From 3190ae9247a4961b0728d3dc31278c176b00ceb0 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Thu, 23 May 2019 07:43:42 +1000
Subject: [PATCH 1/3] win_get_url: add retry to service step

---
 test/integration/targets/win_get_url/tasks/main.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/test/integration/targets/win_get_url/tasks/main.yml b/test/integration/targets/win_get_url/tasks/main.yml
index c2345536a32c03..0a47d9bb3e6bd8 100644
--- a/test/integration/targets/win_get_url/tasks/main.yml
+++ b/test/integration/targets/win_get_url/tasks/main.yml
@@ -39,6 +39,10 @@
       state: started
       dependencies:
       - tcpip
+    register: service_setup
+    until: service_setup is successful
+    retries: 5
+    delay: 3
 
   - name: run URL tests
     import_tasks: tests_url.yml

From 90275db62654ef2467289558f594f79aa1e1fcb1 Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Thu, 23 May 2019 09:34:52 +1000
Subject: [PATCH 2/3] Use defender exclusion rule instead

---
 .../library/win_defender_exclusion.ps1        | 40 +++++++++++++++++++
 .../targets/win_get_url/tasks/main.yml        | 16 ++++++--
 2 files changed, 52 insertions(+), 4 deletions(-)
 create mode 100644 test/integration/targets/win_get_url/library/win_defender_exclusion.ps1

diff --git a/test/integration/targets/win_get_url/library/win_defender_exclusion.ps1 b/test/integration/targets/win_get_url/library/win_defender_exclusion.ps1
new file mode 100644
index 00000000000000..c6f8744a455f9a
--- /dev/null
+++ b/test/integration/targets/win_get_url/library/win_defender_exclusion.ps1
@@ -0,0 +1,40 @@
+#!powershell
+
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+#Requires -Module Ansible.ModuleUtils.Legacy
+
+$params = Parse-Args $args -supports_check_mode $true
+
+$path = Get-AnsibleParam -obj $params -name "path" -type "path" -failifempty $true
+$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "absent", "present"
+
+$result = @{
+    changed = $false
+}
+
+# This is a test module, just skip instead of erroring out if we cannot set the rule
+if ($null -eq (Get-Command -Name Get-MpPreference -ErrorAction SilentlyContinue)) {
+    $result.skipped = $true
+    $result.msg = "Skip as cannot set exclusion rule"
+    Exit-Json -obj $result
+}
+
+$exclusions = (Get-MpPreference).ExclusionPath
+if ($null -eq $exclusions) {
+    $exclusions = @()
+}
+
+if ($state -eq "absent") {
+    if ($path -in $exclusions) {
+        Remove-MpPreference -ExclusionPath $path
+        $result.changed = $true
+    }
+} else {
+    if ($path -notin $exclusions) {
+        Add-MpPreference -ExclusionPath $path
+        $result.changed = $true
+    }
+}
+
+Exit-Json -obj $result
diff --git a/test/integration/targets/win_get_url/tasks/main.yml b/test/integration/targets/win_get_url/tasks/main.yml
index 0a47d9bb3e6bd8..c2f69f084fa0b5 100644
--- a/test/integration/targets/win_get_url/tasks/main.yml
+++ b/test/integration/targets/win_get_url/tasks/main.yml
@@ -13,6 +13,13 @@
     src: files/
     dest: '{{ testing_dir }}'
 
+# False positive in Windows Defender is flagging the file as a virus and removing it. We need to add an exclusion so
+# the tests continue to work
+- name: add exclusion for the SlimFTPd binary
+  win_defender_exclusion:
+    path: '{{ testing_dir }}\SlimFTPd.exe'
+    state: present
+
 - name: download SlimFTPd binary
   win_get_url:
     url: https://ansible-ci-files.s3.amazonaws.com/test/integration/roles/test_win_get_url/SlimFTPd.exe
@@ -39,10 +46,6 @@
       state: started
       dependencies:
       - tcpip
-    register: service_setup
-    until: service_setup is successful
-    retries: 5
-    delay: 3
 
   - name: run URL tests
     import_tasks: tests_url.yml
@@ -63,3 +66,8 @@
     win_file:
       path: '{{ slimftpd_link }}'
       state: absent
+
+  - name: remove exclusion for the SlimFTPd binary
+    win_defender_exclusion:
+      path: '{{ testing_dir }}\SlimFTPd.exe'
+      state: absent

From 6a4fb931093381aef2699be28c3e025a203c542b Mon Sep 17 00:00:00 2001
From: Jordan Borean <jborean93@gmail.com>
Date: Thu, 23 May 2019 09:56:50 +1000
Subject: [PATCH 3/3] Expand the exclusion for defender for temp downloaded
 files

---
 test/integration/targets/win_get_url/tasks/main.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/integration/targets/win_get_url/tasks/main.yml b/test/integration/targets/win_get_url/tasks/main.yml
index c2f69f084fa0b5..74bbc8bdff6284 100644
--- a/test/integration/targets/win_get_url/tasks/main.yml
+++ b/test/integration/targets/win_get_url/tasks/main.yml
@@ -17,7 +17,7 @@
 # the tests continue to work
 - name: add exclusion for the SlimFTPd binary
   win_defender_exclusion:
-    path: '{{ testing_dir }}\SlimFTPd.exe'
+    path: '{{ remote_tmp_dir | win_dirname }}'
     state: present
 
 - name: download SlimFTPd binary
@@ -69,5 +69,5 @@
 
   - name: remove exclusion for the SlimFTPd binary
     win_defender_exclusion:
-      path: '{{ testing_dir }}\SlimFTPd.exe'
+      path: '{{ remote_tmp_dir | win_dirname }}'
       state: absent