cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Make remote_group handle name and id in cloud/openstack/os_security_group_rule.py

Browse source 
* Make remote_group handle name and id

* fix regression breaking os_security_group_rule with no remote_group
This commit is contained in:
Donovan Jones 2016-04-15 06:03:13 +12:00 committed by Matt Clay
parent b9e55a0877
commit 8274f55818
1 changed files with 17 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
lib/ansible/modules/cloud/openstack/os_security_group_rule.py
View file

@ -35,7 +35,7 @@ description:
options:
security_group:
description:
- Name of the security group
- Name or ID of the security group
required: true
protocol:
description:
@ -58,7 +58,8 @@ options:
required: false
remote_group:
description:
- ID of Security group to link (exclusive with remote_ip_prefix)
- Name or ID of the Security group to link (exclusive with
remote_ip_prefix)
required: false
ethertype:
description:
@ -206,7 +207,7 @@ def _ports_match(protocol, module_min, module_max, rule_min, rule_max):
return module_min == rule_min and module_max == rule_max
def _find_matching_rule(module, secgroup):
def _find_matching_rule(module, secgroup, remotegroup):
"""
Find a rule in the group that matches the module parameters.
:returns: The matching rule dict, or None if no matches.
@ -215,7 +216,7 @@ def _find_matching_rule(module, secgroup):
remote_ip_prefix = module.params['remote_ip_prefix']
ethertype = module.params['ethertype']
direction = module.params['direction']
remote_group_id = module.params['remote_group']
remote_group_id = remotegroup['id']
for rule in secgroup['security_group_rules']:
if (protocol == rule['protocol']
@ -232,10 +233,10 @@ def _find_matching_rule(module, secgroup):
return None
def _system_state_change(module, secgroup):
def _system_state_change(module, secgroup, remotegroup):
state = module.params['state']
if secgroup:
rule_exists = _find_matching_rule(module, secgroup)
rule_exists = _find_matching_rule(module, secgroup, remotegroup)
else:
return False
@ -257,7 +258,6 @@ def main():
port_range_min = dict(required=False, type='int'),
port_range_max = dict(required=False, type='int'),
remote_ip_prefix = dict(required=False, default=None),
# TODO(mordred): Make remote_group handle name and id
remote_group = dict(required=False, default=None),
ethertype = dict(default='IPv4',
choices=['IPv4', 'IPv6']),
@ -282,21 +282,27 @@ def main():
state = module.params['state']
security_group = module.params['security_group']
remote_group = module.params['remote_group']
changed = False
try:
cloud = shade.openstack_cloud(**module.params)
secgroup = cloud.get_security_group(security_group)
if remote_group:
remotegroup = cloud.get_security_group(remote_group)
else:
remotegroup = { 'id' : None }
if module.check_mode:
module.exit_json(changed=_system_state_change(module, secgroup))
module.exit_json(changed=_system_state_change(module, secgroup, remotegroup))
if state == 'present':
if not secgroup:
module.fail_json(msg='Could not find security group %s' %
security_group)
rule = _find_matching_rule(module, secgroup)
rule = _find_matching_rule(module, secgroup, remotegroup)
if not rule:
rule = cloud.create_security_group_rule(
secgroup['id'],
@ -304,7 +310,7 @@ def main():
port_range_max=module.params['port_range_max'],
protocol=module.params['protocol'],
remote_ip_prefix=module.params['remote_ip_prefix'],
remote_group_id=module.params['remote_group'],
remote_group_id=remotegroup['id'],
direction=module.params['direction'],
ethertype=module.params['ethertype']
)
@ -312,7 +318,7 @@ def main():
module.exit_json(changed=changed, rule=rule, id=rule['id'])
if state == 'absent' and secgroup:
rule = _find_matching_rule(module, secgroup)
rule = _find_matching_rule(module, secgroup, remotegroup)
if rule:
cloud.delete_security_group_rule(rule['id'])
changed = True