diff --git a/.zuul.yaml b/.zuul.yaml
index 8a5231475efdd4e11106d2ea85c3d12abaa65969..c29417b77175bf82e82775aedff241397b1b8089 100644
--- a/.zuul.yaml
+++ b/.zuul.yaml
@@ -71,11 +71,10 @@
dns_zone_info
endpoint
floating_ip_info
- group
host_aggregate
identity_domain_info
+ identity_group
identity_group_info
- identity_role
identity_user
identity_user_info
identity_role
diff --git a/ci/roles/group/defaults/main.yml b/ci/roles/group/defaults/main.yml
deleted file mode 100644
index 361c01190d4cae65637eb063a48d657bb7067e49..0000000000000000000000000000000000000000
--- a/ci/roles/group/defaults/main.yml
+++ /dev/null
@@ -1 +0,0 @@
-group_name: ansible_group
diff --git a/ci/roles/group/tasks/main.yml b/ci/roles/group/tasks/main.yml
deleted file mode 100644
index 77355736a85f6f105f8d3dcdfe8b243951da0541..0000000000000000000000000000000000000000
--- a/ci/roles/group/tasks/main.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-- name: Create group
- openstack.cloud.identity_group:
- cloud: "{{ cloud }}"
- state: present
- name: "{{ group_name }}"
-
-- name: Update group
- openstack.cloud.identity_group:
- cloud: "{{ cloud }}"
- state: present
- name: "{{ group_name }}"
- description: "updated description"
-
-- name: Delete group
- openstack.cloud.identity_group:
- cloud: "{{ cloud }}"
- state: absent
- name: "{{ group_name }}"
diff --git a/ci/roles/identity_group/defaults/main.yml b/ci/roles/identity_group/defaults/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..9b6ad245df6d86c3fbd4961f63ceb945e6041131
--- /dev/null
+++ b/ci/roles/identity_group/defaults/main.yml
@@ -0,0 +1,7 @@
+group_name: ansible_group
+domain_name: ansible_domain
+expected_fields:
+ - description
+ - domain_id
+ - id
+ - name
diff --git a/ci/roles/identity_group/tasks/main.yml b/ci/roles/identity_group/tasks/main.yml
new file mode 100644
index 0000000000000000000000000000000000000000..0c19f438938a0836ae5697db87ffdc12b6af48e7
--- /dev/null
+++ b/ci/roles/identity_group/tasks/main.yml
@@ -0,0 +1,138 @@
+---
+- name: Create domain
+ openstack.cloud.identity_domain:
+ cloud: "{{ cloud }}"
+ state: present
+ name: "{{ domain_name }}"
+ register: domain
+
+- name: Create group
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: present
+ name: "{{ group_name }}"
+ register: group_result
+
+- name: Assert changed
+ assert:
+ that: group_result is changed
+
+- name: Assert returned fields
+ assert:
+ that: item in group_result.group
+ loop: "{{ expected_fields }}"
+
+- name: Create group again
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: present
+ name: "{{ group_name }}"
+ register: group_result
+
+- name: Assert not changed
+ assert:
+ that: group_result is not changed
+
+- name: Update group
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: present
+ name: "{{ group_name }}"
+ description: "updated description"
+ register: group_result
+
+- name: Assert changed
+ assert:
+ that:
+ - group_result is changed
+ - group_result.group.description == "updated description"
+
+- name: Create group in specific domain
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: present
+ name: "{{ group_name }}"
+ domain_id: "{{ domain.id }}"
+ register: group_result
+
+- name: Assert results
+ assert:
+ that:
+ - group_result is changed
+ - group_result.group.domain_id == domain.id
+
+- name: Create group in specific domain again
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: present
+ name: "{{ group_name }}"
+ domain_id: "{{ domain.id }}"
+ register: group_result
+
+- name: Assert not changed
+ assert:
+ that: group_result is not changed
+
+- name: Delete ambiguous domain
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: absent
+ name: "{{ group_name }}"
+ ignore_errors: true
+ register: group_result
+
+- name: Assert failed
+ assert:
+ that: group_result is failed
+
+- name: Delete group in specific domain
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: absent
+ name: "{{ group_name }}"
+ domain_id: "{{ domain.id }}"
+ register: group_result
+
+- name: Assert changed
+ assert:
+ that: group_result is changed
+
+- name: Delete group in specific domain again
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: absent
+ name: "{{ group_name }}"
+ domain_id: "{{ domain.id }}"
+ register: group_result
+
+- name: Assert not changed
+ assert:
+ that: group_result is not changed
+
+- name: Delete group
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: absent
+ name: "{{ group_name }}"
+ register: group_result
+
+- name: Assert changed
+ assert:
+ that: group_result is changed
+
+- name: Delete group again
+ openstack.cloud.identity_group:
+ cloud: "{{ cloud }}"
+ state: absent
+ name: "{{ group_name }}"
+ register: group_result
+
+- name: Assert not changed
+ assert:
+ that: group_result is not changed
+
+- name: Delete domain
+ openstack.cloud.identity_domain:
+ cloud: "{{ cloud }}"
+ state: absent
+ name: "{{ domain_name }}"
diff --git a/ci/run-collection.yml b/ci/run-collection.yml
index 3d5246f18f31a5f5c951d5e962ec11c5844ff4c3..48edfbeec230484ac3b664dfc4da5ef273b9aee1 100644
--- a/ci/run-collection.yml
+++ b/ci/run-collection.yml
@@ -12,7 +12,6 @@
- role: object_container
tags: object_container
when: sdk_version is version(0.18, '>=')
- - { role: group, tags: group }
- role: dns
tags: dns
when: sdk_version is version(0.28, '>=')
@@ -20,6 +19,7 @@
- { role: floating_ip_info, tags: floating_ip_info }
- { role: host_aggregate, tags: host_aggregate }
- { role: identity_domain_info, tags: identity_domain_info }
+ - { role: identity_group, tags: identity_group }
- { role: identity_group_info, tags: identity_group_info }
- { role: identity_user, tags: identity_user }
- { role: identity_user_info, tags: identity_user_info }
diff --git a/plugins/modules/identity_group.py b/plugins/modules/identity_group.py
index 1242b8c771271379e505eca5991fad81caed5773..0e4cc6f4567bdd61c951b6a22809369ee4199ec1 100644
--- a/plugins/modules/identity_group.py
+++ b/plugins/modules/identity_group.py
@@ -13,11 +13,6 @@ description:
- Manage OpenStack Identity Groups. Groups can be created, deleted or
updated. Only the I(description) value can be updated.
options:
- name:
- description:
- - Group name
- required: true
- type: str
description:
description:
- Group description
@@ -26,6 +21,11 @@ options:
description:
- Domain id to create the group in if the cloud supports domains.
type: str
+ name:
+ description:
+ - Group name
+ required: true
+ type: str
state:
description:
- Should the resource be present or absent.
@@ -68,16 +68,8 @@ RETURN = '''
group:
description: Dictionary describing the group.
returned: On success when I(state) is 'present'.
- type: complex
+ type: dict
contains:
- id:
- description: Unique group ID
- type: str
- sample: "ee6156ff04c645f481a6738311aea0b0"
- name:
- description: Group name
- type: str
- sample: "demo"
description:
description: Group description
type: str
@@ -86,6 +78,14 @@ group:
description: Domain for the group
type: str
sample: "default"
+ id:
+ description: Unique group ID
+ type: str
+ sample: "ee6156ff04c645f481a6738311aea0b0"
+ name:
+ description: Group name
+ type: str
+ sample: "demo"
'''
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import OpenStackModule
@@ -103,51 +103,57 @@ class IdentityGroupModule(OpenStackModule):
supports_check_mode=True
)
- def _system_state_change(self, state, description, group):
+ def _system_state_change(self, state, group):
if state == 'present' and not group:
return True
- if state == 'present' and description is not None and group.description != description:
+ if state == 'present' and self._build_update(group):
return True
if state == 'absent' and group:
return True
return False
+ def _build_update(self, group):
+ update = {}
+ desc = self.params['description']
+ if desc is not None and desc != group.description:
+ update['description'] = desc
+ return update
+
def run(self):
- name = self.params.get('name')
- description = self.params.get('description')
- state = self.params.get('state')
+ name = self.params['name']
+ description = self.params['description']
+ state = self.params['state']
+ domain_id = self.params['domain_id']
- domain_id = self.params.pop('domain_id')
+ group_filters = {}
+ if domain_id is not None:
+ group_filters['domain_id'] = domain_id
- if domain_id:
- group = self.conn.get_group(name, filters={'domain_id': domain_id})
- else:
- group = self.conn.get_group(name)
+ group = self.conn.identity.find_group(name, **group_filters)
if self.ansible.check_mode:
- self.exit_json(changed=self._system_state_change(state, description, group))
+ self.exit_json(changed=self._system_state_change(state, group))
+ changed = False
if state == 'present':
if group is None:
- group = self.conn.create_group(
- name=name, description=description, domain=domain_id)
+ kwargs = dict(description=description, domain_id=domain_id)
+ kwargs = {k: v for k, v in kwargs.items() if v is not None}
+ group = self.conn.identity.create_group(
+ name=name, **kwargs)
changed = True
else:
- if description is not None and group.description != description:
- group = self.conn.update_group(
- group.id, description=description)
+ update = self._build_update(group)
+ if update:
+ group = self.conn.identity.update_group(group, **update)
changed = True
- else:
- changed = False
+ group = group.to_dict(computed=False)
self.exit_json(changed=changed, group=group)
- elif state == 'absent':
- if group is None:
- changed = False
- else:
- self.conn.delete_group(group.id)
- changed = True
- self.exit_json(changed=changed)
+ elif state == 'absent' and group is not None:
+ self.conn.identity.delete_group(group)
+ changed = True
+ self.exit_json(changed=changed)
def main():