internet/ansible-collections-openstack
3
0
Fork 0
mirror of https://opendev.org/openstack/ansible-collections-openstack.git synced 2026-05-14 05:22:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactored {group,role}_assignment modules

Browse Source 
Change-Id: I6ec79eb203d0f68661b54bc89a194c366b3574c6
This commit is contained in:
Jakob Meng
2023-01-16 20:46:42 +01:00
parent 754ae5e50d
commit d5ab2bf33f
8 changed files with 382 additions and 327 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
ci/roles/group_assignment/tasks/main.yml Normal file
View File

@@ -0,0 +1,68 @@
---
- name: Create user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
domain: default
default_project: demo
- name: Assign user to nonadmins group
openstack.cloud.group_assignment:
cloud: "{{ cloud }}"
state: present
user: ansible_user
group: nonadmins
register: group_assignment
- name: Assert group assignment
assert:
that:
- group_assignment is changed
- name: Assign user to nonadmins group again
openstack.cloud.group_assignment:
cloud: "{{ cloud }}"
state: present
user: ansible_user
group: nonadmins
register: group_assignment
- name: Assert group assignment
assert:
that:
- group_assignment is not changed
- name: Remove user from nonadmins group
openstack.cloud.group_assignment:
cloud: "{{ cloud }}"
state: absent
user: ansible_user
group: nonadmins
register: group_assignment
- name: Assert group assignment
assert:
that:
- group_assignment is changed
- name: Remove user from nonadmins group again
openstack.cloud.group_assignment:
cloud: "{{ cloud }}"
state: absent
user: ansible_user
group: nonadmins
register: group_assignment
- name: Assert group assignment
assert:
that:
- group_assignment is not changed
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user

133
ci/roles/role_assignment/tasks/main.yml
View File

@@ -15,6 +15,12 @@
project: ansible_project
role: admin
user: admin
register: role_assignment
- name: Assert role assignment
assert:
that:
- role_assignment is changed
- name: Grant an admin role on the user admin in the project ansible_project again
openstack.cloud.role_assignment:
@@ -23,12 +29,12 @@
project: ansible_project
role: admin
user: admin
register: grant_again
register: role_assignment
- name: Ensure grant again doesn't change anything
- name: Ensure grant again did not change anything
assert:
that:
- not grant_again.changed
- role_assignment is not changed
- name: Revoke the admin role on the user admin in the project ansible_project
openstack.cloud.role_assignment:
@@ -44,3 +50,124 @@
cloud: "{{ cloud }}"
state: absent
name: ansible_project
- name: Create domain
openstack.cloud.identity_domain:
cloud: "{{ cloud }}"
state: present
name: ansible_domain
register: domain
- name: Create group in default domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: present
name: ansible_group
domain_id: default
- name: Create group in specific domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: present
name: ansible_group
domain_id: "{{ domain.domain.id }}"
- name: Create user in default domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
domain: default
- name: Create user in specific domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
domain: "{{ domain.domain.id }}"
- name: Assign role to group in default domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: anotherrole
group: ansible_group
domain: default
register: role_assignment
- name: Assert role assignment
assert:
that:
- role_assignment is changed
- name: Assign role to group in specific domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: anotherrole
group: ansible_group
domain: "{{ domain.domain.id }}"
register: role_assignment
- name: Assert role assignment
assert:
that:
- role_assignment is changed
- name: Assign role to user in default domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: anotherrole
user: ansible_user
domain: default
register: role_assignment
- name: Assert role assignment
assert:
that:
- role_assignment is changed
- name: Assign role to user in specific domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: anotherrole
user: ansible_user
domain: "{{ domain.domain.id }}"
register: role_assignment
- name: Assert role assignment
assert:
that:
- role_assignment is changed
- name: Delete group in default domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: absent
name: ansible_group
domain_id: default
- name: Delete group in specific domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: absent
name: ansible_group
domain_id: "{{ domain.domain.id }}"
- name: Delete user in default domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
domain: default
- name: Delete user in specific domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
domain: "{{ domain.domain.id }}"
- name: Delete domain
openstack.cloud.identity_domain:
cloud: "{{ cloud }}"
state: absent
name: ansible_domain

31
ci/roles/user_group/tasks/main.yml
View File

@@ -1,31 +0,0 @@
---
- name: Create user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
- name: Assign user to nonadmins group
openstack.cloud.group_assignment:
cloud: "{{ cloud }}"
state: present
user: ansible_user
group: nonadmins
- name: Remove user from nonadmins group
openstack.cloud.group_assignment:
cloud: "{{ cloud }}"
state: absent
user: ansible_user
group: nonadmins
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user

4
ci/roles/user_role/defaults/main.yaml
View File

@@ -1,4 +0,0 @@
domain_name: ansible_domain
user_name: ansible_user
group_name: ansible_group
keystone_role_name: anotherrole

96
ci/roles/user_role/tasks/main.yaml
View File

@@ -1,96 +0,0 @@
- name: Create domain
openstack.cloud.identity_domain:
cloud: "{{ cloud }}"
state: present
name: "{{ domain_name }}"
register: domain
- name: Create group in default domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: present
name: "{{ group_name }}"
domain_id: default
- name: Create group in specific domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: present
name: "{{ group_name }}"
domain_id: "{{ domain.domain.id }}"
- name: Create user in default domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: "{{ user_name }}"
domain: default
- name: Create user in specific domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: "{{ user_name }}"
domain: "{{ domain.domain.id }}"
- name: Assign role to group in default domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: "{{ keystone_role_name }}"
group: "{{ group_name }}"
domain: default
- name: Assign role to group in specific domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: "{{ keystone_role_name }}"
group: "{{ group_name }}"
domain: "{{ domain.domain.id }}"
- name: Assign role to user in default domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: "{{ keystone_role_name }}"
user: "{{ user_name }}"
domain: default
- name: Assign role to user in specific domain
openstack.cloud.role_assignment:
cloud: "{{ cloud }}"
role: "{{ keystone_role_name }}"
user: "{{ user_name }}"
domain: "{{ domain.domain.id }}"
- name: Delete group in default domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: absent
name: "{{ group_name }}"
domain_id: default
- name: Delete group in specific domain
openstack.cloud.identity_group:
cloud: "{{ cloud }}"
state: absent
name: "{{ group_name }}"
domain_id: "{{ domain.domain.id }}"
- name: Delete user in default domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ user_name }}"
domain: default
- name: Delete user in specific domain
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ user_name }}"
domain: "{{ domain.domain.id }}"
- name: Delete domain
openstack.cloud.identity_domain:
cloud: "{{ cloud }}"
state: absent
name: "{{ domain_name }}"