diff --git a/ci/roles/keystone_idp/defaults/main.yml b/ci/roles/keystone_idp/defaults/main.yml index 0698ab97..0b1ed54e 100644 --- a/ci/roles/keystone_idp/defaults/main.yml +++ b/ci/roles/keystone_idp/defaults/main.yml @@ -11,3 +11,11 @@ remote_ids_2: - 'https://auth.example.com/auth/realms/ExampleRealm' remote_ids_3: - 'https://auth.stage.example.com/auth/realms/ExampleRealm' + +idp_info_expected_fields: + - description + - domain_id + - id + - is_enabled + - name + - remote_ids diff --git a/ci/roles/keystone_idp/tasks/main.yml b/ci/roles/keystone_idp/tasks/main.yml index f375495d..7a2129e9 100644 --- a/ci/roles/keystone_idp/tasks/main.yml +++ b/ci/roles/keystone_idp/tasks/main.yml @@ -60,10 +60,9 @@ openstack.cloud.federation_idp_info: name: '{{ idp_name }}' register: identity_provider_info - ignore_errors: yes - assert: that: - - identity_provider_info is failed + - identity_provider_info.identity_providers | length == 0 - name: 'Create IDP' openstack.cloud.federation_idp: @@ -80,14 +79,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - not idp.description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == [] vars: @@ -99,47 +96,33 @@ register: identity_provider_info - assert: that: - - identity_provider_info is successful - - '"identity_providers" in identity_provider_info' - idps | length == 1 - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"enabled" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - not idp.description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == [] vars: idps: '{{ identity_provider_info.identity_providers }}' idp: '{{ identity_provider_info.identity_providers[0] }}' + - name: Verify returned values + assert: + that: item in identity_provider_info.identity_providers[0] + loop: "{{ idp_info_expected_fields }}" + - name: 'Fetch identity_provider info - without name' openstack.cloud.federation_idp_info: {} register: identity_provider_info - assert: that: - - identity_provider_info is successful - '"identity_providers" in identity_provider_info' # In CI we generally have a clean slate, but this might # not be true for everyone... - idps | length >= 1 - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"enabled" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' vars: idps: '{{ identity_provider_info.identity_providers }}' - idp: '{{ identity_provider_info.identity_providers[0] }}' - name: 'Create identity_provider (retry - no change) - CHECK_MODE' check_mode: yes @@ -168,14 +151,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - not idp.description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == [] vars: @@ -211,14 +192,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == [] vars: @@ -251,14 +230,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == [] vars: @@ -292,14 +269,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == remote_ids_1 vars: @@ -332,14 +307,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == remote_ids_1 vars: @@ -373,14 +346,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == False - idp.is_enabled == False - idp.remote_ids == remote_ids_1 vars: @@ -413,14 +384,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == False - idp.is_enabled == False - idp.remote_ids == remote_ids_1 vars: @@ -452,14 +421,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == False - idp.is_enabled == False - idp.remote_ids == remote_ids_1 vars: @@ -499,14 +466,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description_2 - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == remote_ids_2 vars: @@ -543,14 +508,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id - idp.description == idp_description_2 - - idp.enabled == True - idp.is_enabled == True - idp.remote_ids == remote_ids_2 vars: @@ -592,14 +555,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name_2 - idp.name == idp_name_2 - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == False - idp.is_enabled == False - idp.remote_ids == remote_ids_3 vars: @@ -638,14 +599,12 @@ - '"name" in idp' - '"domain_id" in idp' - '"description" in idp' - - '"enabled" in idp' - '"is_enabled" in idp' - '"remote_ids" in idp' - idp.id == idp_name_2 - idp.name == idp_name_2 - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == False - idp.is_enabled == False - idp.remote_ids == remote_ids_3 vars: @@ -658,21 +617,11 @@ register: identity_provider_info - assert: that: - - identity_provider_info is successful - - '"identity_providers" in identity_provider_info' - identity_provider_info.identity_providers | length == 1 - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"enabled" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name_2 - idp.name == idp_name_2 - idp.domain_id == domain_id - idp.description == idp_description - - idp.enabled == False - idp.is_enabled == False - idp.remote_ids == remote_ids_3 vars: @@ -684,25 +633,9 @@ register: identity_provider_info - assert: that: - - identity_provider_info is successful - - '"identity_providers" in identity_provider_info' # In CI we generally have a clean slate, but this might # not be true for everyone... - identity_provider_info.identity_providers | length >= 2 - - '"id" in idp_0' - - '"name" in idp_0' - - '"domain_id" in idp_0' - - '"description" in idp_0' - - '"enabled" in idp_0' - - '"is_enabled" in idp_0' - - '"remote_ids" in idp_0' - - '"id" in idp_1' - - '"name" in idp_1' - - '"domain_id" in idp_1' - - '"description" in idp_1' - - '"enabled" in idp_1' - - '"is_enabled" in idp_1' - - '"remote_ids" in idp_1' # In theory these could be attached to different IDPs but let's keep # things simple - idp_name in (identity_provider_info.identity_providers | map(attribute='id')) @@ -712,13 +645,8 @@ - domain_id in (identity_provider_info.identity_providers | map(attribute='domain_id')) - idp_description in (identity_provider_info.identity_providers | map(attribute='description')) - idp_description_2 in (identity_provider_info.identity_providers | map(attribute='description')) - - True in (identity_provider_info.identity_providers | map(attribute='enabled')) - - False in (identity_provider_info.identity_providers | map(attribute='enabled')) - True in (identity_provider_info.identity_providers | map(attribute='is_enabled')) - False in (identity_provider_info.identity_providers | map(attribute='is_enabled')) - vars: - idp_0: '{{ identity_provider_info.identity_providers[0] }}' - idp_1: '{{ identity_provider_info.identity_providers[1] }}' - name: 'Delete identity_provider - CHECK_MODE' check_mode: yes @@ -766,10 +694,9 @@ openstack.cloud.federation_idp_info: name: '{{ idp_name }}' register: identity_provider_info - ignore_errors: True - assert: that: - - identity_provider_info is failed + - identity_provider_info.identity_providers | length == 0 - name: 'Delete second identity_provider' openstack.cloud.federation_idp: diff --git a/plugins/modules/federation_idp_info.py b/plugins/modules/federation_idp_info.py index 0924f7fe..9ed1b64c 100644 --- a/plugins/modules/federation_idp_info.py +++ b/plugins/modules/federation_idp_info.py @@ -11,18 +11,16 @@ short_description: Get the information about the available federation identity providers author: OpenStack Ansible SIG description: - - Fetch a federation identity provider. + - Fetch available federation identity providers. options: name: description: - The name of the identity provider to fetch. - - If I(name) is specified, the module will return failed if the identity - provider doesn't exist. type: str aliases: ['id'] requirements: - "python >= 3.6" - - "openstacksdk >= 0.44" + - "openstacksdk" extends_documentation_fragment: - openstack.cloud.openstack ''' @@ -39,6 +37,34 @@ EXAMPLES = ''' ''' RETURN = ''' +identity_providers: + description: Dictionary describing the identity providers + returned: success + type: list + elements: dict + contains: + description: + description: Identity provider description + type: str + sample: "demodescription" + domain_id: + description: Domain to which the identity provider belongs + type: str + sample: "default" + id: + description: Identity provider ID + type: str + sample: "test-idp" + is_enabled: + description: Indicates wether the identity provider is enabled + type: bool + name: + description: Name of the identity provider, equals its ID. + type: str + sample: "test-idp" + remote_ids: + description: Remote IDs associated with the identity provider + type: list ''' from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule @@ -52,34 +78,18 @@ class IdentityFederationIdpInfoModule(OpenStackModule): supports_check_mode=True ) - def normalize_idp(self, idp): - """ - Normalizes the IDP definitions so that the outputs are consistent with the - parameters - - - "enabled" (parameter) == "is_enabled" (SDK) - - "name" (parameter) == "id" (SDK) - """ - if idp is None: - return - - _idp = idp.to_dict() - _idp['enabled'] = idp['is_enabled'] - _idp['name'] = idp['id'] - return _idp - def run(self): """ Module entry point """ - name = self.params.get('name') + name = self.params['name'] + query = {} if name: - idp = self.normalize_idp(self.conn.identity.get_identity_provider(name)) - self.exit_json(changed=False, identity_providers=[idp]) + query["id"] = name - else: - providers = list(map(self.normalize_idp, self.conn.identity.identity_providers())) - self.exit_json(changed=False, identity_providers=providers) + idps = self.conn.identity.identity_providers(**query) + idps = [idp.to_dict(computed=False) for idp in idps] + self.exit_json(changed=False, identity_providers=idps) def main():