mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
VMware: update vmware_local_role_manager with action (#44566)
With this fix user can add, remove and set privileges to an existing role with privileges. Fixes: #44391 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>
This commit is contained in:
parent
46856b0747
commit
e653a93044
2 changed files with 243 additions and 57 deletions
|
@ -20,10 +20,10 @@ DOCUMENTATION = '''
|
||||||
module: vmware_local_role_manager
|
module: vmware_local_role_manager
|
||||||
short_description: Manage local roles on an ESXi host
|
short_description: Manage local roles on an ESXi host
|
||||||
description:
|
description:
|
||||||
- Manage local roles on an ESXi host
|
- This module can be used to manage local roles on an ESXi host.
|
||||||
version_added: "2.5"
|
version_added: 2.5
|
||||||
author:
|
author:
|
||||||
- Abhijeet Kasurde (@Akasurde) <akasurde@redhat.com>
|
- Abhijeet Kasurde (@Akasurde)
|
||||||
notes:
|
notes:
|
||||||
- Tested on ESXi 6.5
|
- Tested on ESXi 6.5
|
||||||
- Be sure that the ESXi user used for login, has the appropriate rights to create / delete / edit roles
|
- Be sure that the ESXi user used for login, has the appropriate rights to create / delete / edit roles
|
||||||
|
@ -31,31 +31,39 @@ requirements:
|
||||||
- "python >= 2.6"
|
- "python >= 2.6"
|
||||||
- PyVmomi
|
- PyVmomi
|
||||||
options:
|
options:
|
||||||
local_role_name:
|
local_role_name:
|
||||||
description:
|
description:
|
||||||
- The local role name to be managed.
|
- The local role name to be managed.
|
||||||
required: True
|
required: True
|
||||||
local_privilege_ids:
|
local_privilege_ids:
|
||||||
description:
|
description:
|
||||||
- The list of privileges that role needs to have.
|
- The list of privileges that role needs to have.
|
||||||
- Please see U(https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html)
|
- Please see U(https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-ED56F3C4-77D0-49E3-88B6-B99B8B437B62.html)
|
||||||
default: []
|
default: []
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- Indicate desired state of the role.
|
- Indicate desired state of the role.
|
||||||
- If the role already exists when C(state=present), the role info is updated.
|
- If the role already exists when C(state=present), the role info is updated.
|
||||||
choices: ['present', 'absent']
|
choices: ['present', 'absent']
|
||||||
default: present
|
default: present
|
||||||
force_remove:
|
force_remove:
|
||||||
description:
|
description:
|
||||||
- If set to C(False) then prevents the role from being removed if any permissions are using it.
|
- If set to C(False) then prevents the role from being removed if any permissions are using it.
|
||||||
default: False
|
default: False
|
||||||
type: bool
|
type: bool
|
||||||
|
action:
|
||||||
|
description:
|
||||||
|
- This parameter is only valid while updating an existing role with privileges.
|
||||||
|
- C(add) will add the privileges to the existing privilege list.
|
||||||
|
- C(remove) will remove the privileges from the existing privilege list.
|
||||||
|
- C(set) will replace the privileges of the existing privileges with user defined list of privileges.
|
||||||
|
default: set
|
||||||
|
choices: [ add, remove, set ]
|
||||||
|
version_added: 2.8
|
||||||
extends_documentation_fragment: vmware.documentation
|
extends_documentation_fragment: vmware.documentation
|
||||||
'''
|
'''
|
||||||
|
|
||||||
EXAMPLES = '''
|
EXAMPLES = '''
|
||||||
# Example vmware_local_role_manager command from Ansible Playbooks
|
|
||||||
- name: Add local role to ESXi
|
- name: Add local role to ESXi
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: '{{ esxi_hostname }}'
|
hostname: '{{ esxi_hostname }}'
|
||||||
|
@ -84,6 +92,35 @@ EXAMPLES = '''
|
||||||
state: absent
|
state: absent
|
||||||
delegate_to: localhost
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: Add a privilege to an existing local role
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: '{{ esxi_hostname }}'
|
||||||
|
username: '{{ esxi_username }}'
|
||||||
|
password: '{{ esxi_password }}'
|
||||||
|
local_role_name: vmware_qa
|
||||||
|
local_privilege_ids: [ 'Folder.Create' ]
|
||||||
|
action: add
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: Remove a privilege to an existing local role
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: '{{ esxi_hostname }}'
|
||||||
|
username: '{{ esxi_username }}'
|
||||||
|
password: '{{ esxi_password }}'
|
||||||
|
local_role_name: vmware_qa
|
||||||
|
local_privilege_ids: [ 'Folder.Create' ]
|
||||||
|
action: remove
|
||||||
|
delegate_to: localhost
|
||||||
|
|
||||||
|
- name: Set a privilege to an existing local role
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: '{{ esxi_hostname }}'
|
||||||
|
username: '{{ esxi_username }}'
|
||||||
|
password: '{{ esxi_password }}'
|
||||||
|
local_role_name: vmware_qa
|
||||||
|
local_privilege_ids: [ 'Folder.Create' ]
|
||||||
|
action: set
|
||||||
|
delegate_to: localhost
|
||||||
'''
|
'''
|
||||||
|
|
||||||
RETURN = r'''
|
RETURN = r'''
|
||||||
|
@ -124,6 +161,7 @@ class VMwareLocalRoleManager(PyVmomi):
|
||||||
self.priv_ids = self.params['local_privilege_ids']
|
self.priv_ids = self.params['local_privilege_ids']
|
||||||
self.force = not self.params['force_remove']
|
self.force = not self.params['force_remove']
|
||||||
self.current_role = None
|
self.current_role = None
|
||||||
|
self.action = self.params['action']
|
||||||
|
|
||||||
if self.content.authorizationManager is None:
|
if self.content.authorizationManager is None:
|
||||||
self.module.fail_json(msg="Failed to get local authorization manager settings.",
|
self.module.fail_json(msg="Failed to get local authorization manager settings.",
|
||||||
|
@ -166,6 +204,7 @@ class VMwareLocalRoleManager(PyVmomi):
|
||||||
return desired_role
|
return desired_role
|
||||||
|
|
||||||
def state_create_role(self):
|
def state_create_role(self):
|
||||||
|
role_id = None
|
||||||
try:
|
try:
|
||||||
role_id = self.content.authorizationManager.AddAuthorizationRole(name=self.role_name,
|
role_id = self.content.authorizationManager.AddAuthorizationRole(name=self.role_name,
|
||||||
privIds=self.priv_ids)
|
privIds=self.priv_ids)
|
||||||
|
@ -215,25 +254,56 @@ class VMwareLocalRoleManager(PyVmomi):
|
||||||
self.module.exit_json(**result)
|
self.module.exit_json(**result)
|
||||||
|
|
||||||
def state_exit_unchanged(self):
|
def state_exit_unchanged(self):
|
||||||
self.module.exit_json(changed=False)
|
role = self.find_authorization_role()
|
||||||
|
result = dict(changed=False)
|
||||||
|
|
||||||
|
if role:
|
||||||
|
result['role_id'] = role.roleId
|
||||||
|
result['local_role_name'] = role.name
|
||||||
|
result['old_privileges'] = [priv_name for priv_name in role.privilege]
|
||||||
|
result['new_privileges'] = [priv_name for priv_name in role.privilege]
|
||||||
|
|
||||||
|
self.module.exit_json(**result)
|
||||||
|
|
||||||
def state_update_role(self):
|
def state_update_role(self):
|
||||||
current_privileges = set(self.current_role.privilege)
|
current_privileges = self.current_role.privilege
|
||||||
# Add system-defined privileges, "System.Anonymous", "System.View", and "System.Read".
|
|
||||||
self.params['local_privilege_ids'].extend(['System.Anonymous', 'System.Read', 'System.View'])
|
|
||||||
desired_privileges = set(self.params['local_privilege_ids'])
|
|
||||||
|
|
||||||
changed_privileges = current_privileges ^ desired_privileges
|
result = {
|
||||||
changed_privileges = list(changed_privileges)
|
'changed': False,
|
||||||
|
'old_privileges': current_privileges,
|
||||||
|
}
|
||||||
|
|
||||||
if not changed_privileges:
|
changed_privileges = []
|
||||||
|
changed = False
|
||||||
|
if self.action == 'add':
|
||||||
|
# Add to existing privileges
|
||||||
|
for priv in self.params['local_privilege_ids']:
|
||||||
|
if priv not in current_privileges:
|
||||||
|
changed_privileges.append(priv)
|
||||||
|
changed = True
|
||||||
|
if changed:
|
||||||
|
changed_privileges.extend(current_privileges)
|
||||||
|
elif self.action == 'set':
|
||||||
|
# Set given privileges
|
||||||
|
# Add system-defined privileges, "System.Anonymous", "System.View", and "System.Read".
|
||||||
|
self.params['local_privilege_ids'].extend(['System.Anonymous', 'System.Read', 'System.View'])
|
||||||
|
changed_privileges = self.params['local_privilege_ids']
|
||||||
|
|
||||||
|
changes_applied = list(set(current_privileges) ^ set(changed_privileges))
|
||||||
|
if changes_applied:
|
||||||
|
changed = True
|
||||||
|
elif self.action == 'remove':
|
||||||
|
# Remove given privileges from existing privileges
|
||||||
|
for priv in self.params['local_privilege_ids']:
|
||||||
|
if priv in current_privileges:
|
||||||
|
changed = True
|
||||||
|
current_privileges.remove(priv)
|
||||||
|
if changed:
|
||||||
|
changed_privileges = current_privileges
|
||||||
|
|
||||||
|
if not changed:
|
||||||
self.state_exit_unchanged()
|
self.state_exit_unchanged()
|
||||||
|
|
||||||
# Delete unwanted privileges that are not required
|
|
||||||
for priv in changed_privileges:
|
|
||||||
if priv not in desired_privileges:
|
|
||||||
changed_privileges.remove(priv)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
self.content.authorizationManager.UpdateAuthorizationRole(roleId=self.current_role.roleId,
|
self.content.authorizationManager.UpdateAuthorizationRole(roleId=self.current_role.roleId,
|
||||||
newName=self.current_role.name,
|
newName=self.current_role.name,
|
||||||
|
@ -256,14 +326,13 @@ class VMwareLocalRoleManager(PyVmomi):
|
||||||
self.module.fail_json(msg="Failed to update Role %s as current session does not"
|
self.module.fail_json(msg="Failed to update Role %s as current session does not"
|
||||||
" have any privilege to update specified role" % self.role_name,
|
" have any privilege to update specified role" % self.role_name,
|
||||||
details=e.msg)
|
details=e.msg)
|
||||||
|
|
||||||
role = self.find_authorization_role()
|
role = self.find_authorization_role()
|
||||||
result = {
|
result['role_id'] = role.roleId,
|
||||||
'changed': True,
|
result['changed'] = changed
|
||||||
'role_id': role.roleId,
|
result['local_role_name'] = role.name
|
||||||
'local_role_name': role.name,
|
result['new_privileges'] = [priv_name for priv_name in role.privilege]
|
||||||
'new_privileges': role.privilege,
|
|
||||||
'old_privileges': current_privileges,
|
|
||||||
}
|
|
||||||
self.module.exit_json(**result)
|
self.module.exit_json(**result)
|
||||||
|
|
||||||
|
|
||||||
|
@ -272,6 +341,11 @@ def main():
|
||||||
argument_spec.update(dict(local_role_name=dict(required=True, type='str'),
|
argument_spec.update(dict(local_role_name=dict(required=True, type='str'),
|
||||||
local_privilege_ids=dict(default=[], type='list'),
|
local_privilege_ids=dict(default=[], type='list'),
|
||||||
force_remove=dict(default=False, type='bool'),
|
force_remove=dict(default=False, type='bool'),
|
||||||
|
action=dict(type='str', default='set', choices=[
|
||||||
|
'add',
|
||||||
|
'set',
|
||||||
|
'remove',
|
||||||
|
]),
|
||||||
state=dict(default='present', choices=['present', 'absent'], type='str')))
|
state=dict(default='present', choices=['present', 'absent'], type='str')))
|
||||||
|
|
||||||
module = AnsibleModule(argument_spec=argument_spec,
|
module = AnsibleModule(argument_spec=argument_spec,
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Test code for the vmware_local_role_manager module
|
# Test code for the vmware_local_role_manager module
|
||||||
# Copyright: (c) 2017, Abhijeet Kasurde <akasurde@redhat.com>
|
# Copyright: (c) 2017-2018, Abhijeet Kasurde <akasurde@redhat.com>
|
||||||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||||
|
|
||||||
- name: store the vcenter container ip
|
- name: store the vcenter container ip
|
||||||
|
@ -30,7 +30,7 @@
|
||||||
|
|
||||||
- debug: var=vcsim_instance
|
- debug: var=vcsim_instance
|
||||||
|
|
||||||
- name: Role creation
|
- name: Create a role without privileges
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: "{{ vcsim }}"
|
hostname: "{{ vcsim }}"
|
||||||
username: "{{ vcsim_instance['json']['username'] }}"
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
@ -40,14 +40,14 @@
|
||||||
state: present
|
state: present
|
||||||
register: role_creation_0001
|
register: role_creation_0001
|
||||||
|
|
||||||
- name: verify if role is created
|
- name: Verify if role is created
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "{{ role_creation_0001.changed == true }}"
|
- "{{ role_creation_0001.changed == true }}"
|
||||||
- "{{ role_creation_0001.role_id is defined }}"
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
- "{{ role_creation_0001.local_role_name is defined }}"
|
- "{{ role_creation_0001.local_role_name is defined }}"
|
||||||
|
|
||||||
- name: Create role again
|
- name: Again create a role without privileges
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: "{{ vcsim }}"
|
hostname: "{{ vcsim }}"
|
||||||
username: "{{ vcsim_instance['json']['username'] }}"
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
@ -62,7 +62,7 @@
|
||||||
that:
|
that:
|
||||||
- "{{ role_creation_0001.changed == false }}"
|
- "{{ role_creation_0001.changed == false }}"
|
||||||
|
|
||||||
- name: delete role
|
- name: Delete a role
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: "{{ vcsim }}"
|
hostname: "{{ vcsim }}"
|
||||||
username: "{{ vcsim_instance['json']['username'] }}"
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
@ -72,12 +72,12 @@
|
||||||
state: absent
|
state: absent
|
||||||
register: role_creation_0001
|
register: role_creation_0001
|
||||||
|
|
||||||
- name: verify if role is not present
|
- name: Verify if role is not present
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "{{ role_creation_0001.changed == true }}"
|
- "{{ role_creation_0001.changed == true }}"
|
||||||
|
|
||||||
- name: delete role again
|
- name: Delete role again
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: "{{ vcsim }}"
|
hostname: "{{ vcsim }}"
|
||||||
username: "{{ vcsim_instance['json']['username'] }}"
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
@ -87,12 +87,12 @@
|
||||||
state: absent
|
state: absent
|
||||||
register: role_creation_0001
|
register: role_creation_0001
|
||||||
|
|
||||||
- name: verify if role is not present again
|
- name: Verify if role is absent again
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "{{ role_creation_0001.changed == false }}"
|
- "{{ role_creation_0001.changed == false }}"
|
||||||
|
|
||||||
- name: Create role with privileges
|
- name: Create a role with privileges
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: "{{ vcsim }}"
|
hostname: "{{ vcsim }}"
|
||||||
username: "{{ vcsim_instance['json']['username'] }}"
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
@ -103,27 +103,139 @@
|
||||||
state: present
|
state: present
|
||||||
register: role_creation_0001
|
register: role_creation_0001
|
||||||
|
|
||||||
- name: verify if role is created with privileges
|
- name: Verify if role is created with privileges
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "{{ role_creation_0001.changed == true }}"
|
- "{{ role_creation_0001.changed == true }}"
|
||||||
- "{{ role_creation_0001.role_id is defined }}"
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
|
|
||||||
- name: Create role with privileges additional privileges
|
- name: Add a privilege to existing privileges
|
||||||
vmware_local_role_manager:
|
vmware_local_role_manager:
|
||||||
hostname: "{{ vcsim }}"
|
hostname: "{{ vcsim }}"
|
||||||
username: "{{ vcsim_instance['json']['username'] }}"
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
password: "{{ vcsim_instance['json']['password'] }}"
|
password: "{{ vcsim_instance['json']['password'] }}"
|
||||||
local_role_name: SampleRole_0001
|
local_role_name: SampleRole_0001
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
local_privilege_ids: ['VirtualMachine.State.RenameSnapshot', 'Folder.Create']
|
local_privilege_ids: ['Folder.Create']
|
||||||
|
action: add
|
||||||
state: present
|
state: present
|
||||||
register: role_creation_0001
|
register: role_creation_0001
|
||||||
|
|
||||||
- name: verify if role is created with updated privileges
|
- name: Verify if role is updated with updated privileges
|
||||||
assert:
|
assert:
|
||||||
that:
|
that:
|
||||||
- "{{ role_creation_0001.changed == true }}"
|
- "{{ role_creation_0001.changed == true }}"
|
||||||
- "{{ role_creation_0001.role_id is defined }}"
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
- "{{ role_creation_0001.old_privileges is defined }}"
|
- "{{ role_creation_0001.old_privileges is defined }}"
|
||||||
- "{{ role_creation_0001.new_privileges is defined }}"
|
- "{{ role_creation_0001.new_privileges is defined }}"
|
||||||
|
|
||||||
|
- name: Again add a privilege to existing privileges
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: "{{ vcsim }}"
|
||||||
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
password: "{{ vcsim_instance['json']['password'] }}"
|
||||||
|
local_role_name: SampleRole_0001
|
||||||
|
validate_certs: no
|
||||||
|
local_privilege_ids: ['Folder.Create']
|
||||||
|
action: add
|
||||||
|
state: present
|
||||||
|
register: role_creation_0001
|
||||||
|
|
||||||
|
- name: Verify if role is not updated
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "{{ role_creation_0001.changed == false }}"
|
||||||
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
|
- "{{ role_creation_0001.old_privileges is defined }}"
|
||||||
|
- "{{ role_creation_0001.new_privileges is defined }}"
|
||||||
|
|
||||||
|
- name: Remove a privilege from existing privileges
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: "{{ vcsim }}"
|
||||||
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
password: "{{ vcsim_instance['json']['password'] }}"
|
||||||
|
local_role_name: SampleRole_0001
|
||||||
|
validate_certs: no
|
||||||
|
local_privilege_ids: ['Folder.Create']
|
||||||
|
action: remove
|
||||||
|
register: role_creation_0001
|
||||||
|
|
||||||
|
- name: verify if role is updated with privileges
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "{{ role_creation_0001.changed == true }}"
|
||||||
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
|
- "{{ role_creation_0001.old_privileges is defined }}"
|
||||||
|
- "{{ role_creation_0001.new_privileges is defined }}"
|
||||||
|
- "{{ 'Folder.Create' not in role_creation_0001.new_privileges }}"
|
||||||
|
|
||||||
|
- name: Again remove a privilege from existing privileges
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: "{{ vcsim }}"
|
||||||
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
password: "{{ vcsim_instance['json']['password'] }}"
|
||||||
|
local_role_name: SampleRole_0001
|
||||||
|
validate_certs: no
|
||||||
|
local_privilege_ids: ['Folder.Create']
|
||||||
|
action: remove
|
||||||
|
register: role_creation_0001
|
||||||
|
|
||||||
|
- name: Verify if role is not updated
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "{{ role_creation_0001.changed == false }}"
|
||||||
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
|
- "{{ role_creation_0001.old_privileges is defined }}"
|
||||||
|
- "{{ role_creation_0001.new_privileges is defined }}"
|
||||||
|
- "{{ 'Folder.Create' not in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'Folder.Create' not in role_creation_0001.old_privileges }}"
|
||||||
|
|
||||||
|
- name: Set a privilege to an existing role
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: "{{ vcsim }}"
|
||||||
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
password: "{{ vcsim_instance['json']['password'] }}"
|
||||||
|
local_role_name: SampleRole_0001
|
||||||
|
validate_certs: no
|
||||||
|
local_privilege_ids: ['Folder.Create']
|
||||||
|
action: set
|
||||||
|
register: role_creation_0001
|
||||||
|
|
||||||
|
- name: Verify if role is updated with privileges
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "{{ role_creation_0001.changed == true }}"
|
||||||
|
- "{{ role_creation_0001.role_id is defined }}"
|
||||||
|
- "{{ role_creation_0001.old_privileges is defined }}"
|
||||||
|
- "{{ role_creation_0001.new_privileges is defined }}"
|
||||||
|
- "{{ 'Folder.Create' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.Anonymous' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.Read' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.View' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.Anonymous' in role_creation_0001.old_privileges }}"
|
||||||
|
- "{{ 'System.Read' in role_creation_0001.old_privileges }}"
|
||||||
|
- "{{ 'System.View' in role_creation_0001.old_privileges }}"
|
||||||
|
|
||||||
|
- name: Again set a privilege to an existing role
|
||||||
|
vmware_local_role_manager:
|
||||||
|
hostname: "{{ vcsim }}"
|
||||||
|
username: "{{ vcsim_instance['json']['username'] }}"
|
||||||
|
password: "{{ vcsim_instance['json']['password'] }}"
|
||||||
|
local_role_name: SampleRole_0001
|
||||||
|
validate_certs: no
|
||||||
|
local_privilege_ids: ['Folder.Create']
|
||||||
|
action: set
|
||||||
|
register: role_creation_0001
|
||||||
|
|
||||||
|
- name: verify if role is not updated
|
||||||
|
assert:
|
||||||
|
that:
|
||||||
|
- "{{ role_creation_0001.changed == false }}"
|
||||||
|
- "{{ 'Folder.Create' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.Anonymous' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.Read' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'System.View' in role_creation_0001.new_privileges }}"
|
||||||
|
- "{{ 'Folder.Create' in role_creation_0001.old_privileges }}"
|
||||||
|
- "{{ 'System.Anonymous' in role_creation_0001.old_privileges }}"
|
||||||
|
- "{{ 'System.Read' in role_creation_0001.old_privileges }}"
|
||||||
|
- "{{ 'System.View' in role_creation_0001.old_privileges }}"
|
||||||
|
|
Loading…
Reference in a new issue