Merge pull request #16 from sean-m-sullivan/approval_role

update to approval role
2026-01-13 02:50:02 -03:30 · 2020-10-17 00:10:00 -05:00 · 2020-10-17 00:10:00 -05:00 · 6c1f688bf1
commit 6c1f688bf1
parent 0393d537de 82bb8033ec
3 changed files with 34 additions and 2 deletions
--- a/awx_collection/plugins/modules/tower_role.py
+++ b/awx_collection/plugins/modules/tower_role.py
@ -34,7 +34,7 @@ options:
      description:
        - The role type to grant/revoke.
      required: True
-      choices: ["admin", "read", "member", "execute", "adhoc", "update", "use", "auditor", "project_admin", "inventory_admin", "credential_admin",
+      choices: ["admin", "read", "member", "execute", "adhoc", "update", "use", "approval", "auditor", "project_admin", "inventory_admin", "credential_admin",
                "workflow_admin", "notification_admin", "job_template_admin"]
      type: str
    target_team:
@ -147,7 +147,7 @@ def main():
    argument_spec = dict(
        user=dict(),
        team=dict(),
-        role=dict(choices=["admin", "read", "member", "execute", "adhoc", "update", "use", "auditor", "project_admin", "inventory_admin", "credential_admin",
+        role=dict(choices=["admin", "read", "member", "execute", "adhoc", "update", "use", "approval", "auditor", "project_admin", "inventory_admin", "credential_admin",
                           "workflow_admin", "notification_admin", "job_template_admin"], required=True),
        target_team=dict(),
        inventory=dict(),
--- a/awx_collection/test/awx/test_role.py
+++ b/awx_collection/test/awx/test_role.py
@ -48,6 +48,26 @@ def test_grant_workflow_permission(run_module, admin_user, organization, state):
    else:
        assert rando not in wfjt.execute_role

+@pytest.mark.django_db
+@pytest.mark.parametrize('state', ('present', 'absent'))
+def test_grant_workflow_approval_permission(run_module, admin_user, organization, state):
+    wfjt = WorkflowJobTemplate.objects.create(organization=organization, name='foo-workflow')
+    rando = User.objects.create(username='rando')
+    if state == 'absent':
+        wfjt.execute_role.members.add(rando)
+
+    result = run_module('tower_role', {
+        'user': rando.username,
+        'workflow': wfjt.name,
+        'role': 'approval',
+        'state': state
+    }, admin_user)
+    assert not result.get('failed', False), result.get('msg', result)
+
+    if state == 'present':
+        assert rando in wfjt.approval_role
+    else:
+        assert rando not in wfjt.approval_role

@pytest.mark.django_db
 def test_invalid_role(run_module, admin_user, project):
--- a/awx_collection/tests/integration/targets/tower_role/tasks/main.yml
+++ b/awx_collection/tests/integration/targets/tower_role/tasks/main.yml
@ -96,6 +96,18 @@
        that:
          - "result is not changed"

+    - name: Add Joe to workflow approve role
+      tower_role:
+        user: "{{ username }}"
+        role: approval
+        workflow: test-role-workflow
+        state: present
+      register: result
+
+    - assert:
+        that:
+          - "result is changed"
+
  always:
    - name: Delete a User
      tower_user: