openstack/ansible-collections-openstack
Code Issues Proposed changes

Refactored identity_user{,_info} modules

Browse Source 
Change-Id: Iae52d1a86f8f78790290be3966681f2277b9701d
This commit is contained in:
Jakob Meng 2023-01-13 12:21:04 +01:00
parent 4a27306440
commit c9afdbfd73
7 changed files with 444 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/roles/identity_user/defaults/main.yml
View File

@ -1,4 +1,4 @@
os_identity_user_fields: expected_fields:
- default_project_id - default_project_id
- description - description
- domain_id - domain_id

211
ci/roles/identity_user/tasks/main.yml
View File

@ -1,49 +1,24 @@
--- ---
- name: setup - name: Create a user without a password
block:
- name: Delete user before running tests
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ item }}"
loop:
- ansible_user
- ansible_user2
register: user
- block:
- name: Delete unexistent user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
register: user
- name: Ensure user was not changed
assert:
that: user is not changed
- block:
- name: Create a user without a password
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
name: ansible_user name: ansible_user
email: ansible.user@nowhere.net email: ansible.user@nowhere.net
domain: default domain: default
description: "ansible user"
default_project: demo default_project: demo
register: user register: user
- name: Ensure user was changed - name: Assert return values of identity_user module
assert: assert:
that: user is changed that:
- user.user.name == 'ansible_user'
- user.user.description == 'ansible user'
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(user.user.keys())|length == 0
- name: Ensure user has fields - name: Fail when update_password is always but no password specified
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Fail when update_password is always but no password specified
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
@ -55,17 +30,31 @@
register: user register: user
ignore_errors: yes ignore_errors: yes
- assert: - name: Assert that update failed
that: user.msg == "update_password is always but a password value is missing" assert:
that:
- user is failed
- user.msg == "update_password is 'always' but password is missing"
- name: Delete user - name: Delete user
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: absent state: absent
name: ansible_user name: ansible_user
- block:
- name: Create user with a password - name: Create user with a password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
- name: Create user with a password again
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
@ -77,35 +66,12 @@
default_project: demo default_project: demo
register: user register: user
- name: Assert user has fields - name: Assert user was not changed
assert: assert:
that: item in user['user'] that:
loop: "{{ os_identity_user_fields }}" - user is not changed
- block: - name: Update user with password
- name: Create identical user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Assert user was not changed
assert:
that: user is not changed
- name: Assert user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- block:
- name: Update user with password
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
@ -114,18 +80,13 @@
email: updated.ansible.user@nowhere.net email: updated.ansible.user@nowhere.net
register: user register: user
- name: Ensure user was changed - name: Ensure user was changed
assert: assert:
that: user is changed that:
- user is changed
- name: Ensure user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Update user without password and update_password set to always - name: Update user without password and update_password set to always
block: openstack.cloud.identity_user:
- openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
name: ansible_user name: ansible_user
@ -134,11 +95,13 @@
register: user register: user
ignore_errors: yes ignore_errors: yes
- assert: - name: Assert user update failed
that: user.msg == "update_password is always but a password value is missing" assert:
that:
- user is failed
- user.msg == "update_password is 'always' but password is missing"
- block: - name: Ensure user with update_password set to on_create
- name: Ensure user with update_password set to on_create
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
@ -148,12 +111,12 @@
email: updated.ansible.user@nowhere.net email: updated.ansible.user@nowhere.net
register: user register: user
- name: Ensure user was not changed - name: Ensure user was not changed
assert: assert:
that: user is not changed that:
- user is not changed
- block: - name: Ensure user with update_password set to always
- name: Ensure user with update_password set to always
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
@ -163,12 +126,12 @@
email: updated.ansible.user@nowhere.net email: updated.ansible.user@nowhere.net
register: user register: user
- name: Ensure user was changed - name: Ensure user was changed
assert: assert:
that: user is changed that:
- user is changed
- block: - name: Create user without a password
- name: Create user without a password
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
@ -180,18 +143,76 @@
default_project: demo default_project: demo
register: user register: user
- name: Assert user has fields - name: Fetch users
assert: openstack.cloud.identity_user_info:
that: item in user['user'] cloud: "{{ cloud }}"
loop: "{{ os_identity_user_fields }}" register: users
- block: - name: Assert return values of identity_user_info module
- name: Delete user assert:
that:
- users.users | length > 0
# allow new fields to be introduced but prevent fields from being removed
- expected_fields|difference(users.users.0.keys())|length == 0
- name: Fetch user by name
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: users
- name: Assert named user
assert:
that:
- users.users | length == 1
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user2
- name: Delete user
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: absent state: absent
name: ansible_user name: ansible_user
- name: Ensure user was changed - name: Ensure user was changed
assert: assert:
that: user is changed that:
- user is changed
- name: Delete user again
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
register: user
- name: Ensure user was not changed
assert:
that:
- user is not changed
- name: Fetch ansible_user
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: users
- name: Assert ansible_user does not exist
assert:
that:
- users.users | length == 0
- name: Fetch ansible_user2
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user2
register: users
- name: Assert ansible_user2 does not exist
assert:
that:
- users.users | length == 0

11
ci/roles/identity_user_info/defaults/main.yml
View File

@ -1,11 +0,0 @@
os_expected_user_info_fields:
- default_project_id
- description
- domain_id
- email
- id
- is_enabled
- links
- name
- password
- password_expires_at

69
ci/roles/identity_user_info/tasks/main.yml
View File

@ -1,69 +0,0 @@
- name: Ensure user does not exist before tests
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- block:
- name: Get unexistent user
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: userinfo
- name: Ensure nothing was returned
assert:
that: not userinfo.users
- block:
- name: Create user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
- name: Create second user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user2
password: secret
email: ansible.user2@nowhere.net
domain: default
default_project: demo
register: user
- name: Get first user info
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: userinfo
- name: Assert only one result exists
assert:
that: "{{ userinfo.users | length }} == 1"
- name: Assert userinfo has fields
assert:
that: item in userinfo.users[0]
loop: "{{ os_expected_user_info_fields }}"
- block:
- name: Get all users
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
register: userinfo
- name: Assert results were returned
assert:
that: "{{ userinfo.users | length }} > 0"
- name: Post-test cleanup
block:
- name: Ensure users do not exist
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ item }}"
loop:
- ansible_user
- ansible_user2

1
ci/run-collection.yml
View File

@ -21,7 +21,6 @@
- { role: identity_domain, tags: identity_domain } - { role: identity_domain, tags: identity_domain }
- { role: identity_group, tags: identity_group } - { role: identity_group, tags: identity_group }
- { role: identity_user, tags: identity_user } - { role: identity_user, tags: identity_user }
- { role: identity_user_info, tags: identity_user_info }
- { role: identity_role, tags: identity_role } - { role: identity_role, tags: identity_role }
- { role: image, tags: image } - { role: image, tags: image }
- { role: keypair, tags: keypair } - { role: keypair, tags: keypair }

252
plugins/modules/identity_user.py
View File

@ -4,69 +4,68 @@
# Copyright (c) 2015 Hewlett-Packard Development Company, L.P. # Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: identity_user module: identity_user
short_description: Manage OpenStack Identity Users short_description: Manage a OpenStack identity (Keystone) user
author: OpenStack Ansible SIG author: OpenStack Ansible SIG
description: description:
- Manage OpenStack Identity users. Users can be created, - Create, update or delete a OpenStack identity (Keystone) user.
updated or deleted using this module. A user will be updated
if I(name) matches an existing user and I(state) is present.
The value for I(name) cannot be updated without deleting and
re-creating the user.
options: options:
default_project:
description:
- Name or ID of the project, the user should be created in.
type: str
description:
description:
- Description about the user.
type: str
domain:
description:
- Domain to create the user in if the cloud supports domains.
type: str
email:
description:
- Email address for the user.
type: str
is_enabled:
description:
- Whether the user is enabled or not.
type: bool
default: 'yes'
aliases: ['enabled']
name: name:
description: description:
- Username for the user - Name of the user.
- I(name) cannot be updated without deleting and re-creating the user.
required: true required: true
type: str type: str
password: password:
description: description:
- Password for the user - Password for the user.
type: str type: str
update_password:
required: false
choices: ['always', 'on_create']
default: on_create
description:
- C(always) will attempt to update password. C(on_create) will only
set the password for newly created users.
type: str
email:
description:
- Email address for the user
type: str
description:
description:
- Description about the user
type: str
default_project:
description:
- Project name or ID that the user should be associated with by default
type: str
domain:
description:
- Domain to create the user in if the cloud supports domains
type: str
enabled:
description:
- Is the user enabled
type: bool
default: 'yes'
state: state:
description: description:
- Should the resource be present or absent. - Should the resource be present or absent.
choices: [present, absent] choices: [present, absent]
default: present default: present
type: str type: str
update_password:
choices: ['always', 'on_create']
default: on_create
description:
- When I(update_password) is C(always), then the password will always be
updated.
- When I(update_password) is C(on_create), the the password is only set
when creating a user.
type: str
extends_documentation_fragment: extends_documentation_fragment:
- openstack.cloud.openstack - openstack.cloud.openstack
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Create a user - name: Create a user
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: present state: present
name: demouser name: demouser
@ -75,14 +74,14 @@ EXAMPLES = '''
domain: default domain: default
default_project: demo default_project: demo
# Delete a user - name: Delete a user
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: absent state: absent
name: demouser name: demouser
# Create a user but don't update password if user exists - name: Create a user but don't update password if user exists
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: present state: present
name: demouser name: demouser
@ -92,8 +91,8 @@ EXAMPLES = '''
domain: default domain: default
default_project: demo default_project: demo
# Create a user without password - name: Create a user without password
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: present state: present
name: demouser name: demouser
@ -102,36 +101,30 @@ EXAMPLES = '''
default_project: demo default_project: demo
''' '''
RETURN = r'''
RETURN = '''
user: user:
description: Dictionary describing the user. description: Dictionary describing the identity user.
returned: On success when I(state) is 'present' returned: On success when I(state) is C(present).
type: dict type: dict
contains: contains:
default_project_id: default_project_id:
description: User default project ID. Only present with Keystone >= v3. description: User default project ID. Only present with Keystone >= v3.
returned: success
type: str type: str
sample: "4427115787be45f08f0ec22a03bfc735" sample: "4427115787be45f08f0ec22a03bfc735"
description: description:
description: The description of this user description: The description of this user
returned: success
type: str type: str
sample: "a user" sample: "a user"
domain_id: domain_id:
description: User domain ID. Only present with Keystone >= v3. description: User domain ID. Only present with Keystone >= v3.
returned: success
type: str type: str
sample: "default" sample: "default"
email: email:
description: User email address description: User email address
returned: success
type: str type: str
sample: "demo@example.com" sample: "demo@example.com"
id: id:
description: User ID description: User ID
returned: success
type: str type: str
sample: "f59382db809c43139982ca4189404650" sample: "f59382db809c43139982ca4189404650"
is_enabled: is_enabled:
@ -139,121 +132,106 @@ user:
type: bool type: bool
links: links:
description: The links for the user resource description: The links for the user resource
returned: success
type: dict type: dict
elements: str elements: str
name: name:
description: Unique user name, within the owning domain description: Unique user name, within the owning domain
returned: success
type: str type: str
sample: "demouser" sample: "demouser"
password: password:
description: Credential used during authentication description: Credential used during authentication
returned: success
type: str type: str
password_expires_at: password_expires_at:
description: The date and time when the password expires. The time zone is UTC. A none value means the password never expires description: The date and time when the password expires. The time zone
returned: success is UTC. A none value means the password never expires
type: str type: str
''' '''
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
from ansible_collections.openstack.cloud.plugins.module_utils.resource import StateMachine
class IdentityUserModule(OpenStackModule): class IdentityUserModule(OpenStackModule):
argument_spec = dict( argument_spec = dict(
name=dict(required=True),
password=dict(no_log=True),
email=dict(),
default_project=dict(), default_project=dict(),
description=dict(), description=dict(),
domain=dict(), domain=dict(),
enabled=dict(default=True, type='bool'), email=dict(),
is_enabled=dict(default=True, type='bool', aliases=['enabled']),
name=dict(required=True),
password=dict(no_log=True),
state=dict(default='present', choices=['absent', 'present']), state=dict(default='present', choices=['absent', 'present']),
update_password=dict(default='on_create', choices=['always', 'on_create']), update_password=dict(default='on_create',
choices=['always', 'on_create']),
) )
module_kwargs = dict() module_kwargs = dict()
def _needs_update(self, params_dict, user): class _StateMachine(StateMachine):
for k in params_dict: def _build_update(self, resource, attributes, updateable_attributes,
# We don't get password back in the user object, so assume any supplied non_updateable_attributes,
# password is a change. update_password='on_create', **kwargs):
if k == 'password': if update_password == 'always' and 'password' not in attributes:
return True self.ansible.fail_json(msg="update_password is 'always'"
if user[k] != params_dict[k]: " but password is missing")
return True elif update_password == 'on_create' and 'password' in attributes:
return False attributes.pop('password')
def _get_domain_id(self, domain): return super()._build_update(resource, attributes,
dom_obj = self.conn.identity.find_domain(domain) updateable_attributes,
if dom_obj is None: non_updateable_attributes, **kwargs)
# Ok, let's hope the user is non-admin and passing a sane id
return domain
return dom_obj.id
def _get_default_project_id(self, default_project, domain_id): def _find(self, attributes, **kwargs):
project = self.conn.identity.find_project(default_project, domain_id=domain_id) query_args = dict((k, attributes[k])
if not project: for k in ['domain_id']
self.fail_json(msg='Default project %s is not valid' % default_project) if k in attributes and attributes[k] is not None)
return project['id']
return self.find_function(attributes['name'], **query_args)
def run(self): def run(self):
name = self.params['name'] sm = self._StateMachine(connection=self.conn,
password = self.params.get('password') service_name='identity',
email = self.params['email'] type_name='user',
default_project = self.params['default_project'] sdk=self.sdk,
domain = self.params['domain'] ansible=self.ansible)
enabled = self.params['enabled']
state = self.params['state']
update_password = self.params['update_password']
description = self.params['description']
domain_id = None kwargs = dict((k, self.params[k])
if domain: for k in ['state', 'timeout', 'update_password']
domain_id = self._get_domain_id(domain) if self.params[k] is not None)
user = self.conn.identity.find_user(name, domain_id=domain_id)
changed = False kwargs['attributes'] = \
if state == 'present': dict((k, self.params[k])
user_args = { for k in ['description', 'email', 'is_enabled', 'name',
'name': name, 'password']
'email': email, if self.params[k] is not None)
'domain_id': domain_id,
'description': description, domain_name_or_id = self.params['domain']
'is_enabled': enabled, if domain_name_or_id is not None:
} domain = self.conn.identity.find_domain(domain_name_or_id,
if default_project: ignore_missing=False)
default_project_id = self._get_default_project_id( kwargs['attributes']['domain_id'] = domain.id
default_project, domain_id)
user_args['default_project_id'] = default_project_id default_project_name_or_id = self.params['default_project']
user_args = {k: v for k, v in user_args.items() if v is not None} if default_project_name_or_id is not None:
query_args = dict((k, kwargs['attributes'][k])
for k in ['domain_id']
if k in kwargs['attributes']
and kwargs['attributes'][k] is not None)
project = self.conn.identity.find_project(
default_project_name_or_id, ignore_missing=False, **query_args)
kwargs['attributes']['default_project_id'] = project.id
user, is_changed = sm(check_mode=self.ansible.check_mode,
updateable_attributes=None,
non_updateable_attributes=['domain_id'],
wait=False,
**kwargs)
changed = False
if user is None: if user is None:
if password: self.exit_json(changed=is_changed)
user_args['password'] = password
user = self.conn.identity.create_user(**user_args)
changed = True
else: else:
if update_password == 'always': self.exit_json(changed=is_changed,
if not password: user=user.to_dict(computed=False))
self.fail_json(msg="update_password is always but a password value is missing")
user_args['password'] = password
# else we do not want to update the password
if self._needs_update(user_args, user):
user = self.conn.identity.update_user(user['id'], **user_args)
changed = True
user = user.to_dict(computed=False)
self.exit_json(changed=changed, user=user)
elif state == 'absent' and user is not None:
self.conn.identity.delete_user(user)
changed = True
self.exit_json(changed=changed)
def main(): def main():

107
plugins/modules/identity_user_info.py
View File

@ -4,125 +4,97 @@
# Copyright (c) 2016 Hewlett-Packard Enterprise Corporation # Copyright (c) 2016 Hewlett-Packard Enterprise Corporation
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: identity_user_info module: identity_user_info
short_description: Retrieve information about one or more OpenStack users short_description: Fetch OpenStack identity (Keystone) users
author: OpenStack Ansible SIG author: OpenStack Ansible SIG
description: description:
- Retrieve information about a one or more OpenStack users - Fetch OpenStack identity (Keystone) users.
options: options:
name:
description:
- Name or ID of the user
type: str
domain: domain:
description: description:
- Name or ID of the domain containing the user if the cloud supports domains - Name or ID of the domain containing the user.
type: str type: str
filters: filters:
description: description:
- A dictionary of meta data to use for further filtering. Elements of - A dictionary of meta data to use for further filtering. Elements of
this dictionary may be additional dictionaries. this dictionary may be additional dictionaries.
type: dict type: dict
default: {} name:
description:
- Name or ID of the user.
type: str
extends_documentation_fragment: extends_documentation_fragment:
- openstack.cloud.openstack - openstack.cloud.openstack
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Gather information about previously created users - name: Gather previously created users
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
register: result
- debug:
msg: "{{ result.users }}"
# Gather information about a previously created user by name - name: Gather previously created user by name
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
name: demouser name: demouser
register: result
- debug:
msg: "{{ result.users }}"
# Gather information about a previously created user in a specific domain - name: Gather previously created user in a specific domain
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
name: demouser name: demouser
domain: admindomain domain: admindomain
register: result
- debug:
msg: "{{ result.users }}"
# Gather information about a previously created user in a specific domain with filter - name: Gather previously created user with filters
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
name: demouser name: demouser
domain: admindomain domain: admindomain
filters: filters:
enabled: False is_enabled: False
register: result
- debug:
msg: "{{ result.users }}"
''' '''
RETURN = r'''
RETURN = '''
users: users:
description: has all the OpenStack information about users description: Dictionary describing all matching identity users.
returned: always returned: always
type: list type: list
elements: dict elements: dict
contains: contains:
id: id:
description: Unique UUID. description: Unique UUID.
returned: success
type: str type: str
name: name:
description: Username of the user. description: Username of the user.
returned: success
type: str type: str
default_project_id: default_project_id:
description: Default project ID of the user description: Default project ID of the user
returned: success
type: str type: str
description: description:
description: The description of this user description: The description of this user
returned: success
type: str type: str
domain_id: domain_id:
description: Domain ID containing the user description: Domain ID containing the user
returned: success
type: str type: str
email: email:
description: Email of the user description: Email of the user
returned: success
type: str type: str
is_enabled: is_enabled:
description: Flag to indicate if the user is enabled description: Flag to indicate if the user is enabled
returned: success
type: bool type: bool
links: links:
description: The links for the user resource description: The links for the user resource
returned: success type: dict
type: complex
contains:
self:
description: Link to this user resource
returned: success
type: str
password: password:
description: The default form of credential used during authentication. description: The default form of credential used during authentication.
returned: success
type: str type: str
password_expires_at: password_expires_at:
description: The date and time when the password expires. The time zone is UTC. A Null value means the password never expires. description: The date and time when the password expires. The time zone
returned: success is UTC. A Null value means the password never expires.
type: str type: str
username: username:
description: Username with Identity API v2 (OpenStack Pike or earlier) else Null description: Username with Identity API v2 (OpenStack Pike or earlier)
returned: success else Null.
type: str type: str
''' '''
@ -131,9 +103,9 @@ from ansible_collections.openstack.cloud.plugins.module_utils.openstack import O
class IdentityUserInfoModule(OpenStackModule): class IdentityUserInfoModule(OpenStackModule):
argument_spec = dict( argument_spec = dict(
name=dict(),
domain=dict(), domain=dict(),
filters=dict(type='dict', default={}), filters=dict(type='dict'),
name=dict(),
) )
module_kwargs = dict( module_kwargs = dict(
supports_check_mode=True supports_check_mode=True
@ -141,19 +113,20 @@ class IdentityUserInfoModule(OpenStackModule):
def run(self): def run(self):
name = self.params['name'] name = self.params['name']
domain = self.params['domain'] filters = self.params['filters'] or {}
filters = self.params['filters']
args = {} kwargs = {}
if domain: domain_name_or_id = self.params['domain']
dom_obj = self.conn.identity.find_domain(domain) if domain_name_or_id:
if dom_obj is None: domain = self.conn.identity.find_domain(domain_name_or_id)
self.fail_json( if domain is None:
msg="Domain name or ID '{0}' does not exist".format(domain)) self.exit_json(changed=False, groups=[])
args['domain_id'] = dom_obj.id kwargs['domain_id'] = domain['id']
users = [user.to_dict(computed=False) for user in self.conn.search_users(name, filters, **args)] self.exit_json(changed=False,
self.exit_json(changed=False, users=users) users=[u.to_dict(computed=False)
for u in self.conn.search_users(name, filters,
**kwargs)])
def main(): def main():