Add target_all_project option

Adds target_all_project option to neutron_rbac_policy
module, for specifing all projects as target projects
explicitly.

Change-Id: I1393463a79fc83bcda7aa5642f5d3ed27fb195b5

ci/roles/neutron_rbac_policy/defaults/main.yml

@@ -7,3 +7,4 @@ expected_fields:
   - project_id
   - target_project_id
   - tenant_id
+all_project_symbol: '*'

ci/roles/neutron_rbac_policy/tasks/main.yml

@@ -69,6 +69,29 @@
     id: "{{ rbac_policy.rbac_policy.id }}"
     state: absent
 
+- name: Create a new network RBAC policy by targeting all projects
+  openstack.cloud.neutron_rbac_policy:
+    cloud: "{{ cloud }}"
+    object_id: "{{ network.network.id }}"
+    object_type: 'network'
+    action: 'access_as_shared'
+    target_all_project: true
+    project_id: "{{ source_project.project.id }}"
+  register: rbac_policy
+
+- name: Assert return values of neutron_rbac_policy module
+  assert:
+    that:
+      # allow new fields to be introduced but prevent fields from being removed
+      - expected_fields|difference(rbac_policy.rbac_policy.keys())|length == 0
+      - rbac_policy.rbac_policy.target_project_id == all_project_symbol
+
+- name: Delete RBAC policy
+  openstack.cloud.neutron_rbac_policy:
+    cloud: "{{ cloud }}"
+    id: "{{ rbac_policy.rbac_policy.id }}"
+    state: absent
+
 - name: Get all rbac policies for {{ source_project.project.name }} - after deletion
   openstack.cloud.neutron_rbac_policies_info:
     cloud: "{{ cloud }}"

plugins/modules/neutron_rbac_policy.py

@@ -65,6 +65,12 @@ options:
       - Required when creating or updating a RBAC policy rule, ignored when
         deleting a policy.
     type: str
+  target_all_project:
+    description:
+      - Whether all projects are targted for access.
+      - If this option set to true, C(target_project_id) is ignored.
+    type: bool
+    default: 'false'
   state:
     description:
       - Whether the RBAC rule should be C(present) or C(absent).
@@ -145,6 +151,8 @@ from ansible_collections.openstack.cloud.plugins.module_utils.openstack import O
 
 
 class NeutronRBACPolicy(OpenStackModule):
+    all_project_symbol = '*'
+
     argument_spec = dict(
         action=dict(choices=['access_as_external', 'access_as_shared']),
         id=dict(aliases=['policy_id']),
@@ -153,17 +161,22 @@ class NeutronRBACPolicy(OpenStackModule):
         project_id=dict(),
         state=dict(default='present', choices=['absent', 'present']),
         target_project_id=dict(),
+        target_all_project=dict(type='bool', default=False),
     )
 
     module_kwargs = dict(
         required_if=[
-            ('state', 'present', ('target_project_id',)),
+            ('state', 'present', ('target_project_id', 'target_all_project',), True),
             ('state', 'absent', ('id',)),
         ],
         supports_check_mode=True,
     )
 
     def run(self):
+        target_all_project = self.params.get('target_all_project')
+        if target_all_project:
+            self.params['target_project_id'] = self.all_project_symbol
+
         state = self.params['state']
 
         policy = self._find()
@@ -262,7 +275,7 @@ class NeutronRBACPolicy(OpenStackModule):
 
         return [p for p in policies
                 if any(p[k] == self.params[k]
-                       for k in ['object_id', 'target_project_id'])]
+                       for k in ['object_id'])]
 
     def _update(self, policy, update):
         attributes = update.get('attributes')