Allow modifying security groups in os_server (#23207)

When the security groups specified to the os_server module change they
should be updated on the server. This will require shade 1.19 where the
server security group commands were added.

Fixes: #23206
This commit is contained in:
Jamie Lennox 2017-04-13 02:19:15 +10:00 committed by Ricardo Carrillo Cruz
parent 669630ea83
commit 92dc61e869

View file

@ -620,6 +620,33 @@ def _check_floating_ips(module, cloud, server):
return (changed, server)
def _check_security_groups(module, cloud, server):
changed = False
# server security groups were added to shade in 1.19. Until then this
# module simply ignored trying to update security groups and only set them
# on newly created hosts.
if not (hasattr(cloud, 'add_server_security_groups') and
hasattr(cloud, 'remove_server_security_groups')):
return changed, server
module_security_groups = set(module.params['security_groups'])
server_security_groups = set(sg.name for sg in server.security_groups)
add_sgs = module_security_groups - server_security_groups
remove_sgs = server_security_groups - module_security_groups
if add_sgs:
cloud.add_server_security_groups(server, list(add_sgs))
changed = True
if remove_sgs:
cloud.remove_server_security_groups(server, list(remove_sgs))
changed = True
return (changed, server)
def _get_server_state(module, cloud):
state = module.params['state']
server = cloud.get_server(module.params['name'])
@ -629,8 +656,10 @@ def _get_server_state(module, cloud):
msg="The instance is available but not Active state: "
+ server.status)
(ip_changed, server) = _check_floating_ips(module, cloud, server)
(sg_changed, server) = _check_security_groups(module, cloud, server)
(server_changed, server) = _update_server(module, cloud, server)
_exit_hostvars(module, cloud, server, ip_changed or server_changed)
_exit_hostvars(module, cloud, server,
ip_changed or sg_changed or server_changed)
if server and state == 'absent':
return True
if state == 'absent':