fix gcp_iam_role not updating

gcp_iam_role was not updating previously. The API uses a PATCH and not a PUT. Also fixing an accidental leftover diff from a bad merge. fixes #236.
2025-04-05 02:10:27 -07:00 · 2022-12-16 00:29:24 +00:00 · 2022-12-16 00:29:24 +00:00 · 2db181d084
commit 2db181d084
parent d063d44b73
6 changed files with 41 additions and 18 deletions
--- a/changelogs/changelog.yaml
+++ b/changelogs/changelog.yaml
@ -16,6 +16,7 @@ releases:
        absent.
      - gcp_spanner_database - recognize a non-existent resource as absent.
      - gcp_storage_object - fix for correct version of dependency requirement.
+      - gcp_iam_role - update of a role is functional (GitHub #236).
      minor_changes:
      - GCE inventory plugin - a new option ``name_suffix``, to add a suffix to the
        name parameter.
--- a/plugins/module_utils/gcp_utils.py
+++ b/plugins/module_utils/gcp_utils.py
@ -107,12 +107,12 @@ class GcpSession(object):
        kwargs = {'json': body}
        return self.full_delete(url, **kwargs)

-    def put(self, url, body=None):
+    def put(self, url, body=None, params=None):
        """
        This method should be avoided in favor of full_put
        """
        kwargs = {'json': body}
-        return self.full_put(url, **kwargs)
+        return self.full_put(url, **kwargs, params=params)

    def patch(self, url, body=None, **kwargs):
        """
@ -305,7 +305,14 @@ class GcpModule(AnsibleModule):
        try:
            response.raise_for_status()
        except getattr(requests.exceptions, 'RequestException') as inst:
-            self.fail_json(msg="GCP returned error: %s" % response.json())
+            self.fail_json(
+                msg="GCP returned error: %s" % response.json(),
+                request={
+                    "url": response.request.url,
+                    "body": response.request.body,
+                    "method": response.request.method,
+                }
+            )

    def _merge_dictionaries(self, a, b):
        new = a.copy()
--- a/plugins/modules/gcp_iam_role.py
+++ b/plugins/modules/gcp_iam_role.py
@ -255,7 +255,7 @@ def update(module, link, fetch):
    }
    request = resource_to_request(module)
    del request["name"]
-    return return_if_object(module, auth.put(link, request, params=params))
+    return return_if_object(module, auth.patch(link, request, params=params))


 def updateMask(request, response):
--- a/plugins/modules/gcp_resourcemanager_project_info.py
+++ b/plugins/modules/gcp_resourcemanager_project_info.py
@ -182,7 +182,7 @@ import json

 def main():
    module = GcpModule(argument_spec=dict(
-      page_size=dict(type='int')
+        page_size=dict(type='int')
    ))

    if not module.params['scopes']:
@ -200,7 +200,7 @@ def fetch_list(module, link):
    auth = GcpSession(module, 'resourcemanager')
    params = {}
    if "page_size" in module.params:
-      params["pageSize"] = module.params.get("page_size")
+        params["pageSize"] = module.params.get("page_size")
    return auth.list(link, return_if_object, array_name='projects', params=params)


--- a/scripts/cleanup-project.sh
+++ b/scripts/cleanup-project.sh
@ -39,14 +39,9 @@ cleanup_resource() {
    resource="$2"
    extra_list_arg="$3"
    extra_delete_arg="$4"
-<<<<<<< HEAD

    for resource_id in $(gcloud "${resource_group}" "${resource}" list --project="${PROJECT_ID}" --format="csv[no-heading](name)" "${extra_list_arg}"); do
        gcloud "${resource_group}" "${resource}" delete "${resource_id}" --project="${PROJECT_ID}" -q "${extra_delete_arg}"
-=======
-    for resource in $(gcloud "${resource_group}" "${resource}" list --project="${PROJECT_ID}" --format="csv[no-heading](name)" "${extra_list_arg}"); do
-        gcloud "${resource_group}" "${resource}" delete "${resource}" --project="${PROJECT_ID}" -q "${extra_delete_arg}"
->>>>>>> 78c2743 (fixing gcp_resourcemanager_project delete)
    done
 }

--- a/tests/integration/targets/gcp_iam_role/tasks/autogen.yml
+++ b/tests/integration/targets/gcp_iam_role/tasks/autogen.yml
@ -15,7 +15,7 @@
 # Pre-test setup
 - name: delete a role
  google.cloud.gcp_iam_role:
-    name: role_{{ resource_name.split("-")[-1] }}
+    name: "{{ resource_prefix[0:30].replace('-', '_') }}"
    title: My Custom Role
    description: My custom role description
    included_permissions:
@ -29,7 +29,7 @@
 #----------------------------------------------------------
 - name: create a role
  google.cloud.gcp_iam_role:
-    name: role_{{ resource_name.split("-")[-1] }}
+    name: "{{ resource_prefix[0:30].replace('-', '_') }}"
    title: My Custom Role
    description: My custom role description
    included_permissions:
@ -56,11 +56,11 @@
 - name: verify that command succeeded
  assert:
    that:
-      - results['resources'] | map(attribute='name') | select("match", ".*role_{{ resource_name.split("-")[-1] }}.*") | list | length == 1
+      - results['resources'] | map(attribute='name') | select("match", ".*{{ resource_prefix[0:30].replace('-', '_') }}.*") | list | length == 1
 # ----------------------------------------------------------------------------
 - name: create a role that already exists
  google.cloud.gcp_iam_role:
-    name: role_{{ resource_name.split("-")[-1] }}
+    name: "{{ resource_prefix[0:30].replace('-', '_') }}"
    title: My Custom Role
    description: My custom role description
    included_permissions:
@ -76,10 +76,30 @@
  assert:
    that:
      - result.changed == false
+# ----------------------------------------------------------------------------
+- name: modify an IAM role that already exists
+  google.cloud.gcp_iam_role:
+    name: "{{ resource_prefix[0:30].replace('-', '_') }}"
+    title: My Custom Role
+    description: My custom role description
+    included_permissions:
+    - storage.buckets.get
+    - storage.buckets.list
+    - storage.objects.get
+    - storage.objects.list
+    project: "{{ gcp_project }}"
+    auth_kind: "{{ gcp_cred_kind }}"
+    service_account_file: "{{ gcp_cred_file }}"
+    state: present
+  register: result
+- name: assert changed is true
+  assert:
+    that:
+      - result.changed == true
 #----------------------------------------------------------
 - name: delete a role
  google.cloud.gcp_iam_role:
-    name: role_{{ resource_name.split("-")[-1] }}
+    name: "{{ resource_prefix[0:30].replace('-', '_') }}"
    title: My Custom Role
    description: My custom role description
    included_permissions:
@ -106,11 +126,11 @@
 - name: verify that command succeeded
  assert:
    that:
-      - results['resources'] | map(attribute='name') | select("match", ".*role_{{ resource_name.split("-")[-1] }}.*") | list | length == 0
+      - results['resources'] | map(attribute='name') | select("match", ".*{{ resource_prefix[0:30].replace('-', '_') }}.*") | list | length == 0
 # ----------------------------------------------------------------------------
 - name: delete a role that does not exist
  google.cloud.gcp_iam_role:
-    name: role_{{ resource_name.split("-")[-1] }}
+    name: "{{ resource_prefix[0:30].replace('-', '_') }}"
    title: My Custom Role
    description: My custom role description
    included_permissions: