Refactored neutron_rbac_polic{ies_info,y} modules

Change-Id: I1cd37096834d4159b5fa46719f5c479cb2bc29a9
2026-05-08 14:23:03 +00:00 · 2022-11-10 19:21:08 +01:00
parent daf79de37e
commit 0f37ed795b
6 changed files with 356 additions and 471 deletions
--- a/ci/roles/neutron_rbac_policy/defaults/main.yml
+++ b/ci/roles/neutron_rbac_policy/defaults/main.yml
@@ -0,0 +1,9 @@
+expected_fields:
+  - action
+  - id
+  - name
+  - object_id
+  - object_type
+  - project_id
+  - target_project_id
+  - tenant_id
--- a/ci/roles/neutron_rbac_policy/tasks/main.yml
+++ b/ci/roles/neutron_rbac_policy/tasks/main.yml
@@ -1,27 +1,18 @@
 ---
-# General run of tests
-# - Prepare projects/network objects
-# - Create rbac object
-# - Get rbac object info
-# - Verify RBAC object match
-# - Delete rbac object
-# - Get rbac object info
-# - Verify RBAC object deleted
-
 - name: Create source project
  openstack.cloud.project:
     cloud: "{{ cloud }}"
     state: present
-     name: source_project
+     name: ansible_source_project
     description: Source project for network RBAC test
     domain_id: default
     enabled: True
  register: source_project

- name: Create network - generic
+- name: Create network
  openstack.cloud.network:
     cloud: "{{ cloud }}"
-     name: "{{ network_name }}"
+     name: "ansible_network"
     state: present
     project: "{{ source_project.project.id }}"
     shared: false
@@ -32,7 +23,7 @@
  openstack.cloud.project:
     cloud: "{{ cloud }}"
     state: present
-     name: ansible_project
+     name: ansible_target_project
     description: Target project for network RBAC test
     domain_id: default
     enabled: True
@@ -48,38 +39,62 @@
    project_id: "{{ source_project.project.id }}"
  register: rbac_policy

+- name: Assert return values of neutron_rbac_policy module
+  assert:
+    that:
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(rbac_policy.rbac_policy.keys())|length == 0
+
 - name: Get all rbac policies for {{ source_project.project.name }} - after creation
  openstack.cloud.neutron_rbac_policies_info:
    cloud: "{{ cloud }}"
-    project_id: "{{ source_project.project.id }}"
+    project: "{{ source_project.project.id }}"
  register: rbac_policies

- name: Capture all existing policy IDs
-  set_fact:
-    rbac_policy_ids: "{{ rbac_policies.policies | map(attribute='id') | list }}"
+- name: Assert return values of neutron_rbac_policy_info module
+  assert:
+    that:
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(rbac_policies.rbac_policies[0].keys())|length == 0

 - name: Verify policy exists - after creation
  assert:
    that:
-      - rbac_policy.policy.id in rbac_policy_ids
+      - rbac_policy.rbac_policy.id in
+        ( rbac_policies.rbac_policies | map(attribute='id') | list )

 - name: Delete RBAC policy
  openstack.cloud.neutron_rbac_policy:
    cloud: "{{ cloud }}"
-    policy_id: "{{ rbac_policy.policy.id }}"
+    id: "{{ rbac_policy.rbac_policy.id }}"
    state: absent

 - name: Get all rbac policies for {{ source_project.project.name }} - after deletion
  openstack.cloud.neutron_rbac_policies_info:
    cloud: "{{ cloud }}"
-    project_id: "{{ source_project.project.id }}"
+    project: "{{ source_project.project.id }}"
  register: rbac_policies_remaining

- name: Capture all remaining policy IDs
-  set_fact:
-    remaining_rbac_policy_ids: "{{ rbac_policies_remaining.policies | map(attribute='id') | list }}"
-
 - name: Verify policy does not exist - after deletion
  assert:
    that:
-      - not rbac_policy.policy.id in remaining_rbac_policy_ids
+      - rbac_policy.rbac_policy.id not in
+        ( rbac_policies_remaining.rbac_policies | map(attribute='id') | list )
+
+- name: Delete target project
+  openstack.cloud.project:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_target_project
+
+- name: Delete network
+  openstack.cloud.network:
+     cloud: "{{ cloud }}"
+     name: "ansible_network"
+     state: absent
+
+- name: Delete source project
+  openstack.cloud.project:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_source_project
--- a/ci/run-collection.yml
+++ b/ci/run-collection.yml
@@ -40,10 +40,7 @@
      when: sdk_version is version(0.44, '>=')
    - { role: logging, tags: logging }
    - { role: network, tags: network }
-    - role: neutron_rbac
-      tags:
-        - rbac
-        - neutron_rbac
+    - { role: neutron_rbac_policy, tags: neutron_rbac_policy }
    - role: nova_services
      tags: nova_services
      when: sdk_version is version(0.44, '>=')