Hans-Joachim Kliemeck (@h0nIg), David Baumann (@daBONDi)
encrypt:
description: Sets whether to encrypt the traffic to the share or not.
type: bool
default: 'no'
version_added: "2.4"
author:
- Hans-Joachim Kliemeck (@h0nIg)
- David Baumann (@daBONDi)
'''
EXAMPLES = r'''
@ -96,7 +106,7 @@ EXAMPLES = r'''
name: internal
description: top secret share
path: C:\shares\internal
list: 'no'
list: no
full: Administrators,CEO
read: HR-Global
deny: HR-External
@ -106,16 +116,20 @@ EXAMPLES = r'''
name: company
description: top secret share
path: C:\shares\company
list: 'yes'
list: yes
full: Administrators,CEO
read: Global
# Remove previously added share
- name: Remove previously added share
win_share:
name: internal
state: absent
'''
RETURN = r'''
actions:
description: A list of action cmdlets that were run by the module.
returned: success
type: list
sample: ['New-SmbShare -Name share -Path C:\temp']
'''