internet/ansible-collections-openstack
3
0
Fork 0
mirror of https://opendev.org/openstack/ansible-collections-openstack.git synced 2026-05-08 06:13:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactored identity_user{,_info} modules

Browse Source 
Change-Id: Iae52d1a86f8f78790290be3966681f2277b9701d
This commit is contained in:
Jakob Meng
2023-01-13 12:21:04 +01:00
parent 4a27306440
commit c9afdbfd73
7 changed files with 444 additions and 553 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ci/roles/identity_user/defaults/main.yml
View File

@@ -1,4 +1,4 @@
os_identity_user_fields:
expected_fields:
- default_project_id
- description
- domain_id

371
ci/roles/identity_user/tasks/main.yml
View File

@@ -1,197 +1,218 @@
---
- name: setup
block:
- name: Delete user before running tests
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ item }}"
loop:
- ansible_user
- ansible_user2
register: user
- name: Create a user without a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
email: ansible.user@nowhere.net
domain: default
description: "ansible user"
default_project: demo
register: user
- block:
- name: Delete unexistent user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
register: user
- name: Assert return values of identity_user module
assert:
that:
- user.user.name == 'ansible_user'
- user.user.description == 'ansible user'
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(user.user.keys())|length == 0
- name: Ensure user was not changed
assert:
that: user is not changed
- name: Fail when update_password is always but no password specified
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
ignore_errors: yes
- block:
- name: Create a user without a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
- name: Assert that update failed
assert:
that:
- user is failed
- user.msg == "update_password is 'always' but password is missing"
- name: Ensure user was changed
assert:
that: user is changed
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- name: Ensure user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Fail when update_password is always but no password specified
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
ignore_errors: yes
- name: Create user with a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
- assert:
that: user.msg == "update_password is always but a password value is missing"
- name: Create user with a password again
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- name: Assert user was not changed
assert:
that:
- user is not changed
- block:
- name: Create user with a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Update user with password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret2
email: updated.ansible.user@nowhere.net
register: user
- name: Assert user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- block:
- name: Create identical user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Assert user was not changed
assert:
that: user is not changed
- name: Assert user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- block:
- name: Update user with password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret2
email: updated.ansible.user@nowhere.net
register: user
- name: Ensure user was changed
assert:
that: user is changed
- name: Ensure user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Ensure user was changed
assert:
that:
- user is changed
- name: Update user without password and update_password set to always
block:
- openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
email: updated.ansible.user@nowhere.net
register: user
ignore_errors: yes
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
email: updated.ansible.user@nowhere.net
register: user
ignore_errors: yes
- assert:
that: user.msg == "update_password is always but a password value is missing"
- name: Assert user update failed
assert:
that:
- user is failed
- user.msg == "update_password is 'always' but password is missing"
- block:
- name: Ensure user with update_password set to on_create
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: on_create
password: secret3
email: updated.ansible.user@nowhere.net
register: user
- name: Ensure user with update_password set to on_create
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: on_create
password: secret3
email: updated.ansible.user@nowhere.net
register: user
- name: Ensure user was not changed
assert:
that: user is not changed
- name: Ensure user was not changed
assert:
that:
- user is not changed
- block:
- name: Ensure user with update_password set to always
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
password: secret3
email: updated.ansible.user@nowhere.net
register: user
- name: Ensure user with update_password set to always
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
password: secret3
email: updated.ansible.user@nowhere.net
register: user
- name: Ensure user was changed
assert:
that: user is changed
- name: Ensure user was changed
assert:
that:
- user is changed
- block:
- name: Create user without a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user2
password: secret
email: ansible.user2@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Create user without a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user2
password: secret
email: ansible.user2@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Assert user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Fetch users
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
register: users
- block:
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- name: Assert return values of identity_user_info module
assert:
that:
- users.users | length > 0
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(users.users.0.keys())|length == 0
- name: Ensure user was changed
assert:
that: user is changed
- name: Fetch user by name
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: users
- name: Assert named user
assert:
that:
- users.users | length == 1
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user2
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- name: Ensure user was changed
assert:
that:
- user is changed
- name: Delete user again
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
register: user
- name: Ensure user was not changed
assert:
that:
- user is not changed
- name: Fetch ansible_user
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: users
- name: Assert ansible_user does not exist
assert:
that:
- users.users | length == 0
- name: Fetch ansible_user2
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user2
register: users
- name: Assert ansible_user2 does not exist
assert:
that:
- users.users | length == 0

11
ci/roles/identity_user_info/defaults/main.yml
View File

@@ -1,11 +0,0 @@
os_expected_user_info_fields:
- default_project_id
- description
- domain_id
- email
- id
- is_enabled
- links
- name
- password
- password_expires_at

69
ci/roles/identity_user_info/tasks/main.yml
View File

@@ -1,69 +0,0 @@
- name: Ensure user does not exist before tests
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- block:
- name: Get unexistent user
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: userinfo
- name: Ensure nothing was returned
assert:
that: not userinfo.users
- block:
- name: Create user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
- name: Create second user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user2
password: secret
email: ansible.user2@nowhere.net
domain: default
default_project: demo
register: user
- name: Get first user info
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: userinfo
- name: Assert only one result exists
assert:
that: "{{ userinfo.users | length }} == 1"
- name: Assert userinfo has fields
assert:
that: item in userinfo.users[0]
loop: "{{ os_expected_user_info_fields }}"
- block:
- name: Get all users
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
register: userinfo
- name: Assert results were returned
assert:
that: "{{ userinfo.users | length }} > 0"
- name: Post-test cleanup
block:
- name: Ensure users do not exist
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ item }}"
loop:
- ansible_user
- ansible_user2

1
ci/run-collection.yml
View File

@@ -21,7 +21,6 @@
- { role: identity_domain, tags: identity_domain }
- { role: identity_group, tags: identity_group }
- { role: identity_user, tags: identity_user }
- { role: identity_user_info, tags: identity_user_info }
- { role: identity_role, tags: identity_role }
- { role: image, tags: image }
- { role: keypair, tags: keypair }