cloudstack: cs_firewall: fix pep8 and typo s/endpoint/endport/ (#22406)

This commit is contained in:
René Moser 2017-03-08 15:12:48 +01:00 committed by GitHub
parent 3fa5c55182
commit 7f35220744

View file

@ -214,8 +214,13 @@ network:
sample: my_network sample: my_network
''' '''
# import cloudstack common from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.cloudstack import * from ansible.module_utils.cloudstack import (
AnsibleCloudStack,
CloudStackException,
cs_argument_spec,
cs_required_together
)
class AnsibleCloudStackFirewall(AnsibleCloudStack): class AnsibleCloudStackFirewall(AnsibleCloudStack):
@ -223,27 +228,26 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
def __init__(self, module): def __init__(self, module):
super(AnsibleCloudStackFirewall, self).__init__(module) super(AnsibleCloudStackFirewall, self).__init__(module)
self.returns = { self.returns = {
'cidrlist': 'cidr', 'cidrlist': 'cidr',
'startport': 'start_port', 'startport': 'start_port',
'endpoint': 'end_port', 'endport': 'end_port',
'protocol': 'protocol', 'protocol': 'protocol',
'ipaddress': 'ip_address', 'ipaddress': 'ip_address',
'icmpcode': 'icmp_code', 'icmpcode': 'icmp_code',
'icmptype': 'icmp_type', 'icmptype': 'icmp_type',
} }
self.firewall_rule = None self.firewall_rule = None
self.network = None self.network = None
def get_firewall_rule(self): def get_firewall_rule(self):
if not self.firewall_rule: if not self.firewall_rule:
cidr = self.module.params.get('cidr') cidr = self.module.params.get('cidr')
protocol = self.module.params.get('protocol') protocol = self.module.params.get('protocol')
start_port = self.module.params.get('start_port') start_port = self.module.params.get('start_port')
end_port = self.get_or_fallback('end_port', 'start_port') end_port = self.get_or_fallback('end_port', 'start_port')
icmp_code = self.module.params.get('icmp_code') icmp_code = self.module.params.get('icmp_code')
icmp_type = self.module.params.get('icmp_type') icmp_type = self.module.params.get('icmp_type')
fw_type = self.module.params.get('type') fw_type = self.module.params.get('type')
if protocol in ['tcp', 'udp'] and not (start_port and end_port): if protocol in ['tcp', 'udp'] and not (start_port and end_port):
self.module.fail_json(msg="missing required argument for protocol '%s': start_port or end_port" % protocol) self.module.fail_json(msg="missing required argument for protocol '%s': start_port or end_port" % protocol)
@ -252,13 +256,13 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
self.module.fail_json(msg="missing required argument for protocol 'icmp': icmp_type") self.module.fail_json(msg="missing required argument for protocol 'icmp': icmp_type")
if protocol == 'all' and fw_type != 'egress': if protocol == 'all' and fw_type != 'egress':
self.module.fail_json(msg="protocol 'all' could only be used for type 'egress'" ) self.module.fail_json(msg="protocol 'all' could only be used for type 'egress'")
args = {}
args['account'] = self.get_account('name')
args['domainid'] = self.get_domain('id')
args['projectid'] = self.get_project('id')
args = {
'account': self.get_account('name'),
'domainid': self.get_domain('id'),
'projectid': self.get_project('id')
}
if fw_type == 'egress': if fw_type == 'egress':
args['networkid'] = self.get_network(key='id') args['networkid'] = self.get_network(key='id')
if not args['networkid']: if not args['networkid']:
@ -274,52 +278,56 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
for rule in firewall_rules['firewallrule']: for rule in firewall_rules['firewallrule']:
type_match = self._type_cidr_match(rule, cidr) type_match = self._type_cidr_match(rule, cidr)
protocol_match = self._tcp_udp_match(rule, protocol, start_port, end_port) \ protocol_match = (
or self._icmp_match(rule, protocol, icmp_code, icmp_type) \ self._tcp_udp_match(rule, protocol, start_port, end_port) or
or self._egress_all_match(rule, protocol, fw_type) self._icmp_match(rule, protocol, icmp_code, icmp_type) or
self._egress_all_match(rule, protocol, fw_type)
)
if type_match and protocol_match: if type_match and protocol_match:
self.firewall_rule = rule self.firewall_rule = rule
break break
return self.firewall_rule return self.firewall_rule
def _tcp_udp_match(self, rule, protocol, start_port, end_port): def _tcp_udp_match(self, rule, protocol, start_port, end_port):
return protocol in ['tcp', 'udp'] \ return (
and protocol == rule['protocol'] \ protocol in ['tcp', 'udp'] and
and start_port == int(rule['startport']) \ protocol == rule['protocol'] and
and end_port == int(rule['endport']) start_port == int(rule['startport']) and
end_port == int(rule['endport'])
)
def _egress_all_match(self, rule, protocol, fw_type): def _egress_all_match(self, rule, protocol, fw_type):
return protocol in ['all'] \ return (
and protocol == rule['protocol'] \ protocol in ['all'] and
and fw_type == 'egress' protocol == rule['protocol'] and
fw_type == 'egress'
)
def _icmp_match(self, rule, protocol, icmp_code, icmp_type): def _icmp_match(self, rule, protocol, icmp_code, icmp_type):
return protocol == 'icmp' \ return (
and protocol == rule['protocol'] \ protocol == 'icmp' and
and icmp_code == rule['icmpcode'] \ protocol == rule['protocol'] and
and icmp_type == rule['icmptype'] icmp_code == rule['icmpcode'] and
icmp_type == rule['icmptype']
)
def _type_cidr_match(self, rule, cidr): def _type_cidr_match(self, rule, cidr):
return cidr == rule['cidrlist'] return cidr == rule['cidrlist']
def create_firewall_rule(self): def create_firewall_rule(self):
firewall_rule = self.get_firewall_rule() firewall_rule = self.get_firewall_rule()
if not firewall_rule: if not firewall_rule:
self.result['changed'] = True self.result['changed'] = True
args = {} args = {
args['cidrlist'] = self.module.params.get('cidr') 'cidrlist': self.module.params.get('cidr'),
args['protocol'] = self.module.params.get('protocol') 'protocol': self.module.params.get('protocol'),
args['startport'] = self.module.params.get('start_port') 'startport': self.module.params.get('start_port'),
args['endport'] = self.get_or_fallback('end_port', 'start_port') 'endport': self.get_or_fallback('end_port', 'start_port'),
args['icmptype'] = self.module.params.get('icmp_type') 'icmptype': self.module.params.get('icmp_type'),
args['icmpcode'] = self.module.params.get('icmp_code') 'icmpcode': self.module.params.get('icmp_code')
}
fw_type = self.module.params.get('type') fw_type = self.module.params.get('type')
if not self.module.check_mode: if not self.module.check_mode:
@ -338,14 +346,14 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
firewall_rule = self.poll_job(res, 'firewallrule') firewall_rule = self.poll_job(res, 'firewallrule')
return firewall_rule return firewall_rule
def remove_firewall_rule(self): def remove_firewall_rule(self):
firewall_rule = self.get_firewall_rule() firewall_rule = self.get_firewall_rule()
if firewall_rule: if firewall_rule:
self.result['changed'] = True self.result['changed'] = True
args = {} args = {
args['id'] = firewall_rule['id'] 'id': firewall_rule['id']
}
fw_type = self.module.params.get('type') fw_type = self.module.params.get('type')
if not self.module.check_mode: if not self.module.check_mode:
@ -359,10 +367,9 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
poll_async = self.module.params.get('poll_async') poll_async = self.module.params.get('poll_async')
if poll_async: if poll_async:
res = self.poll_job(res, 'firewallrule') self.poll_job(res, 'firewallrule')
return firewall_rule return firewall_rule
def get_result(self, firewall_rule): def get_result(self, firewall_rule):
super(AnsibleCloudStackFirewall, self).get_result(firewall_rule) super(AnsibleCloudStackFirewall, self).get_result(firewall_rule)
if firewall_rule: if firewall_rule:
@ -375,21 +382,21 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
def main(): def main():
argument_spec = cs_argument_spec() argument_spec = cs_argument_spec()
argument_spec.update(dict( argument_spec.update(dict(
ip_address = dict(default=None), ip_address=dict(),
network = dict(default=None), network=dict(),
cidr = dict(default='0.0.0.0/0'), cidr=dict(default='0.0.0.0/0'),
protocol = dict(choices=['tcp', 'udp', 'icmp', 'all'], default='tcp'), protocol=dict(choices=['tcp', 'udp', 'icmp', 'all'], default='tcp'),
type = dict(choices=['ingress', 'egress'], default='ingress'), type=dict(choices=['ingress', 'egress'], default='ingress'),
icmp_type = dict(type='int', default=None), icmp_type=dict(type='int'),
icmp_code = dict(type='int', default=None), icmp_code=dict(type='int'),
start_port = dict(type='int', aliases=['port'], default=None), start_port=dict(type='int', aliases=['port']),
end_port = dict(type='int', default=None), end_port=dict(type='int'),
state = dict(choices=['present', 'absent'], default='present'), state=dict(choices=['present', 'absent'], default='present'),
zone = dict(default=None), zone=dict(),
domain = dict(default=None), domain=dict(),
account = dict(default=None), account=dict(),
project = dict(default=None), project=dict(),
poll_async = dict(type='bool', default=True), poll_async=dict(type='bool', default=True),
)) ))
required_together = cs_required_together() required_together = cs_required_together()
@ -400,10 +407,10 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
required_together=required_together, required_together=required_together,
required_one_of = ( required_one_of=(
['ip_address', 'network'], ['ip_address', 'network'],
), ),
mutually_exclusive = ( mutually_exclusive=(
['icmp_type', 'start_port'], ['icmp_type', 'start_port'],
['icmp_type', 'end_port'], ['icmp_type', 'end_port'],
['ip_address', 'network'], ['ip_address', 'network'],
@ -427,7 +434,6 @@ def main():
module.exit_json(**result) module.exit_json(**result)
# import module snippets
from ansible.module_utils.basic import *
if __name__ == '__main__': if __name__ == '__main__':
main() main()