1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/tests/integration/targets/consul/tasks/consul_role.yml

208 lines
5.7 KiB
YAML
Raw Normal View History

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create a policy with rules
consul_policy:
name: foo-access-for-role
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
token: "{{ consul_management_token }}"
register: policy_result
- name: Create another policy with rules
consul_policy:
name: bar-access-for-role
rules: |
key "bar" {
policy = "read"
}
key "private/bar" {
policy = "deny"
}
token: "{{ consul_management_token }}"
register: policy_result
- name: Create a role with policy
consul_role:
name: foo-role-with-policy
policies:
- name: "foo-access-for-role"
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result.role.Name == 'foo-role-with-policy'
- result.operation == 'create'
- name: Update policy description, in check mode
consul_role:
name: foo-role-with-policy
description: "Testing updating description"
token: "{{ consul_management_token }}"
check_mode: yes
register: result
- assert:
that:
- result is changed
- result.role.Description == "Testing updating description"
- result.role.Policies.0.Name == 'foo-access-for-role'
- result.operation == 'update'
- name: Update policy to add the description
consul_role:
name: foo-role-with-policy
description: "Role for testing policies"
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result.role.Description == "Role for testing policies"
- result.role.Policies.0.Name == 'foo-access-for-role'
- result.operation == 'update'
- name: Update the role with another policy, also testing leaving description blank
consul_role:
name: foo-role-with-policy
policies:
- name: "foo-access-for-role"
- name: "bar-access-for-role"
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result.role.Policies.0.Name == 'foo-access-for-role'
- result.role.Policies.1.Name == 'bar-access-for-role'
- result.role.Description == "Role for testing policies"
- result.operation == 'update'
- name: Create a role with service identity
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
service_identities:
- name: web
datacenters:
- dc1
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- name: Update the role with service identity in check mode
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
service_identities:
- name: web
datacenters:
- dc2
register: result
check_mode: yes
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc2"
- name: Update the role with service identity to add a policy, leaving the service id unchanged
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
policies:
- name: "foo-access-for-role"
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- result.role.Policies.0.Name == 'foo-access-for-role'
- name: Update the role with service identity to remove the policies
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
policies: []
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- result.role.Policies is not defined
- name: Update the role with service identity to remove the node identities, in check mode
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
node_identities: []
register: result
check_mode: yes
- assert:
that:
- result is changed
- result.role.ServiceIdentities.0.ServiceName == "web"
- result.role.ServiceIdentities.0.Datacenters.0 == "dc1"
- result.role.Policies is not defined
- result.role.NodeIdentities == [] # in check mode the cleared field is returned as an empty array
- name: Update the role with service identity to remove the service identities
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
service_identities: []
register: result
- assert:
that:
- result is changed
- result.role.ServiceIdentities is not defined # in normal mode the dictionary is removed from the result
- result.role.Policies is not defined
- name: Create a role with node identity
consul_role:
token: "{{ consul_management_token }}"
name: role-with-node-identity
node_identities:
- name: node-1
datacenter: dc2
register: result
- assert:
that:
- result is changed
- result.role.NodeIdentities.0.NodeName == "node-1"
- result.role.NodeIdentities.0.Datacenter == "dc2"
- name: Remove the last role
consul_role:
token: "{{ consul_management_token }}"
name: role-with-node-identity
state: absent
register: result
- assert:
that:
- result is changed
- result.operation == 'remove'