mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
edd4637b9f
Add consul_role module from domant PR (#6972)
* Update as per PR comments
* Move common code to module_utils
* Break up long import line
* Fix pipeline errors
* Inital version of check_mode support
* Fix updating a role, add tests
* Fix line spacing
* Fix line indentation
* Add consul-role tests
* Fixes for role update
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Update as per MR comments
* Update as per MR comments
* Fix documentation issues
* Add types for sub-options
* Allow setting of policy, service and node id fields by specifying a value, or leaving them unchanged by omitting them
* Fix typo in test
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Reset and force push to get rid of merge
* Corrected unit tests
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Add suboptions documentation for node and service identities
* Fix PEP errors from pipeline
* Fix pipeline errors.
* Fix more pipeline errors
* Apply suggestions from code review
Co-authored-by: Felix Fontein <felix@fontein.de>
* Fix line that is too long
* Not specifying a value for description during update now leaves existing value unchanged
* Fixes for pipeline errors
* Add test cases to verify handling description works
---------
Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit d0f229f5d8
)
Co-authored-by: Valerio Poggi <106782233+valeriopoggi@users.noreply.github.com>
201 lines
No EOL
5.8 KiB
YAML
201 lines
No EOL
5.8 KiB
YAML
---
|
|
# Copyright (c) Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
- name: Create a policy with rules
|
|
consul_policy:
|
|
name: foo-access-for-role
|
|
rules: |
|
|
key "foo" {
|
|
policy = "read"
|
|
}
|
|
key "private/foo" {
|
|
policy = "deny"
|
|
}
|
|
token: "{{ consul_management_token }}"
|
|
register: policy_result
|
|
|
|
- name: Create another policy with rules
|
|
consul_policy:
|
|
name: bar-access-for-role
|
|
rules: |
|
|
key "bar" {
|
|
policy = "read"
|
|
}
|
|
key "private/bar" {
|
|
policy = "deny"
|
|
}
|
|
token: "{{ consul_management_token }}"
|
|
register: policy_result
|
|
|
|
- name: Create a role with policy
|
|
consul_role:
|
|
name: foo-role-with-policy
|
|
policies:
|
|
- name: "foo-access-for-role"
|
|
token: "{{ consul_management_token }}"
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['Name'] == 'foo-role-with-policy'
|
|
|
|
- name: Update policy description, in check mode
|
|
consul_role:
|
|
name: foo-role-with-policy
|
|
description: "Testing updating description"
|
|
token: "{{ consul_management_token }}"
|
|
check_mode: yes
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['Description'] == "Testing updating description"
|
|
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
|
|
|
|
- name: Update policy to add the description
|
|
consul_role:
|
|
name: foo-role-with-policy
|
|
description: "Role for testing policies"
|
|
token: "{{ consul_management_token }}"
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['Description'] == "Role for testing policies"
|
|
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
|
|
|
|
- name: Update the role with another policy, also testing leaving description blank
|
|
consul_role:
|
|
name: foo-role-with-policy
|
|
policies:
|
|
- name: "foo-access-for-role"
|
|
- name: "bar-access-for-role"
|
|
token: "{{ consul_management_token }}"
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
|
|
- result['role']['Policies'][1]['Name'] == 'bar-access-for-role'
|
|
- result['role']['Description'] == "Role for testing policies"
|
|
|
|
- name: Create a role with service identity
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-service-identity
|
|
service_identities:
|
|
- name: web
|
|
datacenters:
|
|
- dc1
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
|
|
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
|
|
|
|
- name: Update the role with service identity in check mode
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-service-identity
|
|
service_identities:
|
|
- name: web
|
|
datacenters:
|
|
- dc2
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
|
|
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc2"
|
|
|
|
- name: Update the role with service identity to add a policy, leaving the service id unchanged
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-service-identity
|
|
policies:
|
|
- name: "foo-access-for-role"
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
|
|
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
|
|
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
|
|
|
|
- name: Update the role with service identity to remove the policies
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-service-identity
|
|
policies: []
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
|
|
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
|
|
- result['role']['Policies'] is not defined
|
|
|
|
- name: Update the role with service identity to remove the node identities, in check mode
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-service-identity
|
|
node_identities: []
|
|
register: result
|
|
check_mode: yes
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
|
|
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
|
|
- result['role']['Policies'] is not defined
|
|
- result['role']['NodeIdentities'] == [] # in check mode the cleared field is returned as an emtpy array
|
|
|
|
- name: Update the role with service identity to remove the service identities
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-service-identity
|
|
service_identities: []
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['ServiceIdentities'] is not defined # in normal mode the dictionary is removed from the result
|
|
- result['role']['Policies'] is not defined
|
|
|
|
- name: Create a role with node identity
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-node-identity
|
|
node_identities:
|
|
- name: node-1
|
|
datacenter: dc2
|
|
register: result
|
|
|
|
- assert:
|
|
that:
|
|
- result is changed
|
|
- result['role']['NodeIdentities'][0]['NodeName'] == "node-1"
|
|
- result['role']['NodeIdentities'][0]['Datacenter'] == "dc2"
|
|
|
|
- name: Remove the last role
|
|
consul_role:
|
|
token: "{{ consul_management_token }}"
|
|
name: role-with-node-identity
|
|
state: absent
|
|
- assert:
|
|
that:
|
|
- result is changed |