From c39c8f9d744248d1fb8ea3d9cff864f5cebe1caa Mon Sep 17 00:00:00 2001 From: Sagi Shnaidman Date: Mon, 4 Jan 2021 20:29:30 +0200 Subject: [PATCH] Add modules for roles information Add module that retrieves list of roles for a Openstack cloud. Change-Id: Iabadd94f990c49ba078aa02e2d801c40985f85b8 --- ci/roles/keystone_role/tasks/main.yml | 23 ++++++ plugins/modules/identity_role_info.py | 103 ++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) create mode 100644 plugins/modules/identity_role_info.py diff --git a/ci/roles/keystone_role/tasks/main.yml b/ci/roles/keystone_role/tasks/main.yml index 189fd516..0f0fe185 100644 --- a/ci/roles/keystone_role/tasks/main.yml +++ b/ci/roles/keystone_role/tasks/main.yml @@ -5,6 +5,29 @@ state: present name: "{{ role_name }}" +- name: List keystone roles + openstack.cloud.identity_role_info: + cloud: "{{ cloud }}" + register: roles + +- name: Check roles + assert: + that: + - roles.openstack_roles | length > 0 + - "'{{ role_name }}' in (roles.openstack_roles | map(attribute='name') | list)" + +- name: List keystone roles by name + openstack.cloud.identity_role_info: + cloud: "{{ cloud }}" + name: "{{ role_name}}" + register: roles1 + +- name: Check roles + assert: + that: + - roles1.openstack_roles | length == 1 + - roles1.openstack_roles[0]['name'] == role_name + - name: Delete keystone role openstack.cloud.identity_role: cloud: "{{ cloud }}" diff --git a/plugins/modules/identity_role_info.py b/plugins/modules/identity_role_info.py new file mode 100644 index 00000000..361e800d --- /dev/null +++ b/plugins/modules/identity_role_info.py @@ -0,0 +1,103 @@ +#!/usr/bin/python +# coding: utf-8 -*- + +# Copyright (c) 2020, Sagi Shnaidman +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +DOCUMENTATION = ''' +--- +module: identity_role_info +short_description: Retrive information about roles +author: OpenStack Ansible SIG +description: + - Get information about identity roles in Openstack +options: + domain_id: + description: + - List roles in specified domain only + type: str + required: false + name: + description: + - List role speficied by name + type: str + required: false + +requirements: + - "python >= 3.6" + - "openstacksdk" + +extends_documentation_fragment: + - openstack.cloud.openstack +''' + +RETURN = ''' +openstack_roles: + description: List of identity roles + returned: always + type: list + elements: dict + sample: + - domain_id: None + id: 19bf514fdda84f808ccee8463bd85c1a + location: + cloud: mycloud + project: + domain_id: None + domain_name: None + id: None + name: None + region_name: None + zone: None + name: member + properties: + +''' + +EXAMPLES = ''' +# Retrieve info about all roles +- openstack.cloud.identity_role_info: + cloud: mycloud + +# Retrieve info about all roles in specific domain +- openstack.cloud.identity_role_info: + cloud: mycloud + domain_id: some_domain_id + +# Retrieve info about role 'admin' +- openstack.cloud.identity_role_info: + cloud: mycloud + name: admin + +''' + +from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule + + +class IdentityRoleInfoModule(OpenStackModule): + + argument_spec = dict( + domain_id=dict(type='str', required=False), + name=dict(type='str', required=False), + ) + module_kwargs = dict( + supports_check_mode=True, + ) + + def run(self): + roles = self.conn.list_roles(domain_id=self.params['domain_id']) + # Dictionaries are supported from Train release + roles = [item if isinstance(item, dict) else item.to_dict() for item in roles] + # Filtering by name is supported from Wallaby release + if self.params['name']: + roles = [item for item in roles if self.params['name'] in (item['id'], item['name'])] + self.results.update({'openstack_roles': roles}) + + +def main(): + module = IdentityRoleInfoModule() + module() + + +if __name__ == '__main__': + main()