make the module skip permission updates for Cloudstack <= 4.11

dpassante · Mar 9, 2018 · d25484e · d25484e
1 parent b278f20
commit d25484e
Show file tree

Hide file tree

Showing 2 changed files with 85 additions and 50 deletions.
diff --git a/lib/ansible/modules/cloud/cloudstack/cs_role_permission.py b/lib/ansible/modules/cloud/cloudstack/cs_role_permission.py
@@ -96,7 +96,7 @@
   returned: success
   type: string
   sample: allow
-roleid:
+role_id:
   description: The ID of the role to which the role permission belongs.
   returned: success
   type: string
@@ -114,6 +114,7 @@
     cs_argument_spec,
     cs_required_together,
 )
+from cs import CloudStackException
 
 
 class AnsibleCloudStackRolePermission(AnsibleCloudStack):
@@ -122,7 +123,7 @@ def __init__(self, module):
         super(AnsibleCloudStackRolePermission, self).__init__(module)
         self.returns = {
             'id': 'id',
-            'roleid': 'roleid',
+            'roleid': 'role_id',
             'rule': 'name',
             'permission': 'permission',
             'description': 'description',
@@ -250,8 +251,16 @@ def update_role_perm(self, role_perm):
             self.result['changed'] = True
 
             if not self.module.check_mode:
-                self.query_api('updateRolePermission', **args)
-                role_perm = self._get_rule()
+                try:
+                    res = self.cs.updateRolePermission(**args)
+                    role_perm = self._get_rule()
+                except CloudStackException:
+                    res = {
+                        'changed': False,
+                        'skipped': True,
+                        'msg': 'Updating rule permission is not supported on cs <= 4.11.'
+                    }
+                    self.result.update(res)
 
         return role_perm
 

diff --git a/test/integration/targets/cs_role_permission/tasks/main.yml b/test/integration/targets/cs_role_permission/tasks/main.yml
@@ -123,52 +123,78 @@
     - roleperm.permission == "allow"
     - roleperm.description == "fakeRolePerm description"
 
-## Not working on Cloudstack 4.9.2
-#- name: test update role permission in check_mode
-#  cs_role_permission:
-#    role: "{{ testRole.id }}"
-#    name: "fakeRolePerm"
-#    permission: deny
-#  register: roleperm
-#  check_mode: yes
-#- name: verify results of update role permission in check mode
-#  assert:
-#    that:
-#    - roleperm is successful
-#    - roleperm is changed
-#    - roleperm.name == "fakeRolePerm"
-#    - roleperm.permission == "allow"
-#    - roleperm.description == "fakeRolePerm description"
-#
-#- name: test update role permission
-#  cs_role_permission:
-#    role: "{{ testRole.id }}"
-#    name: "fakeRolePerm"
-#    permission: deny
-#  register: roleperm
-#- name: verify results of update role permission
-#  assert:
-#    that:
-#    - roleperm is successful
-#    - roleperm is changed
-#    - roleperm.name == "fakeRolePerm"
-#    - roleperm.permission == "deny"
-#    - roleperm.description == "fakeRolePerm description"
-#
-#- name: test update role permission idempotency
-#  cs_role_permission:
-#    role: "{{ testRole.id }}"
-#    name: "fakeRolePerm"
-#    permission: deny
-#  register: roleperm
-#- name: verify results of update role permission idempotency
-#  assert:
-#    that:
-#    - roleperm is successful
-#    - roleperm is not changed
-#    - roleperm.name == "fakeRolePerm"
-#    - roleperm.permission == "deny"
-#    - roleperm.description == "fakeRolePerm description"
+- name: test update role permission in check_mode
+  cs_role_permission:
+    role: "{{ testRole.id }}"
+    name: "fakeRolePerm"
+    permission: deny
+  register: roleperm
+  check_mode: yes
+- name: verify results of update role permission in check mode
+  assert:
+    that:
+    - roleperm is successful
+    - roleperm is changed
+    - roleperm.name == "fakeRolePerm"
+    - roleperm.permission == "allow"
+    - roleperm.description == "fakeRolePerm description"
+
+- name: test update role permission
+  cs_role_permission:
+    role: "{{ testRole.id }}"
+    name: "fakeRolePerm"
+    permission: deny
+  register: roleperm
+- name: verify results of update role permission for 4.11
+  assert:
+    that:
+    - roleperm is successful
+    - roleperm is changed
+    - roleperm.name == "fakeRolePerm"
+    - roleperm.permission == "deny"
+    - roleperm.description == "fakeRolePerm description"
+  when:
+    - roleperm is not skipped
+- name: verify results of update role permission for 4.9
+  assert:
+    that:
+    - roleperm is successful
+    - roleperm is not changed
+    - roleperm is skipped
+    - roleperm.name == "fakeRolePerm"
+    - roleperm.permission == "allow"
+    - roleperm.description == "fakeRolePerm description"
+    - 'roleperm.msg == "Updating rule permission is not supported on cs <= 4.11."'
+  when:
+    - roleperm is skipped
+
+- name: test update role permission idempotency
+  cs_role_permission:
+    role: "{{ testRole.id }}"
+    name: "fakeRolePerm"
+    permission: deny
+  register: roleperm
+- name: verify results of update role permission idempotency for 4.11
+  assert:
+    that:
+    - roleperm is successful
+    - roleperm is not changed
+    - roleperm.name == "fakeRolePerm"
+    - roleperm.permission == "deny"
+    - roleperm.description == "fakeRolePerm description"
+  when:
+    - roleperm is not skipped
+- name: verify results of update role permission idempotency for 4.9
+  assert:
+    that:
+    - roleperm is successful
+    - roleperm is not changed
+    - roleperm.name == "fakeRolePerm"
+    - roleperm.permission == "allow"
+    - roleperm.description == "fakeRolePerm description"
+    - 'roleperm.msg == "Updating rule permission is not supported on cs <= 4.11."'
+  when:
+    - roleperm is skipped
 
 - name: test create a second role permission
   cs_role_permission: