1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

cs_firewall: fix idempotence and tests for cloudstack v4.11 (#42458)

This commit is contained in:
René Moser 2018-07-08 00:51:46 +02:00 committed by GitHub
parent 07adeff665
commit 0e6628395a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 10 deletions

View file

@ -249,16 +249,24 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
args['networkid'] = self.get_network(key='id') args['networkid'] = self.get_network(key='id')
if not args['networkid']: if not args['networkid']:
self.module.fail_json(msg="missing required argument for type egress: network") self.module.fail_json(msg="missing required argument for type egress: network")
# CloudStack 4.11 use the network cidr for 0.0.0.0/0 in egress
# That is why we need to replace it.
network_cidr = self.get_network(key='cidr')
egress_cidrs = [network_cidr if cidr == '0.0.0.0/0' else cidr for cidr in cidrs]
firewall_rules = self.query_api('listEgressFirewallRules', **args) firewall_rules = self.query_api('listEgressFirewallRules', **args)
else: else:
args['ipaddressid'] = self.get_ip_address('id') args['ipaddressid'] = self.get_ip_address('id')
if not args['ipaddressid']: if not args['ipaddressid']:
self.module.fail_json(msg="missing required argument for type ingress: ip_address") self.module.fail_json(msg="missing required argument for type ingress: ip_address")
egress_cidrs = None
firewall_rules = self.query_api('listFirewallRules', **args) firewall_rules = self.query_api('listFirewallRules', **args)
if firewall_rules: if firewall_rules:
for rule in firewall_rules: for rule in firewall_rules:
type_match = self._type_cidrs_match(rule, cidrs) type_match = self._type_cidrs_match(rule, cidrs, egress_cidrs)
protocol_match = ( protocol_match = (
self._tcp_udp_match(rule, protocol, start_port, end_port) or self._tcp_udp_match(rule, protocol, start_port, end_port) or
@ -294,8 +302,11 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
icmp_type == rule['icmptype'] icmp_type == rule['icmptype']
) )
def _type_cidrs_match(self, rule, cidrs): def _type_cidrs_match(self, rule, cidrs, egress_cidrs):
return ",".join(cidrs) == rule['cidrlist'] if egress_cidrs is not None:
return ",".join(egress_cidrs) == rule['cidrlist'] or ",".join(cidrs) == rule['cidrlist']
else:
return ",".join(cidrs) == rule['cidrlist']
def create_firewall_rule(self): def create_firewall_rule(self):
firewall_rule = self.get_firewall_rule() firewall_rule = self.get_firewall_rule()

View file

@ -244,8 +244,8 @@
that: that:
- fw is successful - fw is successful
- fw is changed - fw is changed
- fw.cidr == "0.0.0.0/0" - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
- fw.cidrs == [ '0.0.0.0/0' ] - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
- fw.network == "{{ cs_firewall_network }}" - fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all" - fw.protocol == "all"
- fw.type == "egress" - fw.type == "egress"
@ -262,7 +262,8 @@
that: that:
- fw is successful - fw is successful
- fw is not changed - fw is not changed
- fw.cidr == "0.0.0.0/0" - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
- fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
- fw.network == "{{ cs_firewall_network }}" - fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all" - fw.protocol == "all"
- fw.type == "egress" - fw.type == "egress"
@ -404,8 +405,8 @@
that: that:
- fw is successful - fw is successful
- fw is changed - fw is changed
- fw.cidr == "0.0.0.0/0" - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
- fw.cidrs == [ '0.0.0.0/0' ] - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
- fw.network == "{{ cs_firewall_network }}" - fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all" - fw.protocol == "all"
- fw.type == "egress" - fw.type == "egress"
@ -423,8 +424,8 @@
that: that:
- fw is successful - fw is successful
- fw is changed - fw is changed
- fw.cidr == "0.0.0.0/0" - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
- fw.cidrs == [ '0.0.0.0/0' ] - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
- fw.network == "{{ cs_firewall_network }}" - fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all" - fw.protocol == "all"
- fw.type == "egress" - fw.type == "egress"