External-Mirrors/awx
2
0
Fork 0
mirror of https://github.com/ansible/awx.git synced 2026-02-27 07:56:06 -03:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #11655 from ivarmu/devel

Browse Source 
Let an organization admin to add new users to it's tower organization
This commit is contained in:
Shane McDonald
2022-02-12 19:35:51 -05:00
committed by GitHub
parent b26c1c16b9 9cd43d044e
commit 60b6faff19
3 changed files with 193 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
awx_collection/plugins/modules/user.py
View File

@@ -42,6 +42,10 @@ options:
description: description:
- Email address of the user. - Email address of the user.
type: str type: str
organization:
description:
- The user will be created as a member of that organization (needed for organization admins to create new organization users).
type: str
is_superuser: is_superuser:
description: description:
- Designates that this user has all permissions without explicitly assigning them. - Designates that this user has all permissions without explicitly assigning them.
@@ -103,6 +107,14 @@ EXAMPLES = '''
state: present state: present
controller_config_file: "~/tower_cli.cfg" controller_config_file: "~/tower_cli.cfg"
- name: Add user as a member of an organization (permissions on the organization are required)
user:
username: jdoe
password: foobarbaz
email: jdoe@example.org
organization: devopsorg
state: present
- name: Delete user - name: Delete user
user: user:
username: jdoe username: jdoe
@@ -126,6 +138,7 @@ def main():
is_system_auditor=dict(type='bool', default=False, aliases=['auditor']), is_system_auditor=dict(type='bool', default=False, aliases=['auditor']),
password=dict(no_log=True), password=dict(no_log=True),
update_secrets=dict(type='bool', default=True, no_log=False), update_secrets=dict(type='bool', default=True, no_log=False),
organization=dict(),
state=dict(choices=['present', 'absent'], default='present'), state=dict(choices=['present', 'absent'], default='present'),
) )
@@ -141,6 +154,7 @@ def main():
is_superuser = module.params.get('is_superuser') is_superuser = module.params.get('is_superuser')
is_system_auditor = module.params.get('is_system_auditor') is_system_auditor = module.params.get('is_system_auditor')
password = module.params.get('password') password = module.params.get('password')
organization = module.params.get('organization')
state = module.params.get('state') state = module.params.get('state')
# Attempt to look up the related items the user specified (these will fail the module if not found) # Attempt to look up the related items the user specified (these will fail the module if not found)
@@ -169,8 +183,13 @@ def main():
if password is not None: if password is not None:
new_fields['password'] = password new_fields['password'] = password
# If the state was present and we can let the module build or update the existing item, this will return on its own if organization:
module.create_or_update_if_needed(existing_item, new_fields, endpoint='users', item_type='user') org_id = module.resolve_name_to_id('organizations', organization)
# If the state was present and we can let the module build or update the existing item, this will return on its own
module.create_or_update_if_needed(existing_item, new_fields, endpoint='organizations/{0}/users'.format(org_id), item_type='user')
else:
# If the state was present and we can let the module build or update the existing item, this will return on its own
module.create_or_update_if_needed(existing_item, new_fields, endpoint='users', item_type='user')
if __name__ == '__main__': if __name__ == '__main__':

4
awx_collection/test/awx/test_completeness.py
View File

@@ -67,8 +67,8 @@ no_api_parameter_ok = {
'ad_hoc_command': ['interval', 'timeout', 'wait'], 'ad_hoc_command': ['interval', 'timeout', 'wait'],
# group parameters to perserve hosts and children. # group parameters to perserve hosts and children.
'group': ['preserve_existing_children', 'preserve_existing_hosts'], 'group': ['preserve_existing_children', 'preserve_existing_hosts'],
# user parameters to rename a user. # new_username parameter to rename a user and organization allows for org admin user creation
'user': ['new_username'], 'user': ['new_username', 'organization'],
# workflow_approval parameters that do not apply when approving an approval node. # workflow_approval parameters that do not apply when approving an approval node.
'workflow_approval': ['action', 'interval', 'timeout', 'workflow_job_id'], 'workflow_approval': ['action', 'interval', 'timeout', 'workflow_job_id'],
} }

170
awx_collection/tests/integration/targets/user/tasks/main.yml
View File

@@ -129,3 +129,173 @@
that: that:
- "'Unable to resolve controller_host' in result.msg or - "'Unable to resolve controller_host' in result.msg or
'Can not verify ssl with non-https protocol' in result.exception" 'Can not verify ssl with non-https protocol' in result.exception"
- block:
- name: Generate a test ID
set_fact:
test_id: "{{ lookup('password', '/dev/null chars=ascii_letters length=16') }}"
- name: Generate an org name
set_fact:
org_name: "AWX-Collection-tests-organization-org-{{ test_id }}"
- name: Make sure {{ org_name }} is not there
organization:
name: "{{ org_name }}"
state: absent
register: result
- name: Create a new Organization
organization:
name: "{{ org_name }}"
galaxy_credentials:
- Ansible Galaxy
register: result
- assert:
that: "result is changed"
- name: Create a User to become admin of an organization {{ org_name }}
user:
username: "{{ username }}-orgadmin"
password: "{{ username }}-orgadmin"
state: present
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Add the user {{ username }}-orgadmin as an admin of the organization {{ org_name }}
role:
user: "{{ username }}-orgadmin"
role: admin
organization: "{{ org_name }}"
state: present
register: result
- assert:
that:
- "result is changed"
- name: Create a User as {{ username }}-orgadmin without using an organization (must fail)
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
first_name: Joe
password: "{{ 65535 | random | to_uuid }}"
state: present
register: result
ignore_errors: true
- assert:
that:
- "result is failed"
- name: Create a User as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
first_name: Joe
password: "{{ 65535 | random | to_uuid }}"
state: present
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Change a User as {{ username }}-orgadmin by ID using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ result.id }}"
last_name: User
email: joe@example.org
state: present
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Check idempotency as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
first_name: Joe
last_name: User
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is not changed"
- name: Rename a User as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}"
new_username: "{{ username }}-renamed"
email: joe@example.org
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Delete a User as {{ username }}-orgadmin using an organization
user:
controller_username: "{{ username }}-orgadmin"
controller_password: "{{ username }}-orgadmin"
username: "{{ username }}-renamed"
email: joe@example.org
state: absent
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Remove the user {{ username }}-orgadmin as an admin of the organization {{ org_name }}
role:
user: "{{ username }}-orgadmin"
role: admin
organization: "{{ org_name }}"
state: absent
register: result
- assert:
that:
- "result is changed"
- name: Delete the User {{ username }}-orgadmin
user:
username: "{{ username }}-orgadmin"
password: "{{ username }}-orgadmin"
state: absent
organization: "{{ org_name }}"
register: result
- assert:
that:
- "result is changed"
- name: Delete the Organization {{ org_name }}
organization:
name: "{{ org_name }}"
state: absent
register: result
- assert:
that: "result is changed"
...