Refactored {group,role}_assignment modules

Change-Id: I6ec79eb203d0f68661b54bc89a194c366b3574c6
2026-05-08 06:13:13 +00:00 · 2023-01-16 20:46:42 +01:00
parent 754ae5e50d
commit d5ab2bf33f
8 changed files with 382 additions and 327 deletions
--- a/ci/roles/group_assignment/tasks/main.yml
+++ b/ci/roles/group_assignment/tasks/main.yml
@@ -0,0 +1,68 @@
+---
+- name: Create user
+  openstack.cloud.identity_user:
+    cloud: "{{ cloud }}"
+    state: present
+    name: ansible_user
+    password: secret
+    email: ansible.user@nowhere.net
+    domain: default
+    default_project: demo
+
+- name: Assign user to nonadmins group
+  openstack.cloud.group_assignment:
+    cloud: "{{ cloud }}"
+    state: present
+    user: ansible_user
+    group: nonadmins
+  register: group_assignment
+
+- name: Assert group assignment
+  assert:
+    that:
+      - group_assignment is changed
+
+- name: Assign user to nonadmins group again
+  openstack.cloud.group_assignment:
+    cloud: "{{ cloud }}"
+    state: present
+    user: ansible_user
+    group: nonadmins
+  register: group_assignment
+
+- name: Assert group assignment
+  assert:
+    that:
+      - group_assignment is not changed
+
+- name: Remove user from nonadmins group
+  openstack.cloud.group_assignment:
+    cloud: "{{ cloud }}"
+    state: absent
+    user: ansible_user
+    group: nonadmins
+  register: group_assignment
+
+- name: Assert group assignment
+  assert:
+    that:
+      - group_assignment is changed
+
+- name: Remove user from nonadmins group again
+  openstack.cloud.group_assignment:
+    cloud: "{{ cloud }}"
+    state: absent
+    user: ansible_user
+    group: nonadmins
+  register: group_assignment
+
+- name: Assert group assignment
+  assert:
+    that:
+      - group_assignment is not changed
+
+- name: Delete user
+  openstack.cloud.identity_user:
+    cloud: "{{ cloud }}"
+    state: absent
+    name: ansible_user
--- a/ci/roles/role_assignment/tasks/main.yml
+++ b/ci/roles/role_assignment/tasks/main.yml
@@ -15,6 +15,12 @@
    project: ansible_project
    role: admin
    user: admin
+  register: role_assignment
+
+- name: Assert role assignment
+  assert:
+    that:
+      - role_assignment is changed

 - name: Grant an admin role on the user admin in the project ansible_project again
  openstack.cloud.role_assignment:
@@ -23,12 +29,12 @@
    project: ansible_project
    role: admin
    user: admin
-  register: grant_again
+  register: role_assignment

- name: Ensure grant again doesn't change anything
+- name: Ensure grant again did not change anything
  assert:
    that:
-      - not grant_again.changed
+      - role_assignment is not changed

 - name: Revoke the admin role on the user admin in the project ansible_project
  openstack.cloud.role_assignment:
@@ -44,3 +50,124 @@
     cloud: "{{ cloud }}"
     state: absent
     name: ansible_project
+
+- name: Create domain
+  openstack.cloud.identity_domain:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_domain
+  register: domain
+
+- name: Create group in default domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_group
+     domain_id: default
+
+- name: Create group in specific domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_group
+     domain_id: "{{ domain.domain.id }}"
+
+- name: Create user in default domain
+  openstack.cloud.identity_user:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_user
+     domain: default
+
+- name: Create user in specific domain
+  openstack.cloud.identity_user:
+     cloud: "{{ cloud }}"
+     state: present
+     name: ansible_user
+     domain: "{{ domain.domain.id }}"
+
+- name: Assign role to group in default domain
+  openstack.cloud.role_assignment:
+    cloud: "{{ cloud }}"
+    role: anotherrole
+    group: ansible_group
+    domain: default
+  register: role_assignment
+
+- name: Assert role assignment
+  assert:
+    that:
+      - role_assignment is changed
+
+- name: Assign role to group in specific domain
+  openstack.cloud.role_assignment:
+    cloud: "{{ cloud }}"
+    role: anotherrole
+    group: ansible_group
+    domain: "{{ domain.domain.id }}"
+  register: role_assignment
+
+- name: Assert role assignment
+  assert:
+    that:
+      - role_assignment is changed
+
+- name: Assign role to user in default domain
+  openstack.cloud.role_assignment:
+    cloud: "{{ cloud }}"
+    role: anotherrole
+    user: ansible_user
+    domain: default
+  register: role_assignment
+
+- name: Assert role assignment
+  assert:
+    that:
+      - role_assignment is changed
+
+- name: Assign role to user in specific domain
+  openstack.cloud.role_assignment:
+    cloud: "{{ cloud }}"
+    role: anotherrole
+    user: ansible_user
+    domain: "{{ domain.domain.id }}"
+  register: role_assignment
+
+- name: Assert role assignment
+  assert:
+    that:
+      - role_assignment is changed
+
+- name: Delete group in default domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_group
+     domain_id: default
+
+- name: Delete group in specific domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_group
+     domain_id: "{{ domain.domain.id }}"
+
+- name: Delete user in default domain
+  openstack.cloud.identity_user:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_user
+     domain: default
+
+- name: Delete user in specific domain
+  openstack.cloud.identity_user:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_user
+     domain: "{{ domain.domain.id }}"
+
+- name: Delete domain
+  openstack.cloud.identity_domain:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: ansible_domain
--- a/ci/roles/user_group/tasks/main.yml
+++ b/ci/roles/user_group/tasks/main.yml
@@ -1,31 +0,0 @@
---
- name: Create user
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: present
-     name: ansible_user
-     password: secret
-     email: ansible.user@nowhere.net
-     domain: default
-     default_project: demo
-  register: user
-
- name: Assign user to nonadmins group
-  openstack.cloud.group_assignment:
-     cloud: "{{ cloud }}"
-     state: present
-     user: ansible_user
-     group: nonadmins
-
- name: Remove user from nonadmins group
-  openstack.cloud.group_assignment:
-     cloud: "{{ cloud }}"
-     state: absent
-     user: ansible_user
-     group: nonadmins
-
- name: Delete user
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: ansible_user
--- a/ci/roles/user_role/defaults/main.yaml
+++ b/ci/roles/user_role/defaults/main.yaml
@@ -1,4 +0,0 @@
-domain_name: ansible_domain
-user_name: ansible_user
-group_name: ansible_group
-keystone_role_name: anotherrole
--- a/ci/roles/user_role/tasks/main.yaml
+++ b/ci/roles/user_role/tasks/main.yaml
@@ -1,96 +0,0 @@
- name: Create domain
-  openstack.cloud.identity_domain:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ domain_name }}"
-  register: domain
-
- name: Create group in default domain
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ group_name }}"
-     domain_id: default
-
- name: Create group in specific domain
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ group_name }}"
-     domain_id: "{{ domain.domain.id }}"
-
- name: Create user in default domain
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ user_name }}"
-     domain: default
-
- name: Create user in specific domain
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ user_name }}"
-     domain: "{{ domain.domain.id }}"
-
- name: Assign role to group in default domain
-  openstack.cloud.role_assignment:
-    cloud: "{{ cloud }}"
-    role: "{{ keystone_role_name }}"
-    group: "{{ group_name }}"
-    domain: default
-
- name: Assign role to group in specific domain
-  openstack.cloud.role_assignment:
-    cloud: "{{ cloud }}"
-    role: "{{ keystone_role_name }}"
-    group: "{{ group_name }}"
-    domain: "{{ domain.domain.id }}"
-
- name: Assign role to user in default domain
-  openstack.cloud.role_assignment:
-    cloud: "{{ cloud }}"
-    role: "{{ keystone_role_name }}"
-    user: "{{ user_name }}"
-    domain: default
-
- name: Assign role to user in specific domain
-  openstack.cloud.role_assignment:
-    cloud: "{{ cloud }}"
-    role: "{{ keystone_role_name }}"
-    user: "{{ user_name }}"
-    domain: "{{ domain.domain.id }}"
-
- name: Delete group in default domain
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ group_name }}"
-     domain_id: default
-
- name: Delete group in specific domain
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ group_name }}"
-     domain_id: "{{ domain.domain.id }}"
-
- name: Delete user in default domain
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ user_name }}"
-     domain: default
-
- name: Delete user in specific domain
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ user_name }}"
-     domain: "{{ domain.domain.id }}"
-
- name: Delete domain
-  openstack.cloud.identity_domain:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ domain_name }}"
--- a/ci/run-collection.yml
+++ b/ci/run-collection.yml
@@ -17,6 +17,7 @@
    - { role: endpoint, tags: endpoint }
    - { role: federation_mapping, tags: federation_mapping }
    - { role: floating_ip, tags: floating_ip }
+    - { role: group_assignment, tags: group_assignment }
    - { role: host_aggregate, tags: host_aggregate }
    - { role: identity_domain, tags: identity_domain }
    - { role: identity_group, tags: identity_group }
@@ -50,8 +51,6 @@
    - { role: stack, tags: stack }
    - { role: subnet, tags: subnet }
    - { role: subnet_pool, tags: subnet_pool }
-    - { role: user_group, tags: user_group }
-    - { role: user_role, tags: user_role }
    - { role: volume, tags: volume }
    - { role: volume_backup, tags: volume_backup }
    - { role: volume_snapshot, tags: volume_snapshot }