support creating role only

2015-08-17 16:28:18 +00:00 · 2015-08-17 16:28:18 +00:00 · 4b6471d5e7
commit 4b6471d5e7
parent cbbf284a74
1 changed files with 24 additions and 9 deletions
--- a/lib/ansible/modules/cloud/openstack/keystone_user.py
+++ b/lib/ansible/modules/cloud/openstack/keystone_user.py
@ -252,8 +252,17 @@ def ensure_user_exists(keystone, user_name, password, email, tenant_name,
                                 email=email, tenant_id=tenant.id)
    return (True, user.id)

+def ensure_role_exists(keystone, role_name):
+    # Get the role if it exists
+    try:
+        role = get_role(keystone, role_name)
+    except KeyError:
+        # Role doesn't exist yet
+        role = keystone.roles.create(role_name)
+    return (True, role.id)

-def ensure_role_exists(keystone, user_name, tenant_name, role_name,
+
+def ensure_user_role_exists(keystone, user_name, tenant_name, role_name,
                       check_mode):
    """ Check if role exists

@ -297,9 +306,11 @@ def ensure_user_absent(keystone, user, check_mode):
    raise NotImplementedError("Not yet implemented")


-def ensure_role_absent(keystone, uesr, tenant, role, check_mode):
+def ensure_user_role_absent(keystone, uesr, tenant, role, check_mode):
    raise NotImplementedError("Not yet implemented")

+def ensure_role_absent(keystone, role_name):
+    raise NotImplementedError("Not yet implemented")

 def main():

@ -378,14 +389,18 @@ def dispatch(keystone, user=None, password=None, tenant=None,
          X                  absent      ensure_tenant_absent
          X      X           present     ensure_user_exists
          X      X           absent      ensure_user_absent
-          X      X     X     present     ensure_role_exists
-          X      X     X     absent      ensure_role_absent
-
-
+          X      X     X     present     ensure_user_role_exists
+          X      X     X     absent      ensure_user_role_absent
+                       X     present     ensure_role_exists
+                       X     absent      ensure_role_absent
        """
    changed = False
    id = None
-    if tenant and not user and not role and state == "present":
+    if not tenant and not user and role and state == "present":
+        ensure_role_exists(keystone, role)
+    elif not tenant and not user and role and state == "absent":
+        ensure_role_absent(keystone, role)
+    elif tenant and not user and not role and state == "present":
        changed, id = ensure_tenant_exists(keystone, tenant,
                                           tenant_description, check_mode)
    elif tenant and not user and not role and state == "absent":
@ -396,10 +411,10 @@ def dispatch(keystone, user=None, password=None, tenant=None,
    elif tenant and user and not role and state == "absent":
        changed = ensure_user_absent(keystone, user, check_mode)
    elif tenant and user and role and state == "present":
-        changed, id = ensure_role_exists(keystone, user, tenant, role,
+        changed, id = ensure_user_role_exists(keystone, user, tenant, role,
                                         check_mode)
    elif tenant and user and role and state == "absent":
-        changed = ensure_role_absent(keystone, user, tenant, role, check_mode)
+        changed = ensure_user_role_absent(keystone, user, tenant, role, check_mode)
    else:
        # Should never reach here
        raise ValueError("Code should never reach here")