VMware: Improve output of vmware_local_role_facts (#47871)

6 years ago · 754c377dbd
parent 899e5645ed
commit 754c377dbd
3 changed files with 50 additions and 36 deletions
--- a/docs/docsite/rst/porting_guides/porting_guide_2.8.rst
+++ b/docs/docsite/rst/porting_guides/porting_guide_2.8.rst
@ -108,6 +108,7 @@ Noteworthy module changes
 * The ``win_get_url`` module has removed the deprecated ``skip_certificate_validation`` option, use the standardised
  ``validate_certs`` option instead.

+* The ``vmware_local_role_facts`` module now returns a list of dicts instead of a dict of dicts for role information.

 Plugins
 =======
--- a/lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py
+++ b/lib/ansible/modules/cloud/vmware/vmware_local_role_facts.py
@ -27,6 +27,7 @@ author:
 notes:
    - Tested on ESXi 6.5
    - Be sure that the ESXi user used for login, has the appropriate rights to view roles
+    - The module returns a list of dict in version 2.8 and above.
 requirements:
    - "python >= 2.6"
    - PyVmomi
@ -53,8 +54,8 @@ local_role_facts:
    description: Facts about role present on ESXi host
    returned: always
    type: dict
-    sample: {
-        "AnsiUser1": {
+    sample: [
+        {
            "privileges": [
                "Alarm.Acknowledge",
                "Alarm.Create",
@ -64,16 +65,18 @@ local_role_facts:
            "role_id": -12,
            "role_info_label": "Ansible User",
            "role_info_summary": "Ansible Automation user",
+            "role_name": "AnsiUser1",
            "role_system": true
        },
-        "NoAccess": {
+        {
            "privileges": [],
            "role_id": -5,
            "role_info_label": "No access",
            "role_info_summary": "Used for restricting granted access",
+            "role_name": "NoAccess",
            "role_system": true
        },
-        "View": {
+        {
            "privileges": [
                "System.Anonymous",
                "System.View"
@ -81,9 +84,10 @@ local_role_facts:
            "role_id": -3,
            "role_info_label": "View",
            "role_info_summary": "Visibility access (cannot be granted)",
+            "role_name": "View",
            "role_system": true
        }
-    }
+    ]
 '''

 from ansible.module_utils.basic import AnsibleModule
@ -91,31 +95,38 @@ from ansible.module_utils.vmware import PyVmomi, vmware_argument_spec


 class VMwareLocalRoleFacts(PyVmomi):
+    """Class to manage local role facts"""
    def __init__(self, module):
        super(VMwareLocalRoleFacts, self).__init__(module)
        self.module = module
        self.params = module.params

        if self.content.authorizationManager is None:
-            self.module.fail_json(msg="Failed to get local authorization manager settings.",
-                                  details="It seems that %s is a vCenter server "
-                                          "instead of an ESXi server" % self.params['hostname'])
+            self.module.fail_json(
+                msg="Failed to get local authorization manager settings.",
+                details="It seems that '%s' is a vCenter server instead of an ESXi server" % self.params['hostname']
+            )

    def gather_local_role_facts(self):
-        results = dict()
+        """Gather facts about local roles"""
+        results = list()
        for role in self.content.authorizationManager.roleList:
-            results[role.name] = dict(
-                role_id=role.roleId,
-                privileges=[priv_name for priv_name in role.privilege],
-                role_system=role.system,
-                role_info_label=role.info.label,
-                role_info_summary=role.info.summary,
+            results.append(
+                dict(
+                    role_name=role.name,
+                    role_id=role.roleId,
+                    privileges=[priv_name for priv_name in role.privilege],
+                    role_system=role.system,
+                    role_info_label=role.info.label,
+                    role_info_summary=role.info.summary,
+                )
            )

        self.module.exit_json(changed=False, local_role_facts=results)


 def main():
+    """Main"""
    argument_spec = vmware_argument_spec()
    module = AnsibleModule(argument_spec=argument_spec,
                           supports_check_mode=True)
--- a/test/integration/targets/vmware_local_role_facts/tasks/main.yml
+++ b/test/integration/targets/vmware_local_role_facts/tasks/main.yml
@ -2,6 +2,15 @@
 # Copyright: (c) 2018, Abhijeet Kasurde <akasurde@redhat.com>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)

+- name: Set list of Roles in fact
+  set_fact:
+    role_list:
+      - Admin
+      - NoCryptoAdmin
+      - NoAccess
+      - Anonymous
+      - ReadOnly
+
 - name: store the vcenter container ip
  set_fact:
    vcsim: "{{ lookup('env', 'vcenter_host') }}"
@ -30,40 +39,33 @@

 - debug: var=vcsim_instance

- name: Gather facts about local role on ESXi
+- name: Gather Role facts
  vmware_local_role_facts:
    hostname: "{{ vcsim }}"
    username: "{{ vcsim_instance['json']['username'] }}"
    password: "{{ vcsim_instance['json']['password'] }}"
    validate_certs: no
-  register: fact_details
+  register: role_details

- name: verify if role is defined
+- name: Test if role id is present for role
  assert:
-    that:
-      - "{{ fact_details.changed == false }}"
-      - "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"
-
+    that: "{{ role_details.local_role_facts | json_query(s_query) != [] }}"
+  vars:
+    s_query: "[?role_name == '{{ item }}'].role_id"
+  with_items: "{{ role_list }}"

- name: Gather facts about local role on ESXi in check mode
+- name: Gather Role facts in check mode
  vmware_local_role_facts:
    hostname: "{{ vcsim }}"
    username: "{{ vcsim_instance['json']['username'] }}"
    password: "{{ vcsim_instance['json']['password'] }}"
    validate_certs: no
-  register: fact_details
+  register: role_details
  check_mode: yes

- name: verify if role is defined in check mode
+- name: Test if role id is present for role
  assert:
-    that:
-      - "{{ fact_details.changed == false }}"
-      - "{{ fact_details.local_role_facts['Admin']['privileges'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_id'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_label'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_info_summary'] is defined }}"
-      - "{{ fact_details.local_role_facts['Admin']['role_system'] is defined }}"
+    that: "{{ role_details.local_role_facts | json_query(s_query) != [] }}"
+  vars:
+    s_query: "[?role_name == '{{ item }}'].role_id"
+  with_items: "{{ role_list }}"