--- # General run of tests # - Make change - Check mode # - Make change # - Retry change (noop) - Check mode # - Retry change (noop) # - module_defaults: group/openstack.cloud.openstack: cloud: "{{ cloud }}" openstack.cloud.keystone_federation_protocol: cloud: "{{ cloud }}" # Backward compatibility with Ansible 2.9 idp_id: ansible_idp openstack.cloud.keystone_federation_protocol_info: cloud: "{{ cloud }}" # Backward compatibility with Ansible 2.9 idp_id: ansible_idp # Backward compatibility with Ansible 2.9 openstack.cloud.identity_domain: cloud: "{{ cloud }}" openstack.cloud.federation_idp: cloud: "{{ cloud }}" openstack.cloud.federation_mapping: cloud: "{{ cloud }}" block: # ======================================================================== # Initial setup - name: Create test Domain openstack.cloud.identity_domain: name: ansible_domain register: domain - name: Create test Identity Provider openstack.cloud.federation_idp: state: present name: ansible_idp domain_id: '{{ domain.domain.id }}' - name: Create test mapping (1) openstack.cloud.federation_mapping: state: present name: ansible_mapping1 rules: - local: - group: domain: name: example_domain name: example-group remote: - type: HTTP_OIDC_GROUPS any_one_of: - group1 - group2 - name: Create test mapping (2) openstack.cloud.federation_mapping: state: present name: ansible_mapping2 rules: - local: - group: domain: name: example_domain name: example_group remote: - type: HTTP_OIDC_GROUPS any_one_of: - group1 # We *should* have a blank slate to start with, but we also shouldn't # explode if I(state=absent) and the IDP doesn't exist - name: Ensure Protocol does not exist to start openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol1 # ======================================================================== # Creation - name: Create protocol - CHECK MODE check_mode: true openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping1 register: protocol - assert: that: - protocol is changed - name: Fetch Protocol info (should be absent) openstack.cloud.keystone_federation_protocol_info: name: ansible_protocol1 register: protocols - assert: that: - protocols.protocols | length == 0 - name: Create protocol openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping1 register: protocol - assert: that: - protocol is changed - protocol.protocol.id == 'ansible_protocol1' - protocol.protocol.name == 'ansible_protocol1' - protocol.protocol.mapping_id == 'ansible_mapping1' - name: assert return values of keystone_federation_protocol module assert: that: # allow new fields to be introduced but prevent fields from being removed - expected_fields|difference(protocol.protocol.keys())|length == 0 - name: Create protocol (retry - no change) - CHECK MODE check_mode: true openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping1 register: protocol - assert: that: - protocol is not changed - name: Create protocol (retry - no change) openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping1 register: protocol - assert: that: - protocol is not changed - protocol.protocol.id == 'ansible_protocol1' - protocol.protocol.name == 'ansible_protocol1' - protocol.protocol.mapping_id == 'ansible_mapping1' # ======================================================================== # Update - name: Update protocol - CHECK MODE check_mode: true openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping2 register: protocol - assert: that: - protocol is changed - name: Update protocol openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping2 register: protocol - assert: that: - protocol is changed - protocol.protocol.id == 'ansible_protocol1' - protocol.protocol.name == 'ansible_protocol1' - protocol.protocol.mapping_id == 'ansible_mapping2' - name: Update protocol (retry - no change) - CHECK MODE check_mode: true openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping2 register: protocol - assert: that: - protocol is not changed - name: Update protocol (retry - no change) openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol1 mapping_id: ansible_mapping2 register: protocol - assert: that: - protocol is not changed - protocol.protocol.id == 'ansible_protocol1' - protocol.protocol.name == 'ansible_protocol1' - protocol.protocol.mapping_id == 'ansible_mapping2' # ======================================================================== # Create second protocol to test openstack.cloud.keystone_federation_protocol_info - name: Create protocol (2) openstack.cloud.keystone_federation_protocol: state: present name: ansible_protocol2 mapping_id: ansible_mapping1 register: protocol - assert: that: - protocol is changed - protocol.protocol.id == 'ansible_protocol2' - protocol.protocol.name == 'ansible_protocol2' - protocol.protocol.mapping_id == 'ansible_mapping1' # ======================================================================== # Basic tests of openstack.cloud.keystone_federation_protocol_info - name: Fetch Protocol info (a specific protocol) openstack.cloud.keystone_federation_protocol_info: name: ansible_protocol1 register: protocols - name: Check info about protocols assert: that: - protocols.protocols|length > 0 # allow new fields to be introduced but prevent fields from being removed - expected_fields|difference(protocols.protocols[0].keys())|length == 0 - assert: that: - protocols.protocols[0].id == 'ansible_protocol1' - protocols.protocols[0].name == 'ansible_protocol1' - protocols.protocols[0].mapping_id == 'ansible_mapping2' - name: Fetch Protocol info (all protocols on our test IDP) openstack.cloud.keystone_federation_protocol_info: {} # idp_id defined in defaults at the start register: protocols - assert: that: # We created the IDP, and we're going to delete it: # we should be able to trust what's attached to it - protocols.protocols | length == 2 - "'ansible_protocol1' in (protocols.protocols | map(attribute='id'))" - "'ansible_protocol1' in (protocols.protocols | map(attribute='id'))" - "'ansible_protocol2' in (protocols.protocols | map(attribute='name'))" - "'ansible_protocol2' in (protocols.protocols | map(attribute='name'))" - "'ansible_mapping1' in (protocols.protocols | map(attribute='mapping_id'))" - "'ansible_mapping2' in (protocols.protocols | map(attribute='mapping_id'))" # ======================================================================== # Deletion - name: Delete protocol - CHECK MODE check_mode: true openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol1 register: protocol - assert: that: - protocol is changed - name: Delete protocol openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol1 register: protocol - assert: that: - protocol is changed - name: Delete protocol (retry - no change) - CHECK MODE check_mode: true openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol1 register: protocol - assert: that: - protocol is not changed - name: Delete protocol (retry - no change) openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol1 register: protocol - assert: that: - protocol is not changed # ======================================================================== # Clean up after ourselves always: - name: Delete protocol openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol1 idp_id: ansible_idp ignore_errors: true - name: Delete protocol (2) openstack.cloud.keystone_federation_protocol: state: absent name: ansible_protocol2 idp_id: ansible_idp ignore_errors: true - name: Delete mapping 1 openstack.cloud.federation_mapping: state: absent name: ansible_mapping1 ignore_errors: true - name: Delete mapping 2 openstack.cloud.federation_mapping: state: absent name: ansible_mapping2 ignore_errors: true - name: Delete idp openstack.cloud.federation_idp: state: absent name: ansible_idp ignore_errors: true - name: Delete domain openstack.cloud.identity_domain: state: absent name: ansible_domain ignore_errors: true