openstack/ansible-collections-openstack
Code Issues Proposed changes

Refactored identity_user{,_info} modules

Browse Source 
Change-Id: Iae52d1a86f8f78790290be3966681f2277b9701d
This commit is contained in:
Jakob Meng 2023-01-13 12:21:04 +01:00
parent 4a27306440
commit c9afdbfd73
7 changed files with 444 additions and 553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ci/roles/identity_user/defaults/main.yml
View File

@ -1,4 +1,4 @@
os_identity_user_fields: expected_fields:
- default_project_id - default_project_id
- description - description
- domain_id - domain_id

371
ci/roles/identity_user/tasks/main.yml
View File

@ -1,197 +1,218 @@
--- ---
- name: setup - name: Create a user without a password
block: openstack.cloud.identity_user:
- name: Delete user before running tests cloud: "{{ cloud }}"
openstack.cloud.identity_user: state: present
cloud: "{{ cloud }}" name: ansible_user
state: absent email: ansible.user@nowhere.net
name: "{{ item }}" domain: default
loop: description: "ansible user"
- ansible_user default_project: demo
- ansible_user2 register: user
register: user
- block: - name: Assert return values of identity_user module
- name: Delete unexistent user assert:
openstack.cloud.identity_user: that:
cloud: "{{ cloud }}" - user.user.name == 'ansible_user'
state: absent - user.user.description == 'ansible user'
name: ansible_user # allow new fields to be introduced but prevent fields from being removed
register: user - expected_fields|difference(user.user.keys())|length == 0
- name: Ensure user was not changed - name: Fail when update_password is always but no password specified
assert: openstack.cloud.identity_user:
that: user is not changed cloud: "{{ cloud }}"
state: present
name: ansible_user
update_password: always
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
ignore_errors: yes
- block: - name: Assert that update failed
- name: Create a user without a password assert:
openstack.cloud.identity_user: that:
cloud: "{{ cloud }}" - user is failed
state: present - user.msg == "update_password is 'always' but password is missing"
name: ansible_user
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
- name: Ensure user was changed - name: Delete user
assert: openstack.cloud.identity_user:
that: user is changed cloud: "{{ cloud }}"
state: absent
name: ansible_user
- name: Ensure user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Fail when update_password is always but no password specified - name: Create user with a password
openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: "{{ cloud }}" cloud: "{{ cloud }}"
state: present state: present
name: ansible_user name: ansible_user
update_password: always password: secret
email: ansible.user@nowhere.net email: ansible.user@nowhere.net
domain: default update_password: on_create
default_project: demo domain: default
register: user default_project: demo
ignore_errors: yes
- assert: - name: Create user with a password again
that: user.msg == "update_password is always but a password value is missing" openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Delete user - name: Assert user was not changed
openstack.cloud.identity_user: assert:
cloud: "{{ cloud }}" that:
state: absent - user is not changed
name: ansible_user
- block: - name: Update user with password
- name: Create user with a password openstack.cloud.identity_user:
openstack.cloud.identity_user: cloud: "{{ cloud }}"
cloud: "{{ cloud }}" state: present
state: present name: ansible_user
name: ansible_user password: secret2
password: secret email: updated.ansible.user@nowhere.net
email: ansible.user@nowhere.net register: user
update_password: on_create
domain: default
default_project: demo
register: user
- name: Assert user has fields - name: Ensure user was changed
assert: assert:
that: item in user['user'] that:
loop: "{{ os_identity_user_fields }}" - user is changed
- block:
- name: Create identical user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
update_password: on_create
domain: default
default_project: demo
register: user
- name: Assert user was not changed
assert:
that: user is not changed
- name: Assert user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- block:
- name: Update user with password
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret2
email: updated.ansible.user@nowhere.net
register: user
- name: Ensure user was changed
assert:
that: user is changed
- name: Ensure user has fields
assert:
that: item in user['user']
loop: "{{ os_identity_user_fields }}"
- name: Update user without password and update_password set to always - name: Update user without password and update_password set to always
block: openstack.cloud.identity_user:
- openstack.cloud.identity_user: cloud: "{{ cloud }}"
cloud: "{{ cloud }}" state: present
state: present name: ansible_user
name: ansible_user update_password: always
update_password: always email: updated.ansible.user@nowhere.net
email: updated.ansible.user@nowhere.net register: user
register: user ignore_errors: yes
ignore_errors: yes
- assert: - name: Assert user update failed
that: user.msg == "update_password is always but a password value is missing" assert:
that:
- user is failed
- user.msg == "update_password is 'always' but password is missing"
- block: - name: Ensure user with update_password set to on_create
- name: Ensure user with update_password set to on_create openstack.cloud.identity_user:
openstack.cloud.identity_user: cloud: "{{ cloud }}"
cloud: "{{ cloud }}" state: present
state: present name: ansible_user
name: ansible_user update_password: on_create
update_password: on_create password: secret3
password: secret3 email: updated.ansible.user@nowhere.net
email: updated.ansible.user@nowhere.net register: user
register: user
- name: Ensure user was not changed - name: Ensure user was not changed
assert: assert:
that: user is not changed that:
- user is not changed
- block: - name: Ensure user with update_password set to always
- name: Ensure user with update_password set to always openstack.cloud.identity_user:
openstack.cloud.identity_user: cloud: "{{ cloud }}"
cloud: "{{ cloud }}" state: present
state: present name: ansible_user
name: ansible_user update_password: always
update_password: always password: secret3
password: secret3 email: updated.ansible.user@nowhere.net
email: updated.ansible.user@nowhere.net register: user
register: user
- name: Ensure user was changed - name: Ensure user was changed
assert: assert:
that: user is changed that:
- user is changed
- block: - name: Create user without a password
- name: Create user without a password openstack.cloud.identity_user:
openstack.cloud.identity_user: cloud: "{{ cloud }}"
cloud: "{{ cloud }}" state: present
state: present name: ansible_user2
name: ansible_user2 password: secret
password: secret email: ansible.user2@nowhere.net
email: ansible.user2@nowhere.net update_password: on_create
update_password: on_create domain: default
domain: default default_project: demo
default_project: demo register: user
register: user
- name: Assert user has fields - name: Fetch users
assert: openstack.cloud.identity_user_info:
that: item in user['user'] cloud: "{{ cloud }}"
loop: "{{ os_identity_user_fields }}" register: users
- block: - name: Assert return values of identity_user_info module
- name: Delete user assert:
openstack.cloud.identity_user: that:
cloud: "{{ cloud }}" - users.users | length > 0
state: absent # allow new fields to be introduced but prevent fields from being removed
name: ansible_user - expected_fields|difference(users.users.0.keys())|length == 0
- name: Ensure user was changed - name: Fetch user by name
assert: openstack.cloud.identity_user_info:
that: user is changed cloud: "{{ cloud }}"
name: ansible_user
register: users
- name: Assert named user
assert:
that:
- users.users | length == 1
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user2
- name: Delete user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- name: Ensure user was changed
assert:
that:
- user is changed
- name: Delete user again
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
register: user
- name: Ensure user was not changed
assert:
that:
- user is not changed
- name: Fetch ansible_user
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: users
- name: Assert ansible_user does not exist
assert:
that:
- users.users | length == 0
- name: Fetch ansible_user2
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user2
register: users
- name: Assert ansible_user2 does not exist
assert:
that:
- users.users | length == 0

11
ci/roles/identity_user_info/defaults/main.yml
View File

@ -1,11 +0,0 @@
os_expected_user_info_fields:
- default_project_id
- description
- domain_id
- email
- id
- is_enabled
- links
- name
- password
- password_expires_at

69
ci/roles/identity_user_info/tasks/main.yml
View File

@ -1,69 +0,0 @@
- name: Ensure user does not exist before tests
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: ansible_user
- block:
- name: Get unexistent user
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: userinfo
- name: Ensure nothing was returned
assert:
that: not userinfo.users
- block:
- name: Create user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user
password: secret
email: ansible.user@nowhere.net
domain: default
default_project: demo
register: user
- name: Create second user
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: present
name: ansible_user2
password: secret
email: ansible.user2@nowhere.net
domain: default
default_project: demo
register: user
- name: Get first user info
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
name: ansible_user
register: userinfo
- name: Assert only one result exists
assert:
that: "{{ userinfo.users | length }} == 1"
- name: Assert userinfo has fields
assert:
that: item in userinfo.users[0]
loop: "{{ os_expected_user_info_fields }}"
- block:
- name: Get all users
openstack.cloud.identity_user_info:
cloud: "{{ cloud }}"
register: userinfo
- name: Assert results were returned
assert:
that: "{{ userinfo.users | length }} > 0"
- name: Post-test cleanup
block:
- name: Ensure users do not exist
openstack.cloud.identity_user:
cloud: "{{ cloud }}"
state: absent
name: "{{ item }}"
loop:
- ansible_user
- ansible_user2

1
ci/run-collection.yml
View File

@ -21,7 +21,6 @@
- { role: identity_domain, tags: identity_domain } - { role: identity_domain, tags: identity_domain }
- { role: identity_group, tags: identity_group } - { role: identity_group, tags: identity_group }
- { role: identity_user, tags: identity_user } - { role: identity_user, tags: identity_user }
- { role: identity_user_info, tags: identity_user_info }
- { role: identity_role, tags: identity_role } - { role: identity_role, tags: identity_role }
- { role: image, tags: image } - { role: image, tags: image }
- { role: keypair, tags: keypair } - { role: keypair, tags: keypair }

352
plugins/modules/identity_user.py
View File

@ -4,69 +4,68 @@
# Copyright (c) 2015 Hewlett-Packard Development Company, L.P. # Copyright (c) 2015 Hewlett-Packard Development Company, L.P.
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: identity_user module: identity_user
short_description: Manage OpenStack Identity Users short_description: Manage a OpenStack identity (Keystone) user
author: OpenStack Ansible SIG author: OpenStack Ansible SIG
description: description:
- Manage OpenStack Identity users. Users can be created, - Create, update or delete a OpenStack identity (Keystone) user.
updated or deleted using this module. A user will be updated
if I(name) matches an existing user and I(state) is present.
The value for I(name) cannot be updated without deleting and
re-creating the user.
options: options:
name: default_project:
description: description:
- Username for the user - Name or ID of the project, the user should be created in.
required: true type: str
type: str description:
password: description:
description: - Description about the user.
- Password for the user type: str
type: str domain:
update_password: description:
required: false - Domain to create the user in if the cloud supports domains.
choices: ['always', 'on_create'] type: str
default: on_create email:
description: description:
- C(always) will attempt to update password. C(on_create) will only - Email address for the user.
set the password for newly created users. type: str
type: str is_enabled:
email: description:
description: - Whether the user is enabled or not.
- Email address for the user type: bool
type: str default: 'yes'
description: aliases: ['enabled']
description: name:
- Description about the user description:
type: str - Name of the user.
default_project: - I(name) cannot be updated without deleting and re-creating the user.
description: required: true
- Project name or ID that the user should be associated with by default type: str
type: str password:
domain: description:
description: - Password for the user.
- Domain to create the user in if the cloud supports domains type: str
type: str state:
enabled: description:
description: - Should the resource be present or absent.
- Is the user enabled choices: [present, absent]
type: bool default: present
default: 'yes' type: str
state: update_password:
description: choices: ['always', 'on_create']
- Should the resource be present or absent. default: on_create
choices: [present, absent] description:
default: present - When I(update_password) is C(always), then the password will always be
type: str updated.
- When I(update_password) is C(on_create), the the password is only set
when creating a user.
type: str
extends_documentation_fragment: extends_documentation_fragment:
- openstack.cloud.openstack - openstack.cloud.openstack
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Create a user - name: Create a user
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: present state: present
name: demouser name: demouser
@ -75,14 +74,14 @@ EXAMPLES = '''
domain: default domain: default
default_project: demo default_project: demo
# Delete a user - name: Delete a user
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: absent state: absent
name: demouser name: demouser
# Create a user but don't update password if user exists - name: Create a user but don't update password if user exists
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: present state: present
name: demouser name: demouser
@ -92,8 +91,8 @@ EXAMPLES = '''
domain: default domain: default
default_project: demo default_project: demo
# Create a user without password - name: Create a user without password
- openstack.cloud.identity_user: openstack.cloud.identity_user:
cloud: mycloud cloud: mycloud
state: present state: present
name: demouser name: demouser
@ -102,158 +101,137 @@ EXAMPLES = '''
default_project: demo default_project: demo
''' '''
RETURN = r'''
RETURN = '''
user: user:
description: Dictionary describing the user. description: Dictionary describing the identity user.
returned: On success when I(state) is 'present' returned: On success when I(state) is C(present).
type: dict type: dict
contains: contains:
default_project_id: default_project_id:
description: User default project ID. Only present with Keystone >= v3. description: User default project ID. Only present with Keystone >= v3.
returned: success type: str
type: str sample: "4427115787be45f08f0ec22a03bfc735"
sample: "4427115787be45f08f0ec22a03bfc735" description:
description: description: The description of this user
description: The description of this user type: str
returned: success sample: "a user"
type: str domain_id:
sample: "a user" description: User domain ID. Only present with Keystone >= v3.
domain_id: type: str
description: User domain ID. Only present with Keystone >= v3. sample: "default"
returned: success email:
type: str description: User email address
sample: "default" type: str
email: sample: "demo@example.com"
description: User email address id:
returned: success description: User ID
type: str type: str
sample: "demo@example.com" sample: "f59382db809c43139982ca4189404650"
id: is_enabled:
description: User ID description: Indicates whether the user is enabled
returned: success type: bool
type: str links:
sample: "f59382db809c43139982ca4189404650" description: The links for the user resource
is_enabled: type: dict
description: Indicates whether the user is enabled elements: str
type: bool name:
links: description: Unique user name, within the owning domain
description: The links for the user resource type: str
returned: success sample: "demouser"
type: dict password:
elements: str description: Credential used during authentication
name: type: str
description: Unique user name, within the owning domain password_expires_at:
returned: success description: The date and time when the password expires. The time zone
type: str is UTC. A none value means the password never expires
sample: "demouser" type: str
password:
description: Credential used during authentication
returned: success
type: str
password_expires_at:
description: The date and time when the password expires. The time zone is UTC. A none value means the password never expires
returned: success
type: str
''' '''
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
from ansible_collections.openstack.cloud.plugins.module_utils.resource import StateMachine
class IdentityUserModule(OpenStackModule): class IdentityUserModule(OpenStackModule):
argument_spec = dict( argument_spec = dict(
name=dict(required=True),
password=dict(no_log=True),
email=dict(),
default_project=dict(), default_project=dict(),
description=dict(), description=dict(),
domain=dict(), domain=dict(),
enabled=dict(default=True, type='bool'), email=dict(),
is_enabled=dict(default=True, type='bool', aliases=['enabled']),
name=dict(required=True),
password=dict(no_log=True),
state=dict(default='present', choices=['absent', 'present']), state=dict(default='present', choices=['absent', 'present']),
update_password=dict(default='on_create', choices=['always', 'on_create']), update_password=dict(default='on_create',
choices=['always', 'on_create']),
) )
module_kwargs = dict() module_kwargs = dict()
def _needs_update(self, params_dict, user): class _StateMachine(StateMachine):
for k in params_dict: def _build_update(self, resource, attributes, updateable_attributes,
# We don't get password back in the user object, so assume any supplied non_updateable_attributes,
# password is a change. update_password='on_create', **kwargs):
if k == 'password': if update_password == 'always' and 'password' not in attributes:
return True self.ansible.fail_json(msg="update_password is 'always'"
if user[k] != params_dict[k]: " but password is missing")
return True elif update_password == 'on_create' and 'password' in attributes:
return False attributes.pop('password')
def _get_domain_id(self, domain): return super()._build_update(resource, attributes,
dom_obj = self.conn.identity.find_domain(domain) updateable_attributes,
if dom_obj is None: non_updateable_attributes, **kwargs)
# Ok, let's hope the user is non-admin and passing a sane id
return domain
return dom_obj.id
def _get_default_project_id(self, default_project, domain_id): def _find(self, attributes, **kwargs):
project = self.conn.identity.find_project(default_project, domain_id=domain_id) query_args = dict((k, attributes[k])
if not project: for k in ['domain_id']
self.fail_json(msg='Default project %s is not valid' % default_project) if k in attributes and attributes[k] is not None)
return project['id']
return self.find_function(attributes['name'], **query_args)
def run(self): def run(self):
name = self.params['name'] sm = self._StateMachine(connection=self.conn,
password = self.params.get('password') service_name='identity',
email = self.params['email'] type_name='user',
default_project = self.params['default_project'] sdk=self.sdk,
domain = self.params['domain'] ansible=self.ansible)
enabled = self.params['enabled']
state = self.params['state']
update_password = self.params['update_password']
description = self.params['description']
domain_id = None kwargs = dict((k, self.params[k])
if domain: for k in ['state', 'timeout', 'update_password']
domain_id = self._get_domain_id(domain) if self.params[k] is not None)
user = self.conn.identity.find_user(name, domain_id=domain_id)
changed = False kwargs['attributes'] = \
if state == 'present': dict((k, self.params[k])
user_args = { for k in ['description', 'email', 'is_enabled', 'name',
'name': name, 'password']
'email': email, if self.params[k] is not None)
'domain_id': domain_id,
'description': description,
'is_enabled': enabled,
}
if default_project:
default_project_id = self._get_default_project_id(
default_project, domain_id)
user_args['default_project_id'] = default_project_id
user_args = {k: v for k, v in user_args.items() if v is not None}
changed = False domain_name_or_id = self.params['domain']
if user is None: if domain_name_or_id is not None:
if password: domain = self.conn.identity.find_domain(domain_name_or_id,
user_args['password'] = password ignore_missing=False)
kwargs['attributes']['domain_id'] = domain.id
user = self.conn.identity.create_user(**user_args) default_project_name_or_id = self.params['default_project']
changed = True if default_project_name_or_id is not None:
else: query_args = dict((k, kwargs['attributes'][k])
if update_password == 'always': for k in ['domain_id']
if not password: if k in kwargs['attributes']
self.fail_json(msg="update_password is always but a password value is missing") and kwargs['attributes'][k] is not None)
user_args['password'] = password project = self.conn.identity.find_project(
# else we do not want to update the password default_project_name_or_id, ignore_missing=False, **query_args)
kwargs['attributes']['default_project_id'] = project.id
if self._needs_update(user_args, user): user, is_changed = sm(check_mode=self.ansible.check_mode,
user = self.conn.identity.update_user(user['id'], **user_args) updateable_attributes=None,
changed = True non_updateable_attributes=['domain_id'],
wait=False,
**kwargs)
user = user.to_dict(computed=False) if user is None:
self.exit_json(changed=changed, user=user) self.exit_json(changed=is_changed)
elif state == 'absent' and user is not None: else:
self.conn.identity.delete_user(user) self.exit_json(changed=is_changed,
changed = True user=user.to_dict(computed=False))
self.exit_json(changed=changed)
def main(): def main():

191
plugins/modules/identity_user_info.py
View File

@ -4,126 +4,98 @@
# Copyright (c) 2016 Hewlett-Packard Enterprise Corporation # Copyright (c) 2016 Hewlett-Packard Enterprise Corporation
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
DOCUMENTATION = ''' DOCUMENTATION = r'''
--- ---
module: identity_user_info module: identity_user_info
short_description: Retrieve information about one or more OpenStack users short_description: Fetch OpenStack identity (Keystone) users
author: OpenStack Ansible SIG author: OpenStack Ansible SIG
description: description:
- Retrieve information about a one or more OpenStack users - Fetch OpenStack identity (Keystone) users.
options: options:
name: domain:
description: description:
- Name or ID of the user - Name or ID of the domain containing the user.
type: str type: str
domain: filters:
description: description:
- Name or ID of the domain containing the user if the cloud supports domains - A dictionary of meta data to use for further filtering. Elements of
type: str this dictionary may be additional dictionaries.
filters: type: dict
description: name:
- A dictionary of meta data to use for further filtering. Elements of description:
this dictionary may be additional dictionaries. - Name or ID of the user.
type: dict type: str
default: {}
extends_documentation_fragment: extends_documentation_fragment:
- openstack.cloud.openstack - openstack.cloud.openstack
''' '''
EXAMPLES = ''' EXAMPLES = r'''
# Gather information about previously created users - name: Gather previously created users
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
register: result
- debug:
msg: "{{ result.users }}"
# Gather information about a previously created user by name - name: Gather previously created user by name
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
name: demouser name: demouser
register: result
- debug:
msg: "{{ result.users }}"
# Gather information about a previously created user in a specific domain - name: Gather previously created user in a specific domain
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
name: demouser name: demouser
domain: admindomain domain: admindomain
register: result
- debug:
msg: "{{ result.users }}"
# Gather information about a previously created user in a specific domain with filter - name: Gather previously created user with filters
- openstack.cloud.identity_user_info: openstack.cloud.identity_user_info:
cloud: awesomecloud cloud: awesomecloud
name: demouser name: demouser
domain: admindomain domain: admindomain
filters: filters:
enabled: False is_enabled: False
register: result
- debug:
msg: "{{ result.users }}"
''' '''
RETURN = r'''
RETURN = '''
users: users:
description: has all the OpenStack information about users description: Dictionary describing all matching identity users.
returned: always returned: always
type: list type: list
elements: dict elements: dict
contains: contains:
id: id:
description: Unique UUID. description: Unique UUID.
returned: success type: str
type: str name:
name: description: Username of the user.
description: Username of the user. type: str
returned: success default_project_id:
type: str description: Default project ID of the user
default_project_id: type: str
description: Default project ID of the user description:
returned: success description: The description of this user
type: str type: str
description: domain_id:
description: The description of this user description: Domain ID containing the user
returned: success type: str
type: str email:
domain_id: description: Email of the user
description: Domain ID containing the user type: str
returned: success is_enabled:
type: str description: Flag to indicate if the user is enabled
email: type: bool
description: Email of the user links:
returned: success description: The links for the user resource
type: str type: dict
is_enabled: password:
description: Flag to indicate if the user is enabled description: The default form of credential used during authentication.
returned: success type: str
type: bool password_expires_at:
links: description: The date and time when the password expires. The time zone
description: The links for the user resource is UTC. A Null value means the password never expires.
returned: success type: str
type: complex username:
contains: description: Username with Identity API v2 (OpenStack Pike or earlier)
self: else Null.
description: Link to this user resource type: str
returned: success
type: str
password:
description: The default form of credential used during authentication.
returned: success
type: str
password_expires_at:
description: The date and time when the password expires. The time zone is UTC. A Null value means the password never expires.
returned: success
type: str
username:
description: Username with Identity API v2 (OpenStack Pike or earlier) else Null
returned: success
type: str
''' '''
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
@ -131,9 +103,9 @@ from ansible_collections.openstack.cloud.plugins.module_utils.openstack import O
class IdentityUserInfoModule(OpenStackModule): class IdentityUserInfoModule(OpenStackModule):
argument_spec = dict( argument_spec = dict(
name=dict(),
domain=dict(), domain=dict(),
filters=dict(type='dict', default={}), filters=dict(type='dict'),
name=dict(),
) )
module_kwargs = dict( module_kwargs = dict(
supports_check_mode=True supports_check_mode=True
@ -141,19 +113,20 @@ class IdentityUserInfoModule(OpenStackModule):
def run(self): def run(self):
name = self.params['name'] name = self.params['name']
domain = self.params['domain'] filters = self.params['filters'] or {}
filters = self.params['filters']
args = {} kwargs = {}
if domain: domain_name_or_id = self.params['domain']
dom_obj = self.conn.identity.find_domain(domain) if domain_name_or_id:
if dom_obj is None: domain = self.conn.identity.find_domain(domain_name_or_id)
self.fail_json( if domain is None:
msg="Domain name or ID '{0}' does not exist".format(domain)) self.exit_json(changed=False, groups=[])
args['domain_id'] = dom_obj.id kwargs['domain_id'] = domain['id']
users = [user.to_dict(computed=False) for user in self.conn.search_users(name, filters, **args)] self.exit_json(changed=False,
self.exit_json(changed=False, users=users) users=[u.to_dict(computed=False)
for u in self.conn.search_users(name, filters,
**kwargs)])
def main(): def main():