From 8ddefcfb1ddd75f61ec09ab4ee2296f45e8de6bb Mon Sep 17 00:00:00 2001
From: Davide Guerri <davide.guerri@gmail.com>
Date: Sun, 19 Apr 2015 19:44:20 +0100
Subject: Allow using neutron_{network, subnet} modules without admin role

Admin power is needed in order retrieve the tenant_id of a given
tenant name and to create/delete networks for a tenant that is not
the one used to authenticate the user.

We require an admin role only if the module is invoked with a specific
tenant name.
---
 neutron_network | 25 ++++++++++++++-----------
 neutron_subnet  | 33 ++++++++++++++++++---------------
 2 files changed, 32 insertions(+), 26 deletions(-)

diff --git a/neutron_network b/neutron_network
index 6dee045..0f492be 100644
--- a/neutron_network
+++ b/neutron_network
@@ -130,7 +130,7 @@ def _get_ksclient(module, kwargs):
     global _os_keystone
     _os_keystone = kclient
     return kclient
- 
+
 
 def _get_endpoint(module, ksclient):
     try:
@@ -155,15 +155,18 @@ def _get_neutron_client(module, kwargs):
 
 def _set_tenant_id(module):
     global _os_tenant_id
-    if not module.params['tenant_name']:
-        tenant_name = module.params['login_tenant_name']
-    else:
+    if module.params['tenant_name']:
+        # We need admin power in order retrieve the tenant_id of a given
+        # tenant name and to create/delete networks for a tenant that is not
+        # the one used to authenticate the user.
         tenant_name = module.params['tenant_name']
-        
-    for tenant in _os_keystone.tenants.list():
-        if tenant.name == tenant_name:
-            _os_tenant_id = tenant.id
-            break
+        for tenant in _os_keystone.tenants.list():
+            if tenant.name == tenant_name:
+                _os_tenant_id = tenant.id
+                break
+    else:
+        _os_tenant_id = _os_keystone.tenant_id
+
     if not _os_tenant_id:
         module.fail_json(msg = "The tenant id cannot be found, please check the paramters")
 
@@ -219,7 +222,7 @@ def _create_network(module, neutron):
     except Exception as e:
         module.fail_json(msg = "Error in creating network: %s" % e.message)
     return net['network']['id']
-                
+
 def _delete_network(module, net_id, neutron):
 
     try:
@@ -229,7 +232,7 @@ def _delete_network(module, net_id, neutron):
     return True
 
 def main():
-    
+
     module = AnsibleModule(
         argument_spec = dict(
             login_username = dict(default='admin'),
diff --git a/neutron_subnet b/neutron_subnet
index 314d8ed..f666ef6 100644
--- a/neutron_subnet
+++ b/neutron_subnet
@@ -140,7 +140,7 @@ def _get_ksclient(module, kwargs):
     global _os_keystone
     _os_keystone = kclient
     return kclient
- 
+
 
 def _get_endpoint(module, ksclient):
     try:
@@ -165,17 +165,20 @@ def _get_neutron_client(module, kwargs):
 
 def _set_tenant_id(module):
     global _os_tenant_id
-    if not module.params['tenant_name']:
-        tenant_name = module.params['login_tenant_name']
-    else:
+    if module.params['tenant_name']:
+        # We need admin power in order retrieve the tenant_id of a given
+        # tenant name and to create/delete networks for a tenant that is not
+        # the one used to authenticate the user.
         tenant_name = module.params['tenant_name']
+        for tenant in _os_keystone.tenants.list():
+            if tenant.name == tenant_name:
+                _os_tenant_id = tenant.id
+                break
+    else:
+        _os_tenant_id = _os_keystone.tenant_id
 
-    for tenant in _os_keystone.tenants.list():
-        if tenant.name == tenant_name:
-            _os_tenant_id = tenant.id
-            break
     if not _os_tenant_id:
-            module.fail_json(msg = "The tenant id cannot be found, please check the paramters")
+        module.fail_json(msg = "The tenant id cannot be found, please check the paramters")
 
 def _get_net_id(neutron, module):
     kwargs = {
@@ -248,18 +251,18 @@ def _create_subnet(module, neutron):
     except Exception, e:
         module.fail_json(msg = "Failure in creating subnet: %s" % e.message)
     return new_subnet['subnet']['id']
-        
-                
+
+
 def _delete_subnet(module, neutron, subnet_id):
     try:
         neutron.delete_subnet(subnet_id)
     except Exception as e:
         module.fail_json( msg = "Error in deleting subnet: %s" % e.message)
     return True
-        
-                
+
+
 def main():
-    
+
     module = AnsibleModule(
         argument_spec = dict(
             login_username = dict(default='admin'),
@@ -298,7 +301,7 @@ def main():
         else:
             _delete_subnet(module, neutron, subnet_id)
             module.exit_json(changed = True, result = "deleted")
-                
+
 # this is magic, see lib/ansible/module.params['common.py
 from ansible.module_utils.basic import *
 main()
-- 
cgit v1.2.1