Update identity_group for 2.0.0

Replace calls to the sdk cloud layer with proxy layer calls where
appropriate.

Ensure module return values are converted into dict.

General refactoring to bring module more in line with collection
conventions.

Expand tests to assert idempotency and presence of return values.

Rename test role to identity_group to match module name.

Change-Id: I06fe28f77431bb151d85c8d9cd924a1634d85d98

.zuul.yaml

@@ -71,11 +71,10 @@
         dns_zone_info
         endpoint
         floating_ip_info
-        group
         host_aggregate
         identity_domain_info
+        identity_group
         identity_group_info
-        identity_role
         identity_user
         identity_user_info
         identity_role

ci/roles/group/defaults/main.yml

@@ -1 +0,0 @@
-group_name: ansible_group

ci/roles/group/tasks/main.yml

@@ -1,19 +0,0 @@
----
-- name: Create group
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ group_name }}"
-
-- name: Update group
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ group_name }}"
-     description: "updated description"
-
-- name: Delete group
-  openstack.cloud.identity_group:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ group_name }}"

ci/roles/identity_group/defaults/main.yml

@@ -0,0 +1,7 @@
+group_name: ansible_group
+domain_name: ansible_domain
+expected_fields:
+  - description
+  - domain_id
+  - id
+  - name

ci/roles/identity_group/tasks/main.yml

@@ -0,0 +1,138 @@
+---
+- name: Create domain
+  openstack.cloud.identity_domain:
+     cloud: "{{ cloud }}"
+     state: present
+     name: "{{ domain_name }}"
+  register: domain
+
+- name: Create group
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: "{{ group_name }}"
+  register: group_result
+
+- name: Assert changed
+  assert:
+    that: group_result is changed
+
+- name: Assert returned fields
+  assert:
+    that: item in group_result.group
+  loop: "{{ expected_fields }}"
+
+- name: Create group again
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: "{{ group_name }}"
+  register: group_result
+
+- name: Assert not changed
+  assert:
+    that: group_result is not changed
+
+- name: Update group
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: "{{ group_name }}"
+     description: "updated description"
+  register: group_result
+
+- name: Assert changed
+  assert:
+    that:
+      - group_result is changed
+      - group_result.group.description == "updated description"
+
+- name: Create group in specific domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: "{{ group_name }}"
+     domain_id: "{{ domain.id }}"
+  register: group_result
+
+- name: Assert results
+  assert:
+    that:
+      - group_result is changed
+      - group_result.group.domain_id == domain.id
+
+- name: Create group in specific domain again
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: present
+     name: "{{ group_name }}"
+     domain_id: "{{ domain.id }}"
+  register: group_result
+
+- name: Assert not changed
+  assert:
+    that: group_result is not changed
+
+- name: Delete ambiguous domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: "{{ group_name }}"
+  ignore_errors: true
+  register: group_result
+
+- name: Assert failed
+  assert:
+    that: group_result is failed
+
+- name: Delete group in specific domain
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: "{{ group_name }}"
+     domain_id: "{{ domain.id }}"
+  register: group_result
+
+- name: Assert changed
+  assert:
+    that: group_result is changed
+
+- name: Delete group in specific domain again
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: "{{ group_name }}"
+     domain_id: "{{ domain.id }}"
+  register: group_result
+
+- name: Assert not changed
+  assert:
+    that: group_result is not changed
+
+- name: Delete group
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: "{{ group_name }}"
+  register: group_result
+
+- name: Assert changed
+  assert:
+    that: group_result is changed
+
+- name: Delete group again
+  openstack.cloud.identity_group:
+     cloud: "{{ cloud }}"
+     state: absent
+     name: "{{ group_name }}"
+  register: group_result
+
+- name: Assert not changed
+  assert:
+    that: group_result is not changed
+
+- name: Delete domain
+  openstack.cloud.identity_domain:
+    cloud: "{{ cloud }}"
+    state: absent
+    name: "{{ domain_name }}"

ci/run-collection.yml

@@ -12,7 +12,6 @@
     - role: object_container
       tags: object_container
       when: sdk_version is version(0.18, '>=')
-    - { role: group, tags: group }
     - role: dns
       tags: dns
       when: sdk_version is version(0.28, '>=')
@@ -20,6 +19,7 @@
     - { role: floating_ip_info, tags: floating_ip_info }
     - { role: host_aggregate, tags: host_aggregate }
     - { role: identity_domain_info, tags: identity_domain_info }
+    - { role: identity_group, tags: identity_group }
     - { role: identity_group_info, tags: identity_group_info }
     - { role: identity_user, tags: identity_user }
     - { role: identity_user_info, tags: identity_user_info }

plugins/modules/identity_group.py

@@ -13,11 +13,6 @@ description:
     - Manage OpenStack Identity Groups. Groups can be created, deleted or
       updated. Only the I(description) value can be updated.
 options:
-   name:
-     description:
-        - Group name
-     required: true
-     type: str
    description:
      description:
         - Group description
@@ -26,6 +21,11 @@ options:
      description:
         - Domain id to create the group in if the cloud supports domains.
      type: str
+   name:
+     description:
+        - Group name
+     required: true
+     type: str
    state:
      description:
        - Should the resource be present or absent.
@@ -68,16 +68,8 @@ RETURN = '''
 group:
     description: Dictionary describing the group.
     returned: On success when I(state) is 'present'.
-    type: complex
+    type: dict
     contains:
-        id:
-            description: Unique group ID
-            type: str
-            sample: "ee6156ff04c645f481a6738311aea0b0"
-        name:
-            description: Group name
-            type: str
-            sample: "demo"
         description:
             description: Group description
             type: str
@@ -86,6 +78,14 @@ group:
             description: Domain for the group
             type: str
             sample: "default"
+        id:
+            description: Unique group ID
+            type: str
+            sample: "ee6156ff04c645f481a6738311aea0b0"
+        name:
+            description: Group name
+            type: str
+            sample: "demo"
 '''
 
 from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
@@ -103,51 +103,57 @@ class IdentityGroupModule(OpenStackModule):
         supports_check_mode=True
     )
 
-    def _system_state_change(self, state, description, group):
+    def _system_state_change(self, state, group):
         if state == 'present' and not group:
             return True
-        if state == 'present' and description is not None and group.description != description:
+        if state == 'present' and self._build_update(group):
             return True
         if state == 'absent' and group:
             return True
         return False
 
+    def _build_update(self, group):
+        update = {}
+        desc = self.params['description']
+        if desc is not None and desc != group.description:
+            update['description'] = desc
+        return update
+
     def run(self):
-        name = self.params.get('name')
+        name = self.params['name']
-        description = self.params.get('description')
+        description = self.params['description']
-        state = self.params.get('state')
+        state = self.params['state']
+        domain_id = self.params['domain_id']
 
-        domain_id = self.params.pop('domain_id')
+        group_filters = {}
+        if domain_id is not None:
+            group_filters['domain_id'] = domain_id
 
-        if domain_id:
+        group = self.conn.identity.find_group(name, **group_filters)
-            group = self.conn.get_group(name, filters={'domain_id': domain_id})
-        else:
-            group = self.conn.get_group(name)
 
         if self.ansible.check_mode:
-            self.exit_json(changed=self._system_state_change(state, description, group))
+            self.exit_json(changed=self._system_state_change(state, group))
 
+        changed = False
         if state == 'present':
             if group is None:
-                group = self.conn.create_group(
+                kwargs = dict(description=description, domain_id=domain_id)
-                    name=name, description=description, domain=domain_id)
+                kwargs = {k: v for k, v in kwargs.items() if v is not None}
+                group = self.conn.identity.create_group(
+                    name=name, **kwargs)
                 changed = True
             else:
-                if description is not None and group.description != description:
+                update = self._build_update(group)
-                    group = self.conn.update_group(
+                if update:
-                        group.id, description=description)
+                    group = self.conn.identity.update_group(group, **update)
                     changed = True
-                else:
+            group = group.to_dict(computed=False)
-                    changed = False
             self.exit_json(changed=changed, group=group)
 
-        elif state == 'absent':
+        elif state == 'absent' and group is not None:
-            if group is None:
+            self.conn.identity.delete_group(group)
-                changed = False
+            changed = True
-            else:
+        self.exit_json(changed=changed)
-                self.conn.delete_group(group.id)
-                changed = True
-            self.exit_json(changed=changed)
 
 
 def main():