1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/integration/targets/azure_rm_roledefinition/tasks/main.yml
Yunge Zhu 5ef7b7d767 add azure role definition module (#52468)
* add role definition module

* fix sample

* fix lint

* fix lint

* add facts module

* fix lint

* disable test due to no owner permission

* use unsupported

* fix lint

* resolve comments

* fix not_xxx_actions
2019-03-06 11:09:54 -08:00

139 lines
No EOL
4.6 KiB
YAML

- name: Fix resource prefix
set_fact:
role_name: "{{ (resource_group | replace('-','x'))[-8:] }}{{ 1000 | random }}testrole"
subscription_id: "{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}"
run_once: yes
- name: Create a role definition (Check Mode)
azure_rm_roledefinition:
name: "{{ role_name }}"
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
permissions:
- actions:
- "Microsoft.Compute/virtualMachines/read"
not_actions:
- "Microsoft.Compute/virtualMachines/write"
data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
not_data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
assignable_scopes:
- "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
check_mode: yes
register: output
- name: Assert creating role definition check mode
assert:
that:
- output.changed
- name: Create a role definition
azure_rm_roledefinition:
name: "{{ role_name }}"
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
permissions:
- actions:
- "Microsoft.Compute/virtualMachines/read"
not_actions:
- "Microsoft.Compute/virtualMachines/write"
data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
not_data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
assignable_scopes:
- "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
register: output
- name: Assert creating role definition
assert:
that:
- output.changed
- name: Get facts by name
azure_rm_roledefinition_facts:
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
type: custom
register: facts
- name: Assert facts
assert:
- facts['roledefinitions'] | length > 1
- name: Get facts
azure_rm_roledefinition_facts:
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
role_name: "{{ role_name }}"
register: facts
- name: Assert facts
assert:
- facts['roledefinitions'] | length == 1
- facts['roledefinitions']['permissions'] | length == 1
- facts['roledefinitions']['permissions'][0]['not_data_actions'] | length == 1
- facts['roledefinitions']['permissions'][0]['data_actions'] | length == 1
- name: Update the role definition (idempotent)
azure_rm_roledefinition:
name: "{{ role_name }}"
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
permissions:
- actions:
- "Microsoft.Compute/virtualMachines/read"
not_actions:
- "Microsoft.Compute/virtualMachines/write"
data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
not_data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
assignable_scopes:
- "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
register: output
- name: assert output not changed
assert:
that:
- not output.changed
- name: Update the role definition
azure_rm_roledefinition:
name: "{{ role_name }}"
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
permissions:
- actions:
- "Microsoft.Compute/virtualMachines/read"
- "Microsoft.Compute/virtualMachines/start/action"
not_actions:
- "Microsoft.Compute/virtualMachines/write"
data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
not_data_actions:
- "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
assignable_scopes:
- "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
register: output
- name: assert output changed
assert:
that:
- output.changed
- name: Delete the role definition (Check Mode)
azure_rm_roledefinition:
name: "{{ role_name }}"
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
check_mode: yes
register: output
- name: assert deleting role definition check mode
assert:
that: output.changed
- name: Delete the redis cache
azure_rm_roledefinition:
name: "{{ role_name }}"
scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
register: output
- assert:
that:
- output.changed