Use proxy layer in identity_user module

This patch changes the module to use the sdk proxy layer and does some general refactoring to simplify the code. It will no longer fail if no password is supplied since it is perfectly fine to create a user with an password. Renamed the test role from user to identity_user to match the module name Change-Id: I97ee9b626f269abde3be7b2b9211d2bb5b7b3c26
openstack · May 5, 2022 · fd1b9fc · fd1b9fc
1 parent a8589e9
commit fd1b9fc
Show file tree

Hide file tree

Showing 6 changed files with 281 additions and 122 deletions.
diff --git a/.zuul.yaml b/.zuul.yaml
@@ -70,6 +70,7 @@
         dns_zone_info
         floating_ip_info
         group
+        identity_user
         identity_user_info
         identity_role
         image

diff --git a/ci/roles/identity_user/defaults/main.yml b/ci/roles/identity_user/defaults/main.yml
@@ -0,0 +1,11 @@
+os_identity_user_fields:
+  - default_project_id
+  - description
+  - domain_id
+  - email
+  - id
+  - is_enabled
+  - links
+  - name
+  - password
+  - password_expires_at
diff --git a/ci/roles/identity_user/tasks/main.yml b/ci/roles/identity_user/tasks/main.yml
@@ -0,0 +1,197 @@
+---
+- name: setup
+  block:
+  - name: Delete user before running tests
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: "{{ item }}"
+    loop:
+      - ansible_user
+      - ansible_user2
+    register: user
+
+- block:
+  - name: Delete unexistent user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: ansible_user
+    register: user
+
+  - name: Ensure user was not changed
+    assert:
+      that: user is not changed
+
+- block:
+  - name: Create a user without a password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      email: ansible.user@nowhere.net
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
+
+  - name: Ensure user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+  - name: Fail when update_password is always but no password specified
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: always
+      email: ansible.user@nowhere.net
+      domain: default
+      default_project: demo
+    register: user
+    ignore_errors: yes
+
+  - assert:
+      that: user.msg == "update_password is always but a password value is missing"
+
+  - name: Delete user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: ansible_user
+
+- block:
+  - name: Create user with a password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      password: secret
+      email: ansible.user@nowhere.net
+      update_password: on_create
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Assert user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- block:
+  - name: Create identical user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      password: secret
+      email: ansible.user@nowhere.net
+      update_password: on_create
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Assert user was not changed
+    assert:
+      that: user is not changed
+
+  - name: Assert user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- block:
+  - name: Update user with password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      password: secret2
+      email: updated.ansible.user@nowhere.net
+    register: user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
+
+  - name: Ensure user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- name: Update user without password and update_password set to always
+  block:
+  - openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: always
+      email: updated.ansible.user@nowhere.net
+    register: user
+    ignore_errors: yes
+
+  - assert:
+      that: user.msg == "update_password is always but a password value is missing"
+
+- block:
+  - name: Ensure user with update_password set to on_create
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: on_create
+      password: secret3
+      email: updated.ansible.user@nowhere.net
+    register: user
+
+  - name: Ensure user was not changed
+    assert:
+      that: user is not changed
+
+- block:
+  - name: Ensure user with update_password set to always
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user
+      update_password: always
+      password: secret3
+      email: updated.ansible.user@nowhere.net
+    register: user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
+
+- block:
+  - name: Create user without a password
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: present
+      name: ansible_user2
+      password: secret
+      email: ansible.user2@nowhere.net
+      update_password: on_create
+      domain: default
+      default_project: demo
+    register: user
+
+  - name: Assert user has fields
+    assert:
+      that: item in user['user']
+    loop: "{{ os_identity_user_fields }}"
+
+- block:
+  - name: Delete user
+    openstack.cloud.identity_user:
+      cloud: "{{ cloud }}"
+      state: absent
+      name: ansible_user
+
+  - name: Ensure user was changed
+    assert:
+      that: user is changed
diff --git a/ci/roles/user/tasks/main.yml b/ci/roles/user/tasks/main.yml
diff --git a/ci/run-collection.yml b/ci/run-collection.yml
@@ -16,6 +16,7 @@
       tags: dns
       when: sdk_version is version(0.28, '>=')
     - { role: floating_ip_info, tags: floating_ip_info }
+    - { role: identity_user, tags: identity_user }
     - { role: identity_user_info, tags: identity_user_info }
     - { role: identity_role, tags: identity_role }
     - { role: image, tags: image }
@@ -49,7 +50,6 @@
     - { role: server, tags: server }
     - { role: subnet, tags: subnet }
     - { role: subnet_pool, tags: subnet_pool }
-    - { role: user, tags: user }
     - { role: user_group, tags: user_group }
     - { role: user_role, tags: user_role }
     - { role: volume, tags: volume }