Update identity_role to work with latest sdk

Also renames the test role to match the module name

Change-Id: Ie59da441d39fe2d0e49430662d853bc9628181e0

.zuul.yaml

@@ -63,13 +63,13 @@
         dns_zone_info
         floating_ip_info
         group
+        identity_role
         image
         keypair
         keystone_domain
         keystone_federation_protocol
         keystone_idp
         keystone_mapping
-        keystone_role
         loadbalancer
         nova_flavor
         nova_services

ci/roles/identity_role/defaults/main.yml

@@ -0,0 +1,7 @@
+role_name: ansible_keystone_role
+expected_fields:
+  - description
+  - domain_id
+  - id
+  - links
+  - name

ci/roles/identity_role/tasks/main.yml

@@ -0,0 +1,83 @@
+---
+- name: Cleanup before tests
+  block:
+    - openstack.cloud.identity_role:
+        cloud: "{{ cloud }}"
+        state: absent
+        name: "{{ role_name }}"
+
+- block:
+  - name: Delete unexistent role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: "{{ role_name }}"
+    register: role
+  - name: Assert role didn't change
+    assert:
+      that: role is not changed
+
+- block:
+  - name: Create keystone role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: present
+      name: "{{ role_name }}"
+    register: role
+  - name: Try to get role
+    openstack.cloud.identity_role_info:
+       cloud: "{{ cloud }}"
+       name: "{{ role_name }}"
+    register: roles
+  - name: Assert role found
+    assert:
+      that:
+        - roles.openstack_roles | length == 1
+  - name: Assert role changed
+    assert:
+      that: role is changed
+  - name: Assert return fields
+    assert:
+      that: item in role['role']
+    loop: "{{ expected_fields }}"
+  - name: Assert return value
+    assert:
+      that: role['role']['name'] == role_name
+  - name: Assert retrieved values
+    assert:
+      that: roles.openstack_roles[0].name == role_name
+
+- block:
+  - name: Create existing keystone role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: present
+      name: "{{ role_name }}"
+    register: role
+  - name: Assert role not changed
+    assert:
+      that: role is not changed
+  - name: Assert return fields
+    assert:
+      that: item in role['role']
+    loop: "{{ expected_fields }}"
+
+- block:
+  - name: Delete keystone role
+    openstack.cloud.identity_role:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: "{{ role_name }}"
+    register: role
+  - name: Assert role changed
+    assert:
+      that: role is changed
+  - name: Try to get role
+    openstack.cloud.identity_role_info:
+       cloud: "{{ cloud }}"
+       name: "{{ role_name }}"
+    register: roles
+  - name: Assert no role found
+    assert:
+      that:
+        - roles.openstack_roles | length == 0

ci/roles/keystone_role/defaults/main.yml

@@ -1 +0,0 @@
-role_name: ansible_keystone_role

ci/roles/keystone_role/tasks/main.yml

@@ -1,35 +0,0 @@
----
-- name: Create keystone role
-  openstack.cloud.identity_role:
-     cloud: "{{ cloud }}"
-     state: present
-     name: "{{ role_name }}"
-
-- name: List keystone roles
-  openstack.cloud.identity_role_info:
-     cloud: "{{ cloud }}"
-  register: roles
-
-- name: Check roles
-  assert:
-    that:
-      - roles.openstack_roles | length > 0
-      - "'{{ role_name }}' in (roles.openstack_roles | map(attribute='name') | list)"
-
-- name: List keystone roles by name
-  openstack.cloud.identity_role_info:
-     cloud: "{{ cloud }}"
-     name: "{{ role_name}}"
-  register: roles1
-
-- name: Check roles
-  assert:
-    that:
-      - roles1.openstack_roles | length == 1
-      - roles1.openstack_roles[0]['name'] == role_name
-
-- name: Delete keystone role
-  openstack.cloud.identity_role:
-     cloud: "{{ cloud }}"
-     state: absent
-     name: "{{ role_name }}"

ci/run-collection.yml

@@ -16,6 +16,7 @@
       tags: dns
       when: sdk_version is version(0.28, '>=')
     - { role: floating_ip_info, tags: floating_ip_info }
+    - { role: identity_role, tags: identity_role }
     - { role: image, tags: image }
     - { role: keypair, tags: keypair }
     - { role: keystone_domain, tags: keystone_domain }
@@ -28,7 +29,6 @@
     - role: keystone_federation_protocol
       tags: keystone_federation_protocol
       when: sdk_version is version(0.44, '>=')
-    - { role: keystone_role, tags: keystone_role }
     - { role: network, tags: network }
     - role: neutron_rbac
       tags:

plugins/modules/identity_role.py

@@ -47,12 +47,24 @@ RETURN = '''
 role:
     description: Dictionary describing the role.
     returned: On success when I(state) is 'present'.
-    type: complex
+    type: list
+    elements: dict
     contains:
+        description:
+            description: Description of the role resource
+            type: str
+            sample: role description
+        domain_id:
+            description: Domain to which the role belongs
+            type: str
+            sample: default
         id:
             description: Unique role ID.
             type: str
             sample: "677bfab34c844a01b88a217aa12ec4c2"
+        links:
+            description: Links for the role resource
+            type: list
         name:
             description: Role name.
             type: str
@@ -83,25 +95,22 @@ class IdentityRoleModule(OpenStackModule):
         name = self.params.get('name')
         state = self.params.get('state')
 
-        role = self.conn.get_role(name)
+        role = self.conn.identity.find_role(name)
 
         if self.ansible.check_mode:
             self.exit_json(changed=self._system_state_change(state, role))
 
+        changed = False
         if state == 'present':
             if role is None:
-                role = self.conn.create_role(name)
+                role = self.conn.identity.create_role(name=name)
                 changed = True
-            else:
+            role = role.to_dict(computed=False)
-                changed = False
             self.exit_json(changed=changed, role=role)
-        elif state == 'absent':
+        elif state == 'absent' and role is not None:
-            if role is None:
+            self.conn.identity.delete_role(role['id'])
-                changed = False
+            changed = True
-            else:
+        self.exit_json(changed=changed)
-                self.conn.delete_role(name)
-                changed = True
-            self.exit_json(changed=changed)
 
 
 def main():