Merge "Add user roles support for cloud launcher"

2016-09-30 08:54:12 +00:00 · 2016-09-30 08:54:12 +00:00 · 441d54913f
commit 441d54913f
parent b1aba4583f 702c099e05
5 changed files with 39 additions and 0 deletions
--- a/tasks/create_per_cloud_profiles_resources.yml
+++ b/tasks/create_per_cloud_profiles_resources.yml
@ -35,6 +35,15 @@
  tags:
    - roles

+- name: "Processing user roles resources for profile {{ item_profile }}"
+  include: create_user_role.yml
+  with_items: "{{ profiles|selectattr('name', 'equalto', item_profile)|map(attribute='user_roles')|list }}"
+  loop_control:
+    loop_var: item_user_role
+  when: "{{ 'user_roles' in profiles|selectattr('name', 'equalto', item_profile)|list|first }}"
+  tags:
+    - user_roles
+
 - name: "Processing networks resources for profile {{ item_profile }}"
  include: create_network.yml
  with_items: "{{ profiles|selectattr('name', 'equalto', item_profile)|map(attribute='networks')|list }}"
--- a/tasks/create_per_cloud_resources.yml
+++ b/tasks/create_per_cloud_resources.yml
@ -31,6 +31,14 @@
  tags:
    - roles

+- name: "Processing per cloud user roles"
+  include: create_user_role.yml
+  with_items: "{{ item_cloud.user_roles|default([]) }}"
+  loop_control:
+    loop_var: item_user_role
+  tags:
+    - user_roles
+
 - name: "Processing per cloud networks"
  include: create_network.yml
  with_items: "{{ item_cloud.networks|default([]) }}"
--- a/tasks/create_user_role.yml
+++ b/tasks/create_user_role.yml
@ -0,0 +1,9 @@
+---
+- name: "Processing user role {{ item_user_role.role }}"
+  os_user_role:
+    cloud: "{{ item_cloud.oscc_cloud|default(item_cloud.name) }}"
+    state: "{{ item_user_role.state|default(omit) }}"
+    role: "{{ item_user_role.role }}"
+    domain: "{{ item_user_role.domain|default(omit) }}"
+    project: "{{ item_user_role.project|default(omit) }}"
+    user: "{{ item_user_role.user|default(omit) }}"
--- a/tests/resources.yml
+++ b/tests/resources.yml
@ -30,6 +30,11 @@ clouds:
        flavor: c1
    roles:
      - name: test_role
+    user_roles:
+      - role: test_role
+        user: test_user
+        project: test_project
+
  - name: devstack
    servers:
      - name: test_server_b
--- a/tests/test.yaml
+++ b/tests/test.yaml
@ -53,6 +53,14 @@
    - name: Assert test_role role has been created
      assert: { that: result.rc == 0 }

+    - name: Querying for test_user role assignment
+      command: openstack --os-cloud devstack-admin role assignment list --user test_user --names -f value -c Role
+      register: result
+      changed_when: False
+
+    - name: Assert test_user has test_role role assigned
+      assert: { that: result.stdout == 'test_role' }
+
    - name: Querying for test_server_a server
      command: openstack --os-cloud devstack-admin server show test_server_a
      register: result