refine role modules (#55021)

2025-06-01 22:09:08 -07:00 · 2019-04-09 16:05:03 +08:00 · 2019-04-09 16:05:03 +08:00 · cb2972d647
commit cb2972d647
parent 09f68fc659
5 changed files with 74 additions and 38 deletions
--- a/test/integration/targets/azure_rm_roledefinition/tasks/main.yml
+++ b/test/integration/targets/azure_rm_roledefinition/tasks/main.yml
@ -50,7 +50,7 @@
    that:
      - output.changed

- name: Get facts by name
+- name: Get facts by type
  azure_rm_roledefinition_facts:
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
    type: custom
@ -61,19 +61,22 @@
    that:
      - facts['roledefinitions'] | length > 1

- name: Get facts
+- name: Get facts by name
  azure_rm_roledefinition_facts:
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
    role_name: "{{ role_name }}"
  register: facts
+  until: "{{ facts.roledefinitions | length > 0 }}"
+  retries: 50
+  delay: 60

 - name: Assert facts
  assert:
    that:
      - facts['roledefinitions'] | length == 1
-      - facts['roledefinitions']['permissions'] | length == 1
-      - facts['roledefinitions']['permissions'][0]['not_data_actions'] | length == 1
-      - facts['roledefinitions']['permissions'][0]['data_actions'] | length == 1
+      - facts['roledefinitions'][0]['permissions'] | length == 1
+      - facts['roledefinitions'][0]['permissions'][0]['not_data_actions'] | length == 1
+      - facts['roledefinitions'][0]['permissions'][0]['data_actions'] | length == 1

 - name: Update the role definition (idempotent)
  azure_rm_roledefinition:
@ -126,11 +129,14 @@
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
    type: custom
  register: roledef
+  until: "{{ roledef.roledefinitions | length > 0 }}"
+  retries: 50
+  delay: 60

 - name: Assert role definition facts
  assert:
    that:
-      - roledef['roledefinitions'] | length > 1
+      - roledef['roledefinitions'] | length == 1
      - roledef['roledefinitions'][0]['id']

 - name: Create a role assignment (Check Mode)
@ -138,7 +144,7 @@
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
    assignee_object_id: "{{ principal_id }}"
    role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}"
-    check_mode: yes
+  check_mode: yes
  register: output

 - name: Assert creating role definition check mode
@ -153,7 +159,7 @@
    role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}"
  register: output

- name: Assert creating role definition
+- name: Assert creating role assignment
  assert:
    that:
      - output.changed
@ -162,24 +168,26 @@
  azure_rm_roleassignment_facts:
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
    assignee: "{{ principal_id }}"
+    role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}"
  register: facts

 - name: assert role assignment facts
  assert:
    that:
-      - facts['roleassignments'] | length > 1
+      - facts['roleassignments'] | length > 0
      - facts['roleassignments'][0]['id']

 - name: delete role assignment
  azure_rm_roleassignment:
-    name: facts['roleassignments'][0]['id']
-    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+    name: "{{ facts['roleassignments'][0]['id'].split('/')[-1] }}"
+    scope: "/subscriptions/{{ subscription_id }}"
    state: absent

 - name: Delete the role definition (Check Mode)
  azure_rm_roledefinition:
    name: "{{ role_name }}"
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+    state: absent
  check_mode: yes
  register: output

@ -187,10 +195,11 @@
  assert:
    that: output.changed

- name: Delete the redis cache
+- name: Delete the role definition
  azure_rm_roledefinition:
    name: "{{ role_name }}"
    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+    state: absent
  register: output

 - assert: