keystoneng.role_grant is missing checks for __opts__['test']

[tj90241]

Description of Issue/Question

This state module:
https://github.com/saltstack/salt/blob/develop/salt/states/keystone_role_grant.py

... is seemingly missing checks for __opts__['test'], so the state(s) are executed regardless of whether or not the user supplies test=True as part of the state run.

Setup

Find IDs with keystoneng.project_list, keystoneng.user_list, and keystoneng.role_list. Then just make a simple state file:

ensure-os-grant-is-absent:
  keystone_role_grant.absent:
    - role: <SOME_ID>
    - user: <SOME_ID>
    - project: <SOME_ID>

Steps to Reproduce Issue

Assign a member some role access to a project in OpenStack, then run the state with salt target state.apply your_statefile test=True. The member will have the role assignment for the project removed even though no changes are expected due to test=True being specified.

$ sudo salt keystone state.apply keystone.roles test=True
...
----------
          ID: ensure-os-grant-member-to-tyler-for-stuff-does-not-exist
    Function: keystone_role_grant.absent
      Result: True
     Comment: Revoked role assignment
     Started: 15:41:19.091718
    Duration: 2748.734 ms
     Changes:   
              ----------
              project:
                  5008c5a9a10a400e8546d54f7f95605f
              role:
                  93e3fac899204b18839cd9e9dd6c9047
              user:
                  bac63bc998de41ee9e66b2aac1ead69f

Versions Report

$ salt --versions-report
Salt Version:
           Salt: 2018.3.0
 
Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 2.7.3
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.10
        libgit2: 0.27.7
        libnacl: Not Installed
       M2Crypto: Not Installed
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: 2.19
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: 0.27.4
         Python: 3.7.2+ (default, Feb 27 2019, 15:41:59)
   python-gnupg: Not Installed
         PyYAML: 3.13
          PyZMQ: 17.1.2
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.5.3
            ZMQ: 4.3.1
 
System Versions:
           dist: debian buster/sid 
         locale: UTF-8
        machine: x86_64
        release: 4.19.0-2-amd64
         system: Linux
        version: debian buster/sid 

[tj90241]

I believe the documentation for keystone_role_grant was accidentally copy/pasted from keystone_group -- so a s/group/role_grant should (at the very least) be performed on it as well.

https://docs.saltstack.com/en/latest/ref/states/all/salt.states.keystone_role_grant.html

[dwoz]

@tj90241 Thanks for reporting this!