diff --git a/.zuul.yaml b/.zuul.yaml index 807ce4a5..88f612a5 100644 --- a/.zuul.yaml +++ b/.zuul.yaml @@ -74,6 +74,7 @@ identity_user identity_user_info identity_role + identity_role_info image keypair keystone_domain diff --git a/ci/roles/identity_role/tasks/main.yml b/ci/roles/identity_role/tasks/main.yml index d7eaf36b..1a5f4483 100644 --- a/ci/roles/identity_role/tasks/main.yml +++ b/ci/roles/identity_role/tasks/main.yml @@ -32,7 +32,7 @@ - name: Assert role found assert: that: - - roles.openstack_roles | length == 1 + - roles.roles | length == 1 - name: Assert role changed assert: that: role is changed @@ -45,7 +45,7 @@ that: role['role']['name'] == role_name - name: Assert retrieved values assert: - that: roles.openstack_roles[0].name == role_name + that: roles.roles[0].name == role_name - block: - name: Create existing keystone role @@ -80,4 +80,4 @@ - name: Assert no role found assert: that: - - roles.openstack_roles | length == 0 + - roles.roles | length == 0 diff --git a/ci/roles/identity_role_info/tasks/main.yml b/ci/roles/identity_role_info/tasks/main.yml new file mode 100644 index 00000000..73ff072a --- /dev/null +++ b/ci/roles/identity_role_info/tasks/main.yml @@ -0,0 +1,64 @@ +- name: Ensure role does not exist before tests + openstack.cloud.identity_role: + cloud: "{{ cloud }}" + state: absent + name: test_role + +- name: Get unexistent role + openstack.cloud.identity_role_info: + cloud: "{{ cloud }}" + name: test_role + register: roleinfo + +- debug: + var: roleinfo + +- name: Assert that no results were returned + assert: + that: not roleinfo.roles + +- name: Create keystone role + openstack.cloud.identity_role: + cloud: "{{ cloud }}" + state: present + name: test_role + +- name: Create second role + openstack.cloud.identity_role: + cloud: "{{ cloud }}" + state: present + name: test_role2 + +- name: Get role by name + openstack.cloud.identity_role_info: + cloud: "{{ cloud }}" + name: test_role + register: roleinfo + +- debug: + var: roleinfo + +- name: Assert that only one result was returned + assert: + that: roleinfo.roles | length == 1 + +- name: Assert that roleinfo has fields + assert: + that: item in roleinfo.roles[0] + loop: + - description + - domain_id + - id + - links + - name + +- name: Post-test cleanup + block: + - name: Clean up roles + openstack.cloud.identity_role: + cloud: "{{ cloud }}" + state: absent + name: "{{ item }}" + loop: + - test_role + - test_role2 diff --git a/ci/run-collection.yml b/ci/run-collection.yml index 44de1651..d5ba8ba0 100644 --- a/ci/run-collection.yml +++ b/ci/run-collection.yml @@ -20,6 +20,7 @@ - { role: identity_user, tags: identity_user } - { role: identity_user_info, tags: identity_user_info } - { role: identity_role, tags: identity_role } + - { role: identity_role_info, tags: identity_role_info } - { role: image, tags: image } - { role: keypair, tags: keypair } - { role: keystone_domain, tags: keystone_domain } diff --git a/plugins/modules/identity_role_info.py b/plugins/modules/identity_role_info.py index 361e800d..d211a7ca 100644 --- a/plugins/modules/identity_role_info.py +++ b/plugins/modules/identity_role_info.py @@ -7,19 +7,19 @@ DOCUMENTATION = ''' --- module: identity_role_info -short_description: Retrive information about roles +short_description: Retrieve information about roles author: OpenStack Ansible SIG description: - Get information about identity roles in Openstack options: domain_id: description: - - List roles in specified domain only + - Domain ID which owns the role type: str required: false name: description: - - List role speficied by name + - Name or ID of the role type: str required: false @@ -32,26 +32,32 @@ extends_documentation_fragment: ''' RETURN = ''' -openstack_roles: +roles: description: List of identity roles returned: always type: list elements: dict - sample: - - domain_id: None - id: 19bf514fdda84f808ccee8463bd85c1a - location: - cloud: mycloud - project: - domain_id: None - domain_name: None - id: None - name: None - region_name: None - zone: None - name: member - properties: - + contains: + id: + description: Unique ID for the role + returned: success + type: str + name: + description: Unique role name, within the owning domain. + returned: success + type: str + description: + description: User-facing description of the role. + returned: success + type: str + domain_id: + description: References the domain ID which owns the role. + returned: success + type: str + links: + description: The links for the service resources + returned: success + type: dict ''' EXAMPLES = ''' @@ -75,23 +81,24 @@ from ansible_collections.openstack.cloud.plugins.module_utils.openstack import O class IdentityRoleInfoModule(OpenStackModule): - argument_spec = dict( domain_id=dict(type='str', required=False), name=dict(type='str', required=False), ) + module_kwargs = dict( supports_check_mode=True, ) def run(self): - roles = self.conn.list_roles(domain_id=self.params['domain_id']) - # Dictionaries are supported from Train release - roles = [item if isinstance(item, dict) else item.to_dict() for item in roles] - # Filtering by name is supported from Wallaby release - if self.params['name']: - roles = [item for item in roles if self.params['name'] in (item['id'], item['name'])] - self.results.update({'openstack_roles': roles}) + params = { + 'domain_id': self.params['domain_id'], + 'name_or_id': self.params['name'], + } + params = {k: v for k, v in params.items() if v is not None} + + roles = [role.to_dict(computed=False) for role in self.conn.search_roles(**params)] + self.exit_json(changed=False, roles=roles) def main():