Rename hashivault_policy_set_from_file and test

README.rst

@@ -169,7 +169,7 @@ Policy from a file support::
         name: 'drew'
 
       tasks:
-        - hashivault_policy_set_file:
+        - hashivault_policy_set_from_file:
             name: "{{name}}"
             rules_file: /home/drew/my_policy.hcl
           register: 'vault_policy_set'

ansible/modules/hashivault/hashivault_policy_set.py

@@ -50,6 +50,9 @@
     name:
         description:
             - policy name.
+    rules:
+        description:
+            - policy rules.
 '''
 EXAMPLES = '''
 ---

ansible/modules/hashivault/hashivault_policy_set_file.py → ansible/modules/hashivault/hashivault_policy_set_from_file.py

@@ -50,6 +50,9 @@
     name:
         description:
             - policy name.
+    rules_file:
+        description:
+            - policy rules file.
 '''
 EXAMPLES = '''
 ---
@@ -65,7 +68,7 @@ def main():
     argspec['name'] = dict(required=True, type='str')
     argspec['rules_file'] = dict(required=True, type='str')
     module = hashivault_init(argspec)
-    result = hashivault_policy_set_file(module.params)
+    result = hashivault_policy_set_from_file(module.params)
     if result.get('failed'):
         module.fail_json(**result)
     else:
@@ -77,7 +80,7 @@ def main():
 
 
 @hashiwrapper
-def hashivault_policy_set_file(params):
+def hashivault_policy_set_from_file(params):
     client = hashivault_auth_client(params)
     name = params.get('name')
     rules = open(params.get('rules_file'), 'r').read()

functional/templates/policy_rules.hcl

@@ -0,0 +1,6 @@
+path "secret/bob/*" {
+    capabilities = ["create", "read", "update", "delete", "list"]
+}
+path "secret/bob" {
+    capabilities = ["list"]
+}

functional/test_policy.yml

@@ -11,6 +11,14 @@
           capabilities = ["list"]
         } 
     expected: "{{rules | regex_replace('\n', '')}}"
+    bobs_rules: >
+        path "secret/bob/*" {
+          capabilities = ["create", "read", "update", "delete", "list"]
+        }
+        path "secret/bob" {
+          capabilities = ["list"]
+        }
+    bobs_expected: "{{bobs_rules | regex_replace('\n', '') | regex_replace(' ', '')}}"
   tasks:
     - hashivault_policy_list:
       register: 'vault_policy_list'
@@ -82,3 +90,28 @@
     - assert: { that: "{{vault_policy_get.rc}} == 1" }
     - assert: { that: "{{vault_policy_get.failed}} == False" }
     - assert: { that: "'{{vault_policy_get.msg}}' == 'Policy \"terrybogus\" does not exist.'" }
+
+    - name: Set new policy from file
+      hashivault_policy_set_from_file:
+        name: "bob"
+        rules_file: "templates/policy_rules.hcl"
+      register: 'vault_policy_set'
+    - assert: { that: "{{vault_policy_set.changed}} == True" }
+    - assert: { that: "{{vault_policy_set.rc}} == 0" }
+
+    - name: Get new from file policy and make sure it set properly
+      hashivault_policy_get:
+        name: 'bob'
+      register: 'vault_policy_get'
+    - assert: { that: "{{vault_policy_get.changed}} == False" }
+    - set_fact:
+        actual: "{{vault_policy_get.rules | regex_replace('\n', '') | regex_replace(' ', '')}}"
+    - assert: { that: "'{{bobs_expected}}' == '{{actual}}'" }
+    - assert: { that: "{{vault_policy_get.rc}} == 0" }
+
+    - name: Delete our new policy from file
+      hashivault_policy_delete:
+        name: 'bob'
+      register: 'vault_policy_delete'
+    - assert: { that: "{{vault_policy_delete.changed}} == True" }
+    - assert: { that: "{{vault_policy_delete.rc}} == 0" }