internet/ansible-collections-openstack
3
0
Fork 0
mirror of https://opendev.org/openstack/ansible-collections-openstack.git synced 2026-05-08 06:13:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
ansible-collections-openstack/ci/roles/neutron_rbac_policy/tasks/main.yml
Amir Nikpour c09029ada0 Add target_all_project option 
Adds target_all_project option to neutron_rbac_policy
module, for specifing all projects as target projects
explicitly.

Change-Id: I1393463a79fc83bcda7aa5642f5d3ed27fb195b5
2024-11-05 10:32:08 +03:30

124 lines
3.7 KiB
YAML
Raw Permalink Blame History

---
- name: Create source project
openstack.cloud.project:
cloud: "{{ cloud }}"
state: present
name: ansible_source_project
description: Source project for network RBAC test
domain: default
is_enabled: True
register: source_project
- name: Create network
openstack.cloud.network:
cloud: "{{ cloud }}"
name: "ansible_network"
state: present
project: "{{ source_project.project.id }}"
shared: false
external: true
register: network
- name: Create target project
openstack.cloud.project:
cloud: "{{ cloud }}"
state: present
name: ansible_target_project
description: Target project for network RBAC test
domain_id: default
enabled: True
register: target_project
- name: Create a new network RBAC policy
openstack.cloud.neutron_rbac_policy:
cloud: "{{ cloud }}"
object_id: "{{ network.network.id }}"
object_type: 'network'
action: 'access_as_shared'
target_project_id: "{{ target_project.project.id }}"
project_id: "{{ source_project.project.id }}"
register: rbac_policy
- name: Assert return values of neutron_rbac_policy module
assert:
that:
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(rbac_policy.rbac_policy.keys())|length == 0
- name: Get all rbac policies for {{ source_project.project.name }} - after creation
openstack.cloud.neutron_rbac_policies_info:
cloud: "{{ cloud }}"
project: "{{ source_project.project.id }}"
register: rbac_policies
- name: Assert return values of neutron_rbac_policy_info module
assert:
that:
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(rbac_policies.rbac_policies[0].keys())|length == 0
- name: Verify policy exists - after creation
assert:
that:
- rbac_policy.rbac_policy.id in
( rbac_policies.rbac_policies | map(attribute='id') | list )
- name: Delete RBAC policy
openstack.cloud.neutron_rbac_policy:
cloud: "{{ cloud }}"
id: "{{ rbac_policy.rbac_policy.id }}"
state: absent
- name: Create a new network RBAC policy by targeting all projects
openstack.cloud.neutron_rbac_policy:
cloud: "{{ cloud }}"
object_id: "{{ network.network.id }}"
object_type: 'network'
action: 'access_as_shared'
target_all_project: true
project_id: "{{ source_project.project.id }}"
register: rbac_policy
- name: Assert return values of neutron_rbac_policy module
assert:
that:
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(rbac_policy.rbac_policy.keys())|length == 0
- rbac_policy.rbac_policy.target_project_id == all_project_symbol
- name: Delete RBAC policy
openstack.cloud.neutron_rbac_policy:
cloud: "{{ cloud }}"
id: "{{ rbac_policy.rbac_policy.id }}"
state: absent
- name: Get all rbac policies for {{ source_project.project.name }} - after deletion
openstack.cloud.neutron_rbac_policies_info:
cloud: "{{ cloud }}"
project: "{{ source_project.project.id }}"
register: rbac_policies_remaining
- name: Verify policy does not exist - after deletion
assert:
that:
- rbac_policy.rbac_policy.id not in
( rbac_policies_remaining.rbac_policies | map(attribute='id') | list )
- name: Delete target project
openstack.cloud.project:
cloud: "{{ cloud }}"
state: absent
name: ansible_target_project
- name: Delete network
openstack.cloud.network:
cloud: "{{ cloud }}"
name: "ansible_network"
state: absent
- name: Delete source project
openstack.cloud.project:
cloud: "{{ cloud }}"
state: absent
name: ansible_source_project
Reference in New Issue View Git Blame Copy Permalink