1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/legacy/roles/test_consul_acl/tasks/create-acl-with-rules.yml

78 lines
2.1 KiB
YAML
Raw Normal View History

Adds support for all Consul 0.8 ACL rule scopes (#25800) * Added in support for 'agent' and 'node' types. * Tidies and moves `consul_acl` module closer to PEP8 compliance. * Switched from using byspoke code to handle py2/3 string issues to using `to_text`. * Made changes suggested by jrandall in https://github.com/ansible/ansible/pull/23467#pullrequestreview-34021967. * Refactored consul_acl to support scopes with no pattern (and therefore a different HCL defintion). * Corrects whitespace in Consul ACL HCL representation. * Fixes Consul ACL to return the HCL equivalent JSON (according to the Consul docs) for the set ACLs. * Repositioned import to align with Ansible standard (!= PEP8 standard). * Adds Python 2.6 compatibility. * Fixes PEP8 issues. * Removes consul_acl.py as it now passes PEP8. * Follows advice in the "Documenting Your Module" guide and moves imports up from the bottom. * Tidies consul_acl module documentation. * Updates link to guide about Consul ACLs. * Removes new line spaces from error message string. * Provide better error message if user forgets to associate a value to a Consul ACL rule. * Minor refactoring of Consul ACL module. * Fixes bug that was breaking idempotence in Consul ACL module. * Detects redefinition of same rule. * Adds test to check the Consul ACL module can set rules for all supported scopes. * Fixes return when updating an ACL. * Clean up of Consul ACL integration test file. * Verify correct changes to existing Consul ACL rule. * Adds tests for idempotence. * Splits Consul ACL tests into cohesive modules. * Adds test for deleting Consul ACLs. * Test that Consul ACL module can set all rule scopes. * Fixes issues surrounding the creation of ACLs. Thanks for the comments by manos in https://github.com/ansible/ansible/pull/25800#issuecomment-310137889. * Stops Consul ACL's name being "forgotten" if ACL updated by token. * Fixes incorrect assignment when a Consul ACL is deleted. * Fixes value of `changed` when Consul ACL is removed. * Fixes tests for Consul ACL. * Adds interal documentation. * Refactors to separate update and create (also makes it possible to unit test this module). * Improves documentation. * Completes RETURN documentation for Consul ACL module. * Fixes issue with equality checking for `None` in ACL Consul. * Fixes Python 2 issue with making a decision based on `str` type. * Fixes inequality check bug in Python 2. * Adds tests for setting ACL with token. * Adds support for creating an ACL with a given token. * Outputs operation performed on Consul ACL when changed. * Fixs issue with test for creating a Consul ACL with rules. * Corrects property used to set ACL token in python-consul library. * Fixes tear-down issue in test that creates a Consul ACL using a token.
2017-08-09 21:21:12 +02:00
---
- name: create an ACL with rules
consul_acl:
host: "{{ acl_host }}"
mgmt_token: "{{ mgmt_token }}"
name: "{{ test_consul_acl_token_name }}"
rules:
- event: "bbq"
policy: write
- key: "foo"
policy: read
- key: "private"
policy: deny
- keyring: write
- node: "hgs4"
policy: write
- operator: read
- query: ""
policy: write
- service: "consul"
policy: write
- session: "standup"
policy: write
register: created_acl
- name: verify created ACL's rules
assert:
that:
- created_acl.changed
- created_acl.operation == "create"
- created_acl.token | length == 36
- (created_acl.rules | json_query("event.bbq.policy")) == "write"
- (created_acl.rules | json_query("key.foo.policy")) == "read"
- (created_acl.rules | json_query("key.private.policy")) == "deny"
- (created_acl.rules | json_query("keyring")) == "write"
- (created_acl.rules | json_query("node.hgs4.policy")) == "write"
- (created_acl.rules | json_query("operator")) == "read"
- (created_acl.rules | json_query('query."".policy')) == "write"
- (created_acl.rules | json_query("service.consul.policy")) == "write"
- (created_acl.rules | json_query("session.standup.policy")) == "write"
- name: create same ACL
consul_acl:
host: "{{ acl_host }}"
mgmt_token: "{{ mgmt_token }}"
name: "{{ test_consul_acl_token_name }}"
rules:
- event: "bbq"
policy: write
- key: "foo"
policy: read
- key: "private"
policy: deny
- keyring: write
- node: "hgs4"
policy: write
- operator: read
- query: ""
policy: write
- service: "consul"
policy: write
- session: "standup"
policy: write
register: doubly_created_acl
- name: verify idempotence when creating ACL
assert:
that:
- not doubly_created_acl.changed
- name: clean up
consul_acl:
host: "{{ acl_host }}"
mgmt_token: "{{ mgmt_token }}"
token: "{{ doubly_created_acl.token }}"
state: absent