ansible-collections/google.cloud
1
0
Fork 0
mirror of https://github.com/ansible-collections/google.cloud.git synced 2025-04-06 10:50:28 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

fix gcp_iam_role not updating

Browse source 
gcp_iam_role was not updating previously. The API uses a PATCH and
not a PUT.

Also fixing an accidental leftover diff from a bad merge.

fixes #236.
This commit is contained in:
Yusuke Tsutsumi 2022-12-16 00:29:24 +00:00 committed by Yusuke Tsutsumi
parent d063d44b73
commit 2db181d084
6 changed files with 41 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
changelogs/changelog.yaml
View file

@ -16,6 +16,7 @@ releases:
absent. absent.
- gcp_spanner_database - recognize a non-existent resource as absent. - gcp_spanner_database - recognize a non-existent resource as absent.
- gcp_storage_object - fix for correct version of dependency requirement. - gcp_storage_object - fix for correct version of dependency requirement.
- gcp_iam_role - update of a role is functional (GitHub #236).
minor_changes: minor_changes:
- GCE inventory plugin - a new option ``name_suffix``, to add a suffix to the - GCE inventory plugin - a new option ``name_suffix``, to add a suffix to the
name parameter. name parameter.

13
plugins/module_utils/gcp_utils.py
View file

@ -107,12 +107,12 @@ class GcpSession(object):
kwargs = {'json': body} kwargs = {'json': body}
return self.full_delete(url, **kwargs) return self.full_delete(url, **kwargs)
def put(self, url, body=None): def put(self, url, body=None, params=None):
""" """
This method should be avoided in favor of full_put This method should be avoided in favor of full_put
""" """
kwargs = {'json': body} kwargs = {'json': body}
return self.full_put(url, **kwargs) return self.full_put(url, **kwargs, params=params)
def patch(self, url, body=None, **kwargs): def patch(self, url, body=None, **kwargs):
""" """
@ -305,7 +305,14 @@ class GcpModule(AnsibleModule):
try: try:
response.raise_for_status() response.raise_for_status()
except getattr(requests.exceptions, 'RequestException') as inst: except getattr(requests.exceptions, 'RequestException') as inst:
self.fail_json(msg="GCP returned error: %s" % response.json()) self.fail_json(
msg="GCP returned error: %s" % response.json(),
request={
"url": response.request.url,
"body": response.request.body,
"method": response.request.method,
}
)
def _merge_dictionaries(self, a, b): def _merge_dictionaries(self, a, b):
new = a.copy() new = a.copy()

2
plugins/modules/gcp_iam_role.py
View file

@ -255,7 +255,7 @@ def update(module, link, fetch):
} }
request = resource_to_request(module) request = resource_to_request(module)
del request["name"] del request["name"]
return return_if_object(module, auth.put(link, request, params=params)) return return_if_object(module, auth.patch(link, request, params=params))
def updateMask(request, response): def updateMask(request, response):

4
plugins/modules/gcp_resourcemanager_project_info.py
View file

@ -182,7 +182,7 @@ import json
def main(): def main():
module = GcpModule(argument_spec=dict( module = GcpModule(argument_spec=dict(
page_size=dict(type='int') page_size=dict(type='int')
)) ))
if not module.params['scopes']: if not module.params['scopes']:
@ -200,7 +200,7 @@ def fetch_list(module, link):
auth = GcpSession(module, 'resourcemanager') auth = GcpSession(module, 'resourcemanager')
params = {} params = {}
if "page_size" in module.params: if "page_size" in module.params:
params["pageSize"] = module.params.get("page_size") params["pageSize"] = module.params.get("page_size")
return auth.list(link, return_if_object, array_name='projects', params=params) return auth.list(link, return_if_object, array_name='projects', params=params)

5
scripts/cleanup-project.sh
View file

@ -39,14 +39,9 @@ cleanup_resource() {
resource="$2" resource="$2"
extra_list_arg="$3" extra_list_arg="$3"
extra_delete_arg="$4" extra_delete_arg="$4"
<<<<<<< HEAD
for resource_id in $(gcloud "${resource_group}" "${resource}" list --project="${PROJECT_ID}" --format="csv[no-heading](name)" "${extra_list_arg}"); do for resource_id in $(gcloud "${resource_group}" "${resource}" list --project="${PROJECT_ID}" --format="csv[no-heading](name)" "${extra_list_arg}"); do
gcloud "${resource_group}" "${resource}" delete "${resource_id}" --project="${PROJECT_ID}" -q "${extra_delete_arg}" gcloud "${resource_group}" "${resource}" delete "${resource_id}" --project="${PROJECT_ID}" -q "${extra_delete_arg}"
=======
for resource in $(gcloud "${resource_group}" "${resource}" list --project="${PROJECT_ID}" --format="csv[no-heading](name)" "${extra_list_arg}"); do
gcloud "${resource_group}" "${resource}" delete "${resource}" --project="${PROJECT_ID}" -q "${extra_delete_arg}"
>>>>>>> 78c2743 (fixing gcp_resourcemanager_project delete)
done done
} }

34
tests/integration/targets/gcp_iam_role/tasks/autogen.yml
View file

@ -15,7 +15,7 @@
# Pre-test setup # Pre-test setup
- name: delete a role - name: delete a role
google.cloud.gcp_iam_role: google.cloud.gcp_iam_role:
name: role_{{ resource_name.split("-")[-1] }} name: "{{ resource_prefix[0:30].replace('-', '_') }}"
title: My Custom Role title: My Custom Role
description: My custom role description description: My custom role description
included_permissions: included_permissions:
@ -29,7 +29,7 @@
#---------------------------------------------------------- #----------------------------------------------------------
- name: create a role - name: create a role
google.cloud.gcp_iam_role: google.cloud.gcp_iam_role:
name: role_{{ resource_name.split("-")[-1] }} name: "{{ resource_prefix[0:30].replace('-', '_') }}"
title: My Custom Role title: My Custom Role
description: My custom role description description: My custom role description
included_permissions: included_permissions:
@ -56,11 +56,11 @@
- name: verify that command succeeded - name: verify that command succeeded
assert: assert:
that: that:
- results['resources'] | map(attribute='name') | select("match", ".*role_{{ resource_name.split("-")[-1] }}.*") | list | length == 1 - results['resources'] | map(attribute='name') | select("match", ".*{{ resource_prefix[0:30].replace('-', '_') }}.*") | list | length == 1
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
- name: create a role that already exists - name: create a role that already exists
google.cloud.gcp_iam_role: google.cloud.gcp_iam_role:
name: role_{{ resource_name.split("-")[-1] }} name: "{{ resource_prefix[0:30].replace('-', '_') }}"
title: My Custom Role title: My Custom Role
description: My custom role description description: My custom role description
included_permissions: included_permissions:
@ -76,10 +76,30 @@
assert: assert:
that: that:
- result.changed == false - result.changed == false
# ----------------------------------------------------------------------------
- name: modify an IAM role that already exists
google.cloud.gcp_iam_role:
name: "{{ resource_prefix[0:30].replace('-', '_') }}"
title: My Custom Role
description: My custom role description
included_permissions:
- storage.buckets.get
- storage.buckets.list
- storage.objects.get
- storage.objects.list
project: "{{ gcp_project }}"
auth_kind: "{{ gcp_cred_kind }}"
service_account_file: "{{ gcp_cred_file }}"
state: present
register: result
- name: assert changed is true
assert:
that:
- result.changed == true
#---------------------------------------------------------- #----------------------------------------------------------
- name: delete a role - name: delete a role
google.cloud.gcp_iam_role: google.cloud.gcp_iam_role:
name: role_{{ resource_name.split("-")[-1] }} name: "{{ resource_prefix[0:30].replace('-', '_') }}"
title: My Custom Role title: My Custom Role
description: My custom role description description: My custom role description
included_permissions: included_permissions:
@ -106,11 +126,11 @@
- name: verify that command succeeded - name: verify that command succeeded
assert: assert:
that: that:
- results['resources'] | map(attribute='name') | select("match", ".*role_{{ resource_name.split("-")[-1] }}.*") | list | length == 0 - results['resources'] | map(attribute='name') | select("match", ".*{{ resource_prefix[0:30].replace('-', '_') }}.*") | list | length == 0
# ---------------------------------------------------------------------------- # ----------------------------------------------------------------------------
- name: delete a role that does not exist - name: delete a role that does not exist
google.cloud.gcp_iam_role: google.cloud.gcp_iam_role:
name: role_{{ resource_name.split("-")[-1] }} name: "{{ resource_prefix[0:30].replace('-', '_') }}"
title: My Custom Role title: My Custom Role
description: My custom role description description: My custom role description
included_permissions: included_permissions: