Update identity_role to work with latest sdk

Also renames the test role to match the module name Change-Id: Ie59da441d39fe2d0e49430662d853bc9628181e0
2022-04-13 15:36:40 -07:00 · 2022-04-13 15:36:40 -07:00 · cc1b5ecae8
commit cc1b5ecae8
parent 4a7330364e
7 changed files with 113 additions and 50 deletions
--- a/.zuul.yaml
+++ b/.zuul.yaml
@ -63,13 +63,13 @@
        dns_zone_info
        floating_ip_info
        group
+        identity_role
        image
        keypair
        keystone_domain
        keystone_federation_protocol
        keystone_idp
        keystone_mapping
-        keystone_role
        loadbalancer
        nova_flavor
        nova_services
--- a/ci/roles/identity_role/defaults/main.yml
+++ b/ci/roles/identity_role/defaults/main.yml
@ -0,0 +1,7 @@
+role_name: ansible_keystone_role
+expected_fields:
+  - description
+  - domain_id
+  - id
+  - links
+  - name
--- a/ci/roles/identity_role/tasks/main.yml
+++ b/ci/roles/identity_role/tasks/main.yml
@ -0,0 +1,83 @@
+---
+- name: Cleanup before tests
+  block:
+    - openstack.cloud.identity_role:
+        cloud: "{{ cloud }}"
+        state: absent
+        name: "{{ role_name }}"
+
+- block:
+  - name: Delete unexistent role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: "{{ role_name }}"
+    register: role
+  - name: Assert role didn't change
+    assert:
+      that: role is not changed
+
+- block:
+  - name: Create keystone role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: present
+      name: "{{ role_name }}"
+    register: role
+  - name: Try to get role
+    openstack.cloud.identity_role_info:
+       cloud: "{{ cloud }}"
+       name: "{{ role_name }}"
+    register: roles
+  - name: Assert role found
+    assert:
+      that:
+        - roles.openstack_roles | length == 1
+  - name: Assert role changed
+    assert:
+      that: role is changed
+  - name: Assert return fields
+    assert:
+      that: item in role['role']
+    loop: "{{ expected_fields }}"
+  - name: Assert return value
+    assert:
+      that: role['role']['name'] == role_name
+  - name: Assert retrieved values
+    assert:
+      that: roles.openstack_roles[0].name == role_name
+
+- block:
+  - name: Create existing keystone role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: present
+      name: "{{ role_name }}"
+    register: role
+  - name: Assert role not changed
+    assert:
+      that: role is not changed
+  - name: Assert return fields
+    assert:
+      that: item in role['role']
+    loop: "{{ expected_fields }}"
+
+- block:
+  - name: Delete keystone role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: "{{ role_name }}"
+    register: role
+  - name: Assert role changed
+    assert:
+      that: role is changed
+  - name: Try to get role
+    openstack.cloud.identity_role_info:
+       cloud: "{{ cloud }}"
+       name: "{{ role_name }}"
+    register: roles
+  - name: Assert no role found
+    assert:
+      that:
+        - roles.openstack_roles | length == 0
--- a/ci/roles/keystone_role/defaults/main.yml
+++ b/ci/roles/keystone_role/defaults/main.yml
@ -1 +0,0 @@
-role_name: ansible_keystone_role
--- a/ci/roles/keystone_role/tasks/main.yml
+++ b/ci/roles/keystone_role/tasks/main.yml
@ -1,35 +0,0 @@
---
- name: Create keystone role
-  openstack.cloud.identity_role:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ role_name }}"
-
- name: List keystone roles
-  openstack.cloud.identity_role_info:
-     cloud: "{{ cloud }}"
-  register: roles
-
- name: Check roles
-  assert:
-    that:
-      - roles.openstack_roles | length > 0
-      - "'{{ role_name }}' in (roles.openstack_roles | map(attribute='name') | list)"
-
- name: List keystone roles by name
-  openstack.cloud.identity_role_info:
-     cloud: "{{ cloud }}"
-     name: "{{ role_name}}"
-  register: roles1
-
- name: Check roles
-  assert:
-    that:
-      - roles1.openstack_roles | length == 1
-      - roles1.openstack_roles[0]['name'] == role_name
-
- name: Delete keystone role
-  openstack.cloud.identity_role:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ role_name }}"
--- a/ci/run-collection.yml
+++ b/ci/run-collection.yml
@ -16,6 +16,7 @@
      tags: dns
      when: sdk_version is version(0.28, '>=')
    - { role: floating_ip_info, tags: floating_ip_info }
+    - { role: identity_role, tags: identity_role }
    - { role: image, tags: image }
    - { role: keypair, tags: keypair }
    - { role: keystone_domain, tags: keystone_domain }
@ -28,7 +29,6 @@
    - role: keystone_federation_protocol
      tags: keystone_federation_protocol
      when: sdk_version is version(0.44, '>=')
-    - { role: keystone_role, tags: keystone_role }
    - { role: network, tags: network }
    - role: neutron_rbac
      tags:
--- a/plugins/modules/identity_role.py
+++ b/plugins/modules/identity_role.py
@ -47,12 +47,24 @@ RETURN = '''
 role:
    description: Dictionary describing the role.
    returned: On success when I(state) is 'present'.
-    type: complex
+    type: list
+    elements: dict
    contains:
+        description:
+            description: Description of the role resource
+            type: str
+            sample: role description
+        domain_id:
+            description: Domain to which the role belongs
+            type: str
+            sample: default
        id:
            description: Unique role ID.
            type: str
            sample: "677bfab34c844a01b88a217aa12ec4c2"
+        links:
+            description: Links for the role resource
+            type: list
        name:
            description: Role name.
            type: str
@ -83,25 +95,22 @@ class IdentityRoleModule(OpenStackModule):
        name = self.params.get('name')
        state = self.params.get('state')

-        role = self.conn.get_role(name)
+        role = self.conn.identity.find_role(name)

        if self.ansible.check_mode:
            self.exit_json(changed=self._system_state_change(state, role))

+        changed = False
        if state == 'present':
            if role is None:
-                role = self.conn.create_role(name)
+                role = self.conn.identity.create_role(name=name)
                changed = True
-            else:
-                changed = False
+            role = role.to_dict(computed=False)
            self.exit_json(changed=changed, role=role)
-        elif state == 'absent':
-            if role is None:
-                changed = False
-            else:
-                self.conn.delete_role(name)
-                changed = True
-            self.exit_json(changed=changed)
+        elif state == 'absent' and role is not None:
+            self.conn.identity.delete_role(role['id'])
+            changed = True
+        self.exit_json(changed=changed)


 def main():