From 8563e2327c080d00ce389bcfa654711a7ad4e664 Mon Sep 17 00:00:00 2001 From: Arx Cruz Date: Mon, 18 Jul 2022 11:16:09 +0200 Subject: [PATCH] Update federation_idp to use proxy Update federation_idp to use proxy layer Change-Id: I89ed8526c15608a043cc98e0de50a1ef6f1c8020 --- ci/roles/keystone_idp/defaults/main.yml | 8 ++ ci/roles/keystone_idp/tasks/main.yml | 97 ++----------------------- plugins/modules/federation_idp.py | 52 +++++++------ 3 files changed, 44 insertions(+), 113 deletions(-) diff --git a/ci/roles/keystone_idp/defaults/main.yml b/ci/roles/keystone_idp/defaults/main.yml index 0b1ed54e..7c9b5acf 100644 --- a/ci/roles/keystone_idp/defaults/main.yml +++ b/ci/roles/keystone_idp/defaults/main.yml @@ -19,3 +19,11 @@ idp_info_expected_fields: - is_enabled - name - remote_ids + +idp_expected_fields: + - description + - domain_id + - id + - is_enabled + - name + - remote_ids diff --git a/ci/roles/keystone_idp/tasks/main.yml b/ci/roles/keystone_idp/tasks/main.yml index 7a2129e9..2d76aac0 100644 --- a/ci/roles/keystone_idp/tasks/main.yml +++ b/ci/roles/keystone_idp/tasks/main.yml @@ -74,13 +74,6 @@ that: - create_identity_provider is successful - create_identity_provider is changed - - '"identity_provider" in create_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -90,6 +83,11 @@ vars: idp: '{{ create_identity_provider.identity_provider }}' + - name: Verify returned values + assert: + that: item in create_identity_provider.identity_provider + loop: "{{ idp_expected_fields }}" + - name: 'Fetch IDP info - with name' openstack.cloud.federation_idp_info: name: '{{ idp_name }}' @@ -146,13 +144,6 @@ that: - create_identity_provider is successful - create_identity_provider is not changed - - '"identity_provider" in create_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -187,13 +178,6 @@ that: - update_identity_provider is successful - update_identity_provider is changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -225,13 +209,6 @@ that: - update_identity_provider is successful - update_identity_provider is not changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -264,13 +241,6 @@ that: - update_identity_provider is successful - update_identity_provider is changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -302,13 +272,6 @@ that: - update_identity_provider is successful - update_identity_provider is not changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -318,7 +281,6 @@ vars: idp: '{{ update_identity_provider.identity_provider }}' - - name: 'Update IDP set Disabled - CHECK_MODE' check_mode: yes openstack.cloud.federation_idp: @@ -341,13 +303,6 @@ that: - update_identity_provider is successful - update_identity_provider is changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -379,13 +334,6 @@ that: - update_identity_provider is successful - update_identity_provider is not changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -416,13 +364,6 @@ that: - update_identity_provider is successful - update_identity_provider is not changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -461,13 +402,6 @@ that: - update_identity_provider is successful - update_identity_provider is changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -503,13 +437,6 @@ that: - update_identity_provider is successful - update_identity_provider is not changed - - '"identity_provider" in update_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name - idp.name == idp_name - idp.domain_id == domain_id @@ -550,13 +477,6 @@ that: - create_identity_provider is successful - create_identity_provider is changed - - '"identity_provider" in create_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name_2 - idp.name == idp_name_2 - idp.domain_id == domain_id @@ -594,13 +514,6 @@ that: - create_identity_provider is successful - create_identity_provider is not changed - - '"identity_provider" in create_identity_provider' - - '"id" in idp' - - '"name" in idp' - - '"domain_id" in idp' - - '"description" in idp' - - '"is_enabled" in idp' - - '"remote_ids" in idp' - idp.id == idp_name_2 - idp.name == idp_name_2 - idp.domain_id == domain_id diff --git a/plugins/modules/federation_idp.py b/plugins/modules/federation_idp.py index 937d04b4..babde798 100644 --- a/plugins/modules/federation_idp.py +++ b/plugins/modules/federation_idp.py @@ -72,6 +72,34 @@ EXAMPLES = ''' ''' RETURN = ''' +identity_provider: + description: Dictionary describing the identity providers + returned: On success when I(state) is 'present' + type: dict + elements: dict + contains: + description: + description: Identity provider description + type: str + sample: "demodescription" + domain_id: + description: Domain to which the identity provider belongs + type: str + sample: "default" + id: + description: Identity provider ID + type: str + sample: "test-idp" + is_enabled: + description: Indicates whether the identity provider is enabled + type: bool + name: + description: Name of the identity provider, equals its ID. + type: str + sample: "test-idp" + remote_ids: + description: Remote IDs associated with the identity provider + type: list ''' from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule @@ -90,22 +118,6 @@ class IdentityFederationIdpModule(OpenStackModule): supports_check_mode=True, ) - def normalize_idp(self, idp): - """ - Normalizes the IDP definitions so that the outputs are consistent with the - parameters - - - "enabled" (parameter) == "is_enabled" (SDK) - - "name" (parameter) == "id" (SDK) - """ - if idp is None: - return None - - _idp = idp.to_dict() - _idp['enabled'] = idp['is_enabled'] - _idp['name'] = idp['id'] - return _idp - def delete_identity_provider(self, idp): """ Delete an existing Identity Provider @@ -150,7 +162,7 @@ class IdentityFederationIdpModule(OpenStackModule): attributes['description'] = description idp = self.conn.identity.create_identity_provider(id=name, **attributes) - return (True, idp) + return (True, idp.to_dict(computed=False)) def update_identity_provider(self, idp): """ @@ -176,13 +188,13 @@ class IdentityFederationIdpModule(OpenStackModule): attributes['remote_ids'] = remote_ids if not attributes: - return False, idp + return False, idp.to_dict(computed=False) if self.ansible.check_mode: return True, None new_idp = self.conn.identity.update_identity_provider(idp, **attributes) - return (True, new_idp) + return (True, new_idp.to_dict(computed=False)) def run(self): """ Module entry point """ @@ -205,11 +217,9 @@ class IdentityFederationIdpModule(OpenStackModule): self.fail_json(msg='A domain_id must be passed when creating' ' an identity provider') (changed, idp) = self.create_identity_provider(name) - idp = self.normalize_idp(idp) self.exit_json(changed=changed, identity_provider=idp) (changed, new_idp) = self.update_identity_provider(idp) - new_idp = self.normalize_idp(new_idp) self.exit_json(changed=changed, identity_provider=new_idp)