2018-04-27 16:47:07 +02:00
|
|
|
- name: pre-setup
|
|
|
|
cs_role:
|
|
|
|
name: "testRole"
|
|
|
|
register: testRole
|
|
|
|
- name: verify pre-setup
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- testRole is successful
|
|
|
|
|
|
|
|
- name: setup
|
|
|
|
cs_role_permission:
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
state: absent
|
|
|
|
register: roleperm
|
|
|
|
- name: verify setup
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
|
|
|
|
- name: setup2
|
|
|
|
cs_role_permission:
|
|
|
|
name: "fakeRolePerm2"
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
state: absent
|
|
|
|
register: roleperm2
|
|
|
|
- name: verify setup2
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm2 is successful
|
|
|
|
|
|
|
|
- name: test fail if missing name
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
register: roleperm
|
|
|
|
ignore_errors: true
|
|
|
|
- name: verify results of fail if missing name
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is failed
|
|
|
|
- 'roleperm.msg == "missing required arguments: name"'
|
|
|
|
|
|
|
|
- name: test fail if missing role
|
|
|
|
cs_role_permission:
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
register: roleperm
|
|
|
|
ignore_errors: true
|
|
|
|
- name: verify results of fail if missing role
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is failed
|
|
|
|
- 'roleperm.msg == "missing required arguments: role"'
|
|
|
|
|
|
|
|
- name: test fail if role does not exist
|
|
|
|
cs_role_permission:
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
role: "testtest"
|
|
|
|
register: roleperm
|
|
|
|
ignore_errors: true
|
|
|
|
- name: verify results of fail if role does not exist
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is failed
|
|
|
|
- roleperm.msg == "Role 'testtest' not found"
|
|
|
|
|
|
|
|
- name: test fail if state is incorrcect
|
|
|
|
cs_role_permission:
|
|
|
|
state: badstate
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: allow
|
|
|
|
register: roleperm
|
|
|
|
ignore_errors: true
|
|
|
|
- name: verify results of fail if state is incorrcect
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is failed
|
|
|
|
- 'roleperm.msg == "value of state must be one of: present, absent, got: badstate"'
|
|
|
|
|
|
|
|
- name: test create role permission in check mode
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: allow
|
|
|
|
description: "fakeRolePerm description"
|
|
|
|
register: roleperm
|
|
|
|
check_mode: yes
|
|
|
|
- name: verify results of role permission in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
|
|
|
|
- name: test create role permission
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: allow
|
|
|
|
description: "fakeRolePerm description"
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of role permission
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
- roleperm.permission == "allow"
|
|
|
|
- roleperm.description == "fakeRolePerm description"
|
|
|
|
|
|
|
|
- name: test create role permission idempotency
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: allow
|
|
|
|
description: "fakeRolePerm description"
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of role permission idempotency
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is not changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
- roleperm.permission == "allow"
|
|
|
|
- roleperm.description == "fakeRolePerm description"
|
|
|
|
|
|
|
|
- name: test update role permission in check_mode
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: deny
|
|
|
|
description: "fakeRolePerm description"
|
|
|
|
register: roleperm
|
|
|
|
check_mode: yes
|
|
|
|
- name: verify results of update role permission in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
- roleperm.permission == "allow"
|
|
|
|
- roleperm.description == "fakeRolePerm description"
|
|
|
|
|
|
|
|
- name: test update role permission
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: deny
|
|
|
|
description: "fakeRolePerm description"
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of update role permission
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
- roleperm.permission == "deny"
|
|
|
|
- roleperm.description == "fakeRolePerm description"
|
|
|
|
|
|
|
|
- name: test update role permission idempotency
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: deny
|
|
|
|
description: "fakeRolePerm description"
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of update role permission idempotency
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is not changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
- roleperm.permission == "deny"
|
|
|
|
- roleperm.description == "fakeRolePerm description"
|
|
|
|
|
|
|
|
- name: test create a second role permission
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm2"
|
|
|
|
permission: allow
|
|
|
|
register: roleperm2
|
|
|
|
- name: verify results of create a second role permission
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm2 is successful
|
|
|
|
- roleperm2 is changed
|
|
|
|
- roleperm2.name == "fakeRolePerm2"
|
|
|
|
|
|
|
|
- name: test update rules order in check_mode
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
parent: "{{ roleperm2.id }}"
|
|
|
|
register: roleperm
|
|
|
|
check_mode: yes
|
|
|
|
- name: verify results of update rule order check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
|
|
|
|
- name: test update rules order
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
parent: "{{ roleperm2.id }}"
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of update rule order
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
|
|
|
|
- name: test update rules order to the top of the list
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
parent: 0
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of update rule order to the top of the list
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
|
|
|
|
- name: test update rules order with parent NAME
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
parent: "{{ roleperm2.name }}"
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of update rule order with parent NAME
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
- roleperm.name == "fakeRolePerm"
|
|
|
|
|
|
|
|
- name: test fail if permission AND parent args are present
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
permission: allow
|
|
|
|
parent: 0
|
|
|
|
register: roleperm
|
|
|
|
ignore_errors: true
|
|
|
|
- name: verify results of fail if permission AND parent args are present
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is failed
|
2019-03-15 02:29:55 +01:00
|
|
|
- 'roleperm.msg == "parameters are mutually exclusive: permission|parent"'
|
2018-04-27 16:47:07 +02:00
|
|
|
|
|
|
|
- name: test fail if parent does not exist
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
parent: "badParent"
|
|
|
|
register: roleperm
|
|
|
|
ignore_errors: true
|
|
|
|
- name: verify results of fail if parent does not exist
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is failed
|
|
|
|
- roleperm.msg == "Parent rule 'badParent' not found"
|
|
|
|
|
|
|
|
- name: test remove role permission in check_mode
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
state: absent
|
|
|
|
register: roleperm
|
|
|
|
check_mode: yes
|
|
|
|
- name: verify results of rename role permission in check_mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
|
|
|
|
- name: test remove role permission
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm"
|
|
|
|
state: absent
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of remove role permission
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|
|
|
|
|
|
|
|
- name: remove second role permission
|
|
|
|
cs_role_permission:
|
|
|
|
role: "{{ testRole.id }}"
|
|
|
|
name: "fakeRolePerm2"
|
|
|
|
state: absent
|
|
|
|
register: roleperm
|
|
|
|
- name: verify results of remove second role permission
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- roleperm is successful
|
|
|
|
- roleperm is changed
|