--- # General run of tests # - Make change - Check mode # - Make change # - Retry change (noop) - Check mode # - Retry change (noop) # - module_defaults: # meta/action_groups.yml glue seems to be missing # group/os: # cloud: "{{ cloud }}" openstack.cloud.identity_domain: cloud: "{{ cloud }}" openstack.cloud.federation_idp: cloud: "{{ cloud }}" openstack.cloud.federation_mapping: cloud: "{{ cloud }}" openstack.cloud.keystone_federation_protocol: cloud: "{{ cloud }}" idp_id: "{{ idp_name }}" openstack.cloud.keystone_federation_protocol_info: cloud: "{{ cloud }}" idp_id: "{{ idp_name }}" block: # ======================================================================== # Initial setup - name: 'Create test Domain' openstack.cloud.identity_domain: name: '{{ domain_name }}' register: create_domain - assert: that: - create_domain is successful - '"id" in create_domain' - name: 'Store domain ID as fact' set_fact: domain_id: '{{ create_domain.id }}' - name: 'Create test Identity Provider' openstack.cloud.federation_idp: state: 'present' name: '{{ idp_name }}' domain_id: '{{ domain_id }}' register: create_idp - assert: that: - create_idp is successful - name: 'Create test mapping (1)' openstack.cloud.federation_mapping: state: 'present' name: '{{ mapping_name_1 }}' rules: '{{ mapping_rules_1 }}' register: create_mapping - assert: that: - create_mapping is successful - name: 'Create test mapping (2)' openstack.cloud.federation_mapping: state: 'present' name: '{{ mapping_name_2 }}' rules: '{{ mapping_rules_2 }}' register: create_mapping - assert: that: - create_mapping is successful # We *should* have a blank slate to start with, but we also shouldn't # explode if I(state=absent) and the IDP doesn't exist - name: "Ensure Protocol doesn't exist to start" openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name }}' register: delete_protocol - assert: that: - delete_protocol is successful # ======================================================================== # Creation - name: 'Create protocol - CHECK MODE' check_mode: yes openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_1 }}' register: create_protocol - assert: that: - create_protocol is successful - create_protocol is changed - name: 'Fetch Protocol info (should be absent)' openstack.cloud.keystone_federation_protocol_info: name: '{{ protocol_name }}' register: protocol_info ignore_errors: yes - assert: that: - protocol_info is failed - name: 'Create protocol' openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_1 }}' register: create_protocol - assert: that: - create_protocol is successful - create_protocol is changed - '"protocol" in create_protocol' - '"id" in protocol' - '"name" in protocol' - '"idp_id" in protocol' - '"mapping_id" in protocol' - protocol.id == protocol_name - protocol.name == protocol_name - protocol.idp_id == idp_name - protocol.mapping_id == mapping_name_1 vars: protocol: '{{ create_protocol.protocol }}' - name: 'Create protocol (retry - no change) - CHECK MODE' check_mode: yes openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_1 }}' register: create_protocol - assert: that: - create_protocol is successful - create_protocol is not changed - name: 'Create protocol (retry - no change)' openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_1 }}' register: create_protocol - assert: that: - create_protocol is successful - create_protocol is not changed - '"protocol" in create_protocol' - '"id" in protocol' - '"name" in protocol' - '"idp_id" in protocol' - '"mapping_id" in protocol' - protocol.id == protocol_name - protocol.name == protocol_name - protocol.idp_id == idp_name - protocol.mapping_id == mapping_name_1 vars: protocol: '{{ create_protocol.protocol }}' # ======================================================================== # Update - name: 'Update protocol - CHECK MODE' check_mode: yes openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_2 }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is changed - name: 'Update protocol' openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_2 }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is changed - '"protocol" in update_protocol' - '"id" in protocol' - '"name" in protocol' - '"idp_id" in protocol' - '"mapping_id" in protocol' - protocol.id == protocol_name - protocol.name == protocol_name - protocol.idp_id == idp_name - protocol.mapping_id == mapping_name_2 vars: protocol: '{{ update_protocol.protocol }}' - name: 'Update protocol (retry - no change) - CHECK MODE' check_mode: yes openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_2 }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is not changed - name: 'Update protocol (retry - no change)' openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name }}' mapping_id: '{{ mapping_name_2 }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is not changed - '"protocol" in update_protocol' - '"id" in protocol' - '"name" in protocol' - '"idp_id" in protocol' - '"mapping_id" in protocol' - protocol.id == protocol_name - protocol.name == protocol_name - protocol.idp_id == idp_name - protocol.mapping_id == mapping_name_2 vars: protocol: '{{ update_protocol.protocol }}' # ======================================================================== # Create second protocol to test openstack.cloud.keystone_federation_protocol_info - name: 'Create protocol (2)' openstack.cloud.keystone_federation_protocol: state: 'present' name: '{{ protocol_name_2 }}' mapping_id: '{{ mapping_name_1 }}' register: create_protocol_2 - assert: that: - create_protocol_2 is successful - create_protocol_2 is changed - '"protocol" in create_protocol_2' - '"id" in protocol' - '"name" in protocol' - '"idp_id" in protocol' - '"mapping_id" in protocol' - protocol.id == protocol_name_2 - protocol.name == protocol_name_2 - protocol.idp_id == idp_name - protocol.mapping_id == mapping_name_1 vars: protocol: '{{ create_protocol_2.protocol }}' # ======================================================================== # Basic tests of openstack.cloud.keystone_federation_protocol_info - name: 'Fetch Protocol info (a specific protocol)' openstack.cloud.keystone_federation_protocol_info: name: '{{ protocol_name }}' register: protocol_info - assert: that: - protocol_info is successful - '"protocols" in protocol_info' - protocol_info.protocols | length == 1 - '"id" in protocol' - '"name" in protocol' - '"idp_id" in protocol' - '"mapping_id" in protocol' - protocol.id == protocol_name - protocol.name == protocol_name - protocol.idp_id == idp_name - protocol.mapping_id == mapping_name_2 vars: protocol: '{{ protocol_info.protocols[0] }}' - name: 'Fetch Protocol info (all protocols on our test IDP)' openstack.cloud.keystone_federation_protocol_info: {} # idp_id defined in defaults at the start register: protocol_info - assert: that: - protocol_info is successful - '"protocols" in protocol_info' # We created the IDP, and we're going to delete it: # we should be able to trust what's attached to it - protocol_info.protocols | length == 2 - '"id" in protocol_1' - '"name" in protocol_1' - '"idp_id" in protocol_1' - '"mapping_id" in protocol_1' - '"id" in protocol_2' - '"name" in protocol_2' - '"idp_id" in protocol_2' - '"mapping_id" in protocol_2' - protocol_name in (protocol_info.protocols | map(attribute='id')) - protocol_name in (protocol_info.protocols | map(attribute='id')) - protocol_name_2 in (protocol_info.protocols | map(attribute='name')) - protocol_name_2 in (protocol_info.protocols | map(attribute='name')) - mapping_name_1 in (protocol_info.protocols | map(attribute='mapping_id')) - mapping_name_2 in (protocol_info.protocols | map(attribute='mapping_id')) - protocol_1.idp_id == idp_name - protocol_2.idp_id == idp_name vars: protocol_1: '{{ protocol_info.protocols[0] }}' protocol_2: '{{ protocol_info.protocols[1] }}' # ======================================================================== # Deletion - name: 'Delete protocol - CHECK MODE' check_mode: yes openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is changed - name: 'Delete protocol' openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is changed - name: 'Delete protocol (retry - no change) - CHECK MODE' check_mode: yes openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is not changed - name: 'Delete protocol (retry - no change)' openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name }}' register: update_protocol - assert: that: - update_protocol is successful - update_protocol is not changed # ======================================================================== # Clean up after ourselves always: - name: 'Delete protocol' openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name }}' idp_id: '{{ idp_name }}' ignore_errors: yes - name: 'Delete protocol (2)' openstack.cloud.keystone_federation_protocol: state: 'absent' name: '{{ protocol_name_2 }}' idp_id: '{{ idp_name }}' ignore_errors: yes - name: 'Delete mapping 1' openstack.cloud.federation_mapping: state: 'absent' name: '{{ mapping_name_1 }}' ignore_errors: yes - name: 'Delete mapping 2' openstack.cloud.federation_mapping: state: 'absent' name: '{{ mapping_name_2 }}' ignore_errors: yes - name: 'Delete idp' openstack.cloud.federation_idp: state: 'absent' name: '{{ idp_name }}' ignore_errors: yes - name: 'Delete domain' openstack.cloud.identity_domain: state: 'absent' name: '{{ domain_name }}' ignore_errors: yes