Fix the issue #158

plugins/modules/azure_rm_roledefinition.py

@@ -284,7 +284,7 @@ def build_scope(self):
 
     # check update
     def check_update(self, old_definition):
-        if self.description and self.description != old_definition['properties']['description']:
+        if self.description and self.description != old_definition['description']:
             return True
         if self.permissions:
             if len(self.permissions) != len(old_definition['permissions']):

tests/integration/targets/azure_rm_roledefinition/aliases

@@ -0,0 +1,3 @@
+cloud/azure
+destructive
+unsupported

tests/integration/targets/azure_rm_roledefinition/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_azure

tests/integration/targets/azure_rm_roledefinition/tasks/main.yml

@@ -0,0 +1,211 @@
+- name: Fix resource prefix
+  set_fact:
+    role_name: "{{ (resource_group | replace('-','x'))[-8:] }}{{ 1000 | random }}testrole"
+    subscription_id: "{{azure_subscription_id}}"
+    principal_id: "{{azure_client_id}}"
+  run_once: yes
+
+- name: Create a role definition (Check Mode)
+  azure_rm_roledefinition:
+    name: "{{ role_name }}"
+    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+    permissions:
+      - actions:
+          - "Microsoft.Compute/virtualMachines/read"
+        not_actions:
+          - "Microsoft.Compute/virtualMachines/write"
+        data_actions:
+          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+        not_data_actions:
+          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
+    assignable_scopes:
+        - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+  check_mode: yes
+  register: output
+
+- name: Assert creating role definition check mode
+  assert:
+    that:
+      - output.changed
+
+- name: Create a role definition
+  azure_rm_roledefinition:
+    name: "{{ role_name }}"
+    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+    permissions:
+      - actions:
+          - "Microsoft.Compute/virtualMachines/read"
+        not_actions:
+          - "Microsoft.Compute/virtualMachines/write"
+        data_actions:
+          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+        not_data_actions:
+          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
+    assignable_scopes:
+        - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+  register: output
+
+- name: Assert creating role definition
+  assert:
+    that:
+      - output.changed
+
+
+## because of the bug of azure service , the following tasks will cause failures randomly
+#
+#- name: Get facts by type
+#  azure_rm_roledefinition_info:
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    type: custom
+#  register: facts
+#
+#- name: Assert facts
+#  assert:
+#    that:
+#      - facts['roledefinitions'] | length > 1
+#
+#- name: Get facts by name
+#  azure_rm_roledefinition_info:
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    role_name: "{{ role_name }}"
+#  register: facts
+#  until: facts.roledefinitions | length > 0
+#  retries: 50
+#  delay: 60
+#
+#- name: Assert facts
+#  assert:
+#    that:
+#      - facts['roledefinitions'] | length == 1
+#      - facts['roledefinitions'][0]['permissions'] | length == 1
+#      - facts['roledefinitions'][0]['permissions'][0]['not_data_actions'] | length == 1
+#      - facts['roledefinitions'][0]['permissions'][0]['data_actions'] | length == 1
+#
+#- name: Update the role definition (idempotent)
+#  azure_rm_roledefinition:
+#    name: "{{ role_name }}"
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    permissions:
+#      - actions:
+#          - "Microsoft.Compute/virtualMachines/read"
+#        not_actions:
+#          - "Microsoft.Compute/virtualMachines/write"
+#        data_actions:
+#          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+#        not_data_actions:
+#          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
+#    assignable_scopes:
+#          - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#  register: output
+#
+#- name: assert output not changed
+#  assert:
+#    that:
+#      - not output.changed
+#
+#- name: Update the role definition
+#  azure_rm_roledefinition:
+#    name: "{{ role_name }}"
+#    description: "update description"
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    permissions:
+#      - actions:
+#          - "Microsoft.Compute/virtualMachines/read"
+#          - "Microsoft.Compute/virtualMachines/start/action"
+#        not_actions:
+#          - "Microsoft.Compute/virtualMachines/write"
+#        data_actions:
+#          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read"
+#        not_data_actions:
+#          - "Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write"
+#    assignable_scopes:
+#        - "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#  register: output
+#
+#- name: assert output changed
+#  assert:
+#    that:
+#      - output.changed
+#
+#- name: Get role definition facts
+#  azure_rm_roledefinition_info:
+#    role_name: "{{ role_name }}"
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    type: custom
+#  register: roledef
+#  until: "{{ roledef.roledefinitions | length > 0 }}"
+#  retries: 50
+#  delay: 60
+#
+#- name: Assert role definition facts
+#  assert:
+#    that:
+#      - roledef['roledefinitions'] | length == 1
+#      - roledef['roledefinitions'][0]['id']
+#
+#- name: Create a role assignment (Check Mode)
+#  azure_rm_roleassignment:
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    assignee_object_id: "{{ principal_id }}"
+#    role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}"
+#  check_mode: yes
+#  register: output
+#
+#- name: Assert creating role definition check mode
+#  assert:
+#    that:
+#      - output.changed
+#
+#- name: Create a role assignment
+#  azure_rm_roleassignment:
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    assignee_object_id: "{{ principal_id }}"
+#    role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}"
+#  register: output
+#
+#- name: Assert creating role assignment
+#  assert:
+#    that:
+#      - output.changed
+#
+#- name: Get facts
+#  azure_rm_roleassignment_info:
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    assignee: "{{ principal_id }}"
+#    role_definition_id: "{{ roledef['roledefinitions'][0]['id'] }}"
+#  register: facts
+#
+#- name: assert role assignment facts
+#  assert:
+#    that:
+#      - facts['roleassignments'] | length > 0
+#      - facts['roleassignments'][0]['id']
+#
+#- name: delete role assignment
+#  azure_rm_roleassignment:
+#    name: "{{ facts['roleassignments'][0]['id'].split('/')[-1] }}"
+#    scope: "/subscriptions/{{ subscription_id }}"
+#    state: absent
+#
+#- name: Delete the role definition (Check Mode)
+#  azure_rm_roledefinition:
+#    name: "{{ role_name }}"
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    state: absent
+#  check_mode: yes
+#  register: output
+#
+#- name: assert deleting role definition check mode
+#  assert:
+#    that: output.changed
+#
+#- name: Delete the role definition
+#  azure_rm_roledefinition:
+#    name: "{{ role_name }}"
+#    scope: "/subscriptions/{{ subscription_id }}/resourceGroups/{{ resource_group }}"
+#    state: absent
+#  register: output
+#
+#- assert:
+#    that:
+#      - output.changed