diff options
Diffstat (limited to 'test/integration/targets/azure_rm_roledefinition/tasks/main.yml')
-rw-r--r-- | test/integration/targets/azure_rm_roledefinition/tasks/main.yml | 207 |
1 files changed, 0 insertions, 207 deletions
diff --git a/test/integration/targets/azure_rm_roledefinition/tasks/main.yml b/test/integration/targets/azure_rm_roledefinition/tasks/main.yml deleted file mode 100644 index f024dd5a49..0000000000 --- a/test/integration/targets/azure_rm_roledefinition/tasks/main.yml +++ /dev/null @@ -1,207 +0,0 @@ -- name: Fix resource prefix - set_fact: - role_name: "{{ (resource_group | replace('-','x'))[-8:] }}{{ 1000 | random }}testrole" - subscription_id: "{{ lookup('env','AZURE_SUBSCRIPTION_ID') }}" - principal_id: "{{ lookup('env','AZURE_CLIENT_ID') }}" - run_once: yes - -- name: Create a role definition (Check Mode) - azure_rm_roledefinition: - name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - permissions: - - actions: - - "Microsoft.Compute/virtualMachines/read" - not_actions: - - "Microsoft.Compute/virtualMachines/write" - data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" - not_data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" - assignable_scopes: - - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - check_mode: yes - register: output - -- name: Assert creating role definition check mode - assert: - that: - - output.changed - -- name: Create a role definition - azure_rm_roledefinition: - name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - permissions: - - actions: - - "Microsoft.Compute/virtualMachines/read" - not_actions: - - "Microsoft.Compute/virtualMachines/write" - data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" - not_data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" - assignable_scopes: - - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - register: output - -- name: Assert creating role definition - assert: - that: - - output.changed - -- name: Get facts by type - azure_rm_roledefinition_facts: - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - type: custom - register: facts - -- name: Assert facts - assert: - that: - - facts['roledefinitions'] | length > 1 - -- name: Get facts by name - azure_rm_roledefinition_facts: - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - role_name: "{{ role_name }}" - register: facts - until: facts.roledefinitions | length > 0 - retries: 50 - delay: 60 - -- name: Assert facts - assert: - that: - - facts['roledefinitions'] | length == 1 - - facts['roledefinitions'][0]['permissions'] | length == 1 - - facts['roledefinitions'][0]['permissions'][0]['not_data_actions'] | length == 1 - - facts['roledefinitions'][0]['permissions'][0]['data_actions'] | length == 1 - -- name: Update the role definition (idempotent) - azure_rm_roledefinition: - name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - permissions: - - actions: - - "Microsoft.Compute/virtualMachines/read" - not_actions: - - "Microsoft.Compute/virtualMachines/write" - data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" - not_data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" - assignable_scopes: - - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - register: output - -- name: assert output not changed - assert: - that: - - not output.changed - -- name: Update the role definition - azure_rm_roledefinition: - name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - permissions: - - actions: - - "Microsoft.Compute/virtualMachines/read" - - "Microsoft.Compute/virtualMachines/start/action" - not_actions: - - "Microsoft.Compute/virtualMachines/write" - data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read" - not_data_actions: - - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write" - assignable_scopes: - - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - register: output - -- name: assert output changed - assert: - that: - - output.changed - -- name: Get role definition facts - azure_rm_roledefinition_facts: - role_name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - type: custom - register: roledef - until: "{{ roledef.roledefinitions | length > 0 }}" - retries: 50 - delay: 60 - -- name: Assert role definition facts - assert: - that: - - roledef['roledefinitions'] | length == 1 - - roledef['roledefinitions'][0]['id'] - -- name: Create a role assignment (Check Mode) - azure_rm_roleassignment: - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - assignee_object_id: "{{ principal_id }}" - role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}" - check_mode: yes - register: output - -- name: Assert creating role definition check mode - assert: - that: - - output.changed - -- name: Create a role assignment - azure_rm_roleassignment: - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - assignee_object_id: "{{ principal_id }}" - role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}" - register: output - -- name: Assert creating role assignment - assert: - that: - - output.changed - -- name: Get facts - azure_rm_roleassignment_facts: - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - assignee: "{{ principal_id }}" - role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}" - register: facts - -- name: assert role assignment facts - assert: - that: - - facts['roleassignments'] | length > 0 - - facts['roleassignments'][0]['id'] - -- name: delete role assignment - azure_rm_roleassignment: - name: "{{ facts['roleassignments'][0]['id'].split('/')[-1] }}" - scope: "/subscriptions/{{ subscription_id }}" - state: absent - -- name: Delete the role definition (Check Mode) - azure_rm_roledefinition: - name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - state: absent - check_mode: yes - register: output - -- name: assert deleting role definition check mode - assert: - that: output.changed - -- name: Delete the role definition - azure_rm_roledefinition: - name: "{{ role_name }}" - scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}" - state: absent - register: output - -- assert: - that: - - output.changed |