diff options
author | Yunge Zhu <37337818+yungezz@users.noreply.github.com> | 2019-03-07 03:09:54 +0800 |
---|---|---|
committer | Matt Davis <nitzmahone@users.noreply.github.com> | 2019-03-06 11:09:54 -0800 |
commit | 5ef7b7d767b57b55a2a3927f2ae2984a12828e8d (patch) | |
tree | 730b38716df92d019356d593550a1426a42c1297 /test/integration/targets/azure_rm_roledefinition | |
parent | 71042e1a79937177de324c93f5701ee642c8f7d8 (diff) | |
download | ansible-5ef7b7d767b57b55a2a3927f2ae2984a12828e8d.tar.gz |
add azure role definition module (#52468)
* add role definition module
* fix sample
* fix lint
* fix lint
* add facts module
* fix lint
* disable test due to no owner permission
* use unsupported
* fix lint
* resolve comments
* fix not_xxx_actions
Diffstat (limited to 'test/integration/targets/azure_rm_roledefinition')
3 files changed, 144 insertions, 0 deletions
diff --git a/test/integration/targets/azure_rm_roledefinition/aliases b/test/integration/targets/azure_rm_roledefinition/aliases new file mode 100644 index 0000000000..35b9401151 --- /dev/null +++ b/test/integration/targets/azure_rm_roledefinition/aliases @@ -0,0 +1,3 @@ +cloud/azure +destructive +unsupported
\ No newline at end of file diff --git a/test/integration/targets/azure_rm_roledefinition/meta/main.yml b/test/integration/targets/azure_rm_roledefinition/meta/main.yml new file mode 100644 index 0000000000..95e1952f98 --- /dev/null +++ b/test/integration/targets/azure_rm_roledefinition/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/test/integration/targets/azure_rm_roledefinition/tasks/main.yml b/test/integration/targets/azure_rm_roledefinition/tasks/main.yml new file mode 100644 index 0000000000..bdf1431c04 --- /dev/null +++ b/test/integration/targets/azure_rm_roledefinition/tasks/main.yml @@ -0,0 +1,139 @@ +- name: Fix resource prefix + set_fact: + role_name: "{{ (resource_group | replace('-','x'))[-8:] }}{{ 1000 | random }}testrole" + subscription_id: "{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}" + run_once: yes + +- name: Create a role definition (Check Mode) + azure_rm_roledefinition: + name: "{{ role_name }}" + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + permissions: + - actions: + - "Microsoft.Compute/virtualMachines/read" + not_actions: + - "Microsoft.Compute/virtualMachines/write" + data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + not_data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + assignable_scopes: + - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + check_mode: yes + register: output + +- name: Assert creating role definition check mode + assert: + that: + - output.changed + +- name: Create a role definition + azure_rm_roledefinition: + name: "{{ role_name }}" + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + permissions: + - actions: + - "Microsoft.Compute/virtualMachines/read" + not_actions: + - "Microsoft.Compute/virtualMachines/write" + data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + not_data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + assignable_scopes: + - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + register: output + +- name: Assert creating role definition + assert: + that: + - output.changed + +- name: Get facts by name + azure_rm_roledefinition_facts: + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + type: custom + register: facts + +- name: Assert facts + assert: + - facts['roledefinitions'] | length > 1 + +- name: Get facts + azure_rm_roledefinition_facts: + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + role_name: "{{ role_name }}" + register: facts + +- name: Assert facts + assert: + - facts['roledefinitions'] | length == 1 + - facts['roledefinitions']['permissions'] | length == 1 + - facts['roledefinitions']['permissions'][0]['not_data_actions'] | length == 1 + - facts['roledefinitions']['permissions'][0]['data_actions'] | length == 1 + +- name: Update the role definition (idempotent) + azure_rm_roledefinition: + name: "{{ role_name }}" + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + permissions: + - actions: + - "Microsoft.Compute/virtualMachines/read" + not_actions: + - "Microsoft.Compute/virtualMachines/write" + data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + not_data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + assignable_scopes: + - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + register: output + +- name: assert output not changed + assert: + that: + - not output.changed + +- name: Update the role definition + azure_rm_roledefinition: + name: "{{ role_name }}" + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + permissions: + - actions: + - "Microsoft.Compute/virtualMachines/read" + - "Microsoft.Compute/virtualMachines/start/action" + not_actions: + - "Microsoft.Compute/virtualMachines/write" + data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" + not_data_actions: + - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" + assignable_scopes: + - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + register: output + +- name: assert output changed + assert: + that: + - output.changed + +- name: Delete the role definition (Check Mode) + azure_rm_roledefinition: + name: "{{ role_name }}" + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + check_mode: yes + register: output + +- name: assert deleting role definition check mode + assert: + that: output.changed + +- name: Delete the redis cache + azure_rm_roledefinition: + name: "{{ role_name }}" + scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" + register: output + +- assert: + that: + - output.changed
\ No newline at end of file |