Allow modifying security groups in os_server (#23207)
When the security groups specified to the os_server module change they should be updated on the server. This will require shade 1.19 where the server security group commands were added. Fixes: #23206
This commit is contained in:
parent
669630ea83
commit
92dc61e869
1 changed files with 30 additions and 1 deletions
|
@ -620,6 +620,33 @@ def _check_floating_ips(module, cloud, server):
|
|||
return (changed, server)
|
||||
|
||||
|
||||
def _check_security_groups(module, cloud, server):
|
||||
changed = False
|
||||
|
||||
# server security groups were added to shade in 1.19. Until then this
|
||||
# module simply ignored trying to update security groups and only set them
|
||||
# on newly created hosts.
|
||||
if not (hasattr(cloud, 'add_server_security_groups') and
|
||||
hasattr(cloud, 'remove_server_security_groups')):
|
||||
return changed, server
|
||||
|
||||
module_security_groups = set(module.params['security_groups'])
|
||||
server_security_groups = set(sg.name for sg in server.security_groups)
|
||||
|
||||
add_sgs = module_security_groups - server_security_groups
|
||||
remove_sgs = server_security_groups - module_security_groups
|
||||
|
||||
if add_sgs:
|
||||
cloud.add_server_security_groups(server, list(add_sgs))
|
||||
changed = True
|
||||
|
||||
if remove_sgs:
|
||||
cloud.remove_server_security_groups(server, list(remove_sgs))
|
||||
changed = True
|
||||
|
||||
return (changed, server)
|
||||
|
||||
|
||||
def _get_server_state(module, cloud):
|
||||
state = module.params['state']
|
||||
server = cloud.get_server(module.params['name'])
|
||||
|
@ -629,8 +656,10 @@ def _get_server_state(module, cloud):
|
|||
msg="The instance is available but not Active state: "
|
||||
+ server.status)
|
||||
(ip_changed, server) = _check_floating_ips(module, cloud, server)
|
||||
(sg_changed, server) = _check_security_groups(module, cloud, server)
|
||||
(server_changed, server) = _update_server(module, cloud, server)
|
||||
_exit_hostvars(module, cloud, server, ip_changed or server_changed)
|
||||
_exit_hostvars(module, cloud, server,
|
||||
ip_changed or sg_changed or server_changed)
|
||||
if server and state == 'absent':
|
||||
return True
|
||||
if state == 'absent':
|
||||
|
|
Loading…
Reference in a new issue