diff --git a/lib/ansible/modules/cloud/cloudstack/cs_network_acl_rule.py b/lib/ansible/modules/cloud/cloudstack/cs_network_acl_rule.py
index 2a1e3e2e356..8e1d5d09075 100644
--- a/lib/ansible/modules/cloud/cloudstack/cs_network_acl_rule.py
+++ b/lib/ansible/modules/cloud/cloudstack/cs_network_acl_rule.py
@@ -23,11 +23,12 @@ options:
type: str
required: true
aliases: [ acl ]
- cidr:
+ cidrs:
description:
- - CIDR of the rule.
- type: str
- default: 0.0.0.0/0
+ - CIDRs of the rule.
+ type: list
+ default: [ 0.0.0.0/0 ]
+ aliases: [ cidr ]
rule_position:
description:
- The position of the network ACL rule.
@@ -134,7 +135,7 @@ EXAMPLES = '''
cidr: 0.0.0.0/0
delegate_to: localhost
-- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16
+- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16 and 10.22.0.0/16
cs_network_acl_rule:
network_acl: web
rule_position: 1
@@ -142,20 +143,10 @@ EXAMPLES = '''
traffic_type: ingress
action_policy: deny
start_port: 8000
- end_port: 8000
- cidr: 10.20.0.0/16
- delegate_to: localhost
-
-- name: create a network ACL rule
- cs_network_acl_rule:
- network_acl: web
- rule_position: 1
- vpc: my vpc
- traffic_type: ingress
- action_policy: deny
- start_port: 8000
- end_port: 8000
- cidr: 10.20.0.0/16
+ end_port: 9000
+ cidrs:
+ - 10.20.0.0/16
+ - 10.22.0.0/16
delegate_to: localhost
- name: remove a network ACL rule
@@ -179,6 +170,12 @@ cidr:
returned: success
type: str
sample: 0.0.0.0/0
+cidrs:
+ description: CIDRs of the network ACL rule.
+ returned: success
+ type: list
+ sample: [ 0.0.0.0/0 ]
+ version_added: '2.9'
rule_position:
description: Position of the network ACL rule.
returned: success
@@ -357,7 +354,7 @@ class AnsibleCloudStackNetworkAclRule(AnsibleCloudStack):
'icmpcode': self.module.params.get('icmp_code'),
'icmptype': self.module.params.get('icmp_type'),
'traffictype': self.module.params.get('traffic_type'),
- 'cidrlist': self.module.params.get('cidr'),
+ 'cidrlist': self.module.params.get('cidrs'),
}
if not self.module.check_mode:
res = self.query_api('createNetworkACL', **args)
@@ -379,7 +376,7 @@ class AnsibleCloudStackNetworkAclRule(AnsibleCloudStack):
'icmpcode': self.module.params.get('icmp_code'),
'icmptype': self.module.params.get('icmp_type'),
'traffictype': self.module.params.get('traffic_type'),
- 'cidrlist': self.module.params.get('cidr'),
+ 'cidrlist': ",".join(self.module.params.get('cidrs')),
}
if self.has_changed(args, network_acl_rule):
self.result['changed'] = True
@@ -395,6 +392,8 @@ class AnsibleCloudStackNetworkAclRule(AnsibleCloudStack):
def get_result(self, network_acl_rule):
super(AnsibleCloudStackNetworkAclRule, self).get_result(network_acl_rule)
if network_acl_rule:
+ if 'cidrlist' in network_acl_rule:
+ self.result['cidrs'] = network_acl_rule['cidrlist'].split(',') or [network_acl_rule['cidrlist']]
if network_acl_rule['protocol'] not in ['tcp', 'udp', 'icmp', 'all']:
self.result['protocol_number'] = int(network_acl_rule['protocol'])
self.result['protocol'] = 'by_number'
@@ -409,7 +408,7 @@ def main():
network_acl=dict(required=True, aliases=['acl']),
rule_position=dict(required=True, type='int', aliases=['number']),
vpc=dict(required=True),
- cidr=dict(default='0.0.0.0/0'),
+ cidrs=dict(type='list', default=['0.0.0.0/0'], aliases=['cidr']),
protocol=dict(choices=['tcp', 'udp', 'icmp', 'all', 'by_number'], default='tcp'),
protocol_number=dict(type='int'),
traffic_type=dict(choices=['ingress', 'egress'], aliases=['type'], default='ingress'),
diff --git a/test/integration/targets/cs_network_acl_rule/tasks/main.yml b/test/integration/targets/cs_network_acl_rule/tasks/main.yml
index bfeb1c6c98a..06f5f5ae737 100644
--- a/test/integration/targets/cs_network_acl_rule/tasks/main.yml
+++ b/test/integration/targets/cs_network_acl_rule/tasks/main.yml
@@ -174,7 +174,9 @@
traffic_type: egress
action_policy: deny
port: 81
- cidr: 0.0.0.0/0
+ cidrs:
+ - 1.2.3.0/24
+ - 3.2.1.0/24
zone: "{{ cs_common_zone_adv }}"
register: acl_rule
check_mode: true
@@ -189,6 +191,7 @@
- acl_rule.end_port == 80
- acl_rule.action_policy == "allow"
- acl_rule.cidr == "0.0.0.0/0"
+ - acl_rule.cidrs == [ "0.0.0.0/0" ]
- acl_rule.traffic_type == "ingress"
- acl_rule.rule_position == 1
@@ -201,7 +204,9 @@
action_policy: deny
port: 81
protocol: udp
- cidr: 0.0.0.0/0
+ cidrs:
+ - 1.2.3.0/24
+ - 3.2.1.0/24
zone: "{{ cs_common_zone_adv }}"
register: acl_rule
- name: verify test change network acl rule
@@ -214,7 +219,8 @@
- acl_rule.start_port == 81
- acl_rule.end_port == 81
- acl_rule.action_policy == "deny"
- - acl_rule.cidr == "0.0.0.0/0"
+ - acl_rule.cidr == "1.2.3.0/24,3.2.1.0/24"
+ - acl_rule.cidrs == [ "1.2.3.0/24", "3.2.1.0/24" ]
- acl_rule.traffic_type == "egress"
- acl_rule.protocol == "udp"
- acl_rule.rule_position == 1
@@ -228,7 +234,9 @@
action_policy: deny
port: 81
protocol: udp
- cidr: 0.0.0.0/0
+ cidrs:
+ - 1.2.3.0/24
+ - 3.2.1.0/24
zone: "{{ cs_common_zone_adv }}"
register: acl_rule
- name: verify test change network acl idempotence
@@ -241,7 +249,8 @@
- acl_rule.start_port == 81
- acl_rule.end_port == 81
- acl_rule.action_policy == "deny"
- - acl_rule.cidr == "0.0.0.0/0"
+ - acl_rule.cidr == "1.2.3.0/24,3.2.1.0/24"
+ - acl_rule.cidrs == [ "1.2.3.0/24", "3.2.1.0/24" ]
- acl_rule.traffic_type == "egress"
- acl_rule.protocol == "udp"
- acl_rule.rule_position == 1
@@ -270,7 +279,7 @@
- acl_rule.start_port == 81
- acl_rule.end_port == 81
- acl_rule.action_policy == "deny"
- - acl_rule.cidr == "0.0.0.0/0"
+ - acl_rule.cidr == "1.2.3.0/24,3.2.1.0/24"
- acl_rule.traffic_type == "egress"
- acl_rule.protocol == "udp"
- acl_rule.rule_position == 1