External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-01-12 02:19:58 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11655 from ivarmu/devel

Browse Source 
Let an organization admin to add new users to it's tower organization
This commit is contained in:
Shane McDonald 2022-02-12 19:35:51 -05:00 committed by GitHub
commit 60b6faff19
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 193 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
awx_collection/plugins/modules/user.py
View File

@ -42,6 +42,10 @@ options:
description:
- Email address of the user.
type: str
organization:
description:
- The user will be created as a member of that organization (needed for organization admins to create new organization users).
type: str
is_superuser:
description:
- Designates that this user has all permissions without explicitly assigning them.
@ -103,6 +107,14 @@ EXAMPLES = '''
state: present
controller_config_file: "~/tower_cli.cfg"
- name: Add user as a member of an organization (permissions on the organization are required)
user:
username: jdoe
password: foobarbaz
email: jdoe@example.org
organization: devopsorg
state: present
- name: Delete user
user:
username: jdoe
@ -126,6 +138,7 @@ def main():
is_system_auditor=dict(type='bool', default=False, aliases=['auditor']),
password=dict(no_log=True),
update_secrets=dict(type='bool', default=True, no_log=False),
organization=dict(),
state=dict(choices=['present', 'absent'], default='present'),
)
@ -141,6 +154,7 @@ def main():
is_superuser = module.params.get('is_superuser')
is_system_auditor = module.params.get('is_system_auditor')
password = module.params.get('password')
organization = module.params.get('organization')
state = module.params.get('state')
# Attempt to look up the related items the user specified (these will fail the module if not found)
@ -169,8 +183,13 @@ def main():
if password is not None:
new_fields['password'] = password
# If the state was present and we can let the module build or update the existing item, this will return on its own
module.create_or_update_if_needed(existing_item, new_fields, endpoint='users', item_type='user')
if organization:
org_id = module.resolve_name_to_id('organizations', organization)
# If the state was present and we can let the module build or update the existing item, this will return on its own
module.create_or_update_if_needed(existing_item, new_fields, endpoint='organizations/{0}/users'.format(org_id), item_type='user')
else:
# If the state was present and we can let the module build or update the existing item, this will return on its own
module.create_or_update_if_needed(existing_item, new_fields, endpoint='users', item_type='user')
if __name__ == '__main__':

4
awx_collection/test/awx/test_completeness.py
View File

@ -67,8 +67,8 @@ no_api_parameter_ok = {
'ad_hoc_command': ['interval', 'timeout', 'wait'],
# group parameters to perserve hosts and children.
'group': ['preserve_existing_children', 'preserve_existing_hosts'],
# user parameters to rename a user.
'user': ['new_username'],
# new_username parameter to rename a user and organization allows for org admin user creation
'user': ['new_username', 'organization'],
# workflow_approval parameters that do not apply when approving an approval node.
'workflow_approval': ['action', 'interval', 'timeout', 'workflow_job_id'],
}

170
awx_collection/tests/integration/targets/user/tasks/main.yml
View File

@ -129,3 +129,173 @@
that:
- "'Unable to resolve controller_host' in result.msg or
'Can not verify ssl with non-https protocol' in result.exception"
- block:
- name: Generate a test ID
set_fact:
test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
- name: Generate an org name
set_fact:
org_name: "AWX-Collection-tests-organization-org-{{ test_id }}"
- name: Make sure {{ org_name }} is not there
organization:
name: "{{ org_name }}"
state: absent
register: result
- name: Create a new Organization
organization:
name: "{{ org_name }}"
galaxy_credentials:
- Ansible Galaxy
register: result
- assert:
that: "result is changed"
- name: Create a User to become admin of an organization {{ org_name }}
user:
username: "{{ username }}-orgadmin"
password: "{{ username }}-orgadmin"
state: present
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Add the user {{ username }}-orgadmin as an admin of the organization {{ org_name }}
role:
user: "{{ username }}-orgadmin"
role: admin
organization: "{{ org_name }}"
state: present
register: result
- assert:
that:
- "result is changed"
- name: Create a User as {{ username }}-orgadmin without using an organization (must fail)
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
first_name: Joe
password: "{{ 65535 | random | to_uuid }}"
state: present
register: result
ignore_errors: true
- assert:
that:
- "result is failed"
- name: Create a User as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
first_name: Joe
password: "{{ 65535 | random | to_uuid }}"
state: present
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Change a User as {{ username }}-orgadmin by ID using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ result.id }}"
last_name: User
email: joe@example.org
state: present
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Check idempotency as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
first_name: Joe
last_name: User
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is not changed"
- name: Rename a User as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
new_username: "{{ username }}-renamed"
email: joe@example.org
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Delete a User as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}-renamed"
email: joe@example.org
state: absent
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Remove the user {{ username }}-orgadmin as an admin of the organization {{ org_name }}
role:
user: "{{ username }}-orgadmin"
role: admin
organization: "{{ org_name }}"
state: absent
register: result
- assert:
that:
- "result is changed"
- name: Delete the User {{ username }}-orgadmin
user:
username: "{{ username }}-orgadmin"
password: "{{ username }}-orgadmin"
state: absent
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Delete the Organization {{ org_name }}
organization:
name: "{{ org_name }}"
state: absent
register: result
- assert:
that: "result is changed"
...