Make remote_group handle name and id in cloud/openstack/os_security_group_rule.py
* Make remote_group handle name and id * fix regression breaking os_security_group_rule with no remote_group
This commit is contained in:
parent
f1bacc1d3f
commit
7c52ea58f1
1 changed files with 17 additions and 11 deletions
|
@ -34,7 +34,7 @@ description:
|
|||
options:
|
||||
security_group:
|
||||
description:
|
||||
- Name of the security group
|
||||
- Name or ID of the security group
|
||||
required: true
|
||||
protocol:
|
||||
description:
|
||||
|
@ -57,7 +57,8 @@ options:
|
|||
required: false
|
||||
remote_group:
|
||||
description:
|
||||
- ID of Security group to link (exclusive with remote_ip_prefix)
|
||||
- Name or ID of the Security group to link (exclusive with
|
||||
remote_ip_prefix)
|
||||
required: false
|
||||
ethertype:
|
||||
description:
|
||||
|
@ -204,7 +205,7 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
|
|||
return module_min == rule_min and module_max == rule_max
|
||||
|
||||
|
||||
def _find_matching_rule(module, secgroup):
|
||||
def _find_matching_rule(module, secgroup, remotegroup):
|
||||
"""
|
||||
Find a rule in the group that matches the module parameters.
|
||||
:returns: The matching rule dict, or None if no matches.
|
||||
|
@ -213,7 +214,7 @@ def _find_matching_rule(module, secgroup):
|
|||
remote_ip_prefix = module.params['remote_ip_prefix']
|
||||
ethertype = module.params['ethertype']
|
||||
direction = module.params['direction']
|
||||
remote_group_id = module.params['remote_group']
|
||||
remote_group_id = remotegroup['id']
|
||||
|
||||
for rule in secgroup['security_group_rules']:
|
||||
if (protocol == rule['protocol']
|
||||
|
@ -230,10 +231,10 @@ def _find_matching_rule(module, secgroup):
|
|||
return None
|
||||
|
||||
|
||||
def _system_state_change(module, secgroup):
|
||||
def _system_state_change(module, secgroup, remotegroup):
|
||||
state = module.params['state']
|
||||
if secgroup:
|
||||
rule_exists = _find_matching_rule(module, secgroup)
|
||||
rule_exists = _find_matching_rule(module, secgroup, remotegroup)
|
||||
else:
|
||||
return False
|
||||
|
||||
|
@ -254,7 +255,6 @@ def main():
|
|||
port_range_min = dict(required=False, type='int'),
|
||||
port_range_max = dict(required=False, type='int'),
|
||||
remote_ip_prefix = dict(required=False, default=None),
|
||||
# TODO(mordred): Make remote_group handle name and id
|
||||
remote_group = dict(required=False, default=None),
|
||||
ethertype = dict(default='IPv4',
|
||||
choices=['IPv4', 'IPv6']),
|
||||
|
@ -279,21 +279,27 @@ def main():
|
|||
|
||||
state = module.params['state']
|
||||
security_group = module.params['security_group']
|
||||
remote_group = module.params['remote_group']
|
||||
changed = False
|
||||
|
||||
try:
|
||||
cloud = shade.openstack_cloud(**module.params)
|
||||
secgroup = cloud.get_security_group(security_group)
|
||||
|
||||
if remote_group:
|
||||
remotegroup = cloud.get_security_group(remote_group)
|
||||
else:
|
||||
remotegroup = { 'id' : None }
|
||||
|
||||
if module.check_mode:
|
||||
module.exit_json(changed=_system_state_change(module, secgroup))
|
||||
module.exit_json(changed=_system_state_change(module, secgroup, remotegroup))
|
||||
|
||||
if state == 'present':
|
||||
if not secgroup:
|
||||
module.fail_json(msg='Could not find security group %s' %
|
||||
security_group)
|
||||
|
||||
rule = _find_matching_rule(module, secgroup)
|
||||
rule = _find_matching_rule(module, secgroup, remotegroup)
|
||||
if not rule:
|
||||
rule = cloud.create_security_group_rule(
|
||||
secgroup['id'],
|
||||
|
@ -301,7 +307,7 @@ def main():
|
|||
port_range_max=module.params['port_range_max'],
|
||||
protocol=module.params['protocol'],
|
||||
remote_ip_prefix=module.params['remote_ip_prefix'],
|
||||
remote_group_id=module.params['remote_group'],
|
||||
remote_group_id=remotegroup['id'],
|
||||
direction=module.params['direction'],
|
||||
ethertype=module.params['ethertype']
|
||||
)
|
||||
|
@ -309,7 +315,7 @@ def main():
|
|||
module.exit_json(changed=changed, rule=rule, id=rule['id'])
|
||||
|
||||
if state == 'absent' and secgroup:
|
||||
rule = _find_matching_rule(module, secgroup)
|
||||
rule = _find_matching_rule(module, secgroup, remotegroup)
|
||||
if rule:
|
||||
cloud.delete_security_group_rule(rule['id'])
|
||||
changed = True
|
||||
|
|
Loading…
Reference in a new issue