ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-08-06 22:24:23 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

[PR #6972/d0f229f5 backport][stable-7] Add consul_role module from domant PR (#7282)

Browse source 
Add consul_role module from domant PR (#6972)

* Update as per PR comments

* Move common code to module_utils

* Break up long import line

* Fix pipeline errors

* Inital version of check_mode support

* Fix updating a role, add tests

* Fix line spacing

* Fix line indentation

* Add consul-role tests

* Fixes for role update

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Update as per MR comments

* Update as per MR comments

* Fix documentation issues

* Add types for sub-options

* Allow setting of policy, service and node id fields by specifying a value, or leaving them unchanged by omitting them

* Fix typo in test

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Reset and force push to get rid of merge

* Corrected unit tests

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Add suboptions documentation for node and service identities

* Fix PEP errors from pipeline

* Fix pipeline errors.

* Fix more pipeline errors

* Apply suggestions from code review

Co-authored-by: Felix Fontein <felix@fontein.de>

* Fix line that is too long

* Not specifying a value for description during update now leaves existing value unchanged

* Fixes for pipeline errors

* Add test cases to verify handling description works

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
(cherry picked from commit d0f229f5d8)

Co-authored-by: Valerio Poggi <106782233+valeriopoggi@users.noreply.github.com>
This commit is contained in:
patchback[bot] 2023-09-17 14:51:07 +02:00 committed by GitHub
commit edd4637b9f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 875 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

201
tests/integration/targets/consul/tasks/consul_role.yml Normal file
View file

@ -0,0 +1,201 @@
---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: Create a policy with rules
consul_policy:
name: foo-access-for-role
rules: |
key "foo" {
policy = "read"
}
key "private/foo" {
policy = "deny"
}
token: "{{ consul_management_token }}"
register: policy_result
- name: Create another policy with rules
consul_policy:
name: bar-access-for-role
rules: |
key "bar" {
policy = "read"
}
key "private/bar" {
policy = "deny"
}
token: "{{ consul_management_token }}"
register: policy_result
- name: Create a role with policy
consul_role:
name: foo-role-with-policy
policies:
- name: "foo-access-for-role"
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result['role']['Name'] == 'foo-role-with-policy'
- name: Update policy description, in check mode
consul_role:
name: foo-role-with-policy
description: "Testing updating description"
token: "{{ consul_management_token }}"
check_mode: yes
register: result
- assert:
that:
- result is changed
- result['role']['Description'] == "Testing updating description"
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
- name: Update policy to add the description
consul_role:
name: foo-role-with-policy
description: "Role for testing policies"
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result['role']['Description'] == "Role for testing policies"
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
- name: Update the role with another policy, also testing leaving description blank
consul_role:
name: foo-role-with-policy
policies:
- name: "foo-access-for-role"
- name: "bar-access-for-role"
token: "{{ consul_management_token }}"
register: result
- assert:
that:
- result is changed
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
- result['role']['Policies'][1]['Name'] == 'bar-access-for-role'
- result['role']['Description'] == "Role for testing policies"
- name: Create a role with service identity
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
service_identities:
- name: web
datacenters:
- dc1
register: result
- assert:
that:
- result is changed
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
- name: Update the role with service identity in check mode
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
service_identities:
- name: web
datacenters:
- dc2
register: result
check_mode: yes
- assert:
that:
- result is changed
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc2"
- name: Update the role with service identity to add a policy, leaving the service id unchanged
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
policies:
- name: "foo-access-for-role"
register: result
- assert:
that:
- result is changed
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
- result['role']['Policies'][0]['Name'] == 'foo-access-for-role'
- name: Update the role with service identity to remove the policies
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
policies: []
register: result
- assert:
that:
- result is changed
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
- result['role']['Policies'] is not defined
- name: Update the role with service identity to remove the node identities, in check mode
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
node_identities: []
register: result
check_mode: yes
- assert:
that:
- result is changed
- result['role']['ServiceIdentities'][0]['ServiceName'] == "web"
- result['role']['ServiceIdentities'][0]['Datacenters'][0] == "dc1"
- result['role']['Policies'] is not defined
- result['role']['NodeIdentities'] == [] # in check mode the cleared field is returned as an emtpy array
- name: Update the role with service identity to remove the service identities
consul_role:
token: "{{ consul_management_token }}"
name: role-with-service-identity
service_identities: []
register: result
- assert:
that:
- result is changed
- result['role']['ServiceIdentities'] is not defined # in normal mode the dictionary is removed from the result
- result['role']['Policies'] is not defined
- name: Create a role with node identity
consul_role:
token: "{{ consul_management_token }}"
name: role-with-node-identity
node_identities:
- name: node-1
datacenter: dc2
register: result
- assert:
that:
- result is changed
- result['role']['NodeIdentities'][0]['NodeName'] == "node-1"
- result['role']['NodeIdentities'][0]['Datacenter'] == "dc2"
- name: Remove the last role
consul_role:
token: "{{ consul_management_token }}"
name: role-with-node-identity
state: absent
- assert:
that:
- result is changed

1
tests/integration/targets/consul/tasks/main.yml
View file

@ -91,6 +91,7 @@
- 3
- import_tasks: consul_session.yml
- import_tasks: consul_policy.yml
- import_tasks: consul_role.yml
always:
- name: Kill consul process
shell: kill $(cat {{ remote_tmp_dir }}/consul.pid)