304 lines
7.7 KiB
YAML
304 lines
7.7 KiB
YAML
|
- name: pre-setup
|
||
|
cs_role:
|
||
|
name: "testRole"
|
||
|
register: testRole
|
||
|
- name: verify pre-setup
|
||
|
assert:
|
||
|
that:
|
||
|
- testRole is successful
|
||
|
|
||
|
- name: setup
|
||
|
cs_role_permission:
|
||
|
name: "fakeRolePerm"
|
||
|
role: "{{ testRole.id }}"
|
||
|
state: absent
|
||
|
register: roleperm
|
||
|
- name: verify setup
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
|
||
|
- name: setup2
|
||
|
cs_role_permission:
|
||
|
name: "fakeRolePerm2"
|
||
|
role: "{{ testRole.id }}"
|
||
|
state: absent
|
||
|
register: roleperm2
|
||
|
- name: verify setup2
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm2 is successful
|
||
|
|
||
|
- name: test fail if missing name
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
register: roleperm
|
||
|
ignore_errors: true
|
||
|
- name: verify results of fail if missing name
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is failed
|
||
|
- 'roleperm.msg == "missing required arguments: name"'
|
||
|
|
||
|
- name: test fail if missing role
|
||
|
cs_role_permission:
|
||
|
name: "fakeRolePerm"
|
||
|
register: roleperm
|
||
|
ignore_errors: true
|
||
|
- name: verify results of fail if missing role
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is failed
|
||
|
- 'roleperm.msg == "missing required arguments: role"'
|
||
|
|
||
|
- name: test fail if role does not exist
|
||
|
cs_role_permission:
|
||
|
name: "fakeRolePerm"
|
||
|
role: "testtest"
|
||
|
register: roleperm
|
||
|
ignore_errors: true
|
||
|
- name: verify results of fail if role does not exist
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is failed
|
||
|
- roleperm.msg == "Role 'testtest' not found"
|
||
|
|
||
|
- name: test fail if state is incorrcect
|
||
|
cs_role_permission:
|
||
|
state: badstate
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: allow
|
||
|
register: roleperm
|
||
|
ignore_errors: true
|
||
|
- name: verify results of fail if state is incorrcect
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is failed
|
||
|
- 'roleperm.msg == "value of state must be one of: present, absent, got: badstate"'
|
||
|
|
||
|
- name: test create role permission in check mode
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: allow
|
||
|
description: "fakeRolePerm description"
|
||
|
register: roleperm
|
||
|
check_mode: yes
|
||
|
- name: verify results of role permission in check mode
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
|
||
|
- name: test create role permission
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: allow
|
||
|
description: "fakeRolePerm description"
|
||
|
register: roleperm
|
||
|
- name: verify results of role permission
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
- roleperm.permission == "allow"
|
||
|
- roleperm.description == "fakeRolePerm description"
|
||
|
|
||
|
- name: test create role permission idempotency
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: allow
|
||
|
description: "fakeRolePerm description"
|
||
|
register: roleperm
|
||
|
- name: verify results of role permission idempotency
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is not changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
- roleperm.permission == "allow"
|
||
|
- roleperm.description == "fakeRolePerm description"
|
||
|
|
||
|
- name: test update role permission in check_mode
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: deny
|
||
|
description: "fakeRolePerm description"
|
||
|
register: roleperm
|
||
|
check_mode: yes
|
||
|
- name: verify results of update role permission in check mode
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
- roleperm.permission == "allow"
|
||
|
- roleperm.description == "fakeRolePerm description"
|
||
|
|
||
|
- name: test update role permission
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: deny
|
||
|
description: "fakeRolePerm description"
|
||
|
register: roleperm
|
||
|
- name: verify results of update role permission
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
- roleperm.permission == "deny"
|
||
|
- roleperm.description == "fakeRolePerm description"
|
||
|
|
||
|
- name: test update role permission idempotency
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: deny
|
||
|
description: "fakeRolePerm description"
|
||
|
register: roleperm
|
||
|
- name: verify results of update role permission idempotency
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is not changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
- roleperm.permission == "deny"
|
||
|
- roleperm.description == "fakeRolePerm description"
|
||
|
|
||
|
- name: test create a second role permission
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm2"
|
||
|
permission: allow
|
||
|
register: roleperm2
|
||
|
- name: verify results of create a second role permission
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm2 is successful
|
||
|
- roleperm2 is changed
|
||
|
- roleperm2.name == "fakeRolePerm2"
|
||
|
|
||
|
- name: test update rules order in check_mode
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
parent: "{{ roleperm2.id }}"
|
||
|
register: roleperm
|
||
|
check_mode: yes
|
||
|
- name: verify results of update rule order check mode
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
|
||
|
- name: test update rules order
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
parent: "{{ roleperm2.id }}"
|
||
|
register: roleperm
|
||
|
- name: verify results of update rule order
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
|
||
|
- name: test update rules order to the top of the list
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
parent: 0
|
||
|
register: roleperm
|
||
|
- name: verify results of update rule order to the top of the list
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
|
||
|
- name: test update rules order with parent NAME
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
parent: "{{ roleperm2.name }}"
|
||
|
register: roleperm
|
||
|
- name: verify results of update rule order with parent NAME
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
- roleperm.name == "fakeRolePerm"
|
||
|
|
||
|
- name: test fail if permission AND parent args are present
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
permission: allow
|
||
|
parent: 0
|
||
|
register: roleperm
|
||
|
ignore_errors: true
|
||
|
- name: verify results of fail if permission AND parent args are present
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is failed
|
||
|
- 'roleperm.msg == "parameters are mutually exclusive: permission|parent"'
|
||
|
|
||
|
- name: test fail if parent does not exist
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
parent: "badParent"
|
||
|
register: roleperm
|
||
|
ignore_errors: true
|
||
|
- name: verify results of fail if parent does not exist
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is failed
|
||
|
- roleperm.msg == "Parent rule 'badParent' not found"
|
||
|
|
||
|
- name: test remove role permission in check_mode
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
state: absent
|
||
|
register: roleperm
|
||
|
check_mode: yes
|
||
|
- name: verify results of rename role permission in check_mode
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
|
||
|
- name: test remove role permission
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm"
|
||
|
state: absent
|
||
|
register: roleperm
|
||
|
- name: verify results of remove role permission
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|
||
|
|
||
|
- name: remove second role permission
|
||
|
cs_role_permission:
|
||
|
role: "{{ testRole.id }}"
|
||
|
name: "fakeRolePerm2"
|
||
|
state: absent
|
||
|
register: roleperm
|
||
|
- name: verify results of remove second role permission
|
||
|
assert:
|
||
|
that:
|
||
|
- roleperm is successful
|
||
|
- roleperm is changed
|