Adding tests for new roles

Author: Alex-Welsh

roles/pulp_content_guard/README.md

@@ -16,7 +16,7 @@ Role variables
   * `description`
   * `ca_certificate`
   * `state` (Default is `present`. Setting this value to `absent` will delete the content guard if it exists)
-* `pulp_content_guard_rbac`: List of groups to create/update/delete. Default is an empty list. Each item is a dict containing:
+* `pulp_content_guard_rbac`: List of RBAC content guards to create/update/delete. Default is an empty list. Each item is a dict containing:
   * `name` (Required)
   * `roles` List of dict containing:
     * `role` (role name)

roles/pulp_content_guard/tasks/rbac/add_or_remove_group_roles.yml

@@ -7,38 +7,30 @@
 
 - name: Get RBAC content guard list
   uri:
-    url: "{{ pulp_rbac_cg_url }}"
+    url: "{{ pulp_rbac_cg_url }}?name={{ content_guard.name }}"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     method: GET
     status_code: 200
     force_basic_auth: true
-  no_log: true
-  register: rbac_cg_list_result
-
-- name: Get current roles associated with content guard
-  vars:
-    url_query: "[?name=='{{ content_guard.name }}'].pulp_href"
-  set_fact:
-    given_cg_href: "{{ rbac_cg_list_result.json.results | json_query(url_query) | first | default([]) }}"
+  register: rbac_cg_result
 
 - name: Get role list
   uri:
-    url: "{{ pulp_url }}{{ given_cg_href }}list_roles/"
+    url: "{{ pulp_url }}{{ (rbac_cg_result.json.results | first).pulp_href }}list_roles/"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     method: GET
     status_code: 200
     force_basic_auth: true
-  no_log: true
   register: role_list_result
 
 - name: Remove unused roles
   vars:
     rolenames: "{{ content_guard.roles | default([]) | map(attribute='role') | list }}"
     url_query: "[?name=='{{ content_guard.name }}'].pulp_href"
   uri:
-    url: "{{ pulp_url }}{{ rbac_cg_list_result.json.results | json_query(url_query) | first }}remove_role/"
+    url: "{{ pulp_url }}{{ (rbac_cg_result.json.results | first).pulp_href }}remove_role/"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     force_basic_auth: true
@@ -48,10 +40,7 @@
       role: "{{ item.role }}"
       groups: "{{ item.groups }}"
     body_format: form-urlencoded
-  # debug:
-  #   msg: "{{ item.role }}"
   loop: "{{ role_list_result.json.roles }}"
-  # no_log: true
   register: result
   when:
     - item.role not in rolenames

roles/pulp_content_guard/tasks/rbac/add_or_remove_groups_from_role.yml

@@ -7,10 +7,8 @@
     current_groups: "{{ role_list_result.json.roles | json_query(role_query) | first | default([]) }}"
 
 - name: Add new group to role
-  vars:
-    url_query: "[?name=='{{ content_guard.name }}'].pulp_href"
   uri:
-    url: "{{ pulp_url }}{{ rbac_cg_list_result.json.results | json_query(url_query) | first }}add_role/"
+    url: "{{ pulp_url }}{{ (rbac_cg_result.json.results | first).pulp_href }}add_role/"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     force_basic_auth: true
@@ -20,17 +18,14 @@
       role: "{{ rbac_cg_new_role.role }}"
       groups: "{{ item }}"
     body_format: form-urlencoded
-  # no_log: true
   register: result
   loop: "{{ rbac_cg_new_role.groups | default([], true) }}"
   when: item not in current_groups
   changed_when: result.status == 201
 
 - name: Remove old group from role
-  vars:
-    url_query: "[?name=='{{ content_guard.name }}'].pulp_href"
   uri:
-    url: "{{ pulp_url }}{{ rbac_cg_list_result.json.results | json_query(url_query) | first }}remove_role/"
+    url: "{{ pulp_url }}{{ (rbac_cg_result.json.results | first).pulp_href }}remove_role/"
     user: "{{ pulp_username }}"
     password: "{{ pulp_password }}"
     force_basic_auth: true
@@ -40,7 +35,6 @@
       role: "{{ rbac_cg_new_role.role }}"
       groups: "{{ item }}"
     body_format: form-urlencoded
-  # no_log: true
   register: result
   loop: "{{ current_groups }}"
   when: item not in (rbac_cg_new_role.groups | default([]))

roles/pulp_content_guard/tasks/rbac/rbac.yml

@@ -8,7 +8,6 @@
     method: GET
     status_code: 200
     force_basic_auth: true
-  no_log: true
   register: rbac_cg_list_result
 
 - name: Initialise remove_rbac_cg
@@ -36,7 +35,6 @@
       description: "{{ item.description | default(omit) }}"
     body_format: form-urlencoded
   loop: "{{ pulp_content_guard_rbac | default([], true) }}"
-  # no_log: true
   register: result
   when:
     - item.name not in rbaccgnames
@@ -58,7 +56,6 @@
       description: "{{ item.description | default(omit) }}"
     body_format: form-urlencoded
   loop: "{{ pulp_content_guard_rbac | default([], true) }}"
-  # no_log: true
   register: result
   when:
     - item.name in rbaccgnames
@@ -96,6 +93,5 @@
     status_code: 204
     body_format: form-urlencoded
   loop: "{{ hrefs | default([]) }}"
-  no_log: true
   register: result
   changed_when: result.status == 204

roles/pulp_group/tasks/main.yml

@@ -8,7 +8,6 @@
     method: GET
     status_code: 200
     force_basic_auth: true
-  no_log: true
   register: groups_list_result
 
 - name: Set fact remove_groups
@@ -31,7 +30,6 @@
       name: "{{ item.name }}"
     body_format: form-urlencoded
   loop: "{{ pulp_groups | default([], true) }}"
-  # no_log: true
   register: result
   when:
     - item.name not in groupnames
@@ -58,6 +56,5 @@
     status_code: 204
     body_format: form-urlencoded
   loop: "{{ hrefs | default([]) }}"
-  no_log: true
   register: result
   changed_when: result.status == 204

roles/pulp_user/tasks/main.yml

@@ -8,7 +8,6 @@
     method: GET
     status_code: 200
     force_basic_auth: true
-  no_log: true
   register: users_list_result
 
 - name: Set fact remove_users
@@ -39,7 +38,6 @@
   loop: "{{ pulp_users | default([], true) }}"
   loop_control:
     label: "{{ item.username }}"
-  # no_log: true
   register: result
   when:
     - item.username not in usernames
@@ -68,7 +66,6 @@
   loop: "{{ pulp_users | default([], true) }}"
   loop_control:
     label: "{{ item.username }}"
-  no_log: true
   register: result
   when:
     - item.username in usernames
@@ -107,6 +104,5 @@
     status_code: 204
     body_format: form-urlencoded
   loop: "{{ hrefs | default([]) }}"
-  no_log: true
   register: result
   changed_when: result.status == 204

tests/test_content_guard_rbac.yml

@@ -0,0 +1,163 @@
+---
+- name: Test content guard rbac
+  gather_facts: false
+  hosts: localhost
+  vars:
+    pulp_url: http://localhost:8080
+    pulp_username: admin
+    pulp_password: password
+    pulp_validate_certs: true
+  tasks:
+
+    - name: Query pulp status
+      uri:
+        url: "{{ pulp_url }}/pulp/api/v3/status/"
+        user: "{{ pulp_username }}"
+        password: "{{ pulp_password }}"
+        method: GET
+        body_format: json
+        status_code: 200
+        force_basic_auth: true
+      register: status_result
+
+    - name: Exit if version < 3.17
+      meta: end_play
+      vars:
+        query: "[?component=='core'].version"
+      when: status_result.json.versions | json_query(query) | first is version('3.17', '<')
+
+    - name: Query groups
+      uri:
+        url: "{{ pulp_url }}/pulp/api/v3/groups/"
+        user: "{{ pulp_username }}"
+        password: "{{ pulp_password }}"
+        method: GET
+        body_format: json
+        status_code: 200
+        force_basic_auth: true
+      register: groups_result
+
+    - name: Create groups
+      uri:
+        url: "{{ pulp_url }}/pulp/api/v3/groups/"
+        user: "{{ pulp_username }}"
+        password: "{{ pulp_password }}"
+        method: POST
+        body:
+          name: "{{ item }}"
+        body_format: json
+        status_code: 201
+        force_basic_auth: true
+      loop:
+        - test_group1
+        - test_group2
+      when: item not in groups_result.json.results | map(attribute='name') | list
+
+    - include_role:
+        name: pulp_content_guard
+      vars:
+        pulp_content_guard_rbac:
+          - name: test-rbac_cg-1
+            roles:
+              - role: core.rbaccontentguard_downloader
+                groups:
+                  - test_group1
+                  - test_group2
+            state: present
+          - name: test-rbac_cg-2
+            roles:
+              - role: core.rbaccontentguard_downloader
+                groups:
+                  - test_group1
+                  - test_group2
+            state: present
+
+    - name: Query rbac content guard list
+      uri:
+        url: "{{ pulp_url }}/pulp/api/v3/contentguards/core/rbac/"
+        user: "{{ pulp_username }}"
+        password: "{{ pulp_password }}"
+        method: GET
+        status_code: 200
+        force_basic_auth: true
+      register: rbac_cg_list
+
+    - name: Evaluate results for test-rbac_cg-1
+      vars:
+        query: "[?name=='test-rbac_cg-1']"
+      assert:
+        that:
+          - rbac_cg_list.json.results | json_query(query) | length == 1
+          - (rbac_cg_list.json.results | json_query(query) | first).name == 'test-rbac_cg-1'
+          - (rbac_cg_list.json.results | json_query(query) | first).groups | length == 2
+          - (rbac_cg_list.json.results | json_query(query) | first).groups[0].name in ['test_group1', 'test_group2']
+          - (rbac_cg_list.json.results | json_query(query) | first).groups[1].name in ['test_group1', 'test_group2']
+          - >
+              (rbac_cg_list.json.results | json_query(query) | first).groups[0].name !=
+              (rbac_cg_list.json.results | json_query(query) | first).groups[1].name
+
+    - name: Evaluate results for test-rbac_cg-2
+      vars:
+        query: "[?name=='test-rbac_cg-2']"
+      assert:
+        that:
+          - rbac_cg_list.json.results | json_query(query) | length == 1
+          - (rbac_cg_list.json.results | json_query(query) | first).name == 'test-rbac_cg-2'
+          - (rbac_cg_list.json.results | json_query(query) | first).groups | length == 2
+          - (rbac_cg_list.json.results | json_query(query) | first).groups[0].name in ['test_group1', 'test_group2']
+          - (rbac_cg_list.json.results | json_query(query) | first).groups[1].name in ['test_group1', 'test_group2']
+          - >
+              (rbac_cg_list.json.results | json_query(query) | first).groups[0].name !=
+              (rbac_cg_list.json.results | json_query(query) | first).groups[1].name
+
+    # update content guards
+    - include_role:
+        name: pulp_content_guard
+      vars:
+        pulp_content_guard_rbac:
+          - name: test-rbac_cg-1
+            roles:
+              - role: core.rbaccontentguard_downloader
+                groups:
+                  - test_group1
+            state: present
+          - name: test-rbac_cg-2
+            state: absent
+
+    - name: Query rbac content guard list
+      uri:
+        url: "{{ pulp_url }}/pulp/api/v3/contentguards/core/rbac/"
+        user: "{{ pulp_username }}"
+        password: "{{ pulp_password }}"
+        method: GET
+        status_code: 200
+        force_basic_auth: true
+      register: rbac_cg_list
+
+    - name: Evaluate results for test-rbac_cg-1
+      vars:
+        query: "[?name=='test-rbac_cg-1']"
+      assert:
+        that:
+          - rbac_cg_list.json.results | json_query(query) | length == 1
+          - (rbac_cg_list.json.results | json_query(query) | first).name == 'test-rbac_cg-1'
+          - (rbac_cg_list.json.results | json_query(query) | first).groups | length == 1
+          - (rbac_cg_list.json.results | json_query(query) | first).groups[0].name == 'test_group1'
+
+
+    - name: Evaluate results for test-rbac_cg-2
+      vars:
+        query: "[?name=='test-rbac_cg-2']"
+      assert:
+        that:
+          - rbac_cg_list.json.results | json_query(query) | length == 0
+    
+    - name: Cleanup
+      include_role:
+        name: pulp_content_guard
+      vars:
+        pulp_content_guard_rbac:
+          - name: test-rbac_cg-1
+            state: absent
+          - name: test-rbac_cg-2
+            state: absent