mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
[PR #5664/bbd68e26 backport][stable-6] redhat_subscription: require credentials only when needed (#6222)
redhat_subscription: require credentials only when needed (#5664)
The module currently has a static 'required_if' statement for its
parameters that forces any of 'username' or 'activationkey' or 'token'
in case state=present; while this is generally a good idea, it can be
an extra requirements in some cases. In particular, if the system is
already registered, there is no need for credentials -- some of the
operations of the module, such as manipulating pools, can be done
perfectly without credentials.
Hence:
- change the static 'required_if' to require credentials only when
forcing the registration
- check for credentials manually when a registration is needed, i.e.
on an unregistered system; the fail message is the same as the one
shown by 'required_if'
Adapt the tests to this new situation:
- test_without_required_parameters now needs to mock an unregistered
system
- add a new version of test_without_required_parameters to test an
already registered system
- add a simple test case for only state=present usable on an already
registered system
- remove the credentials from a test case for pool attachment that
mocks an already registered system
(cherry picked from commit bbd68e26a2
)
Co-authored-by: Pino Toscano <ptoscano@redhat.com>
This commit is contained in:
parent
9c411586ea
commit
47b8df8019
3 changed files with 57 additions and 5 deletions
|
@ -0,0 +1,4 @@
|
||||||
|
minor_changes:
|
||||||
|
- redhat_subscription - credentials (``username``, ``activationkey``, and so on) are required now
|
||||||
|
only if a system needs to be registered, or ``force_register`` is specified
|
||||||
|
(https://github.com/ansible-collections/community.general/pull/5664).
|
|
@ -26,6 +26,11 @@ notes:
|
||||||
config file and default to None.
|
config file and default to None.
|
||||||
- It is possible to interact with C(subscription-manager) only as root,
|
- It is possible to interact with C(subscription-manager) only as root,
|
||||||
so root permissions are required to successfully run this module.
|
so root permissions are required to successfully run this module.
|
||||||
|
- Since community.general 6.5.0, credentials (that is, I(username) and I(password),
|
||||||
|
I(activationkey), or I(token)) are needed only in case the the system is not registered,
|
||||||
|
or I(force_register) is specified; this makes it possible to use the module to tweak an
|
||||||
|
already registered system, for example attaching pools to it (using I(pool), or I(pool_ids)),
|
||||||
|
and modifying the C(syspurpose) attributes (using I(syspurpose)).
|
||||||
requirements:
|
requirements:
|
||||||
- subscription-manager
|
- subscription-manager
|
||||||
- Optionally the C(dbus) Python library; this is usually included in the OS
|
- Optionally the C(dbus) Python library; this is usually included in the OS
|
||||||
|
@ -1073,7 +1078,7 @@ def main():
|
||||||
['activationkey', 'environment'],
|
['activationkey', 'environment'],
|
||||||
['activationkey', 'auto_attach'],
|
['activationkey', 'auto_attach'],
|
||||||
['pool', 'pool_ids']],
|
['pool', 'pool_ids']],
|
||||||
required_if=[['state', 'present', ['username', 'activationkey', 'token'], True]],
|
required_if=[['force_register', True, ['username', 'activationkey', 'token'], True]],
|
||||||
)
|
)
|
||||||
|
|
||||||
if getuid() != 0:
|
if getuid() != 0:
|
||||||
|
@ -1155,6 +1160,8 @@ def main():
|
||||||
else:
|
else:
|
||||||
module.exit_json(changed=False, msg="System already registered.")
|
module.exit_json(changed=False, msg="System already registered.")
|
||||||
else:
|
else:
|
||||||
|
if not username and not activationkey and not token:
|
||||||
|
module.fail_json(msg="state is present but any of the following are missing: username, activationkey, token")
|
||||||
try:
|
try:
|
||||||
rhsm.enable()
|
rhsm.enable()
|
||||||
rhsm.configure(**module.params)
|
rhsm.configure(**module.params)
|
||||||
|
|
|
@ -35,10 +35,15 @@ def patch_redhat_subscription(mocker):
|
||||||
|
|
||||||
@pytest.mark.parametrize('patch_ansible_module', [{}], indirect=['patch_ansible_module'])
|
@pytest.mark.parametrize('patch_ansible_module', [{}], indirect=['patch_ansible_module'])
|
||||||
@pytest.mark.usefixtures('patch_ansible_module')
|
@pytest.mark.usefixtures('patch_ansible_module')
|
||||||
def test_without_required_parameters(capfd, patch_redhat_subscription):
|
def test_without_required_parameters_unregistered(mocker, capfd, patch_redhat_subscription):
|
||||||
"""
|
"""
|
||||||
Failure must occurs when all parameters are missing
|
Failure must occurs when all parameters are missing
|
||||||
"""
|
"""
|
||||||
|
mock_run_command = mocker.patch.object(
|
||||||
|
basic.AnsibleModule,
|
||||||
|
'run_command',
|
||||||
|
return_value=(1, 'This system is not yet registered.', ''))
|
||||||
|
|
||||||
with pytest.raises(SystemExit):
|
with pytest.raises(SystemExit):
|
||||||
redhat_subscription.main()
|
redhat_subscription.main()
|
||||||
out, err = capfd.readouterr()
|
out, err = capfd.readouterr()
|
||||||
|
@ -47,6 +52,27 @@ def test_without_required_parameters(capfd, patch_redhat_subscription):
|
||||||
assert 'state is present but any of the following are missing' in results['msg']
|
assert 'state is present but any of the following are missing' in results['msg']
|
||||||
|
|
||||||
|
|
||||||
|
@pytest.mark.parametrize('patch_ansible_module', [{}], indirect=['patch_ansible_module'])
|
||||||
|
@pytest.mark.usefixtures('patch_ansible_module')
|
||||||
|
def test_without_required_parameters_registered(mocker, capfd, patch_redhat_subscription):
|
||||||
|
"""
|
||||||
|
System already registered, no parameters required (state=present is the
|
||||||
|
default)
|
||||||
|
"""
|
||||||
|
mock_run_command = mocker.patch.object(
|
||||||
|
basic.AnsibleModule,
|
||||||
|
'run_command',
|
||||||
|
return_value=(0, 'system identity: b26df632-25ed-4452-8f89-0308bfd167cb', ''))
|
||||||
|
|
||||||
|
with pytest.raises(SystemExit):
|
||||||
|
redhat_subscription.main()
|
||||||
|
out, err = capfd.readouterr()
|
||||||
|
results = json.loads(out)
|
||||||
|
assert 'changed' in results
|
||||||
|
if 'msg' in results:
|
||||||
|
assert results['msg'] == 'System already registered.'
|
||||||
|
|
||||||
|
|
||||||
TEST_CASES = [
|
TEST_CASES = [
|
||||||
# Test the case, when the system is already registered
|
# Test the case, when the system is already registered
|
||||||
[
|
[
|
||||||
|
@ -73,6 +99,24 @@ TEST_CASES = [
|
||||||
'msg': 'System already registered.'
|
'msg': 'System already registered.'
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
|
# Already registered system without credentials specified
|
||||||
|
[
|
||||||
|
{
|
||||||
|
'state': 'present',
|
||||||
|
},
|
||||||
|
{
|
||||||
|
'id': 'test_already_registered_system',
|
||||||
|
'run_command.calls': [
|
||||||
|
(
|
||||||
|
['/testbin/subscription-manager', 'identity'],
|
||||||
|
{'check_rc': False},
|
||||||
|
(0, 'system identity: b26df632-25ed-4452-8f89-0308bfd167cb', '')
|
||||||
|
)
|
||||||
|
],
|
||||||
|
'changed': False,
|
||||||
|
'msg': 'System already registered.'
|
||||||
|
}
|
||||||
|
],
|
||||||
# Test simple registration using username and password
|
# Test simple registration using username and password
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
|
@ -744,9 +788,6 @@ Entitlement Type: Physical
|
||||||
[
|
[
|
||||||
{
|
{
|
||||||
'state': 'present',
|
'state': 'present',
|
||||||
'username': 'admin',
|
|
||||||
'password': 'admin',
|
|
||||||
'org_id': 'admin',
|
|
||||||
'pool_ids': [{'ff8080816b8e967f016b8e99632804a6': 2}, {'ff8080816b8e967f016b8e99747107e9': 4}]
|
'pool_ids': [{'ff8080816b8e967f016b8e99632804a6': 2}, {'ff8080816b8e967f016b8e99747107e9': 4}]
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue