Refactored object{,_container} modules breaking backward compatibility

Previously both modules object and object_container had huge overlaps in functionality. Both allowed to create and delete containers. One would not have to pass a object to the object module at all and could use it to manage containers only. Now the object module has been changed to manage an object in a container only while the object_container module is responsible for managing Swift containers only. With object module it is now also possible to pass data instead of a filename via module options. The container_access functionality has been dropped from object module. It has been moved and extended as read_ACL and write_ACL options in object_container module. With object_container module it is now also possible to manage the container access with read_ACL and write_ACL options. Those mirror earlier container_access option of the object module which has been removed. Change-Id: I96fb9b946444866b157655e148250f1eda35e942
2026-05-07 22:03:09 +00:00 · 2022-11-23 13:49:42 +01:00
parent 1ca6f208f7
commit 7c536e69b3
7 changed files with 768 additions and 304 deletions
--- a/ci/roles/object/defaults/main.yml
+++ b/ci/roles/object/defaults/main.yml
@@ -0,0 +1,32 @@
+expected_fields:
+  - accept_ranges
+  - access_control_allow_origin
+  - content_disposition
+  - content_encoding
+  - content_length
+  - content_type
+  - copy_from
+  - delete_after
+  - delete_at
+  - etag
+  - expires_at
+  - id
+  - if_match
+  - if_modified_since
+  - if_none_match
+  - if_unmodified_since
+  - is_content_type_detected
+  - is_newest
+  - is_static_large_object
+  - last_modified_at
+  - manifest
+  - metadata
+  - multipart_manifest
+  - name
+  - object_manifest
+  - range
+  - signature
+  - symlink_target
+  - symlink_target_account
+  - timestamp
+  - transfer_encoding
--- a/ci/roles/object/tasks/main.yml
+++ b/ci/roles/object/tasks/main.yml
@@ -1,37 +1,35 @@
 ---
- name: Create a test object file
-  shell: mktemp
-  register: tmp_file
-
 - name: Create container
-  openstack.cloud.object:
-     cloud: "{{ cloud }}"
-     state: present
-     container: ansible_container
-     container_access: private
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    state: present
+    name: ansible_container

- name: Put object
+- name: Create object
  openstack.cloud.object:
-     cloud: "{{ cloud }}"
-     state: present
-     name: ansible_object
-     filename: "{{ tmp_file.stdout }}"
-     container: ansible_container
+    cloud: "{{ cloud }}"
+    state: present
+    name: ansible_object
+    data: "this is a test"
+    container: ansible_container
+  register: object
+
+- name: Assert return values of object module
+  assert:
+    that:
+      - object.object.id == "ansible_object"
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(object.object.keys())|length == 0

 - name: Delete object
  openstack.cloud.object:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: ansible_object
-     container: ansible_container
+    cloud: "{{ cloud }}"
+    state: absent
+    name: ansible_object
+    container: ansible_container

 - name: Delete container
-  openstack.cloud.object:
-     cloud: "{{ cloud }}"
-     state: absent
-     container: ansible_container
-
- name: Delete test object file
-  file:
-     name: "{{ tmp_file.stdout }}"
-     state: absent
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    state: absent
+    name: ansible_container
--- a/ci/roles/object_container/defaults/main.yml
+++ b/ci/roles/object_container/defaults/main.yml
@@ -1 +1,22 @@
-container_name: "test-container"
+expected_fields:
+  - bytes
+  - bytes_used
+  - content_type
+  - count
+  - history_location
+  - id
+  - if_none_match
+  - is_content_type_detected
+  - is_newest
+  - meta_temp_url_key
+  - meta_temp_url_key_2
+  - metadata
+  - name
+  - object_count
+  - read_ACL
+  - storage_policy
+  - sync_key
+  - sync_to
+  - timestamp
+  - versions_location
+  - write_ACL
--- a/ci/roles/object_container/tasks/main.yml
+++ b/ci/roles/object_container/tasks/main.yml
@@ -1,63 +1,93 @@
 ---
- module_defaults:
-    group/openstack.cloud.openstack:
-      cloud: "{{ cloud }}"
-    # Backward compatibility with Ansible 2.9
-    openstack.cloud.object_container:
-      cloud: "{{ cloud }}"
-  block:
-    - name: Create an empty container
-      openstack.cloud.object_container:
-        container: "{{ container_name }}"
-      register: container
+- name: Create an empty container with public access
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    name: ansible_container
+    read_ACL: ".r:*,.rlistings"
+  register: container

-    - name: Verify container was created
-      assert:
-        that:
-          - container is success
-          - container is changed
-          - container.container.name == container_name
+- name: Assert return values of container module
+  assert:
+    that:
+      - container is changed
+      - container.container.name == "ansible_container"
+      - container.container.read_ACL == ".r:*,.rlistings"
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(container.container.keys())|length == 0

-    - name: Set metadata for a container
-      openstack.cloud.object_container:
-        container: "{{ container_name }}"
-        metadata: "Cache-Control='no-cache'"
-      register: set_meta
+- name: Set container metadata aka container properties
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    name: ansible_container
+    metadata:
+      'Cache-Control': 'no-cache'
+      'foo': 'bar'
+  register: container

-    - name: Verify container metadata was set
-      assert:
-        that:
-          - set_meta is success
-          - set_meta is changed
+- name: Verify container metadata was set
+  assert:
+    that:
+      - container is changed
+      - ('cache-control' in container.container.metadata.keys()|map('lower'))
+      - container.container.metadata['foo'] == 'bar'

-    - name: Delete some keys from container metadata
-      openstack.cloud.object_container:
-        container: "{{ container_name }}"
-        keys:
-            - Cache-Control
-      register: delete_meta
+- name: Update a container
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    name: ansible_container
+    delete_metadata_keys:
+      - 'Cache-Control'
+    read_ACL: ""
+  register: container

-    - name: Verify some keys from container metadata was deleted
-      assert:
-        that:
-          - delete_meta is success
-          - delete_meta is changed
+- name: Verify updated container
+  assert:
+    that:
+      - container is changed
+      - ('cache-control' not in container.container.metadata.keys()|map('lower'))
+      - "container.container.metadata == {'foo': 'bar'}"
+      - container.container.read_ACL is none or container.container.read_ACL == ""

-    - name: Delete container
-      openstack.cloud.object_container:
-        container: "{{ container_name }}"
-        state: absent
-      register: deleted
+- name: Delete container
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    name: ansible_container
+    state: absent
+  register: container

-    - name: Verify container was deleted
-      assert:
-        that:
-          - deleted is success
-          - deleted is changed
+- name: Verify container was deleted
+  assert:
+    that:
+      - container is changed

-  always:
-    - name: Delete container
-      openstack.cloud.object_container:
-        container: "{{ container_name }}"
-        state: absent
-      ignore_errors: yes
+- name: Delete container again
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    name: ansible_container
+    state: absent
+  register: container
+
+- name: Verify container was not deleted again
+  assert:
+    that:
+      - container is not changed
+
+- name: Create another container for recursive deletion
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    name: ansible_container2
+
+- name: Load an object into container
+  openstack.cloud.object:
+    cloud: "{{ cloud }}"
+    state: present
+    name: ansible_object
+    data: "this is another test"
+    container: ansible_container2
+
+- name: Delete container recursively
+  openstack.cloud.object_container:
+    cloud: "{{ cloud }}"
+    state: absent
+    name: ansible_container2
+    delete_with_all_objects: yes
--- a/ci/run-collection.yml
+++ b/ci/run-collection.yml
@@ -11,9 +11,6 @@
    - { role: compute_flavor_access, tags: compute_flavor_access }
    - { role: config, tags: config }
    - { role: dns_zone_info, tags: dns_zone_info }
-    - role: object_container
-      tags: object_container
-      when: sdk_version is version(0.18, '>=')
    - role: dns
      tags: dns
      when: sdk_version is version(0.28, '>=')
@@ -45,6 +42,7 @@
      tags: nova_services
      when: sdk_version is version(0.44, '>=')
    - { role: object, tags: object }
+    - { role: object_container, tags: object_container }
    - { role: port, tags: port }
    - { role: project, tags: project }
    - { role: project_info, tags: project_info }