Use proxy layer in identity_user module

This patch changes the module to use the sdk proxy layer and does some general refactoring to simplify the code. It will no longer fail if no password is supplied since it is perfectly fine to create a user with an password. Renamed the test role from user to identity_user to match the module name Change-Id: I97ee9b626f269abde3be7b2b9211d2bb5b7b3c26
2026-05-07 05:43:15 +00:00 · 2022-02-10 09:44:04 -07:00
parent a8589e9f4d
commit fd1b9fc0d2
6 changed files with 281 additions and 122 deletions
--- a/ci/roles/identity_user/defaults/main.yml
+++ b/ci/roles/identity_user/defaults/main.yml
@@ -0,0 +1,11 @@
+os_identity_user_fields:
+  - default_project_id
+  - description
+  - domain_id
+  - email
+  - id
+  - is_enabled
+  - links
+  - name
+  - password
+  - password_expires_at
--- a/ci/roles/identity_user/tasks/main.yml
+++ b/ci/roles/identity_user/tasks/main.yml
@@ -0,0 +1,197 @@
+---
+- name: setup
+  block:
+  - name: Delete user before running tests
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: "{{ item }}"
+    loop:
+      - ansible_user
+      - ansible_user2
+    register: user
+
+- block:
+  - name: Delete unexistent user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: ansible_user
+    register: user
+
+  - name: Ensure user was not changed
+    assert:
+      that: user is not changed
+
+- block:
+  - name: Create a user without a password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      email: ansible.user@nowhere.net
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
+
+  - name: Ensure user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+  - name: Fail when update_password is always but no password specified
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: always
+      email: ansible.user@nowhere.net
+      domain: default
+      default_project: demo
+    register: user
+    ignore_errors: yes
+
+  - assert:
+      that: user.msg == "update_password is always but a password value is missing"
+
+  - name: Delete user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: ansible_user
+
+- block:
+  - name: Create user with a password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      password: secret
+      email: ansible.user@nowhere.net
+      update_password: on_create
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Assert user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- block:
+  - name: Create identical user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      password: secret
+      email: ansible.user@nowhere.net
+      update_password: on_create
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Assert user was not changed
+    assert:
+      that: user is not changed
+
+  - name: Assert user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- block:
+  - name: Update user with password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      password: secret2
+      email: updated.ansible.user@nowhere.net
+    register: user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
+
+  - name: Ensure user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- name: Update user without password and update_password set to always
+  block:
+  - openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: always
+      email: updated.ansible.user@nowhere.net
+    register: user
+    ignore_errors: yes
+
+  - assert:
+      that: user.msg == "update_password is always but a password value is missing"
+
+- block:
+  - name: Ensure user with update_password set to on_create
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: on_create
+      password: secret3
+      email: updated.ansible.user@nowhere.net
+    register: user
+
+  - name: Ensure user was not changed
+    assert:
+      that: user is not changed
+
+- block:
+  - name: Ensure user with update_password set to always
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: always
+      password: secret3
+      email: updated.ansible.user@nowhere.net
+    register: user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
+
+- block:
+  - name: Create user without a password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user2
+      password: secret
+      email: ansible.user2@nowhere.net
+      update_password: on_create
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Assert user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- block:
+  - name: Delete user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: ansible_user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
--- a/ci/roles/user/tasks/main.yml
+++ b/ci/roles/user/tasks/main.yml
@@ -1,30 +0,0 @@
---
- name: Create user
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: present
-     name: ansible_user
-     password: secret
-     email: ansible.user@nowhere.net
-     domain: default
-     default_project: demo
-  register: user
-
- debug: var=user
-
- name: Update user
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: present
-     name: ansible_user
-     password: secret
-     email: updated.ansible.user@nowhere.net
-  register: updateduser
-
- debug: var=updateduser
-
- name: Delete user
-  openstack.cloud.identity_user:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: ansible_user
--- a/ci/run-collection.yml
+++ b/ci/run-collection.yml
@@ -16,6 +16,7 @@
      tags: dns
      when: sdk_version is version(0.28, '>=')
    - { role: floating_ip_info, tags: floating_ip_info }
+    - { role: identity_user, tags: identity_user }
    - { role: identity_user_info, tags: identity_user_info }
    - { role: identity_role, tags: identity_role }
    - { role: image, tags: image }
@@ -49,7 +50,6 @@
    - { role: server, tags: server }
    - { role: subnet, tags: subnet }
    - { role: subnet_pool, tags: subnet_pool }
-    - { role: user, tags: user }
    - { role: user_group, tags: user_group }
    - { role: user_role, tags: user_role }
    - { role: volume, tags: volume }