[PR #10097/ff0ed6f9 backport][stable-9] rundeck_acl_policy: fix project acls are put/posted to the wrong endpoint (#10150)

rundeck_acl_policy: fix project acls are put/posted to the wrong endpoint (#10097)

* Fix project acls are put/posted to the wrong endpoint

* Add changelog fragment.

* Fix 2.7 sanity errors in github

* Fix fragment extension and use 2.7 syntax in test

* Update changelogs/fragments/10097-fix-rundeck_acl_policy-project-endpoint.yml



* Fix pep8 formatting

* Add licensing to unit test

---------


(cherry picked from commit ff0ed6f912)

Co-authored-by: kjoyce77 <kevin.joyce@outlook.com>
Co-authored-by: Felix Fontein <felix@fontein.de>

tests/integration/targets/rundeck/defaults/main.yml

@@ -6,3 +6,32 @@
 rundeck_url: http://localhost:4440
 rundeck_api_version: 39
 rundeck_job_id: 3b8a6e54-69fb-42b7-b98f-f82e59238478
+
+system_acl_policy: |
+  description: Test ACL
+  context:
+    application: 'rundeck'
+  for:
+    project:
+      - allow:
+          - read
+  by:
+    group:
+      - users
+
+project_acl_policy: |
+  description: Test project acl
+  for:
+    resource:
+      - equals:
+          kind: node
+        allow: [read,refresh]
+      - equals:
+          kind: event
+        allow: [read]
+    job:
+      - allow: [run,kill]
+    node:
+      - allow: [read,run]
+  by:
+    group: users

tests/integration/targets/rundeck/tasks/main.yml

@@ -15,6 +15,9 @@
     RD_USER: admin
     RD_PASSWORD: admin
   register: rundeck_api_token
+  retries: 3
+  until: rundeck_api_token.rc == 0
+  changed_when: true
 
 - name: Create a Rundeck project
   community.general.rundeck_project:
@@ -24,6 +27,71 @@
     token: "{{ rundeck_api_token.stdout_lines[-1] }}"
     state: present
 
+- name: Create a system ACL
+  community.general.rundeck_acl_policy:
+    name: test_acl
+    api_version: "{{ rundeck_api_version }}"
+    url: "{{ rundeck_url }}"
+    token: "{{ rundeck_api_token.stdout_lines[-1] }}"
+    state: present
+    policy: "{{ system_acl_policy }}"
+
+- name: Create a project ACL
+  community.general.rundeck_acl_policy:
+    name: test_acl
+    api_version: "{{ rundeck_api_version }}"
+    url: "{{ rundeck_url }}"
+    token: "{{ rundeck_api_token.stdout_lines[-1] }}"
+    state: present
+    policy: "{{ project_acl_policy }}"
+    project: test_project
+
+- name: Retrieve ACLs
+  ansible.builtin.uri:
+    url: "{{ rundeck_url }}/api/{{ rundeck_api_version }}/{{ item }}"
+    headers:
+      accept: application/json
+      x-rundeck-auth-token: "{{ rundeck_api_token.stdout_lines[-1] }}"
+  register: acl_policy_check
+  loop:
+    - system/acl/test_acl.aclpolicy
+    - project/test_project/acl/test_acl.aclpolicy
+
+- name: Assert ACL content is correct
+  ansible.builtin.assert:
+    that:
+      - acl_policy_check['results'][0]['json']['contents'] == system_acl_policy
+      - acl_policy_check['results'][1]['json']['contents'] == project_acl_policy
+
+- name: Remove system ACL
+  community.general.rundeck_acl_policy:
+    name: test_acl
+    api_version: "{{ rundeck_api_version }}"
+    url: "{{ rundeck_url }}"
+    token: "{{ rundeck_api_token.stdout_lines[-1] }}"
+    state: absent
+
+- name: Remove project ACL
+  community.general.rundeck_acl_policy:
+    name: test_acl
+    api_version: "{{ rundeck_api_version }}"
+    url: "{{ rundeck_url }}"
+    token: "{{ rundeck_api_token.stdout_lines[-1] }}"
+    state: absent
+    project: test_project
+
+- name: Check that ACLs have been removed
+  ansible.builtin.uri:
+    url: "{{ rundeck_url }}/api/{{ rundeck_api_version }}/{{ item }}"
+    headers:
+      accept: application/json
+      x-rundeck-auth-token: "{{ rundeck_api_token.stdout_lines[-1] }}"
+    status_code:
+      - 404
+  loop:
+    - system/acl/test_acl.aclpolicy
+    - project/test_project/acl/test_acl.aclpolicy
+
 - name: Copy test_job definition to /tmp
   copy:
     src: test_job.yaml