vmware_local_role_info/test: avoid json_query
Refactoring to avoid the use of `json_query`. As a bonus point, we now also ensure `NoAccess` role has no provilege.
This commit is contained in:
parent
16d3f6bcbb
commit
223e1675f4
2 changed files with 25 additions and 11 deletions
|
@ -9,8 +9,8 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
role_list:
|
role_list:
|
||||||
- Admin
|
- Admin
|
||||||
- NoCryptoAdmin
|
# With govcsim, NoCryptoAdmin has no privilege.
|
||||||
- NoAccess
|
# - NoCryptoAdmin
|
||||||
- Anonymous
|
- Anonymous
|
||||||
- ReadOnly
|
- ReadOnly
|
||||||
|
|
||||||
|
@ -23,12 +23,19 @@
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
register: role_details
|
register: role_details
|
||||||
|
|
||||||
|
- &list_to_dict
|
||||||
|
name: List to dict
|
||||||
|
set_fact:
|
||||||
|
role_dict: "{{ dict(role_details.local_role_facts|map(attribute='role_name')|zip(role_details.local_role_facts)) }}"
|
||||||
|
|
||||||
|
- name: Test if NoAccess has no privilege
|
||||||
|
assert:
|
||||||
|
that: "{{ role_dict['NoAccess']['privileges'] | list | length == 0 }}"
|
||||||
|
|
||||||
- &role_test
|
- &role_test
|
||||||
name: Test if role id is present for role
|
name: Test if role id is present for role
|
||||||
assert:
|
assert:
|
||||||
that: "{{ role_details.local_role_facts | json_query(s_query) != [] }}"
|
that: "{{ role_dict[item]['privileges'] | list | length > 0 }}"
|
||||||
vars:
|
|
||||||
s_query: "[?role_name == '{{ item }}'].role_id"
|
|
||||||
with_items: "{{ role_list }}"
|
with_items: "{{ role_list }}"
|
||||||
|
|
||||||
- <<: *role_data
|
- <<: *role_data
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
set_fact:
|
set_fact:
|
||||||
role_list:
|
role_list:
|
||||||
- Admin
|
- Admin
|
||||||
- NoCryptoAdmin
|
# NoCryptoAdmin has no privilege with govcsim
|
||||||
- NoAccess
|
# - NoCryptoAdmin
|
||||||
- Anonymous
|
- Anonymous
|
||||||
- ReadOnly
|
- ReadOnly
|
||||||
|
|
||||||
|
@ -23,17 +23,24 @@
|
||||||
validate_certs: no
|
validate_certs: no
|
||||||
register: role_details
|
register: role_details
|
||||||
|
|
||||||
|
- &list_to_dict
|
||||||
|
name: List to dict
|
||||||
|
set_fact:
|
||||||
|
role_dict: "{{ dict(role_details.local_role_info|map(attribute='role_name')|zip(role_details.local_role_info)) }}"
|
||||||
|
|
||||||
|
- name: Test if NoAccess has no privilege
|
||||||
|
assert:
|
||||||
|
that: "{{ role_dict['NoAccess']['privileges'] | list | length == 0 }}"
|
||||||
|
|
||||||
- &role_test
|
- &role_test
|
||||||
name: Test if role id is present for role
|
name: Test if role id is present for role
|
||||||
assert:
|
assert:
|
||||||
that: "{{ role_details.local_role_info | json_query(s_query) != [] }}"
|
that: "{{ role_dict[item]['privileges'] | list | length > 0 }}"
|
||||||
vars:
|
|
||||||
s_query: "[?role_name == '{{ item }}'].role_id"
|
|
||||||
with_items: "{{ role_list }}"
|
with_items: "{{ role_list }}"
|
||||||
|
|
||||||
- <<: *role_data
|
- <<: *role_data
|
||||||
name: Gather Role info in check mode
|
name: Gather Role info in check mode
|
||||||
check_mode: yes
|
check_mode: yes
|
||||||
|
- <<: *list_to_dict
|
||||||
- <<: *role_test
|
- <<: *role_test
|
||||||
name: Test if role id is present for role in check mode
|
name: Test if role id is present for role in check mode
|
||||||
|
|
Loading…
Reference in a new issue