os_user_role: add support for named domain (#49891)

Fixes #49859.
This commit is contained in:
François Deppierraz 2019-07-08 15:26:16 +02:00 committed by ansibot
parent 79fdc2190a
commit 737da1853e

View file

@ -41,8 +41,8 @@ options:
If you are using keystone version 2, then this value is required. If you are using keystone version 2, then this value is required.
domain: domain:
description: description:
- ID of the domain to scope the role association to. Valid only with - Name or ID of the domain to scope the role association to. Valid only
keystone version 3, and required if I(project) is not specified. with keystone version 3, and required if I(project) is not specified.
state: state:
description: description:
- Should the roles be present or absent on the user. - Should the roles be present or absent on the user.
@ -137,7 +137,7 @@ def main():
filters['role'] = r['id'] filters['role'] = r['id']
if domain: if domain:
d = cloud.get_domain(domain) d = cloud.get_domain(name_or_id=domain)
if d is None: if d is None:
module.fail_json(msg="Domain %s is not valid" % domain) module.fail_json(msg="Domain %s is not valid" % domain)
filters['domain'] = d['id'] filters['domain'] = d['id']
@ -155,6 +155,7 @@ def main():
if g is None: if g is None:
module.fail_json(msg="Group %s is not valid" % group) module.fail_json(msg="Group %s is not valid" % group)
filters['group'] = g['id'] filters['group'] = g['id']
domain_id = None
if project: if project:
if domain: if domain:
p = cloud.get_project(project, domain_id=filters['domain']) p = cloud.get_project(project, domain_id=filters['domain'])
@ -162,7 +163,7 @@ def main():
# filter. Once we identified the project (using the domain as # filter. Once we identified the project (using the domain as
# a filter criteria), we need to remove the domain itself from # a filter criteria), we need to remove the domain itself from
# the filters list. # the filters list.
filters.pop('domain') domain_id = filters.pop('domain')
else: else:
p = cloud.get_project(project) p = cloud.get_project(project)
@ -179,13 +180,13 @@ def main():
if state == 'present': if state == 'present':
if not assignment: if not assignment:
kwargs = _build_kwargs(user, group, project, domain) kwargs = _build_kwargs(user, group, project, domain_id)
cloud.grant_role(role, **kwargs) cloud.grant_role(role, **kwargs)
changed = True changed = True
elif state == 'absent': elif state == 'absent':
if assignment: if assignment:
kwargs = _build_kwargs(user, group, project, domain) kwargs = _build_kwargs(user, group, project, domain_id)
cloud.revoke_role(role, **kwargs) cloud.revoke_role(role, **kwargs)
changed = True changed = True