ansible.windows.win_powershell – Run PowerShell scripts

Note

This plugin is part of the ansible.windows collection (version 1.5.0).

To install it use: ansible-galaxy collection install ansible.windows.

To use it in a playbook, specify: ansible.windows.win_powershell.

New in version 1.5.0: of ansible.windows

Synopsis

Parameters

Parameter Choices/Defaults Comments
arguments
list / elements=string
A list of arguments to pass to executable when running a script in another PowerShell process.
These are not arguments to pass to script, use parameters for that purpose.
chdir
string
The PowerShell location to set when starting the script.
This can be a location in any of the PowerShell providers.
The default location is dependent on many factors, if relative paths are used then set this option.
creates
string
A path or path filter pattern; when the referenced path exists on the target host, the task will be skipped.
depth
integer
Default:
2
How deep the return values are serialized for result, output, and information[x].message_data.
Setting this to a higher value can dramatically increase the amount of data that needs to be returned.
error_action
string
    Choices:
  • silently_continue
  • continue ←
  • stop
The $ErrorActionPreference to set before executing script.
silently_continue will ignore any errors and exceptions raised.
continue is the default behaviour in PowerShell, errors are present in the error return value but only terminating exceptions will stop the script from continuing and set it as failed.
stop will treat errors like exceptions, will stop the script and set it as failed.
executable
string
A custom PowerShell executable to run the script in.
When not defined the script will run in the current module PowerShell interpreter.
Both the remote PowerShell and the one specified by executable must be running on PowerShell v5.1 or newer.
Setting this value may change the values returned in the output return value depending on the underlying .NET type.
parameters
dictionary
Parameters to pass into the script as key value pairs.
The key corresponds to the parameter name and the value is the value for that parameter.
removes
string
A path or path filter pattern; when the referenced path does not exist on the target host, the task will be skipped.
script
string / required
The PowerShell script to run.

Notes

Note

  • The module is set as failed when a terminating exception is throw, or error_action=stop and a normal error record is raised.

  • The output values are processed using a custom filter and while it mostly matches the ConvertTo-Json result the following value types are different.

  • DateTime will be an ISO 8601 string in UTC, DateTimeOffset will have the offset as specified by the value.

  • Enum will contain a dictionary with Type, String, Value being the type name, string representation and raw integer value respectively.

  • Type will contain a dictionary with Name, FullName, AssemblyQualifiedName, BaseType being the type name, the type name including the namespace, the full assembly name the type was defined in and the base type it derives from.

  • The script has access to the $Ansible variable where it can set Result, Changed, Failed, or access Tmpdir.

  • $Ansible.Result is a value that is returned back to the controller as is.

  • $Ansible.Changed can be set to true or false to reflect whether the module made a change or not. By default this is set to true.

  • $Ansible.Failed can be set to true if the script wants to return the failure back to the controller.

  • $Ansible.Tmpdir is the path to a temporary directory to use as a scratch location that is cleaned up after the module has finished.

  • Any host/console output like Write-Host or [Console]::WriteLine is not considered an output object, they are returned as a string in host_out and host_err.

  • The module will skip running the script when in check mode unless the script defines [CmdletBinding(SupportsShouldProcess]).

See Also

See also

ansible.windows.win_command

The official documentation on the ansible.windows.win_command module.

ansible.windows.win_shell

The official documentation on the ansible.windows.win_shell module.

Examples

- name: Run basic PowerShell script
  ansible.windows.win_powershell:
    script: |
      echo "Hello World"

- name: Run PowerShell script with parameters
  ansible.windows.win_powershell:
    script: |
      [CmdletBinding()]
      param (
          [String]
          $Path,

          [Switch]
          $Force
      )

      New-Item -Path $Path -ItemType Direcotry -Force:$Force
    parameters:
      Path: C:\temp
      Force: true

- name: Run PowerShell script that modifies the module changed result
  ansible.windows.win_powershell:
    script: |
      if (Get-Service -Name test -ErrorAction SilentlyContinue) {
          Remove-Service -Name test
      }
      else {
          $Ansible.Changed = $false
      }

- name: Run PowerShell script in PowerShell 7
  ansible.windows.win_powershell:
    script: |
      $PSVersionTable.PSVersion.Major
    executable: pwsh.exe
    arguments:
    - -ExecutionPolicy
    - ByPass
  register: pwsh_output
  failed_when:
  - pwsh_output.output[0] != 7

- name: Run code in check mode
  ansible.windows.win_powershell:
    script: |
      [CmdletBinding(SupportsShouldProcess)]
      param ()

      # Use $Ansible to detect check mode
      if ($Ansible.CheckMode) {
          echo 'running in check mode'
      }
      else {
          echo 'running in normal mode'
      }

      # Use builtin ShouldProcess (-WhatIf)
      if ($PSCmdlet.ShouldProcess('target')) {
          echo 'also running in normal mode'
      }
      else {
          echo 'also running in check mode'
      }
  check_mode: yes

- name: Return a failure back to Ansible
  ansible.windows.win_powershell:
    script: |
      if (Test-Path C:\bad.file) {
          $Ansible.Failed = $true
      }

- name: Define when the script made a change or not
  ansible.windows.win_powershell:
    script: |
      if ((Get-Item WSMan:\localhost\Service\Auth\Basic).Value -eq 'true') {
          Set-Item WSMan:\localhost\Service\Auth\Basic -Value false
      }
      else {
          $Ansible.Changed = $true
      }

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key Returned Description
debug
list / elements=string
always
A list of warning messages created by the script.
Debug messages only appear when $DebugPreference = 'Continue'.

Sample:
['debug record']
error
list / elements=dictionary
always
A list of error records created by the script.

 
category_info
dictionary
success
More information about the error record.

   
activity
string
always
Description of the operation which encountered the error.

Sample:
Write-Error
   
category
string
always
The category name of the error record.

Sample:
NotSpecified
   
category_id
integer
always
The integer representation of the category.

   
reason
string
always
Description of the error.

Sample:
WriteErrorException
   
target_name
string
always
Description of the target object.
Can be an empty string if no target was specified.

Sample:
C:\Windows
   
target_type
string
always
Description of the type of the target object.
Can be an empty string if no target object was specified.

Sample:
String
 
error_details
dictionary
success
Additional details about an ErrorRecord.
Can be null if there are not additional details.

   
message
string
always
Message for the error record.

Sample:
Specific error message
   
recommended_action
string
always
Recommended action in the even that this error occurs.
This is empty unless the code which generates the error adds this explicitly.

Sample:
Delete file
 
exception
dictionary
success
Details about the exception behind the error record.

    help_link
string
always
A link to the help details for the exception.
May not be set as it's dependent on whether the .NET exception class provides this info.

Sample:
http://docs.ansible.com/
   
hresult
integer
always
The signed integer assigned to this exception.
May not be set as it's dependent on whether the .NET exception class provides this info.

Sample:
-1
   
inner_exception
dictionary
always
The inner exception details if there is one present.
The dict contains the same keys as a normal exception.

   
message
string
always
The exception message.

Sample:
The method ran into an error
   
source
string
always
Name of the application or object that causes the error.
This may be an empty string as it's dependent on the code that raises the exception.

Sample:
C:\Windows
   
type
string
always
The full .NET type of the Exception class.

Sample:
System.Exception
 
fully_qualified_error_id
string
always
The unique identifier for the error condition
May be null if no id was specified when the record was created.

Sample:
ParameterBindingFailed
 
output
string
always
The formatted error record message as typically seen in a PowerShell console.

Sample:
Write-Error "error" : error + CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException
 
pipeline_iteration_info
list / elements=integer
always
The status of the pipeline when this record was created.
The values are 0 index based.
Each element entry represents the command index in a pipeline statement.
The value of each element represents the pipeline input idx in that command.
For Example 'C:\Windows', 'C:\temp' | Get-ChildItem | Get-Item, [1, 2, 9] represents an error occured with the 2nd output, 3rd, and 9th output of the 1st, 2nd, and 3rd command in that pipeline respectively.

Sample:
[0, 0]
 
script_stack_trace
string
always
The script stack trace for the error record.

Sample:
at <ScriptBlock>, <No file>: line 1
 
target_object
string
always
The object which the error occured.
May be null if no object was specified when the record was created.

Sample:
C:\Windows
host_err
string
always
The strings written to the host error output, typically the stderr.
This is not the same as objects sent to the error stream in PowerShell.

Sample:
Error 1 Error 2
host_out
string
always
The strings written to the host output, typically the stdout.
This is not the same as objects sent to the output stream in PowerShell.

Sample:
Line 1 Line 2
information
list / elements=dictionary
always
A list of information records created by the script.
The information stream was only added in PowerShell v5, older versions will always have an empty list as a value.

 
message_data
complex
always
Message data associated with the record.
The value here can be of any type.

Sample:
information record
 
source
string
always
The source of the record.

Sample:
Write-Information
 
tags
list / elements=string
always
A list of tags associated with the record.

Sample:
['Host']
 
time_generated
string
always
The time the record was generated.
This is the time in UTC as an ISO 8601 formatted string.

Sample:
2021-02-11T04:46:00.4694240Z
output
list / elements=string
always
A list containing all the objects outputted by the script.
The list elements can be anything as it is based on what was ran.

Sample:
['output 1', 2, ['inner list'], {'key': 'value'}, 'None']
result
complex
always
The values that were set by $Ansible.Result in the script.
Defaults to an empty dict but can be set to anything by the script.

Sample:
{'key': 'value', 'other key': 1}
verbose
list / elements=string
always
A list of warning messages created by the script.
Verbose messages only appear when $VerbosePreference = 'Continue'.

Sample:
['verbose record']
warning
list / elements=string
always
A list of warning messages created by the script.
Warning messages only appear when $WarningPreference = 'Continue'.

Sample:
['warning record']


Authors

  • Jordan Borean (@jborean93)