Refactored neutron_rbac_polic{ies_info,y} modules

Change-Id: I1cd37096834d4159b5fa46719f5c479cb2bc29a9
2026-05-15 14:02:00 +00:00 · 2022-11-10 19:21:08 +01:00
parent daf79de37e
commit 0f37ed795b
6 changed files with 356 additions and 471 deletions
--- a/ci/roles/neutron_rbac_policy/tasks/main.yml
+++ b/ci/roles/neutron_rbac_policy/tasks/main.yml
@@ -0,0 +1,100 @@
+---
+- name: Create source project
+  openstack.cloud.project:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_source_project
+     description: Source project for network RBAC test
+     domain_id: default
+     enabled: True
+  register: source_project
+
+- name: Create network
+  openstack.cloud.network:
+     cloud: "{{ cloud }}"
+     name: "ansible_network"
+     state: present
+     project: "{{ source_project.project.id }}"
+     shared: false
+     external: "{{ network_external }}"
+  register: network
+
+- name: Create target project
+  openstack.cloud.project:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_target_project
+     description: Target project for network RBAC test
+     domain_id: default
+     enabled: True
+  register: target_project
+
+- name: Create a new network RBAC policy
+  openstack.cloud.neutron_rbac_policy:
+    cloud: "{{ cloud }}"
+    object_id: "{{ network.network.id }}"
+    object_type: 'network'
+    action: 'access_as_shared'
+    target_project_id: "{{ target_project.project.id }}"
+    project_id: "{{ source_project.project.id }}"
+  register: rbac_policy
+
+- name: Assert return values of neutron_rbac_policy module
+  assert:
+    that:
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(rbac_policy.rbac_policy.keys())|length == 0
+
+- name: Get all rbac policies for {{ source_project.project.name }} - after creation
+  openstack.cloud.neutron_rbac_policies_info:
+    cloud: "{{ cloud }}"
+    project: "{{ source_project.project.id }}"
+  register: rbac_policies
+
+- name: Assert return values of neutron_rbac_policy_info module
+  assert:
+    that:
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(rbac_policies.rbac_policies[0].keys())|length == 0
+
+- name: Verify policy exists - after creation
+  assert:
+    that:
+      - rbac_policy.rbac_policy.id in
+        ( rbac_policies.rbac_policies | map(attribute='id') | list )
+
+- name: Delete RBAC policy
+  openstack.cloud.neutron_rbac_policy:
+    cloud: "{{ cloud }}"
+    id: "{{ rbac_policy.rbac_policy.id }}"
+    state: absent
+
+- name: Get all rbac policies for {{ source_project.project.name }} - after deletion
+  openstack.cloud.neutron_rbac_policies_info:
+    cloud: "{{ cloud }}"
+    project: "{{ source_project.project.id }}"
+  register: rbac_policies_remaining
+
+- name: Verify policy does not exist - after deletion
+  assert:
+    that:
+      - rbac_policy.rbac_policy.id not in
+        ( rbac_policies_remaining.rbac_policies | map(attribute='id') | list )
+
+- name: Delete target project
+  openstack.cloud.project:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_target_project
+
+- name: Delete network
+  openstack.cloud.network:
+     cloud: "{{ cloud }}"
+     name: "ansible_network"
+     state: absent
+
+- name: Delete source project
+  openstack.cloud.project:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_source_project