openstack/ansible-collections-openstack
Code Issues Proposed changes

Update federation_idp to use proxy

Browse Source 
Update federation_idp to use proxy layer

Change-Id: I89ed8526c15608a043cc98e0de50a1ef6f1c8020
This commit is contained in:
Arx Cruz 2022-07-18 11:16:09 +02:00 committed by Rafael Castillo
parent 4df7a12ebf
commit 8563e2327c
3 changed files with 44 additions and 113 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ci/roles/keystone_idp/defaults/main.yml
View File

@ -19,3 +19,11 @@ idp_info_expected_fields:
- is_enabled
- name
- remote_ids
idp_expected_fields:
- description
- domain_id
- id
- is_enabled
- name
- remote_ids

97
ci/roles/keystone_idp/tasks/main.yml
View File

@ -74,13 +74,6 @@
that:
- create_identity_provider is successful
- create_identity_provider is changed
- '"identity_provider" in create_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -90,6 +83,11 @@
vars:
idp: '{{ create_identity_provider.identity_provider }}'
- name: Verify returned values
assert:
that: item in create_identity_provider.identity_provider
loop: "{{ idp_expected_fields }}"
- name: 'Fetch IDP info - with name'
openstack.cloud.federation_idp_info:
name: '{{ idp_name }}'
@ -146,13 +144,6 @@
that:
- create_identity_provider is successful
- create_identity_provider is not changed
- '"identity_provider" in create_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -187,13 +178,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -225,13 +209,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is not changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -264,13 +241,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -302,13 +272,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is not changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -318,7 +281,6 @@
vars:
idp: '{{ update_identity_provider.identity_provider }}'
- name: 'Update IDP set Disabled - CHECK_MODE'
check_mode: yes
openstack.cloud.federation_idp:
@ -341,13 +303,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -379,13 +334,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is not changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -416,13 +364,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is not changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -461,13 +402,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -503,13 +437,6 @@
that:
- update_identity_provider is successful
- update_identity_provider is not changed
- '"identity_provider" in update_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name
- idp.name == idp_name
- idp.domain_id == domain_id
@ -550,13 +477,6 @@
that:
- create_identity_provider is successful
- create_identity_provider is changed
- '"identity_provider" in create_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name_2
- idp.name == idp_name_2
- idp.domain_id == domain_id
@ -594,13 +514,6 @@
that:
- create_identity_provider is successful
- create_identity_provider is not changed
- '"identity_provider" in create_identity_provider'
- '"id" in idp'
- '"name" in idp'
- '"domain_id" in idp'
- '"description" in idp'
- '"is_enabled" in idp'
- '"remote_ids" in idp'
- idp.id == idp_name_2
- idp.name == idp_name_2
- idp.domain_id == domain_id

52
plugins/modules/federation_idp.py
View File

@ -72,6 +72,34 @@ EXAMPLES = '''
'''
RETURN = '''
identity_provider:
description: Dictionary describing the identity providers
returned: On success when I(state) is 'present'
type: dict
elements: dict
contains:
description:
description: Identity provider description
type: str
sample: "demodescription"
domain_id:
description: Domain to which the identity provider belongs
type: str
sample: "default"
id:
description: Identity provider ID
type: str
sample: "test-idp"
is_enabled:
description: Indicates whether the identity provider is enabled
type: bool
name:
description: Name of the identity provider, equals its ID.
type: str
sample: "test-idp"
remote_ids:
description: Remote IDs associated with the identity provider
type: list
'''
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
@ -90,22 +118,6 @@ class IdentityFederationIdpModule(OpenStackModule):
supports_check_mode=True,
)
def normalize_idp(self, idp):
"""
Normalizes the IDP definitions so that the outputs are consistent with the
parameters
- "enabled" (parameter) == "is_enabled" (SDK)
- "name" (parameter) == "id" (SDK)
"""
if idp is None:
return None
_idp = idp.to_dict()
_idp['enabled'] = idp['is_enabled']
_idp['name'] = idp['id']
return _idp
def delete_identity_provider(self, idp):
"""
Delete an existing Identity Provider
@ -150,7 +162,7 @@ class IdentityFederationIdpModule(OpenStackModule):
attributes['description'] = description
idp = self.conn.identity.create_identity_provider(id=name, **attributes)
return (True, idp)
return (True, idp.to_dict(computed=False))
def update_identity_provider(self, idp):
"""
@ -176,13 +188,13 @@ class IdentityFederationIdpModule(OpenStackModule):
attributes['remote_ids'] = remote_ids
if not attributes:
return False, idp
return False, idp.to_dict(computed=False)
if self.ansible.check_mode:
return True, None
new_idp = self.conn.identity.update_identity_provider(idp, **attributes)
return (True, new_idp)
return (True, new_idp.to_dict(computed=False))
def run(self):
""" Module entry point """
@ -205,11 +217,9 @@ class IdentityFederationIdpModule(OpenStackModule):
self.fail_json(msg='A domain_id must be passed when creating'
' an identity provider')
(changed, idp) = self.create_identity_provider(name)
idp = self.normalize_idp(idp)
self.exit_json(changed=changed, identity_provider=idp)
(changed, new_idp) = self.update_identity_provider(idp)
new_idp = self.normalize_idp(new_idp)
self.exit_json(changed=changed, identity_provider=new_idp)