From a566a7ea2e9cee9c2564749c26b9566b4b3bdd80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ren=C3=A9=20Moser?= Date: Tue, 25 Jul 2017 18:07:58 +0200 Subject: [PATCH] cloud: cs_user: add feature keys handling (#27285) --- .../modules/cloud/cloudstack/cs_user.py | 24 +++-- .../targets/cs_user/tasks/main.yml | 97 +++++++++++++++++++ 2 files changed, 113 insertions(+), 8 deletions(-) diff --git a/lib/ansible/modules/cloud/cloudstack/cs_user.py b/lib/ansible/modules/cloud/cloudstack/cs_user.py index 0970328abdc..84c6fe277d4 100644 --- a/lib/ansible/modules/cloud/cloudstack/cs_user.py +++ b/lib/ansible/modules/cloud/cloudstack/cs_user.py @@ -72,6 +72,13 @@ options: - Timezone of the user. required: false default: null + keys_registered: + description: + - If API keys of the user should be generated. + - "Note: Keys can not be removed by the API again." + required: false + default: null + version_added: "2.4" domain: description: - Domain the user is related to. @@ -160,12 +167,12 @@ email: returned: success type: string sample: john.doe@example.com -api_key: +user_api_key: description: API key of the user. returned: success type: string sample: JLhcg8VWi8DoFqL2sSLZMXmGojcLnFrOBTipvBHJjySODcV4mCOo29W2duzPv5cALaZnXj5QxDx3xQfaQt3DKg -api_secret: +user_api_secret: description: API secret of the user. returned: success type: string @@ -219,8 +226,8 @@ class AnsibleCloudStackUser(AnsibleCloudStack): 'firstname': 'first_name', 'lastname': 'last_name', 'email': 'email', - 'secretkey': 'api_secret', - 'apikey': 'api_key', + 'secretkey': 'user_api_secret', + 'apikey': 'user_api_key', 'timezone': 'timezone', } self.account_types = { @@ -346,8 +353,9 @@ class AnsibleCloudStackUser(AnsibleCloudStack): user = res['user'] # register user api keys - res = self.query_api('registerUserKeys', id=user['id']) - user.update(res['userkeys']) + if self.module.params.get('keys_registered'): + res = self.query_api('registerUserKeys', id=user['id']) + user.update(res['userkeys']) return user @@ -366,13 +374,12 @@ class AnsibleCloudStackUser(AnsibleCloudStack): user = res['user'] # register user api keys - if 'apikey' not in user: + if 'apikey' not in user and self.module.params.get('keys_registered'): self.result['changed'] = True if not self.module.check_mode: res = self.query_api('registerUserKeys', id=user['id']) user.update(res['userkeys']) - return user def absent_user(self): @@ -408,6 +415,7 @@ def main(): last_name=dict(), password=dict(no_log=True), timezone=dict(), + keys_registered=dict(type='bool'), poll_async=dict(type='bool', default=True), )) diff --git a/test/integration/targets/cs_user/tasks/main.yml b/test/integration/targets/cs_user/tasks/main.yml index 83a77c7f016..16cae4519df 100644 --- a/test/integration/targets/cs_user/tasks/main.yml +++ b/test/integration/targets/cs_user/tasks/main.yml @@ -66,6 +66,7 @@ - user.account == "admin" - user.state == "enabled" - user.domain == "ROOT" + - user.user_api_key is not defined - name: test create user idempotence cs_user: @@ -89,6 +90,96 @@ - user.account == "admin" - user.state == "enabled" - user.domain == "ROOT" + - user.user_api_key is not defined + +- name: test create account + cs_account: + name: "{{ cs_resource_prefix }}_acc" + username: "{{ cs_resource_prefix }}_acc_username" + password: "{{ cs_resource_prefix }}_acc_password" + last_name: "{{ cs_resource_prefix }}_acc_last_name" + first_name: "{{ cs_resource_prefix }}_acc_first_name" + email: "{{ cs_resource_prefix }}@example.com" + network_domain: "example.com" + register: acc +- name: verify results of create account + assert: + that: + - acc|success + - acc|changed + - acc.name == "{{ cs_resource_prefix }}_acc" + - acc.network_domain == "example.com" + - acc.account_type == "user" + - acc.state == "enabled" + - acc.domain == "ROOT" + - acc|changed + +- name: test create user2 in check mode + cs_user: + username: "{{ cs_resource_prefix }}_user2" + password: "{{ cs_resource_prefix }}_password2" + last_name: "{{ cs_resource_prefix }}_last_name2" + first_name: "{{ cs_resource_prefix }}_first_name2" + email: "{{ cs_resource_prefix }}@example2.com" + account: "{{ cs_resource_prefix }}_acc" + keys_registered: true + check_mode: true + register: user +- name: verify results of create user idempotence + assert: + that: + - user|success + - user|changed + +- name: test create user2 + cs_user: + username: "{{ cs_resource_prefix }}_user2" + password: "{{ cs_resource_prefix }}_password2" + last_name: "{{ cs_resource_prefix }}_last_name2" + first_name: "{{ cs_resource_prefix }}_first_name2" + email: "{{ cs_resource_prefix }}@example2.com" + account: "{{ cs_resource_prefix }}_acc" + keys_registered: true + register: user +- name: verify results of create user idempotence + assert: + that: + - user|success + - user|changed + - user.username == "{{ cs_resource_prefix }}_user2" + - user.first_name == "{{ cs_resource_prefix }}_first_name2" + - user.last_name == "{{ cs_resource_prefix }}_last_name2" + - user.email == "{{ cs_resource_prefix }}@example2.com" + - user.account_type == "user" + - user.account == "{{ cs_resource_prefix }}_acc" + - user.state == "enabled" + - user.domain == "ROOT" + - user.user_api_key is defined + +- name: test create user2 idempotence + cs_user: + username: "{{ cs_resource_prefix }}_user2" + password: "{{ cs_resource_prefix }}_password2" + last_name: "{{ cs_resource_prefix }}_last_name2" + first_name: "{{ cs_resource_prefix }}_first_name2" + email: "{{ cs_resource_prefix }}@example2.com" + account: "{{ cs_resource_prefix }}_acc" + keys_registered: true + register: user +- name: verify results of create user idempotence + assert: + that: + - user|success + - not user|changed + - user.username == "{{ cs_resource_prefix }}_user2" + - user.first_name == "{{ cs_resource_prefix }}_first_name2" + - user.last_name == "{{ cs_resource_prefix }}_last_name2" + - user.email == "{{ cs_resource_prefix }}@example2.com" + - user.account_type == "user" + - user.account == "{{ cs_resource_prefix }}_acc" + - user.state == "enabled" + - user.domain == "ROOT" + - user.user_api_key is defined - name: test update user in check mode cs_user: @@ -98,6 +189,7 @@ first_name: "{{ cs_resource_prefix }}_first_name1" email: "{{ cs_resource_prefix }}@example.com1" account: "admin" + keys_registered: true register: user check_mode: true - name: verify results of update user in check mode @@ -113,6 +205,7 @@ - user.account == "admin" - user.state == "enabled" - user.domain == "ROOT" + - user.user_api_key is not defined - name: test update user cs_user: @@ -122,6 +215,7 @@ first_name: "{{ cs_resource_prefix }}_first_name1" email: "{{ cs_resource_prefix }}@example.com1" account: "admin" + keys_registered: true register: user - name: verify results of update user assert: @@ -136,6 +230,7 @@ - user.account == "admin" - user.state == "enabled" - user.domain == "ROOT" + - user.user_api_key is defined - name: test update user idempotence cs_user: @@ -145,6 +240,7 @@ first_name: "{{ cs_resource_prefix }}_first_name1" email: "{{ cs_resource_prefix }}@example.com1" account: "admin" + keys_registered: true register: user - name: verify results of update user idempotence assert: @@ -159,6 +255,7 @@ - user.account == "admin" - user.state == "enabled" - user.domain == "ROOT" + - user.user_api_key is defined - name: test lock user in check mode cs_user: