From 88a738b0bacd32d0027f71682d7965aad3c9a040 Mon Sep 17 00:00:00 2001 From: Yuwei Zhou Date: Wed, 8 Aug 2018 11:41:46 +0800 Subject: [PATCH] Fix nsg cannot add rule with purge_rules false (#43699) --- .../cloud/azure/azure_rm_securitygroup.py | 6 +++++ .../azure_rm_securitygroup/tasks/main.yml | 24 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py index e28afa6b70b..3361bca0336 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py @@ -348,6 +348,7 @@ except ImportError: from ansible.module_utils.azure_rm_common import AzureRMModuleBase from ansible.module_utils.six import integer_types +from ansible.module_utils._text import to_native def validate_rule(self, rule, rule_type=None): @@ -386,6 +387,11 @@ def compare_rules_change(old_list, new_list, purge_list): new_list.append(old_rule) else: # one rule is removed changed = True + # Compare new list and old list is the same? here only compare names + if not changed: + new_names = [to_native(x['name']) for x in new_list] + old_names = [to_native(x['name']) for x in old_list] + changed = (set(new_names) != set(old_names)) return changed, new_list diff --git a/test/integration/targets/azure_rm_securitygroup/tasks/main.yml b/test/integration/targets/azure_rm_securitygroup/tasks/main.yml index 4c033258ed3..74968fdfdb7 100644 --- a/test/integration/targets/azure_rm_securitygroup/tasks/main.yml +++ b/test/integration/targets/azure_rm_securitygroup/tasks/main.yml @@ -187,6 +187,30 @@ - assert: that: not output.changed +- name: Add a single one group + azure_rm_securitygroup: + resource_group: "{{ resource_group }}" + name: "{{ secgroupname }}" + tags: + testing: testing + delete: on-exit + foo: bar + rules: + - name: DenySSH + protocol: Tcp + source_address_prefix: + - 54.120.120.240 + destination_port_range: 22 + access: Deny + priority: 102 + direction: Inbound + register: output + +- assert: + that: + - output.changed + - "{{ output.state.rules | length }} == 2" + - name: Delete all security groups azure_rm_securitygroup: resource_group: "{{ resource_group }}"