Merge "Add user roles support for cloud launcher"

This commit is contained in:
Jenkins 2016-09-30 08:54:12 +00:00 committed by Gerrit Code Review
commit 441d54913f
5 changed files with 39 additions and 0 deletions

View File

@ -35,6 +35,15 @@
tags:
- roles
- name: "Processing user roles resources for profile {{ item_profile }}"
include: create_user_role.yml
with_items: "{{ profiles|selectattr('name', 'equalto', item_profile)|map(attribute='user_roles')|list }}"
loop_control:
loop_var: item_user_role
when: "{{ 'user_roles' in profiles|selectattr('name', 'equalto', item_profile)|list|first }}"
tags:
- user_roles
- name: "Processing networks resources for profile {{ item_profile }}"
include: create_network.yml
with_items: "{{ profiles|selectattr('name', 'equalto', item_profile)|map(attribute='networks')|list }}"

View File

@ -31,6 +31,14 @@
tags:
- roles
- name: "Processing per cloud user roles"
include: create_user_role.yml
with_items: "{{ item_cloud.user_roles|default([]) }}"
loop_control:
loop_var: item_user_role
tags:
- user_roles
- name: "Processing per cloud networks"
include: create_network.yml
with_items: "{{ item_cloud.networks|default([]) }}"

View File

@ -0,0 +1,9 @@
---
- name: "Processing user role {{ item_user_role.role }}"
os_user_role:
cloud: "{{ item_cloud.oscc_cloud|default(item_cloud.name) }}"
state: "{{ item_user_role.state|default(omit) }}"
role: "{{ item_user_role.role }}"
domain: "{{ item_user_role.domain|default(omit) }}"
project: "{{ item_user_role.project|default(omit) }}"
user: "{{ item_user_role.user|default(omit) }}"

View File

@ -30,6 +30,11 @@ clouds:
flavor: c1
roles:
- name: test_role
user_roles:
- role: test_role
user: test_user
project: test_project
- name: devstack
servers:
- name: test_server_b

View File

@ -53,6 +53,14 @@
- name: Assert test_role role has been created
assert: { that: result.rc == 0 }
- name: Querying for test_user role assignment
command: openstack --os-cloud devstack-admin role assignment list --user test_user --names -f value -c Role
register: result
changed_when: False
- name: Assert test_user has test_role role assigned
assert: { that: result.stdout == 'test_role' }
- name: Querying for test_server_a server
command: openstack --os-cloud devstack-admin server show test_server_a
register: result