File: //usr/lib/python3.9/site-packages/ansible_collections/microsoft/ad/plugins/modules/computer.ps1
#!powershell
# Copyright: (c) 2023, Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
#AnsibleRequires -CSharpUtil Ansible.Basic
#AnsibleRequires -PowerShell ..module_utils._ADObject
$setParams = @{
PropertyInfo = @(
[PSCustomObject]@{
Name = 'delegates'
Option = @{
aliases = 'principals_allowed_to_delegate'
type = 'dict'
options = @{
add = @{ type = 'list'; elements = 'str' }
remove = @{ type = 'list'; elements = 'str' }
set = @{ type = 'list'; elements = 'str' }
}
}
Attribute = 'PrincipalsAllowedToDelegateToAccount'
CaseInsensitive = $true
}
[PSCustomObject]@{
Name = 'dns_hostname'
Option = @{ type = 'str' }
Attribute = 'DNSHostName'
}
[PSCustomObject]@{
Name = 'enabled'
Option = @{ type = 'bool' }
Attribute = 'Enabled'
}
[PSCustomObject]@{
Name = 'kerberos_encryption_types'
Option = @{
type = 'dict'
options = @{
add = @{
choices = 'aes128', 'aes256', 'des', 'rc4'
type = 'list'
elements = 'str'
}
remove = @{
choices = 'aes128', 'aes256', 'des', 'rc4'
type = 'list'
elements = 'str'
}
set = @{
choices = 'aes128', 'aes256', 'des', 'rc4'
type = 'list'
elements = 'str'
}
}
}
Attribute = 'KerberosEncryptionType'
CaseInsensitive = $true
New = {
param($Module, $ADParams, $NewParams)
$encTypes = @(
$Module.Params.kerberos_encryption_types.add
$Module.Params.kerberos_encryption_types.set
) | Select-Object -Unique
$NewParams.KerberosEncryptionType = $encTypes
$Module.Diff.after.kerberos_encryption_types = $MencTypes
}
Set = {
param($Module, $ADParams, $SetParams, $ADObject)
# This is an enum value and needs custom handling for things like
# unsetting the values with none.
$rawValue = $ADObject.KerberosEncryptionType.Value
$existing = foreach ($v in [System.Enum]::GetValues($rawValue.GetType())) {
if ($rawValue -band $v) { $v.ToString() }
}
if ($existing -eq 'None') {
$existing = @()
}
$module.Diff.before.kerberos_encryption_types = $existing
$desired = $Module.Params.kerberos_encryption_types
$compareParams = @{
Existing = $existing
CaseInsensitive = $true
}
$res = Compare-AnsibleADIdempotentList @compareParams @desired
if ($res.Changed) {
if ($res.Value) {
$SetParams.KerberosEncryptionType = $res.Value -join ', '
}
else {
$SetParams.KerberosEncryptionType = 'None'
}
}
$module.Diff.after.kerberos_encryption_types = $res.Value
}
}
[PSCustomObject]@{
Name = 'location'
Option = @{ type = 'str' }
Attribute = 'Location'
}
[PSCustomObject]@{
Name = 'managed_by'
Option = @{ type = 'str' }
Attribute = 'ManagedBy'
}
[PSCustomObject]@{
Name = 'sam_account_name'
Option = @{ type = 'str' }
Attribute = 'sAMAccountName'
}
[PSCustomObject]@{
Name = 'spn'
Option = @{
aliases = 'spns'
type = 'dict'
options = @{
add = @{ type = 'list'; elements = 'str' }
remove = @{ type = 'list'; elements = 'str' }
set = @{ type = 'list'; elements = 'str' }
}
}
Attribute = 'ServicePrincipalNames'
New = {
param($Module, $ADParams, $NewParams)
$spns = @(
$Module.Params.spn.add
$Module.Params.spn.set
) | Select-Object -Unique
$NewParams.ServicePrincipalNames = $spns
$Module.Diff.after.spn = $spns
}
Set = {
param($Module, $ADParams, $SetParams, $ADObject)
$desired = $Module.Params.spn
$compareParams = @{
Existing = $ADObject.ServicePrincipalNames
CaseInsensitive = $true
}
$res = Compare-AnsibleADIdempotentList @compareParams @desired
if ($res.Changed) {
$SetParams.ServicePrincipalNames = @{}
if ($res.ToAdd) {
$SetParams.ServicePrincipalNames.Add = $res.ToAdd
}
if ($res.ToRemove) {
$SetParams.ServicePrincipalNames.Remove = $res.ToRemove
}
}
$module.Diff.after.kerberos_encryption_types = @($res.Value | Sort-Object)
}
}
[PSCustomObject]@{
Name = 'trusted_for_delegation'
Option = @{ type = 'bool' }
Attribute = 'TrustedForDelegation'
}
[PSCustomObject]@{
Name = 'upn'
Option = @{ type = 'str' }
Attribute = 'userPrincipalName'
}
)
ModuleNoun = 'ADComputer'
DefaultPath = {
param($Module, $ADParams)
$GUID_COMPUTERS_CONTAINER_W = 'AA312825768811D1ADED00C04FD8D5CD'
$defaultNamingContext = (Get-ADRootDSE @ADParams -Properties defaultNamingContext).defaultNamingContext
Get-ADObject @ADParams -Identity $defaultNamingContext -Properties wellKnownObjects |
Select-Object -ExpandProperty wellKnownObjects |
Where-Object { $_.StartsWith("B:32:$($GUID_COMPUTERS_CONTAINER_W):") } |
ForEach-Object Substring 38
}
PreAction = {
param ($Module, $ADParams, $ADObject)
if ($Module.Params.sam_account_name -and -not $Module.Params.sam_account_name.EndsWith('$')) {
$Module.Params.sam_account_name = "$($Module.Params.sam_account_name)$"
}
}
PostAction = {
param($Module, $ADParams, $ADObject)
if ($ADObject) {
$Module.Result.sid = $ADObject.SID.Value
}
elseif ($Module.Params.state -eq 'present') {
# Use dummy value for check mode when creating a new user
$Module.Result.sid = 'S-1-5-0000'
}
}
}
Invoke-AnsibleADObject @setParams