--- # General run of tests # - Make change - Check mode # - Make change # - Retry change (noop) - Check mode # - Retry change (noop) # - module_defaults: group/openstack.cloud.openstack: cloud: "{{ cloud }}" # Backward compatibility with Ansible 2.9 openstack.cloud.identity_domain: cloud: "{{ cloud }}" openstack.cloud.federation_idp: cloud: "{{ cloud }}" openstack.cloud.federation_idp_info: cloud: "{{ cloud }}" block: # ======================================================================== # Initial setup - name: 'Create test domain' openstack.cloud.identity_domain: name: ansible_domain register: domain # We *should* have a blank slate to start with, but we also should not # explode if state is absent and the identity provider does not exist - name: "Ensure IDP doesn't exist to start" openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider' # ======================================================================== # Creation (simple case) - name: 'Create IDP - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present id: 'ansible_identity_provider' domain_id: '{{ domain.domain.id }}' register: idp - assert: that: - idp is changed - name: 'Fetch identity_provider info (provider should be absent)' openstack.cloud.federation_idp_info: name: 'ansible_identity_provider' register: idps - assert: that: - idps.identity_providers | length == 0 - name: 'Create IDP' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' domain_id: '{{ domain.domain.id }}' register: idp - assert: that: - idp is changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - not _idp.description - _idp.is_enabled == False - _idp.remote_ids == [] vars: _idp: '{{ idp.identity_provider }}' - name: Assert return values of federation_idp module assert: that: # allow new fields to be introduced but prevent fields from being removed - expected_fields|difference(idp.identity_provider.keys())|length == 0 - name: 'Fetch IDP info - with name' openstack.cloud.federation_idp_info: name: 'ansible_identity_provider' register: idps - assert: that: - _idps | length == 1 - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - not _idp.description - _idp.is_enabled == False - _idp.remote_ids == [] vars: _idps: '{{ idps.identity_providers }}' _idp: '{{ idps.identity_providers[0] }}' - name: Assert return values of federation_idp_info module assert: that: # allow new fields to be introduced but prevent fields from being removed - expected_fields|difference(idps.identity_providers.0.keys())|length == 0 - name: 'Fetch identity_provider info - without name' openstack.cloud.federation_idp_info: {} register: idps - assert: that: # In CI we generally have a clean slate, but this might # not be true for everyone... - _idps | length >= 1 vars: _idps: '{{ idps.identity_providers }}' - name: 'Create identity_provider (retry - no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' domain_id: '{{ domain.domain.id }}' register: idp - assert: that: - idp is not changed - name: 'Create identity_provider (retry - no change)' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' domain_id: '{{ domain.domain.id }}' register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - not _idp.description - _idp.is_enabled == False - _idp.remote_ids == [] vars: _idp: '{{ idp.identity_provider }}' # ======================================================================== # Update (simple cases) - name: 'Update IDP set description - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 1' register: idp - assert: that: - idp is changed - name: 'Update IDP set description' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 1' register: idp - assert: that: - idp is changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == [] vars: _idp: '{{ idp.identity_provider }}' - name: 'Update IDP set description (retry - no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 1' register: idp - assert: that: - idp is not changed - name: 'Update IDP set description (retry - no change)' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 1' register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == [] vars: _idp: '{{ idp.identity_provider }}' - name: 'Update IDP set Remote IDs - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' remote_ids: '{{ remote_ids_1 }}' register: idp - assert: that: - idp is changed - name: 'Update IDP set Remote IDs' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' remote_ids: '{{ remote_ids_1 }}' register: idp - assert: that: - idp is changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == remote_ids_1 vars: _idp: '{{ idp.identity_provider }}' - name: 'Update IDP set Remote IDs (retry - no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' remote_ids: '{{ remote_ids_1 }}' register: idp - assert: that: - idp is not changed - name: 'Update IDP set Remote IDs (retry - no change)' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' remote_ids: '{{ remote_ids_1 }}' register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == remote_ids_1 vars: _idp: '{{ idp.identity_provider }}' - name: 'Update IDP set Enabled - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' is_enabled: True register: idp - assert: that: - idp is changed - name: 'Update IDP set Disabled' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' is_enabled: True register: idp - assert: that: - idp is changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == True - _idp.remote_ids == remote_ids_1 vars: _idp: '{{ idp.identity_provider }}' - name: 'Update IDP set Enabled (retry - no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' is_enabled: True register: idp - assert: that: - idp is not changed - name: 'Update IDP set Enabled (retry - no change)' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' is_enabled: True register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == True - _idp.remote_ids == remote_ids_1 vars: _idp: '{{ idp.identity_provider }}' # If we don't specify anything to change, then nothing should change... - name: 'Minimal call to IDP (no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' register: idp - assert: that: - idp is not changed - name: 'Minimal call to IDP (no change)' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' is_enabled: True register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == True - _idp.remote_ids == remote_ids_1 vars: _idp: '{{ idp.identity_provider }}' # ======================================================================== # Update (mass-update) - name: 'Update all updatable IDP parameters - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 2' is_enabled: True remote_ids: '{{ remote_ids_2 }}' register: idp - assert: that: - idp is changed - name: 'Update all updatable IDP parameters' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 2' is_enabled: True remote_ids: '{{ remote_ids_2 }}' register: idp - assert: that: - idp is changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 2' - _idp.is_enabled == True - _idp.remote_ids == remote_ids_2 vars: _idp: '{{ idp.identity_provider }}' - name: 'Update all updatable IDP parameters (no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 2' is_enabled: True remote_ids: '{{ remote_ids_2 }}' register: idp - assert: that: - idp is not changed - name: 'Update all updatable IDP parameters (no change)' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider' description: 'ansible idp 2' is_enabled: True remote_ids: '{{ remote_ids_2 }}' register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider' - _idp.name == 'ansible_identity_provider' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 2' - _idp.is_enabled == True - _idp.remote_ids == remote_ids_2 vars: _idp: '{{ idp.identity_provider }}' # ======================================================================== # Create complex IDP - name: 'Create complex IDP - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider2' domain_id: '{{ domain.domain.id }}' description: 'ansible idp 1' is_enabled: False remote_ids: '{{ remote_ids_3 }}' register: idp - assert: that: - idp is changed - name: 'Create complex IDP' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider2' domain_id: '{{ domain.domain.id }}' description: 'ansible idp 1' is_enabled: False remote_ids: '{{ remote_ids_3 }}' register: idp - assert: that: - idp is changed - _idp.id == 'ansible_identity_provider2' - _idp.name == 'ansible_identity_provider2' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == remote_ids_3 vars: _idp: '{{ idp.identity_provider }}' - name: 'Create complex IDP (retry - no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider2' domain_id: '{{ domain.domain.id }}' description: 'ansible idp 1' is_enabled: False remote_ids: '{{ remote_ids_3 }}' register: idp - assert: that: - idp is not changed - name: 'Create complex IDP' openstack.cloud.federation_idp: state: present name: 'ansible_identity_provider2' domain_id: '{{ domain.domain.id }}' description: 'ansible idp 1' is_enabled: False remote_ids: '{{ remote_ids_3 }}' register: idp - assert: that: - idp is not changed - _idp.id == 'ansible_identity_provider2' - _idp.name == 'ansible_identity_provider2' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == remote_ids_3 vars: _idp: '{{ idp.identity_provider }}' # Attempt to ensure that if we search we only get the one we expect - name: 'Fetch Complex IDP info - with name' openstack.cloud.federation_idp_info: name: 'ansible_identity_provider2' register: idps - assert: that: - idps.identity_providers | length == 1 - _idp.id == 'ansible_identity_provider2' - _idp.name == 'ansible_identity_provider2' - _idp.domain_id == domain.domain.id - _idp.description == 'ansible idp 1' - _idp.is_enabled == False - _idp.remote_ids == remote_ids_3 vars: _idp: '{{ idps.identity_providers[0] }}' # Ensure that if we do search we get both of the results we expect - name: 'Fetch multiple IDP info - without name' openstack.cloud.federation_idp_info: {} register: idps - assert: that: # In CI we generally have a clean slate, but this might # not be true for everyone... - idps.identity_providers | length >= 2 # In theory these could be attached to different IDPs but let's keep # things simple - "'ansible_identity_provider' in (idps.identity_providers | map(attribute='id'))" - "'ansible_identity_provider' in (idps.identity_providers | map(attribute='name'))" - "'ansible_identity_provider2' in (idps.identity_providers | map(attribute='id'))" - "'ansible_identity_provider2' in (idps.identity_providers | map(attribute='name'))" - domain.domain.id in (idps.identity_providers | map(attribute='domain_id')) - "'ansible idp 1' in (idps.identity_providers | map(attribute='description'))" - "'ansible idp 2' in (idps.identity_providers | map(attribute='description'))" - True in (idps.identity_providers | map(attribute='is_enabled')) - False in (idps.identity_providers | map(attribute='is_enabled')) - name: 'Delete identity_provider - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider' register: idp - assert: that: - idp is changed - name: 'Delete identity_provider' openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider' register: idp - assert: that: - idp is changed - name: 'Delete identity_provider (retry - no change) - CHECK_MODE' check_mode: true openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider' register: idp - assert: that: - idp is not changed - name: 'Delete identity_provider (retry - no change) ' openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider' register: idp - assert: that: - idp is not changed - name: 'Fetch identity_provider info after deletion' openstack.cloud.federation_idp_info: name: 'ansible_identity_provider' register: idps - assert: that: - idps.identity_providers | length == 0 - name: 'Delete second identity_provider' openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider2' register: idp - assert: that: - idp is changed always: - name: 'Delete idp' openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider' - name: 'Delete second identity_provider' openstack.cloud.federation_idp: state: absent name: 'ansible_identity_provider2' - name: 'Delete domain' openstack.cloud.identity_domain: state: absent name: ansible_domain