cyberark · bab29 · Jun 4, 2021 · Jun 4, 2021 · Jun 4, 2021 · Jun 5, 2021
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -3,50 +3,50 @@
 
 # Validate Parameters
 - name: Validate input parameters
-  include_tasks: psm_validateparameters.yml
+  ansible.builtin.include_tasks: psm_validateparameters.yml
 
 - name: Extract PSM package
-  include_tasks: psm_extract.yml
+  ansible.builtin.include_tasks: psm_extract.yml
   when:
     - psm_extract
   tags: [print_action]
 
 - name: Running PSM prerequisities
-  include_tasks: psm_prerequisites.yml
+  ansible.builtin.include_tasks: psm_prerequisites.yml
   when:
     - psm_prerequisites
   tags: [print_action]
 
 - name: Running PSM install
-  include_tasks: psm_install.yml
+  ansible.builtin.include_tasks: psm_install.yml
   when:
     - psm_install
   tags: [print_action]
 
 - name: Running PSM postinstall
-  include_tasks: psm_postinstall.yml
+  ansible.builtin.include_tasks: psm_postinstall.yml
   when:
     - psm_exists
     - psm_postinstall
   tags: [print_action]
 
 - name: Running PSM hardening
-  include_tasks: psm_hardening.yml
+  ansible.builtin.include_tasks: psm_hardening.yml
   when:
     - psm_exists
     - psm_hardening
   tags: [print_action]
 
 - name: Running PSM registration
-  include_tasks: psm_registration.yml
+  ansible.builtin.include_tasks: psm_registration.yml
   when:
     - psm_registration
     - psm_exists
     - not psm_registered
   tags: [print_action]
 
 - name: Running PSM clean
-  include_tasks: psm_clean.yml
+  ansible.builtin.include_tasks: psm_clean.yml
   when:
     - psm_clean
   tags: [print_action]
diff --git a/tasks/psm_clean.yml b/tasks/psm_clean.yml
@@ -2,39 +2,39 @@
 # tasks file for psm_clean
 
 - name: Find all inf and log files in hardening folder
-  win_find:
+  ansible.windows.win_find:
     paths: "{{ psm_installation_path }}\\PSM\\Hardening"
     patterns: ['*.inf', '*.log']
   register: files_to_delete
 
 - name: Delete all inf and log files in the hardening folder
-  win_file:
+  ansible.windows.win_file:
     path: "{{ item.path }}"
     state: absent
   with_items: "{{ files_to_delete.files }}"
 
 - name: Find all Relevant Files in the Windows Temp Folder
-  win_find:
+  ansible.windows.win_find:
     paths: C:\Windows\Temp
     patterns: ['PSM*.*', 'InstallationAutomation*.*']
   register: files_to_delete
 
 - name: Delete all Relevant Files in the Windows Temp Folder
-  win_file:
+  ansible.windows.win_file:
     path: "{{ item.path }}"
     state: absent
   with_items: "{{ files_to_delete.files }}"
 
 - name: Clean cred files
-  win_file:
+  ansible.windows.win_file:
     path: "{{ item }}"
     state: absent
   with_items:
     - "{{ psm_installation_path }}\\PSM\\Vault\\psmgw.ini"
     - "{{ psm_installation_path }}\\PSM\\Vault\\psmapp.ini"
 
 - name: Clean event viewer
-  win_shell: |
+  ansible.windows.win_shell: |
     try {
       wevtutil el | ForEach-Object { wevtutil cl "$_" }
     } catch {
@@ -44,7 +44,7 @@
     exit 0
 
 - name: Empty recycle bin
-  win_shell: |
+  ansible.windows.win_shell: |
     try {
       $Recycler = (New-Object -ComObject Shell.Application).Namespace(0xa)
       $Recycler.items() | ForEach-Object { rm $_.path -Force -Recurse }
@@ -55,7 +55,7 @@
     exit 0
 
 - name: Clean run history
-  win_shell: |
+  ansible.windows.win_shell: |
     try {
       $path = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU"
 
@@ -76,26 +76,26 @@
     exit 0
 
 - name: Keep installation automation folder
-  win_copy:
+  ansible.windows.win_copy:
     src: "{{ psm_installationautomation_folder }}"
     dest: "{{ psm_base_bin_drive }}\\Cyberark\\PSM"
     remote_src: True
-  ignore_errors: yes
+  ignore_errors: True
 
 - name: Keep Registration Tool folder
-  win_copy:
+  ansible.windows.win_copy:
     src: "{{ psm_registrationtool_location }}"
     dest: "{{ psm_base_bin_drive }}\\Cyberark\\PSM"
     remote_src: True
-  ignore_errors: yes
+  ignore_errors: True
 
 - name: Delete the deployment folder
-  win_file:
+  ansible.windows.win_file:
     path: "{{ psm_extract_folder }}"
     state: absent
 
 - name: Validate folder Deletion
-  win_stat:
+  ansible.windows.win_stat:
     path: "{{ psm_extract_folder }}"
   register: folder_data
 

diff --git a/tasks/psm_extract.yml b/tasks/psm_extract.yml
@@ -2,41 +2,42 @@
 # tasks file for psm_extract
 
 - name: Create folder
-  win_file:
+  ansible.windows.win_file:
     path: "{{ psm_extract_folder }}"
     state: directory
 
 - name: Copy PSM package from local source
-  win_copy:
+  ansible.windows.win_copy:
     src: "{{ psm_zip_file_path }}"
     dest: "{{ psm_extract_folder }}\\{{ psm_artifact_name }}"
+    remote_src: "{{psm_zip_file_unc}}"    
   register: st
 
-- fail:
+- ansible.builtin.fail:
     msg: "{{ psm_zip_file_path }} not exists, failing..."
   when: not st.checksum
 
 - name: Check if package is valid using checksum
-  fail:
+  ansible.builtin.fail:
     msg: "Checksum does not match, please validate your package."
   when:
     - st.checksum != psm_sha1_checksum
     - not psm_ignore_checksum
 
 - name: Unzip the PSM package
-  win_unzip:
+  community.windows.win_unzip:
     src: "{{ psm_extract_folder }}\\{{ psm_artifact_name }}"
     dest: "{{ psm_extract_folder }}"
   when: psm_official
 
 - name: Create component folder
-  win_file:
+  ansible.windows.win_file:
     path: "{{ psm_extract_folder }}\\{{ psm_component_folder }}"
     state: directory
   when: not psm_official
 
 - name: Unzip the PSM package
-  win_unzip:
+  community.windows.win_unzip:
     src: "{{ psm_extract_folder }}\\{{ psm_artifact_name }}"
     dest: "{{ psm_extract_folder }}\\{{ psm_component_folder }}"
   when: not psm_official
diff --git a/tasks/psm_hardening.yml b/tasks/psm_hardening.yml
@@ -2,12 +2,12 @@
 # tasks file for psm_hardening
 
 - name: Check psm_out_of_domain is boolean
-  fail:
+  ansible.builtin.fail:
     msg: "psm_out_of_domain should be true/false, current type is {{ psm_out_of_domain | type_debug }}"
   when: psm_out_of_domain | type_debug != 'bool'
 
 - name: Update PSM out-of-domain parameter
-  win_shell: |
+  ansible.windows.win_shell: |
     try
     {
         $psm_domain = if('{{ psm_out_of_domain }}' -eq 'true') {"Yes"} else {"No"}
@@ -29,7 +29,7 @@
   block:
 
     - name: Run PSM hardening
-      win_shell: |
+      ansible.windows.win_shell: |
         Set-Location "{{ psm_installationautomation_folder }}"
         $Action = .\Execute-Stage.ps1 "{{ psm_installationautomation_folder }}\Hardening\HardeningConfig.xml" -silentMode "Silent" -displayJson -delayedrestart
         $Action | Out-File -FilePath "{{ psm_hardening_log }}"
@@ -41,21 +41,21 @@
         }
 
     - name: Get log path for hardening
-      win_shell: |
+      ansible.windows.win_shell: |
         $Result = Get-Content "{{ psm_hardening_log }}"
         Write-Output $Result
       register: log_result
 
     - name: Fetch hardening log from path
-      fetch:
+      ansible.builtin.fetch:
         src: '{{ item.logPath }}'
         dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/psm/{{ inventory_hostname }}_hardening.log'
         flat: yes
       with_items:
         - "{{ log_result.stdout | from_json }}"
 
     - name: Enable AutoAdminLogon
-      win_regedit:
+      ansible.windows.win_regedit:
         path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
         name: AutoAdminLogon
         data: 1
@@ -66,7 +66,7 @@
         - psm_restart
 
     - name: Set default username for AutoAdminLogon
-      win_regedit:
+      ansible.windows.win_regedit:
         path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
         name: DefaultUsername
         data: "{{ ansible_user }}"
@@ -77,7 +77,7 @@
         - psm_restart
 
     - name: Set default password for AutoAdminLogon
-      win_regedit:
+      ansible.windows.win_regedit:
         path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
         name: DefaultPassword
         data: "{{ ansible_password }}"
@@ -88,7 +88,7 @@
         - psm_restart
 
     - name: Reboot when PSM hardening requires reboot
-      win_reboot:
+      ansible.windows.win_reboot:
         reboot_timeout: 300
       with_items:
         - "{{ log_result.stdout | from_json }}"
@@ -97,7 +97,7 @@
         - psm_restart
 
     - name: Remove AutoAdminLogon
-      win_regedit:
+      ansible.windows.win_regedit:
         path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
         name: AutoAdminLogon
         state: absent
@@ -108,7 +108,7 @@
         - psm_restart
 
     - name: Remove username for AutoAdminLogon
-      win_regedit:
+      ansible.windows.win_regedit:
         path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
         name: DefaultUsername
         state: absent
@@ -119,7 +119,7 @@
         - psm_restart
 
     - name: Remove password for AutoAdminLogon
-      win_regedit:
+      ansible.windows.win_regedit:
         path: HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
         name: DefaultPassword
         state: absent
@@ -132,13 +132,13 @@
   rescue:
 
     - name: Get log path for hardening
-      win_shell: |
+      ansible.windows.win_shell: |
         $Result = Get-Content "{{ psm_hardening_log }}"
         Write-Output $Result
       register: log_result
 
     - name: Fetch hardening log from path
-      fetch:
+      ansible.builtin.fetch:
         src: '{{ item.logPath }}'
         dest: '{{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/psm/{{ inventory_hostname }}_hardening.log'
         flat: yes
@@ -149,7 +149,7 @@
         msg: 'ERROR: Hardening failed. For more info check {{ lookup("config", "DEFAULT_LOG_PATH") | dirname }}/psm/{{ inventory_hostname }}_hardening.log'
 
 - name: Validate PSM hardening
-  win_shell: |
+  ansible.windows.win_shell: |
     $policyInfPath = "{{ psm_installationautomation_folder }}\\group-policy.inf"
     $policyLogPath = "{{ psm_installationautomation_folder }}\\group-policy.log"
     secedit /export /cfg "$policyInfPath" /log "$policyLogPath"