Skip to content

feat(BOT-367): Add tenant management to security_zone module#105

Merged
kvp-hpe merged 3 commits into
mainfrom
kvp/feature/tenant-management
Jun 3, 2026
Merged

feat(BOT-367): Add tenant management to security_zone module#105
kvp-hpe merged 3 commits into
mainfrom
kvp/feature/tenant-management

Conversation

@kvp-hpe

@kvp-hpe kvp-hpe commented May 28, 2026

Copy link
Copy Markdown
Contributor

Summary

Implements BOT-367: Blueprint Enhancement - Tenant management by adding CRUD operations for Apstra Tenant objects to the security_zone module.

Tenants are a distinct entity in Apstra that group routing zones (security zones) under a named label, visible in the Apstra UI under Policies > Tenants.

Changes

New file: plugins/module_utils/apstra/bp_tenants.py

  • Utility module for Tenant CRUD via raw_request (Tenant API is not exposed by the SDK)
  • Functions: list_tenants, get_tenant, create_tenant, update_tenant, delete_tenant, find_tenant_by_label, resolve_security_zone_ids

Modified: plugins/modules/security_zone.py

  • tenant parameter (dict) — manage a single Tenant object with label and optional routing_zones
  • tenants parameter (list of dicts) — bulk Tenant operations with per-item state override
  • state=list — now returns both security_zones and tenants lists
  • Routing zone references can be labels or IDs
  • Full idempotency for create, update, and delete
  • Mutually exclusive with body parameter to maintain backward compatibility

New file: tests/tenant_management.yml

  • 48-task integration test playbook covering all acceptance criteria

Acceptance Criteria

AC Description Status
AC-1 Single tenant create/update with routing zones ✅ PASS
AC-2 Bulk tenant create/update/delete ✅ PASS
AC-3 Backward compatibility (tenant_label alias) ✅ PASS
AC-4 Idempotency (create, update, delete) ✅ PASS
AC-5 Integration test playbook ✅ PASS

Testing

  • tenant_management.yml: 48/48 tasks passed (0 failures)
  • security_zone.yml: 35/35 tasks passed (backward compatibility verified)

API Details

POST   /api/blueprints/{bp_id}/tenants          → create tenant
GET    /api/blueprints/{bp_id}/tenants           → list tenants
GET    /api/blueprints/{bp_id}/tenants/{tid}     → get tenant
PUT    /api/blueprints/{bp_id}/tenants/{tid}     → update (application_node_ids only, label is immutable)
DELETE /api/blueprints/{bp_id}/tenants/{tid}     → delete tenant

Resolves: BOT-367

kvp-hpe added 3 commits May 28, 2026 05:06
@kvp-hpe
feat(BOT-367): Add tenant management to security_zone module
009dc5b 
Implement CRUD operations for Apstra Tenant objects via the
security_zone module. Tenants group routing zones (security zones)
under a named label in the Apstra UI.

Changes:
- Add bp_tenants.py utility module with raw_request-based CRUD
  (list, get, create, update, delete, find_by_label, resolve IDs)
- Extend security_zone module with 'tenant' (single) and 'tenants'
  (bulk) parameters for managing actual Tenant objects
- state=list now returns both security_zones and tenants lists
- Tenant label resolution: reference routing zones by label or ID
- Full idempotency: create, update, and delete are all idempotent
- Backward compatible: existing body-based SZ creation with
  tenant_label/tenant_description aliases unchanged

Testing:
- tenant_management.yml: 48-task integration test covering all
  acceptance criteria (AC-1 through AC-5)
- security_zone.yml: 35/35 backward compatibility tests pass

Resolves: BOT-367
@kvp-hpe
docs: update security_zone RST and Makefile for tenant management (BO…
a6509fb 
…T-367)

- Update security_zone_module.rst synopsis to mention tenant management
- Add tenant and tenants parameter documentation
- Add state=list choice to state parameter
- Add examples for single tenant, bulk tenants, and state=list
- Add return values: security_zones, tenants, tenant
- Add test-tenant_management target to Makefile
@kvp-hpe
Updating version
0d5963d
@kvp-hpe kvp-hpe requested a review from vgavini June 3, 2026 07:56
@kvp-hpe kvp-hpe merged commit d796212 into main Jun 3, 2026
@alagoutte

alagoutte commented Jun 9, 2026

Copy link
Copy Markdown
Contributor

Hi,

There is an issue with this change on ansible sanity :

security_zone.py:0:0: parameter-state-invalid-choice: Argument 'state' includes the value 'list' as a choice

Can you look ? list is not valid type for state https://docs.ansible.com/projects/ansible/latest/dev_guide/developing_modules_best_practices.html#following-ansible-conventions

May be better idea to create fact for this ? https://docs.ansible.com/projects/ansible/latest/dev_guide/developing_modules_general.html?#creating-an-info-or-a-facts-module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vgavini vgavini vgavini approved these changes

@prtkdaved prtkdaved prtkdaved approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@kvp-hpe @alagoutte @vgavini @prtkdaved