|
21 | 21 | ansible.builtin.set_fact: |
22 | 22 | organization_name: "GW-Collection-Test-Organization-{{ test_id }}" |
23 | 23 | team_name_prefix: "GW-Collection-Test-Team-{{ test_id }}" |
| 24 | + custom_role_name: "GW-Custom-Role-{{ test_id }}" |
24 | 25 |
|
25 | 26 | # -------------------------------------------------------------------------- |
26 | 27 | # Organizations |
|
91 | 92 | - team2 is changed |
92 | 93 | - team3 is changed |
93 | 94 | - team4 is changed |
| 95 | + |
| 96 | + # -------------------------------------------------------------------------- |
| 97 | + # Custom Role Setup |
| 98 | + # -------------------------------------------------------------------------- |
| 99 | + - name: Create Custom Role |
| 100 | + ansible.platform.role_definition: |
| 101 | + name: "{{ custom_role_name }}" |
| 102 | + description: "Custom role for integration test" |
| 103 | + content_type: "shared.organization" |
| 104 | + permissions: |
| 105 | + - "shared.view_organization" |
| 106 | + state: present |
| 107 | + register: custom_role |
| 108 | + |
94 | 109 | # 1. Assign Org Admin role to Team1 on Org1 (Global role can't be assigned) |
95 | 110 | - name: Assign Org Admin to Team1 on Org1 |
96 | 111 | ansible.platform.role_team_assignment: |
|
113 | 128 | register: org_admin_assignment_2 |
114 | 129 | ignore_errors: true # this may fail depending on AAP limitations |
115 | 130 |
|
| 131 | + # 3. Assign Custom Role Assignment Test to Team1 on Org1 |
| 132 | + - name: Assign Custom Role to Team1 on Org1 |
| 133 | + ansible.platform.role_team_assignment: |
| 134 | + assignment_objects: |
| 135 | + - name: "{{ org1.name }}" |
| 136 | + type: "organizations" |
| 137 | + role_definition: "{{ custom_role_name }}" |
| 138 | + team: "{{ team1.name }}" |
| 139 | + state: present |
| 140 | + register: custom_role_assignment |
| 141 | + |
| 142 | + # -------------------------------------------------------------------------- |
| 143 | + # VERIFICATION: Query API to confirm assignment persists |
| 144 | + # -------------------------------------------------------------------------- |
| 145 | + - name: Fetch assignment for Team 1 and Custom Role |
| 146 | + ansible.builtin.uri: |
| 147 | + url: "{{ gateway_hostname }}api/gateway/v1/role_team_assignments/?role_definition={{ custom_role.id }}&team={{ team1.id }}" |
| 148 | + user: "{{ gateway_username }}" |
| 149 | + password: "{{ gateway_password }}" |
| 150 | + force_basic_auth: true |
| 151 | + validate_certs: "{{ gateway_validate_certs | bool }}" |
| 152 | + return_content: true |
| 153 | + register: assignment_query |
| 154 | + |
| 155 | + - name: Assert Assignment exists |
| 156 | + ansible.builtin.assert: |
| 157 | + that: |
| 158 | + - "assignment_query.json.count > 0" |
| 159 | + fail_msg: "No role assignment found for Custom Role ID {{ custom_role.id }} and Team ID {{ team1.id }}." |
| 160 | + |
116 | 161 | # Once we have role_definition , module available we can uncomment these |
117 | 162 | # 3. Assign Org Inventory Admin role to Team2 on Org2 |
118 | 163 | # - name: Assign Org Inventory Admin to Team2 on Org2 |
|
212 | 257 | - "{{ org2.name }}" |
213 | 258 | - "{{ org3.name }}" |
214 | 259 | - "{{ org4.name }}" |
| 260 | + |
| 261 | + - name: Delete custom role |
| 262 | + ansible.platform.role_definition: |
| 263 | + name: "{{ custom_role_name }}" |
| 264 | + content_type: "shared.organization" |
| 265 | + permissions: |
| 266 | + - "shared.view_organization" |
| 267 | + state: absent |
| 268 | + register: role_delete |
| 269 | + failed_when: |
| 270 | + - role_delete.failed |
| 271 | + - "'Not found' not in role_delete.msg" |
| 272 | + - "'does not exist' not in role_delete.msg" |
215 | 273 | ... |
0 commit comments