internet/ansible-collections-openstack
3
0
Fork 0
mirror of https://opendev.org/openstack/ansible-collections-openstack.git synced 2026-05-06 13:23:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ansible-collections-openstack/ci/roles/keystone_idp/tasks/main.yml
Jakob Meng f73a0e385e Use true and false instead of yes and no for boolean values 
Story: 2010586
Task: 47380
Change-Id: I1b88aa925d823d74b2d012153dfe26d35c93dfd5
2023-02-21 13:07:29 +01:00

636 lines
19 KiB
YAML
Raw Permalink Blame History

---
# General run of tests
# - Make change - Check mode
# - Make change
# - Retry change (noop) - Check mode
# - Retry change (noop)
#
- module_defaults:
group/openstack.cloud.openstack:
cloud: "{{ cloud }}"
# Backward compatibility with Ansible 2.9
openstack.cloud.identity_domain:
cloud: "{{ cloud }}"
openstack.cloud.federation_idp:
cloud: "{{ cloud }}"
openstack.cloud.federation_idp_info:
cloud: "{{ cloud }}"
block:
# ========================================================================
# Initial setup
- name: 'Create test domain'
openstack.cloud.identity_domain:
name: ansible_domain
register: domain
# We *should* have a blank slate to start with, but we also should not
# explode if state is absent and the identity provider does not exist
- name: "Ensure IDP doesn't exist to start"
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider'
# ========================================================================
# Creation (simple case)
- name: 'Create IDP - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
id: 'ansible_identity_provider'
domain_id: '{{ domain.domain.id }}'
register: idp
- assert:
that:
- idp is changed
- name: 'Fetch identity_provider info (provider should be absent)'
openstack.cloud.federation_idp_info:
name: 'ansible_identity_provider'
register: idps
- assert:
that:
- idps.identity_providers | length == 0
- name: 'Create IDP'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
domain_id: '{{ domain.domain.id }}'
register: idp
- assert:
that:
- idp is changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- not _idp.description
- _idp.is_enabled == False
- _idp.remote_ids == []
vars:
_idp: '{{ idp.identity_provider }}'
- name: Assert return values of federation_idp module
assert:
that:
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(idp.identity_provider.keys())|length == 0
- name: 'Fetch IDP info - with name'
openstack.cloud.federation_idp_info:
name: 'ansible_identity_provider'
register: idps
- assert:
that:
- _idps | length == 1
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- not _idp.description
- _idp.is_enabled == False
- _idp.remote_ids == []
vars:
_idps: '{{ idps.identity_providers }}'
_idp: '{{ idps.identity_providers[0] }}'
- name: Assert return values of federation_idp_info module
assert:
that:
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(idps.identity_providers.0.keys())|length == 0
- name: 'Fetch identity_provider info - without name'
openstack.cloud.federation_idp_info: {}
register: idps
- assert:
that:
# In CI we generally have a clean slate, but this might
# not be true for everyone...
- _idps | length >= 1
vars:
_idps: '{{ idps.identity_providers }}'
- name: 'Create identity_provider (retry - no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
domain_id: '{{ domain.domain.id }}'
register: idp
- assert:
that:
- idp is not changed
- name: 'Create identity_provider (retry - no change)'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
domain_id: '{{ domain.domain.id }}'
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- not _idp.description
- _idp.is_enabled == False
- _idp.remote_ids == []
vars:
_idp: '{{ idp.identity_provider }}'
# ========================================================================
# Update (simple cases)
- name: 'Update IDP set description - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 1'
register: idp
- assert:
that:
- idp is changed
- name: 'Update IDP set description'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 1'
register: idp
- assert:
that:
- idp is changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == []
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Update IDP set description (retry - no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 1'
register: idp
- assert:
that:
- idp is not changed
- name: 'Update IDP set description (retry - no change)'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 1'
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == []
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Update IDP set Remote IDs - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
remote_ids: '{{ remote_ids_1 }}'
register: idp
- assert:
that:
- idp is changed
- name: 'Update IDP set Remote IDs'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
remote_ids: '{{ remote_ids_1 }}'
register: idp
- assert:
that:
- idp is changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == remote_ids_1
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Update IDP set Remote IDs (retry - no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
remote_ids: '{{ remote_ids_1 }}'
register: idp
- assert:
that:
- idp is not changed
- name: 'Update IDP set Remote IDs (retry - no change)'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
remote_ids: '{{ remote_ids_1 }}'
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == remote_ids_1
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Update IDP set Enabled - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
is_enabled: True
register: idp
- assert:
that:
- idp is changed
- name: 'Update IDP set Disabled'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
is_enabled: True
register: idp
- assert:
that:
- idp is changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == True
- _idp.remote_ids == remote_ids_1
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Update IDP set Enabled (retry - no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
is_enabled: True
register: idp
- assert:
that:
- idp is not changed
- name: 'Update IDP set Enabled (retry - no change)'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
is_enabled: True
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == True
- _idp.remote_ids == remote_ids_1
vars:
_idp: '{{ idp.identity_provider }}'
# If we don't specify anything to change, then nothing should change...
- name: 'Minimal call to IDP (no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
register: idp
- assert:
that:
- idp is not changed
- name: 'Minimal call to IDP (no change)'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
is_enabled: True
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == True
- _idp.remote_ids == remote_ids_1
vars:
_idp: '{{ idp.identity_provider }}'
# ========================================================================
# Update (mass-update)
- name: 'Update all updatable IDP parameters - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 2'
is_enabled: True
remote_ids: '{{ remote_ids_2 }}'
register: idp
- assert:
that:
- idp is changed
- name: 'Update all updatable IDP parameters'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 2'
is_enabled: True
remote_ids: '{{ remote_ids_2 }}'
register: idp
- assert:
that:
- idp is changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 2'
- _idp.is_enabled == True
- _idp.remote_ids == remote_ids_2
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Update all updatable IDP parameters (no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 2'
is_enabled: True
remote_ids: '{{ remote_ids_2 }}'
register: idp
- assert:
that:
- idp is not changed
- name: 'Update all updatable IDP parameters (no change)'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider'
description: 'ansible idp 2'
is_enabled: True
remote_ids: '{{ remote_ids_2 }}'
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider'
- _idp.name == 'ansible_identity_provider'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 2'
- _idp.is_enabled == True
- _idp.remote_ids == remote_ids_2
vars:
_idp: '{{ idp.identity_provider }}'
# ========================================================================
# Create complex IDP
- name: 'Create complex IDP - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider2'
domain_id: '{{ domain.domain.id }}'
description: 'ansible idp 1'
is_enabled: False
remote_ids: '{{ remote_ids_3 }}'
register: idp
- assert:
that:
- idp is changed
- name: 'Create complex IDP'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider2'
domain_id: '{{ domain.domain.id }}'
description: 'ansible idp 1'
is_enabled: False
remote_ids: '{{ remote_ids_3 }}'
register: idp
- assert:
that:
- idp is changed
- _idp.id == 'ansible_identity_provider2'
- _idp.name == 'ansible_identity_provider2'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == remote_ids_3
vars:
_idp: '{{ idp.identity_provider }}'
- name: 'Create complex IDP (retry - no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider2'
domain_id: '{{ domain.domain.id }}'
description: 'ansible idp 1'
is_enabled: False
remote_ids: '{{ remote_ids_3 }}'
register: idp
- assert:
that:
- idp is not changed
- name: 'Create complex IDP'
openstack.cloud.federation_idp:
state: present
name: 'ansible_identity_provider2'
domain_id: '{{ domain.domain.id }}'
description: 'ansible idp 1'
is_enabled: False
remote_ids: '{{ remote_ids_3 }}'
register: idp
- assert:
that:
- idp is not changed
- _idp.id == 'ansible_identity_provider2'
- _idp.name == 'ansible_identity_provider2'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == remote_ids_3
vars:
_idp: '{{ idp.identity_provider }}'
# Attempt to ensure that if we search we only get the one we expect
- name: 'Fetch Complex IDP info - with name'
openstack.cloud.federation_idp_info:
name: 'ansible_identity_provider2'
register: idps
- assert:
that:
- idps.identity_providers | length == 1
- _idp.id == 'ansible_identity_provider2'
- _idp.name == 'ansible_identity_provider2'
- _idp.domain_id == domain.domain.id
- _idp.description == 'ansible idp 1'
- _idp.is_enabled == False
- _idp.remote_ids == remote_ids_3
vars:
_idp: '{{ idps.identity_providers[0] }}'
# Ensure that if we do search we get both of the results we expect
- name: 'Fetch multiple IDP info - without name'
openstack.cloud.federation_idp_info: {}
register: idps
- assert:
that:
# In CI we generally have a clean slate, but this might
# not be true for everyone...
- idps.identity_providers | length >= 2
# In theory these could be attached to different IDPs but let's keep
# things simple
- "'ansible_identity_provider' in (idps.identity_providers | map(attribute='id'))"
- "'ansible_identity_provider' in (idps.identity_providers | map(attribute='name'))"
- "'ansible_identity_provider2' in (idps.identity_providers | map(attribute='id'))"
- "'ansible_identity_provider2' in (idps.identity_providers | map(attribute='name'))"
- domain.domain.id in (idps.identity_providers | map(attribute='domain_id'))
- "'ansible idp 1' in (idps.identity_providers | map(attribute='description'))"
- "'ansible idp 2' in (idps.identity_providers | map(attribute='description'))"
- True in (idps.identity_providers | map(attribute='is_enabled'))
- False in (idps.identity_providers | map(attribute='is_enabled'))
- name: 'Delete identity_provider - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider'
register: idp
- assert:
that:
- idp is changed
- name: 'Delete identity_provider'
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider'
register: idp
- assert:
that:
- idp is changed
- name: 'Delete identity_provider (retry - no change) - CHECK_MODE'
check_mode: true
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider'
register: idp
- assert:
that:
- idp is not changed
- name: 'Delete identity_provider (retry - no change) '
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider'
register: idp
- assert:
that:
- idp is not changed
- name: 'Fetch identity_provider info after deletion'
openstack.cloud.federation_idp_info:
name: 'ansible_identity_provider'
register: idps
- assert:
that:
- idps.identity_providers | length == 0
- name: 'Delete second identity_provider'
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider2'
register: idp
- assert:
that:
- idp is changed
always:
- name: 'Delete idp'
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider'
- name: 'Delete second identity_provider'
openstack.cloud.federation_idp:
state: absent
name: 'ansible_identity_provider2'
- name: 'Delete domain'
openstack.cloud.identity_domain:
state: absent
name: ansible_domain
Reference in New Issue View Git Blame Copy Permalink