herve4m · herve4m · Oct 17, 2024 · Oct 17, 2024 · Oct 17, 2024
diff --git a/plugins/module_utils/api_module.py b/plugins/module_utils/api_module.py
@@ -202,19 +202,9 @@ def make_raw_request(self, method, url, ok_error_codes=None, **kwargs):
         data = kwargs.get("data")
         if isinstance(data, dict):
             data = json.dumps(data)
-        follow_redirects = kwargs.get("follow_redirects")
 
         try:
-            if follow_redirects is not None:
-                response = self.session.open(
-                    method,
-                    url.geturl(),
-                    headers=headers,
-                    data=data,
-                    follow_redirects=follow_redirects,
-                )
-            else:
-                response = self.session.open(method, url.geturl(), headers=headers, data=data)
+            response = self.session.open(method, url.geturl(), headers=headers, data=data)
         except SSLValidationError as ssl_err:
             raise APIModuleError(
                 "Could not establish a secure connection to {host}: {error}.".format(

diff --git a/plugins/modules/rhacs_auth_provider.py b/plugins/modules/rhacs_auth_provider.py
@@ -517,13 +517,6 @@ def main():
             name,
             "/v1/authProviders/{id}".format(id=id),
         )
-        id = new_config.get("id", "") if new_config else ""
-        module.delete(
-            new_config,
-            "authentication provider",
-            new_name,
-            "/v1/authProviders/{id}".format(id=id),
-        )
 
     if not config and new_config:
         config = new_config
@@ -631,7 +624,7 @@ def main():
             if use_client_secret is False and mode == "query":
                 module.fail_json(
                     msg=(
-                        "when `mode=query` in the `oidc' section, "
+                        "when `mode=query' in the `oidc' section, "
                         "`use_client_secret' must be true, and `client_secret' "
                         "must be set"
                     )
@@ -807,7 +800,7 @@ def main():
         if use_client_secret is False and mode == "query":
             module.fail_json(
                 msg=(
-                    "when `mode=query` in the `oidc' section, "
+                    "when `mode=query' in the `oidc' section, "
                     "`use_client_secret' must be true, and `client_secret' "
                     "must be set"
                 )

diff --git a/plugins/modules/rhacs_collection.py b/plugins/modules/rhacs_collection.py
@@ -707,7 +707,7 @@ def main():
             module.fail_json(
                 msg=(
                     "at least a rule (in `rules'), or a collection (in "
-                    "`attached_collections`) is required when creating a "
+                    "`attached_collections') is required when creating a "
                     "deployment collection."
                 )
             )
@@ -820,7 +820,7 @@ def main():
         module.fail_json(
             msg=(
                 "at least a rule (in `deployments', `namespaces', or `clusters'), "
-                "or a collection (in `attached_collections`) is required."
+                "or a collection (in `attached_collections') is required."
             )
         )
 

diff --git a/plugins/modules/rhacs_external_backup.py b/plugins/modules/rhacs_external_backup.py
@@ -472,7 +472,7 @@ def main():
         if provider_type == "s3":
             # Verify the S3 parameters
             if not s3:
-                module.fail_json(msg="type is s3 but the `s3` parameter is missing")
+                module.fail_json(msg="type is s3 but the `s3' parameter is missing")
             missing_args = []
             if not s3.get("bucket"):
                 missing_args.append("bucket")
@@ -506,7 +506,7 @@ def main():
         else:
             # Verify the GCS parameters
             if not gcs:
-                module.fail_json(msg="type is gcs but the `gcs` parameter is missing")
+                module.fail_json(msg="type is gcs but the `gcs' parameter is missing")
             missing_args = []
             if not gcs.get("bucket"):
                 missing_args.append("bucket")

diff --git a/plugins/modules/rhacs_image_integration.py b/plugins/modules/rhacs_image_integration.py
@@ -983,7 +983,7 @@ def main():
                     module.fail_json(
                         msg=(
                             "the `SCANNER' and `BOTH' categories "
-                            "cannot be used when `use_workload_id` is true"
+                            "cannot be used when `use_workload_id' is true"
                         )
                     )
                 use_workload_id = False
@@ -1398,7 +1398,7 @@ def main():
             module.fail_json(
                 msg=(
                     "the `SCANNER' and `BOTH' categories "
-                    "cannot be used when `use_workload_id` is true"
+                    "cannot be used when `use_workload_id' is true"
                 )
             )
 

diff --git a/tests/integration/targets/check_mode/tasks/main.yml b/tests/integration/targets/check_mode/tasks/main.yml
@@ -120,4 +120,64 @@
   ansible.builtin.assert:
     that: result['changed']
     fail_msg: The preceding task should have deleted the policy category
+
+# Expected errors
+- name: ERROR EXPECTED Ensure the policy category is deleted (host)
+  herve4m.rhacs_configuration.rhacs_policy_category:
+    name: System Tools
+    state: absent
+    rhacs_host: http://doesnotexists.local
+    rhacs_token: "{{ rhacs_token }}"
+    skip_validate_certs: true
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (host does not exist)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (host does not exist)
+
+- name: ERROR EXPECTED Ensure the policy category is deleted (cannot connect)
+  herve4m.rhacs_configuration.rhacs_policy_category:
+    name: System Tools
+    state: absent
+    rhacs_host: https://locahost:12345
+    rhacs_token: "{{ rhacs_token }}"
+    skip_validate_certs: true
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (cannot connect to the API)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (cannot connect)
+
+- name: ERROR EXPECTED Ensure the policy category is deleted (SSL validation)
+  herve4m.rhacs_configuration.rhacs_policy_category:
+    name: System Tools
+    state: absent
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "{{ rhacs_token }}"
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (SSL validation)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (SSL validation)
+
+- name: ERROR EXPECTED Ensure the policy category is deleted (credentials)
+  herve4m.rhacs_configuration.rhacs_policy_category:
+    name: System Tools
+    state: absent
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "AABBCCDDEEFFGGHH"
+    skip_validate_certs: true
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (wrong credentials)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (wrong credentials)
 ...
diff --git a/tests/integration/targets/rhacs_auth_provider/tasks/main.yml b/tests/integration/targets/rhacs_auth_provider/tasks/main.yml
@@ -21,8 +21,75 @@
     name: ansible auth 1
     type: auth0
     rhacs_url: "{{ rhacs_host }}/portal"
-    auth0:
-      tenant_url: https://accounts.google.com
+    auth0: {}
+    state: present
+    skip_validate_certs: true
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "{{ rhacs_token }}"
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (missing parameter)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (missing parameter)
+
+- name: ERROR EXPECTED Ensure the auth provider exists 3
+  herve4m.rhacs_configuration.rhacs_auth_provider:
+    name: ansible auth 1
+    type: google
+    google: {}
+    state: present
+    skip_validate_certs: true
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "{{ rhacs_token }}"
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (missing parameter)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (missing parameter)
+
+- name: ERROR EXPECTED Ensure the auth provider exists 4
+  herve4m.rhacs_configuration.rhacs_auth_provider:
+    name: ansible auth 1
+    type: oidc
+    oidc: {}
+    state: present
+    skip_validate_certs: true
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "{{ rhacs_token }}"
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (missing parameter)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (missing parameter)
+
+- name: ERROR EXPECTED Ensure the auth provider exists 5
+  herve4m.rhacs_configuration.rhacs_auth_provider:
+    name: ansible auth 1
+    type: saml
+    saml: {}
+    state: present
+    skip_validate_certs: true
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "{{ rhacs_token }}"
+  ignore_errors: true
+  register: result
+
+- name: Ensure that the task failed (missing parameter)
+  ansible.builtin.assert:
+    that: result['failed']
+    fail_msg: The preceding task should have failed (missing parameter)
+
+- name: ERROR EXPECTED Ensure the auth provider exists 6
+  herve4m.rhacs_configuration.rhacs_auth_provider:
+    name: ansible auth 1
+    type: userpki
+    userpki: {}
     state: present
     skip_validate_certs: true
     rhacs_host: "{{ rhacs_host }}"
@@ -294,7 +361,7 @@
     that: not result['changed']
     fail_msg: The preceding task should not have changed anything
 
-# The OpenShift provider is available only when Stackrox is installed
+# The OpenShift provider is available only when StackRox is installed
 # on Red Hat OpenShift.
 # - name: Ensure the auth provider exists 4
 #   herve4m.rhacs_configuration.rhacs_auth_provider:
@@ -364,6 +431,25 @@
     that: not result['changed']
     fail_msg: The preceding task should not have changed anything
 
+- name: Ensure the auth provider 5 is updated
+  herve4m.rhacs_configuration.rhacs_auth_provider:
+    name: ansible auth 5
+    type: saml
+    saml:
+      mode: dynamic
+      service_provider_issuer: https://prevent1.stackrox.io
+      metadata_url: https://idp.psl.eu/idp/saml2/metadata
+    state: present
+    skip_validate_certs: true
+    rhacs_host: "{{ rhacs_host }}"
+    rhacs_token: "{{ rhacs_token }}"
+  register: result
+
+- name: Ensure that the task did change something
+  ansible.builtin.assert:
+    that: result['changed']
+    fail_msg: The preceding task should have changed something
+
 - name: Ensure the auth provider exists 6
   herve4m.rhacs_configuration.rhacs_auth_provider:
     name: does not exist
@@ -825,7 +911,7 @@
     - name: ansible auth 9
       type: saml
 
-- name: Ensure the authentication provider8 is removed
+- name: Ensure the authentication provider 8 is removed
   herve4m.rhacs_configuration.rhacs_auth_provider:
     name: ansible auth 8
     type: saml
@@ -840,7 +926,7 @@
     that: result['changed']
     fail_msg: The preceding task should have changed something
 
-- name: Ensure the authentication provider8 is removed (no change)
+- name: Ensure the authentication provider 8 is removed (no change)
   herve4m.rhacs_configuration.rhacs_auth_provider:
     name: ansible auth 8
     type: saml