VMware: Improve output of vmware_local_role_facts (#47871)

docs/docsite/rst/porting_guides/porting_guide_2.8.rst

@@ -108,6 +108,7 @@ Noteworthy module changes
 * The ``win_get_url`` module has removed the deprecated ``skip_certificate_validation`` option, use the standardised
   ``validate_certs`` option instead.
 
+* The ``vmware_local_role_facts`` module now returns a list of dicts instead of a dict of dicts for role information.
 
 Plugins
 =======

lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py

@@ -27,6 +27,7 @@ author:
 notes:
     - Tested on ESXi 6.5
     - Be sure that the ESXi user used for login, has the appropriate rights to view roles
+    - The module returns a list of dict in version 2.8 and above.
 requirements:
     - "python >= 2.6"
     - PyVmomi
@@ -53,8 +54,8 @@ local_role_facts:
     description: Facts about role present on ESXi host
     returned: always
     type: dict
-    sample: {
+    sample: [
-        "AnsiUser1": {
+        {
             "privileges": [
                 "Alarm.Acknowledge",
                 "Alarm.Create",
@@ -64,16 +65,18 @@ local_role_facts:
             "role_id": -12,
             "role_info_label": "Ansible User",
             "role_info_summary": "Ansible Automation user",
+            "role_name": "AnsiUser1",
             "role_system": true
         },
-        "NoAccess": {
+        {
             "privileges": [],
             "role_id": -5,
             "role_info_label": "No access",
             "role_info_summary": "Used for restricting granted access",
+            "role_name": "NoAccess",
             "role_system": true
         },
-        "View": {
+        {
             "privileges": [
                 "System.Anonymous",
                 "System.View"
@@ -81,9 +84,10 @@ local_role_facts:
             "role_id": -3,
             "role_info_label": "View",
             "role_info_summary": "Visibility access (cannot be granted)",
+            "role_name": "View",
             "role_system": true
         }
-    }
+    ]
 '''
 
 from ansible.module_utils.basic import AnsibleModule
@@ -91,31 +95,38 @@ from ansible.module_utils.vmware import PyVmomi, vmware_argument_spec
 
 
 class VMwareLocalRoleFacts(PyVmomi):
+    """Class to manage local role facts"""
     def __init__(self, module):
         super(VMwareLocalRoleFacts, self).__init__(module)
         self.module = module
         self.params = module.params
 
         if self.content.authorizationManager is None:
-            self.module.fail_json(msg="Failed to get local authorization manager settings.",
+            self.module.fail_json(
-                                  details="It seems that %s is a vCenter server "
+                msg="Failed to get local authorization manager settings.",
-                                          "instead of an ESXi server" % self.params['hostname'])
+                details="It seems that '%s' is a vCenter server instead of an ESXi server" % self.params['hostname']
+            )
 
     def gather_local_role_facts(self):
-        results = dict()
+        """Gather facts about local roles"""
+        results = list()
         for role in self.content.authorizationManager.roleList:
-            results[role.name] = dict(
+            results.append(
-                role_id=role.roleId,
+                dict(
-                privileges=[priv_name for priv_name in role.privilege],
+                    role_name=role.name,
-                role_system=role.system,
+                    role_id=role.roleId,
-                role_info_label=role.info.label,
+                    privileges=[priv_name for priv_name in role.privilege],
-                role_info_summary=role.info.summary,
+                    role_system=role.system,
+                    role_info_label=role.info.label,
+                    role_info_summary=role.info.summary,
+                )
             )
 
         self.module.exit_json(changed=False, local_role_facts=results)
 
 
 def main():
+    """Main"""
     argument_spec = vmware_argument_spec()
     module = AnsibleModule(argument_spec=argument_spec,
                            supports_check_mode=True)

test/integration/targets/vmware_local_role_facts/tasks/main.yml

@@ -2,6 +2,15 @@
 # Copyright: (c) 2018, Abhijeet Kasurde <akasurde@redhat.com>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
+- name: Set list of Roles in fact
+  set_fact:
+    role_list:
+      - Admin
+      - NoCryptoAdmin
+      - NoAccess
+      - Anonymous
+      - ReadOnly
+
 - name: store the vcenter container ip
   set_fact:
     vcsim: "{{ lookup('env', 'vcenter_host') }}"
@@ -30,40 +39,33 @@
 
 - debug: var=vcsim_instance
 
-- name: Gather facts about local role on ESXi
+- name: Gather Role facts
   vmware_local_role_facts:
     hostname: "{{ vcsim }}"
     username: "{{ vcsim_instance['json']['username'] }}"
     password: "{{ vcsim_instance['json']['password'] }}"
     validate_certs: no
-  register: fact_details
+  register: role_details
 
-- name: verify if role is defined
+- name: Test if role id is present for role
   assert:
-    that:
+    that: "{{ role_details.local_role_facts | json_query(s_query) != [] }}"
-      - "{{ fact_details.changed == false }}"
+  vars:
-      - "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}"
+    s_query: "[?role_name == '{{ item }}'].role_id"
-      - "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}"
+  with_items: "{{ role_list }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"
 
-
+- name: Gather Role facts in check mode
-- name: Gather facts about local role on ESXi in check mode
   vmware_local_role_facts:
     hostname: "{{ vcsim }}"
     username: "{{ vcsim_instance['json']['username'] }}"
     password: "{{ vcsim_instance['json']['password'] }}"
     validate_certs: no
-  register: fact_details
+  register: role_details
   check_mode: yes
 
-- name: verify if role is defined in check mode
+- name: Test if role id is present for role
   assert:
-    that:
+    that: "{{ role_details.local_role_facts | json_query(s_query) != [] }}"
-      - "{{ fact_details.changed == false }}"
+  vars:
-      - "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}"
+    s_query: "[?role_name == '{{ item }}'].role_id"
-      - "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}"
+  with_items: "{{ role_list }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"