I took a look at this PR:
https://github.com/ansible/ansible/commit/c0c56c723a98de43d060a3034aa7bde10ac6b59f
And I completely agree that the _set_tenant_id function in core module quantum_network should be rewritten into this form:
def _set_tenant_id(module):
global _os_tenant_id
if not module.params[‘tenant_name’]:
_os_tenant_id = _os_keystone.tenant_id
else:
tenant_name = module.params[‘tenant_name’]
for tenant in _os_keystone.tenants.list():
if tenant.name == tenant_name:
_os_tenant_id = tenant.id
break
if not _os_tenant_id:
module.fail_json(msg = “The tenant id cannot be found, please check the parameters”)
The advantage of this is that it removes the need to have tenant-listing permissions if the target tenant is not different from the one whose id is already known by keystone. In other words, you should only need to have tenant-listing permissions when you explicitly define parameter ‘tenant_name’. This is the case when using os_network module on ansible 2.0.