cloudstack: cs_firewall: fix pep8 and typo s/endpoint/endport/ (#22406)
This commit is contained in:
parent
3fa5c55182
commit
7f35220744
1 changed files with 79 additions and 73 deletions
|
@ -214,8 +214,13 @@ network:
|
||||||
sample: my_network
|
sample: my_network
|
||||||
'''
|
'''
|
||||||
|
|
||||||
# import cloudstack common
|
from ansible.module_utils.basic import AnsibleModule
|
||||||
from ansible.module_utils.cloudstack import *
|
from ansible.module_utils.cloudstack import (
|
||||||
|
AnsibleCloudStack,
|
||||||
|
CloudStackException,
|
||||||
|
cs_argument_spec,
|
||||||
|
cs_required_together
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
|
@ -223,27 +228,26 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
def __init__(self, module):
|
def __init__(self, module):
|
||||||
super(AnsibleCloudStackFirewall, self).__init__(module)
|
super(AnsibleCloudStackFirewall, self).__init__(module)
|
||||||
self.returns = {
|
self.returns = {
|
||||||
'cidrlist': 'cidr',
|
'cidrlist': 'cidr',
|
||||||
'startport': 'start_port',
|
'startport': 'start_port',
|
||||||
'endpoint': 'end_port',
|
'endport': 'end_port',
|
||||||
'protocol': 'protocol',
|
'protocol': 'protocol',
|
||||||
'ipaddress': 'ip_address',
|
'ipaddress': 'ip_address',
|
||||||
'icmpcode': 'icmp_code',
|
'icmpcode': 'icmp_code',
|
||||||
'icmptype': 'icmp_type',
|
'icmptype': 'icmp_type',
|
||||||
}
|
}
|
||||||
self.firewall_rule = None
|
self.firewall_rule = None
|
||||||
self.network = None
|
self.network = None
|
||||||
|
|
||||||
|
|
||||||
def get_firewall_rule(self):
|
def get_firewall_rule(self):
|
||||||
if not self.firewall_rule:
|
if not self.firewall_rule:
|
||||||
cidr = self.module.params.get('cidr')
|
cidr = self.module.params.get('cidr')
|
||||||
protocol = self.module.params.get('protocol')
|
protocol = self.module.params.get('protocol')
|
||||||
start_port = self.module.params.get('start_port')
|
start_port = self.module.params.get('start_port')
|
||||||
end_port = self.get_or_fallback('end_port', 'start_port')
|
end_port = self.get_or_fallback('end_port', 'start_port')
|
||||||
icmp_code = self.module.params.get('icmp_code')
|
icmp_code = self.module.params.get('icmp_code')
|
||||||
icmp_type = self.module.params.get('icmp_type')
|
icmp_type = self.module.params.get('icmp_type')
|
||||||
fw_type = self.module.params.get('type')
|
fw_type = self.module.params.get('type')
|
||||||
|
|
||||||
if protocol in ['tcp', 'udp'] and not (start_port and end_port):
|
if protocol in ['tcp', 'udp'] and not (start_port and end_port):
|
||||||
self.module.fail_json(msg="missing required argument for protocol '%s': start_port or end_port" % protocol)
|
self.module.fail_json(msg="missing required argument for protocol '%s': start_port or end_port" % protocol)
|
||||||
|
@ -252,13 +256,13 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
self.module.fail_json(msg="missing required argument for protocol 'icmp': icmp_type")
|
self.module.fail_json(msg="missing required argument for protocol 'icmp': icmp_type")
|
||||||
|
|
||||||
if protocol == 'all' and fw_type != 'egress':
|
if protocol == 'all' and fw_type != 'egress':
|
||||||
self.module.fail_json(msg="protocol 'all' could only be used for type 'egress'" )
|
self.module.fail_json(msg="protocol 'all' could only be used for type 'egress'")
|
||||||
|
|
||||||
args = {}
|
|
||||||
args['account'] = self.get_account('name')
|
|
||||||
args['domainid'] = self.get_domain('id')
|
|
||||||
args['projectid'] = self.get_project('id')
|
|
||||||
|
|
||||||
|
args = {
|
||||||
|
'account': self.get_account('name'),
|
||||||
|
'domainid': self.get_domain('id'),
|
||||||
|
'projectid': self.get_project('id')
|
||||||
|
}
|
||||||
if fw_type == 'egress':
|
if fw_type == 'egress':
|
||||||
args['networkid'] = self.get_network(key='id')
|
args['networkid'] = self.get_network(key='id')
|
||||||
if not args['networkid']:
|
if not args['networkid']:
|
||||||
|
@ -274,52 +278,56 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
for rule in firewall_rules['firewallrule']:
|
for rule in firewall_rules['firewallrule']:
|
||||||
type_match = self._type_cidr_match(rule, cidr)
|
type_match = self._type_cidr_match(rule, cidr)
|
||||||
|
|
||||||
protocol_match = self._tcp_udp_match(rule, protocol, start_port, end_port) \
|
protocol_match = (
|
||||||
or self._icmp_match(rule, protocol, icmp_code, icmp_type) \
|
self._tcp_udp_match(rule, protocol, start_port, end_port) or
|
||||||
or self._egress_all_match(rule, protocol, fw_type)
|
self._icmp_match(rule, protocol, icmp_code, icmp_type) or
|
||||||
|
self._egress_all_match(rule, protocol, fw_type)
|
||||||
|
)
|
||||||
|
|
||||||
if type_match and protocol_match:
|
if type_match and protocol_match:
|
||||||
self.firewall_rule = rule
|
self.firewall_rule = rule
|
||||||
break
|
break
|
||||||
return self.firewall_rule
|
return self.firewall_rule
|
||||||
|
|
||||||
|
|
||||||
def _tcp_udp_match(self, rule, protocol, start_port, end_port):
|
def _tcp_udp_match(self, rule, protocol, start_port, end_port):
|
||||||
return protocol in ['tcp', 'udp'] \
|
return (
|
||||||
and protocol == rule['protocol'] \
|
protocol in ['tcp', 'udp'] and
|
||||||
and start_port == int(rule['startport']) \
|
protocol == rule['protocol'] and
|
||||||
and end_port == int(rule['endport'])
|
start_port == int(rule['startport']) and
|
||||||
|
end_port == int(rule['endport'])
|
||||||
|
)
|
||||||
|
|
||||||
def _egress_all_match(self, rule, protocol, fw_type):
|
def _egress_all_match(self, rule, protocol, fw_type):
|
||||||
return protocol in ['all'] \
|
return (
|
||||||
and protocol == rule['protocol'] \
|
protocol in ['all'] and
|
||||||
and fw_type == 'egress'
|
protocol == rule['protocol'] and
|
||||||
|
fw_type == 'egress'
|
||||||
|
)
|
||||||
|
|
||||||
def _icmp_match(self, rule, protocol, icmp_code, icmp_type):
|
def _icmp_match(self, rule, protocol, icmp_code, icmp_type):
|
||||||
return protocol == 'icmp' \
|
return (
|
||||||
and protocol == rule['protocol'] \
|
protocol == 'icmp' and
|
||||||
and icmp_code == rule['icmpcode'] \
|
protocol == rule['protocol'] and
|
||||||
and icmp_type == rule['icmptype']
|
icmp_code == rule['icmpcode'] and
|
||||||
|
icmp_type == rule['icmptype']
|
||||||
|
)
|
||||||
|
|
||||||
def _type_cidr_match(self, rule, cidr):
|
def _type_cidr_match(self, rule, cidr):
|
||||||
return cidr == rule['cidrlist']
|
return cidr == rule['cidrlist']
|
||||||
|
|
||||||
|
|
||||||
def create_firewall_rule(self):
|
def create_firewall_rule(self):
|
||||||
firewall_rule = self.get_firewall_rule()
|
firewall_rule = self.get_firewall_rule()
|
||||||
if not firewall_rule:
|
if not firewall_rule:
|
||||||
self.result['changed'] = True
|
self.result['changed'] = True
|
||||||
|
|
||||||
args = {}
|
args = {
|
||||||
args['cidrlist'] = self.module.params.get('cidr')
|
'cidrlist': self.module.params.get('cidr'),
|
||||||
args['protocol'] = self.module.params.get('protocol')
|
'protocol': self.module.params.get('protocol'),
|
||||||
args['startport'] = self.module.params.get('start_port')
|
'startport': self.module.params.get('start_port'),
|
||||||
args['endport'] = self.get_or_fallback('end_port', 'start_port')
|
'endport': self.get_or_fallback('end_port', 'start_port'),
|
||||||
args['icmptype'] = self.module.params.get('icmp_type')
|
'icmptype': self.module.params.get('icmp_type'),
|
||||||
args['icmpcode'] = self.module.params.get('icmp_code')
|
'icmpcode': self.module.params.get('icmp_code')
|
||||||
|
}
|
||||||
|
|
||||||
fw_type = self.module.params.get('type')
|
fw_type = self.module.params.get('type')
|
||||||
if not self.module.check_mode:
|
if not self.module.check_mode:
|
||||||
|
@ -338,14 +346,14 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
firewall_rule = self.poll_job(res, 'firewallrule')
|
firewall_rule = self.poll_job(res, 'firewallrule')
|
||||||
return firewall_rule
|
return firewall_rule
|
||||||
|
|
||||||
|
|
||||||
def remove_firewall_rule(self):
|
def remove_firewall_rule(self):
|
||||||
firewall_rule = self.get_firewall_rule()
|
firewall_rule = self.get_firewall_rule()
|
||||||
if firewall_rule:
|
if firewall_rule:
|
||||||
self.result['changed'] = True
|
self.result['changed'] = True
|
||||||
|
|
||||||
args = {}
|
args = {
|
||||||
args['id'] = firewall_rule['id']
|
'id': firewall_rule['id']
|
||||||
|
}
|
||||||
|
|
||||||
fw_type = self.module.params.get('type')
|
fw_type = self.module.params.get('type')
|
||||||
if not self.module.check_mode:
|
if not self.module.check_mode:
|
||||||
|
@ -359,10 +367,9 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
|
|
||||||
poll_async = self.module.params.get('poll_async')
|
poll_async = self.module.params.get('poll_async')
|
||||||
if poll_async:
|
if poll_async:
|
||||||
res = self.poll_job(res, 'firewallrule')
|
self.poll_job(res, 'firewallrule')
|
||||||
return firewall_rule
|
return firewall_rule
|
||||||
|
|
||||||
|
|
||||||
def get_result(self, firewall_rule):
|
def get_result(self, firewall_rule):
|
||||||
super(AnsibleCloudStackFirewall, self).get_result(firewall_rule)
|
super(AnsibleCloudStackFirewall, self).get_result(firewall_rule)
|
||||||
if firewall_rule:
|
if firewall_rule:
|
||||||
|
@ -375,21 +382,21 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
||||||
def main():
|
def main():
|
||||||
argument_spec = cs_argument_spec()
|
argument_spec = cs_argument_spec()
|
||||||
argument_spec.update(dict(
|
argument_spec.update(dict(
|
||||||
ip_address = dict(default=None),
|
ip_address=dict(),
|
||||||
network = dict(default=None),
|
network=dict(),
|
||||||
cidr = dict(default='0.0.0.0/0'),
|
cidr=dict(default='0.0.0.0/0'),
|
||||||
protocol = dict(choices=['tcp', 'udp', 'icmp', 'all'], default='tcp'),
|
protocol=dict(choices=['tcp', 'udp', 'icmp', 'all'], default='tcp'),
|
||||||
type = dict(choices=['ingress', 'egress'], default='ingress'),
|
type=dict(choices=['ingress', 'egress'], default='ingress'),
|
||||||
icmp_type = dict(type='int', default=None),
|
icmp_type=dict(type='int'),
|
||||||
icmp_code = dict(type='int', default=None),
|
icmp_code=dict(type='int'),
|
||||||
start_port = dict(type='int', aliases=['port'], default=None),
|
start_port=dict(type='int', aliases=['port']),
|
||||||
end_port = dict(type='int', default=None),
|
end_port=dict(type='int'),
|
||||||
state = dict(choices=['present', 'absent'], default='present'),
|
state=dict(choices=['present', 'absent'], default='present'),
|
||||||
zone = dict(default=None),
|
zone=dict(),
|
||||||
domain = dict(default=None),
|
domain=dict(),
|
||||||
account = dict(default=None),
|
account=dict(),
|
||||||
project = dict(default=None),
|
project=dict(),
|
||||||
poll_async = dict(type='bool', default=True),
|
poll_async=dict(type='bool', default=True),
|
||||||
))
|
))
|
||||||
|
|
||||||
required_together = cs_required_together()
|
required_together = cs_required_together()
|
||||||
|
@ -400,10 +407,10 @@ def main():
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=argument_spec,
|
argument_spec=argument_spec,
|
||||||
required_together=required_together,
|
required_together=required_together,
|
||||||
required_one_of = (
|
required_one_of=(
|
||||||
['ip_address', 'network'],
|
['ip_address', 'network'],
|
||||||
),
|
),
|
||||||
mutually_exclusive = (
|
mutually_exclusive=(
|
||||||
['icmp_type', 'start_port'],
|
['icmp_type', 'start_port'],
|
||||||
['icmp_type', 'end_port'],
|
['icmp_type', 'end_port'],
|
||||||
['ip_address', 'network'],
|
['ip_address', 'network'],
|
||||||
|
@ -427,7 +434,6 @@ def main():
|
||||||
|
|
||||||
module.exit_json(**result)
|
module.exit_json(**result)
|
||||||
|
|
||||||
# import module snippets
|
|
||||||
from ansible.module_utils.basic import *
|
|
||||||
if __name__ == '__main__':
|
if __name__ == '__main__':
|
||||||
main()
|
main()
|
||||||
|
|
Loading…
Reference in a new issue