internet/ansible-collections-openstack
3
0
Fork 0
mirror of https://opendev.org/openstack/ansible-collections-openstack.git synced 2026-05-06 05:13:01 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ansible-collections-openstack/ci/roles/keystone_federation_protocol/tasks/main.yml
Jakob Meng f73a0e385e Use true and false instead of yes and no for boolean values 
Story: 2010586
Task: 47380
Change-Id: I1b88aa925d823d74b2d012153dfe26d35c93dfd5
2023-02-21 13:07:29 +01:00

342 lines
10 KiB
YAML
Raw Permalink Blame History

---
# General run of tests
# - Make change - Check mode
# - Make change
# - Retry change (noop) - Check mode
# - Retry change (noop)
#
- module_defaults:
group/openstack.cloud.openstack:
cloud: "{{ cloud }}"
openstack.cloud.keystone_federation_protocol:
cloud: "{{ cloud }}" # Backward compatibility with Ansible 2.9
idp_id: ansible_idp
openstack.cloud.keystone_federation_protocol_info:
cloud: "{{ cloud }}" # Backward compatibility with Ansible 2.9
idp_id: ansible_idp
# Backward compatibility with Ansible 2.9
openstack.cloud.identity_domain:
cloud: "{{ cloud }}"
openstack.cloud.federation_idp:
cloud: "{{ cloud }}"
openstack.cloud.federation_mapping:
cloud: "{{ cloud }}"
block:
# ========================================================================
# Initial setup
- name: Create test Domain
openstack.cloud.identity_domain:
name: ansible_domain
register: domain
- name: Create test Identity Provider
openstack.cloud.federation_idp:
state: present
name: ansible_idp
domain_id: '{{ domain.domain.id }}'
- name: Create test mapping (1)
openstack.cloud.federation_mapping:
state: present
name: ansible_mapping1
rules:
- local:
- group:
domain:
name: example_domain
name: example-group
remote:
- type: HTTP_OIDC_GROUPS
any_one_of:
- group1
- group2
- name: Create test mapping (2)
openstack.cloud.federation_mapping:
state: present
name: ansible_mapping2
rules:
- local:
- group:
domain:
name: example_domain
name: example_group
remote:
- type: HTTP_OIDC_GROUPS
any_one_of:
- group1
# We *should* have a blank slate to start with, but we also shouldn't
# explode if I(state=absent) and the IDP doesn't exist
- name: Ensure Protocol does not exist to start
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol1
# ========================================================================
# Creation
- name: Create protocol - CHECK MODE
check_mode: true
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping1
register: protocol
- assert:
that:
- protocol is changed
- name: Fetch Protocol info (should be absent)
openstack.cloud.keystone_federation_protocol_info:
name: ansible_protocol1
register: protocols
- assert:
that:
- protocols.protocols | length == 0
- name: Create protocol
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping1
register: protocol
- assert:
that:
- protocol is changed
- protocol.protocol.id == 'ansible_protocol1'
- protocol.protocol.name == 'ansible_protocol1'
- protocol.protocol.mapping_id == 'ansible_mapping1'
- name: assert return values of keystone_federation_protocol module
assert:
that:
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(protocol.protocol.keys())|length == 0
- name: Create protocol (retry - no change) - CHECK MODE
check_mode: true
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping1
register: protocol
- assert:
that:
- protocol is not changed
- name: Create protocol (retry - no change)
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping1
register: protocol
- assert:
that:
- protocol is not changed
- protocol.protocol.id == 'ansible_protocol1'
- protocol.protocol.name == 'ansible_protocol1'
- protocol.protocol.mapping_id == 'ansible_mapping1'
# ========================================================================
# Update
- name: Update protocol - CHECK MODE
check_mode: true
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping2
register: protocol
- assert:
that:
- protocol is changed
- name: Update protocol
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping2
register: protocol
- assert:
that:
- protocol is changed
- protocol.protocol.id == 'ansible_protocol1'
- protocol.protocol.name == 'ansible_protocol1'
- protocol.protocol.mapping_id == 'ansible_mapping2'
- name: Update protocol (retry - no change) - CHECK MODE
check_mode: true
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping2
register: protocol
- assert:
that:
- protocol is not changed
- name: Update protocol (retry - no change)
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol1
mapping_id: ansible_mapping2
register: protocol
- assert:
that:
- protocol is not changed
- protocol.protocol.id == 'ansible_protocol1'
- protocol.protocol.name == 'ansible_protocol1'
- protocol.protocol.mapping_id == 'ansible_mapping2'
# ========================================================================
# Create second protocol to test openstack.cloud.keystone_federation_protocol_info
- name: Create protocol (2)
openstack.cloud.keystone_federation_protocol:
state: present
name: ansible_protocol2
mapping_id: ansible_mapping1
register: protocol
- assert:
that:
- protocol is changed
- protocol.protocol.id == 'ansible_protocol2'
- protocol.protocol.name == 'ansible_protocol2'
- protocol.protocol.mapping_id == 'ansible_mapping1'
# ========================================================================
# Basic tests of openstack.cloud.keystone_federation_protocol_info
- name: Fetch Protocol info (a specific protocol)
openstack.cloud.keystone_federation_protocol_info:
name: ansible_protocol1
register: protocols
- name: Check info about protocols
assert:
that:
- protocols.protocols|length > 0
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(protocols.protocols[0].keys())|length == 0
- assert:
that:
- protocols.protocols[0].id == 'ansible_protocol1'
- protocols.protocols[0].name == 'ansible_protocol1'
- protocols.protocols[0].mapping_id == 'ansible_mapping2'
- name: Fetch Protocol info (all protocols on our test IDP)
openstack.cloud.keystone_federation_protocol_info: {}
# idp_id defined in defaults at the start
register: protocols
- assert:
that:
# We created the IDP, and we're going to delete it:
# we should be able to trust what's attached to it
- protocols.protocols | length == 2
- "'ansible_protocol1' in (protocols.protocols | map(attribute='id'))"
- "'ansible_protocol1' in (protocols.protocols | map(attribute='id'))"
- "'ansible_protocol2' in (protocols.protocols | map(attribute='name'))"
- "'ansible_protocol2' in (protocols.protocols | map(attribute='name'))"
- "'ansible_mapping1' in (protocols.protocols | map(attribute='mapping_id'))"
- "'ansible_mapping2' in (protocols.protocols | map(attribute='mapping_id'))"
# ========================================================================
# Deletion
- name: Delete protocol - CHECK MODE
check_mode: true
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol1
register: protocol
- assert:
that:
- protocol is changed
- name: Delete protocol
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol1
register: protocol
- assert:
that:
- protocol is changed
- name: Delete protocol (retry - no change) - CHECK MODE
check_mode: true
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol1
register: protocol
- assert:
that:
- protocol is not changed
- name: Delete protocol (retry - no change)
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol1
register: protocol
- assert:
that:
- protocol is not changed
# ========================================================================
# Clean up after ourselves
always:
- name: Delete protocol
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol1
idp_id: ansible_idp
ignore_errors: true
- name: Delete protocol (2)
openstack.cloud.keystone_federation_protocol:
state: absent
name: ansible_protocol2
idp_id: ansible_idp
ignore_errors: true
- name: Delete mapping 1
openstack.cloud.federation_mapping:
state: absent
name: ansible_mapping1
ignore_errors: true
- name: Delete mapping 2
openstack.cloud.federation_mapping:
state: absent
name: ansible_mapping2
ignore_errors: true
- name: Delete idp
openstack.cloud.federation_idp:
state: absent
name: ansible_idp
ignore_errors: true
- name: Delete domain
openstack.cloud.identity_domain:
state: absent
name: ansible_domain
ignore_errors: true
Reference in New Issue View Git Blame Copy Permalink