From 3dc363d13555ab76b06442dd9deca9345abcb9a2 Mon Sep 17 00:00:00 2001 From: Alex Stephen Date: Mon, 13 Aug 2018 09:13:53 -0700 Subject: [PATCH] Bug fixes for gcp_storage_bucket_access_control (#42836) --- .../gcp_storage_bucket_access_control.py | 40 +++++++++---------- .../tasks/main.yml | 38 ++++++------------ 2 files changed, 30 insertions(+), 48 deletions(-) diff --git a/lib/ansible/modules/cloud/google/gcp_storage_bucket_access_control.py b/lib/ansible/modules/cloud/google/gcp_storage_bucket_access_control.py index 1e6df37d28..586ba93202 100644 --- a/lib/ansible/modules/cloud/google/gcp_storage_bucket_access_control.py +++ b/lib/ansible/modules/cloud/google/gcp_storage_bucket_access_control.py @@ -53,18 +53,16 @@ options: state: description: - Whether the given object should exist in GCP - required: true choices: ['present', 'absent'] default: 'present' bucket: description: - - A reference to Bucket resource. + - The name of the bucket. required: true entity: description: - - 'The entity holding the permission, in one of the following - forms: user-userId user-email group-groupId group-email - domain-domain project-team-projectId allUsers + - 'The entity holding the permission, in one of the following forms: user-userId + user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com.' - The group example@googlegroups.com would be group-example@googlegroups.com. @@ -100,32 +98,28 @@ extends_documentation_fragment: gcp EXAMPLES = ''' - name: create a bucket gcp_storage_bucket: - name: 'bucket-bac' + name: "bucket-bac" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: present register: bucket - name: create a bucket access control gcp_storage_bucket_access_control: bucket: "{{ bucket }}" - entity: 'user-alexstephen@google.com' - role: 'WRITER' - project: testProject - auth_kind: service_account - service_account_file: /tmp/auth.pem - scopes: - - https://www.googleapis.com/auth/devstorage.full_control + entity: user-alexstephen@google.com + role: WRITER + project: "test_project" + auth_kind: "service_account" + service_account_file: "/tmp/auth.pem" state: present ''' RETURN = ''' bucket: description: - - A reference to Bucket resource. + - The name of the bucket. returned: success type: dict domain: @@ -140,9 +134,8 @@ RETURN = ''' type: str entity: description: - - 'The entity holding the permission, in one of the following - forms: user-userId user-email group-groupId group-email - domain-domain project-team-projectId allUsers + - 'The entity holding the permission, in one of the following forms: user-userId + user-email group-groupId group-email domain-domain project-team-projectId allUsers allAuthenticatedUsers Examples: The user liz@example.com would be user-liz@example.com.' - The group example@googlegroups.com would be group-example@googlegroups.com. @@ -212,6 +205,9 @@ def main(): ) ) + if not module.params['scopes']: + module.params['scopes'] = ['https://www.googleapis.com/auth/devstorage.full_control'] + state = module.params['state'] kind = 'storage#bucketAccessControl' @@ -260,7 +256,7 @@ def resource_to_request(module): u'bucket': replace_resource_dict(module.params.get(u'bucket', {}), 'name'), u'entity': module.params.get('entity'), u'entityId': module.params.get('entity_id'), - u'projectTeam': BuckAcceContProjTeam(module.params.get('project_team', {}), module).to_request(), + u'projectTeam': BucketAccessControlProjectTeam(module.params.get('project_team', {}), module).to_request(), u'role': module.params.get('role') } return_vals = {} @@ -335,12 +331,12 @@ def response_to_hash(module, response): u'entity': response.get(u'entity'), u'entityId': response.get(u'entityId'), u'id': response.get(u'id'), - u'projectTeam': BuckAcceContProjTeam(response.get(u'projectTeam', {}), module).from_response(), + u'projectTeam': BucketAccessControlProjectTeam(response.get(u'projectTeam', {}), module).from_response(), u'role': response.get(u'role') } -class BuckAcceContProjTeam(object): +class BucketAccessControlProjectTeam(object): def __init__(self, request, module): self.module = module if request: diff --git a/test/integration/targets/gcp_storage_bucket_access_control/tasks/main.yml b/test/integration/targets/gcp_storage_bucket_access_control/tasks/main.yml index cc2e8b3ea0..b9b9e763b0 100644 --- a/test/integration/targets/gcp_storage_bucket_access_control/tasks/main.yml +++ b/test/integration/targets/gcp_storage_bucket_access_control/tasks/main.yml @@ -15,36 +15,30 @@ # Pre-test setup - name: create a bucket gcp_storage_bucket: - name: 'bucket-bac' + name: "bucket-bac" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: present register: bucket - name: delete a bucket access control gcp_storage_bucket_access_control: bucket: "{{ bucket }}" - entity: 'user-alexstephen@google.com' - role: 'WRITER' + entity: user-alexstephen@google.com + role: WRITER project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: absent #---------------------------------------------------------- - name: create a bucket access control gcp_storage_bucket_access_control: bucket: "{{ bucket }}" - entity: 'user-alexstephen@google.com' - role: 'WRITER' + entity: user-alexstephen@google.com + role: WRITER project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: present register: result - name: assert changed is true @@ -56,13 +50,11 @@ - name: create a bucket access control that already exists gcp_storage_bucket_access_control: bucket: "{{ bucket }}" - entity: 'user-alexstephen@google.com' - role: 'WRITER' + entity: user-alexstephen@google.com + role: WRITER project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: present register: result - name: assert changed is false @@ -74,13 +66,11 @@ - name: delete a bucket access control gcp_storage_bucket_access_control: bucket: "{{ bucket }}" - entity: 'user-alexstephen@google.com' - role: 'WRITER' + entity: user-alexstephen@google.com + role: WRITER project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: absent register: result - name: assert changed is true @@ -92,13 +82,11 @@ - name: delete a bucket access control that does not exist gcp_storage_bucket_access_control: bucket: "{{ bucket }}" - entity: 'user-alexstephen@google.com' - role: 'WRITER' + entity: user-alexstephen@google.com + role: WRITER project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: absent register: result - name: assert changed is false @@ -110,11 +98,9 @@ # Post-test teardown - name: delete a bucket gcp_storage_bucket: - name: 'bucket-bac' + name: "bucket-bac" project: "{{ gcp_project }}" auth_kind: "{{ gcp_cred_kind }}" service_account_file: "{{ gcp_cred_file }}" - scopes: - - https://www.googleapis.com/auth/devstorage.full_control state: absent register: bucket