Make remote_group handle name and id in cloud/openstack/os_security_group_rule.py
* Make remote_group handle name and id * fix regression breaking os_security_group_rule with no remote_group
This commit is contained in:
parent
f1bacc1d3f
commit
7c52ea58f1
1 changed files with 17 additions and 11 deletions
|
@ -34,7 +34,7 @@ description:
|
||||||
options:
|
options:
|
||||||
security_group:
|
security_group:
|
||||||
description:
|
description:
|
||||||
- Name of the security group
|
- Name or ID of the security group
|
||||||
required: true
|
required: true
|
||||||
protocol:
|
protocol:
|
||||||
description:
|
description:
|
||||||
|
@ -57,7 +57,8 @@ options:
|
||||||
required: false
|
required: false
|
||||||
remote_group:
|
remote_group:
|
||||||
description:
|
description:
|
||||||
- ID of Security group to link (exclusive with remote_ip_prefix)
|
- Name or ID of the Security group to link (exclusive with
|
||||||
|
remote_ip_prefix)
|
||||||
required: false
|
required: false
|
||||||
ethertype:
|
ethertype:
|
||||||
description:
|
description:
|
||||||
|
@ -204,7 +205,7 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
|
||||||
return module_min == rule_min and module_max == rule_max
|
return module_min == rule_min and module_max == rule_max
|
||||||
|
|
||||||
|
|
||||||
def _find_matching_rule(module, secgroup):
|
def _find_matching_rule(module, secgroup, remotegroup):
|
||||||
"""
|
"""
|
||||||
Find a rule in the group that matches the module parameters.
|
Find a rule in the group that matches the module parameters.
|
||||||
:returns: The matching rule dict, or None if no matches.
|
:returns: The matching rule dict, or None if no matches.
|
||||||
|
@ -213,7 +214,7 @@ def _find_matching_rule(module, secgroup):
|
||||||
remote_ip_prefix = module.params['remote_ip_prefix']
|
remote_ip_prefix = module.params['remote_ip_prefix']
|
||||||
ethertype = module.params['ethertype']
|
ethertype = module.params['ethertype']
|
||||||
direction = module.params['direction']
|
direction = module.params['direction']
|
||||||
remote_group_id = module.params['remote_group']
|
remote_group_id = remotegroup['id']
|
||||||
|
|
||||||
for rule in secgroup['security_group_rules']:
|
for rule in secgroup['security_group_rules']:
|
||||||
if (protocol == rule['protocol']
|
if (protocol == rule['protocol']
|
||||||
|
@ -230,10 +231,10 @@ def _find_matching_rule(module, secgroup):
|
||||||
return None
|
return None
|
||||||
|
|
||||||
|
|
||||||
def _system_state_change(module, secgroup):
|
def _system_state_change(module, secgroup, remotegroup):
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
if secgroup:
|
if secgroup:
|
||||||
rule_exists = _find_matching_rule(module, secgroup)
|
rule_exists = _find_matching_rule(module, secgroup, remotegroup)
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
@ -254,7 +255,6 @@ def main():
|
||||||
port_range_min = dict(required=False, type='int'),
|
port_range_min = dict(required=False, type='int'),
|
||||||
port_range_max = dict(required=False, type='int'),
|
port_range_max = dict(required=False, type='int'),
|
||||||
remote_ip_prefix = dict(required=False, default=None),
|
remote_ip_prefix = dict(required=False, default=None),
|
||||||
# TODO(mordred): Make remote_group handle name and id
|
|
||||||
remote_group = dict(required=False, default=None),
|
remote_group = dict(required=False, default=None),
|
||||||
ethertype = dict(default='IPv4',
|
ethertype = dict(default='IPv4',
|
||||||
choices=['IPv4', 'IPv6']),
|
choices=['IPv4', 'IPv6']),
|
||||||
|
@ -279,21 +279,27 @@ def main():
|
||||||
|
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
security_group = module.params['security_group']
|
security_group = module.params['security_group']
|
||||||
|
remote_group = module.params['remote_group']
|
||||||
changed = False
|
changed = False
|
||||||
|
|
||||||
try:
|
try:
|
||||||
cloud = shade.openstack_cloud(**module.params)
|
cloud = shade.openstack_cloud(**module.params)
|
||||||
secgroup = cloud.get_security_group(security_group)
|
secgroup = cloud.get_security_group(security_group)
|
||||||
|
|
||||||
|
if remote_group:
|
||||||
|
remotegroup = cloud.get_security_group(remote_group)
|
||||||
|
else:
|
||||||
|
remotegroup = { 'id' : None }
|
||||||
|
|
||||||
if module.check_mode:
|
if module.check_mode:
|
||||||
module.exit_json(changed=_system_state_change(module, secgroup))
|
module.exit_json(changed=_system_state_change(module, secgroup, remotegroup))
|
||||||
|
|
||||||
if state == 'present':
|
if state == 'present':
|
||||||
if not secgroup:
|
if not secgroup:
|
||||||
module.fail_json(msg='Could not find security group %s' %
|
module.fail_json(msg='Could not find security group %s' %
|
||||||
security_group)
|
security_group)
|
||||||
|
|
||||||
rule = _find_matching_rule(module, secgroup)
|
rule = _find_matching_rule(module, secgroup, remotegroup)
|
||||||
if not rule:
|
if not rule:
|
||||||
rule = cloud.create_security_group_rule(
|
rule = cloud.create_security_group_rule(
|
||||||
secgroup['id'],
|
secgroup['id'],
|
||||||
|
@ -301,7 +307,7 @@ def main():
|
||||||
port_range_max=module.params['port_range_max'],
|
port_range_max=module.params['port_range_max'],
|
||||||
protocol=module.params['protocol'],
|
protocol=module.params['protocol'],
|
||||||
remote_ip_prefix=module.params['remote_ip_prefix'],
|
remote_ip_prefix=module.params['remote_ip_prefix'],
|
||||||
remote_group_id=module.params['remote_group'],
|
remote_group_id=remotegroup['id'],
|
||||||
direction=module.params['direction'],
|
direction=module.params['direction'],
|
||||||
ethertype=module.params['ethertype']
|
ethertype=module.params['ethertype']
|
||||||
)
|
)
|
||||||
|
@ -309,7 +315,7 @@ def main():
|
||||||
module.exit_json(changed=changed, rule=rule, id=rule['id'])
|
module.exit_json(changed=changed, rule=rule, id=rule['id'])
|
||||||
|
|
||||||
if state == 'absent' and secgroup:
|
if state == 'absent' and secgroup:
|
||||||
rule = _find_matching_rule(module, secgroup)
|
rule = _find_matching_rule(module, secgroup, remotegroup)
|
||||||
if rule:
|
if rule:
|
||||||
cloud.delete_security_group_rule(rule['id'])
|
cloud.delete_security_group_rule(rule['id'])
|
||||||
changed = True
|
changed = True
|
||||||
|
|
Loading…
Add table
Reference in a new issue