mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
Bug fixes for gcp_storage_bucket_access_control (#42836)
This commit is contained in:
Alex Stephen
Ryan Brown
parent
7f10d432ec
commit
3dc363d135
2 changed files with 30 additions and 48 deletions
|
|
@ -53,18 +53,16 @@ options:
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Whether the given object should exist in GCP
|
- Whether the given object should exist in GCP
|
||||||
required: true
|
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: 'present'
|
default: 'present'
|
||||||
bucket:
|
bucket:
|
||||||
description:
|
description:
|
||||||
- A reference to Bucket resource.
|
- The name of the bucket.
|
||||||
required: true
|
required: true
|
||||||
entity:
|
entity:
|
||||||
description:
|
description:
|
||||||
- 'The entity holding the permission, in one of the following
|
- 'The entity holding the permission, in one of the following forms: user-userId
|
||||||
forms: user-userId user-email group-groupId group-email
|
user-email group-groupId group-email domain-domain project-team-projectId allUsers
|
||||||
domain-domain project-team-projectId allUsers
|
|
||||||
allAuthenticatedUsers Examples: The user liz@example.com would be
|
allAuthenticatedUsers Examples: The user liz@example.com would be
|
||||||
user-liz@example.com.'
|
user-liz@example.com.'
|
||||||
- The group example@googlegroups.com would be group-example@googlegroups.com.
|
- The group example@googlegroups.com would be group-example@googlegroups.com.
|
||||||
|
|
@ -100,32 +98,28 @@ extends_documentation_fragment: gcp
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
- name: create a bucket
|
- name: create a bucket
|
||||||
gcp_storage_bucket:
|
gcp_storage_bucket:
|
||||||
name: 'bucket-bac'
|
name: "bucket-bac"
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: present
|
state: present
|
||||||
register: bucket
|
register: bucket
|
||||||
|
|
||||||
- name: create a bucket access control
|
- name: create a bucket access control
|
||||||
gcp_storage_bucket_access_control:
|
gcp_storage_bucket_access_control:
|
||||||
bucket: "{{ bucket }}"
|
bucket: "{{ bucket }}"
|
||||||
entity: 'user-alexstephen@google.com'
|
entity: user-alexstephen@google.com
|
||||||
role: 'WRITER'
|
role: WRITER
|
||||||
project: testProject
|
project: "test_project"
|
||||||
auth_kind: service_account
|
auth_kind: "service_account"
|
||||||
service_account_file: /tmp/auth.pem
|
service_account_file: "/tmp/auth.pem"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: present
|
state: present
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = '''
|
RETURN = '''
|
||||||
bucket:
|
bucket:
|
||||||
description:
|
description:
|
||||||
- A reference to Bucket resource.
|
- The name of the bucket.
|
||||||
returned: success
|
returned: success
|
||||||
type: dict
|
type: dict
|
||||||
domain:
|
domain:
|
||||||
|
|
@ -140,9 +134,8 @@ RETURN = '''
|
||||||
type: str
|
type: str
|
||||||
entity:
|
entity:
|
||||||
description:
|
description:
|
||||||
- 'The entity holding the permission, in one of the following
|
- 'The entity holding the permission, in one of the following forms: user-userId
|
||||||
forms: user-userId user-email group-groupId group-email
|
user-email group-groupId group-email domain-domain project-team-projectId allUsers
|
||||||
domain-domain project-team-projectId allUsers
|
|
||||||
allAuthenticatedUsers Examples: The user liz@example.com would be
|
allAuthenticatedUsers Examples: The user liz@example.com would be
|
||||||
user-liz@example.com.'
|
user-liz@example.com.'
|
||||||
- The group example@googlegroups.com would be group-example@googlegroups.com.
|
- The group example@googlegroups.com would be group-example@googlegroups.com.
|
||||||
|
|
@ -212,6 +205,9 @@ def main():
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
if not module.params['scopes']:
|
||||||
|
module.params['scopes'] = ['https://www.googleapis.com/auth/devstorage.full_control']
|
||||||
|
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
kind = 'storage#bucketAccessControl'
|
kind = 'storage#bucketAccessControl'
|
||||||
|
|
||||||
|
|
@ -260,7 +256,7 @@ def resource_to_request(module):
|
||||||
u'bucket': replace_resource_dict(module.params.get(u'bucket', {}), 'name'),
|
u'bucket': replace_resource_dict(module.params.get(u'bucket', {}), 'name'),
|
||||||
u'entity': module.params.get('entity'),
|
u'entity': module.params.get('entity'),
|
||||||
u'entityId': module.params.get('entity_id'),
|
u'entityId': module.params.get('entity_id'),
|
||||||
u'projectTeam': BuckAcceContProjTeam(module.params.get('project_team', {}), module).to_request(),
|
u'projectTeam': BucketAccessControlProjectTeam(module.params.get('project_team', {}), module).to_request(),
|
||||||
u'role': module.params.get('role')
|
u'role': module.params.get('role')
|
||||||
}
|
}
|
||||||
return_vals = {}
|
return_vals = {}
|
||||||
|
|
@ -335,12 +331,12 @@ def response_to_hash(module, response):
|
||||||
u'entity': response.get(u'entity'),
|
u'entity': response.get(u'entity'),
|
||||||
u'entityId': response.get(u'entityId'),
|
u'entityId': response.get(u'entityId'),
|
||||||
u'id': response.get(u'id'),
|
u'id': response.get(u'id'),
|
||||||
u'projectTeam': BuckAcceContProjTeam(response.get(u'projectTeam', {}), module).from_response(),
|
u'projectTeam': BucketAccessControlProjectTeam(response.get(u'projectTeam', {}), module).from_response(),
|
||||||
u'role': response.get(u'role')
|
u'role': response.get(u'role')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
class BuckAcceContProjTeam(object):
|
class BucketAccessControlProjectTeam(object):
|
||||||
def __init__(self, request, module):
|
def __init__(self, request, module):
|
||||||
self.module = module
|
self.module = module
|
||||||
if request:
|
if request:
|
||||||
|
|
|
||||||
|
|
@ -15,36 +15,30 @@
|
||||||
# Pre-test setup
|
# Pre-test setup
|
||||||
- name: create a bucket
|
- name: create a bucket
|
||||||
gcp_storage_bucket:
|
gcp_storage_bucket:
|
||||||
name: 'bucket-bac'
|
name: "bucket-bac"
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: present
|
state: present
|
||||||
register: bucket
|
register: bucket
|
||||||
- name: delete a bucket access control
|
- name: delete a bucket access control
|
||||||
gcp_storage_bucket_access_control:
|
gcp_storage_bucket_access_control:
|
||||||
bucket: "{{ bucket }}"
|
bucket: "{{ bucket }}"
|
||||||
entity: 'user-alexstephen@google.com'
|
entity: user-alexstephen@google.com
|
||||||
role: 'WRITER'
|
role: WRITER
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: absent
|
state: absent
|
||||||
#----------------------------------------------------------
|
#----------------------------------------------------------
|
||||||
- name: create a bucket access control
|
- name: create a bucket access control
|
||||||
gcp_storage_bucket_access_control:
|
gcp_storage_bucket_access_control:
|
||||||
bucket: "{{ bucket }}"
|
bucket: "{{ bucket }}"
|
||||||
entity: 'user-alexstephen@google.com'
|
entity: user-alexstephen@google.com
|
||||||
role: 'WRITER'
|
role: WRITER
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: present
|
state: present
|
||||||
register: result
|
register: result
|
||||||
- name: assert changed is true
|
- name: assert changed is true
|
||||||
|
|
@ -56,13 +50,11 @@
|
||||||
- name: create a bucket access control that already exists
|
- name: create a bucket access control that already exists
|
||||||
gcp_storage_bucket_access_control:
|
gcp_storage_bucket_access_control:
|
||||||
bucket: "{{ bucket }}"
|
bucket: "{{ bucket }}"
|
||||||
entity: 'user-alexstephen@google.com'
|
entity: user-alexstephen@google.com
|
||||||
role: 'WRITER'
|
role: WRITER
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: present
|
state: present
|
||||||
register: result
|
register: result
|
||||||
- name: assert changed is false
|
- name: assert changed is false
|
||||||
|
|
@ -74,13 +66,11 @@
|
||||||
- name: delete a bucket access control
|
- name: delete a bucket access control
|
||||||
gcp_storage_bucket_access_control:
|
gcp_storage_bucket_access_control:
|
||||||
bucket: "{{ bucket }}"
|
bucket: "{{ bucket }}"
|
||||||
entity: 'user-alexstephen@google.com'
|
entity: user-alexstephen@google.com
|
||||||
role: 'WRITER'
|
role: WRITER
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: absent
|
state: absent
|
||||||
register: result
|
register: result
|
||||||
- name: assert changed is true
|
- name: assert changed is true
|
||||||
|
|
@ -92,13 +82,11 @@
|
||||||
- name: delete a bucket access control that does not exist
|
- name: delete a bucket access control that does not exist
|
||||||
gcp_storage_bucket_access_control:
|
gcp_storage_bucket_access_control:
|
||||||
bucket: "{{ bucket }}"
|
bucket: "{{ bucket }}"
|
||||||
entity: 'user-alexstephen@google.com'
|
entity: user-alexstephen@google.com
|
||||||
role: 'WRITER'
|
role: WRITER
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: absent
|
state: absent
|
||||||
register: result
|
register: result
|
||||||
- name: assert changed is false
|
- name: assert changed is false
|
||||||
|
|
@ -110,11 +98,9 @@
|
||||||
# Post-test teardown
|
# Post-test teardown
|
||||||
- name: delete a bucket
|
- name: delete a bucket
|
||||||
gcp_storage_bucket:
|
gcp_storage_bucket:
|
||||||
name: 'bucket-bac'
|
name: "bucket-bac"
|
||||||
project: "{{ gcp_project }}"
|
project: "{{ gcp_project }}"
|
||||||
auth_kind: "{{ gcp_cred_kind }}"
|
auth_kind: "{{ gcp_cred_kind }}"
|
||||||
service_account_file: "{{ gcp_cred_file }}"
|
service_account_file: "{{ gcp_cred_file }}"
|
||||||
scopes:
|
|
||||||
- https://www.googleapis.com/auth/devstorage.full_control
|
|
||||||
state: absent
|
state: absent
|
||||||
register: bucket
|
register: bucket
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue