mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
cs_firewall: fix idempotence and tests for cloudstack v4.11 (#42458)
This commit is contained in:
parent
07adeff665
commit
0e6628395a
2 changed files with 22 additions and 10 deletions
|
@ -249,16 +249,24 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
|||
args['networkid'] = self.get_network(key='id')
|
||||
if not args['networkid']:
|
||||
self.module.fail_json(msg="missing required argument for type egress: network")
|
||||
|
||||
# CloudStack 4.11 use the network cidr for 0.0.0.0/0 in egress
|
||||
# That is why we need to replace it.
|
||||
network_cidr = self.get_network(key='cidr')
|
||||
egress_cidrs = [network_cidr if cidr == '0.0.0.0/0' else cidr for cidr in cidrs]
|
||||
|
||||
firewall_rules = self.query_api('listEgressFirewallRules', **args)
|
||||
else:
|
||||
args['ipaddressid'] = self.get_ip_address('id')
|
||||
if not args['ipaddressid']:
|
||||
self.module.fail_json(msg="missing required argument for type ingress: ip_address")
|
||||
egress_cidrs = None
|
||||
|
||||
firewall_rules = self.query_api('listFirewallRules', **args)
|
||||
|
||||
if firewall_rules:
|
||||
for rule in firewall_rules:
|
||||
type_match = self._type_cidrs_match(rule, cidrs)
|
||||
type_match = self._type_cidrs_match(rule, cidrs, egress_cidrs)
|
||||
|
||||
protocol_match = (
|
||||
self._tcp_udp_match(rule, protocol, start_port, end_port) or
|
||||
|
@ -294,7 +302,10 @@ class AnsibleCloudStackFirewall(AnsibleCloudStack):
|
|||
icmp_type == rule['icmptype']
|
||||
)
|
||||
|
||||
def _type_cidrs_match(self, rule, cidrs):
|
||||
def _type_cidrs_match(self, rule, cidrs, egress_cidrs):
|
||||
if egress_cidrs is not None:
|
||||
return ",".join(egress_cidrs) == rule['cidrlist'] or ",".join(cidrs) == rule['cidrlist']
|
||||
else:
|
||||
return ",".join(cidrs) == rule['cidrlist']
|
||||
|
||||
def create_firewall_rule(self):
|
||||
|
|
|
@ -244,8 +244,8 @@
|
|||
that:
|
||||
- fw is successful
|
||||
- fw is changed
|
||||
- fw.cidr == "0.0.0.0/0"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ]
|
||||
- fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
|
||||
- fw.network == "{{ cs_firewall_network }}"
|
||||
- fw.protocol == "all"
|
||||
- fw.type == "egress"
|
||||
|
@ -262,7 +262,8 @@
|
|||
that:
|
||||
- fw is successful
|
||||
- fw is not changed
|
||||
- fw.cidr == "0.0.0.0/0"
|
||||
- fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
|
||||
- fw.network == "{{ cs_firewall_network }}"
|
||||
- fw.protocol == "all"
|
||||
- fw.type == "egress"
|
||||
|
@ -404,8 +405,8 @@
|
|||
that:
|
||||
- fw is successful
|
||||
- fw is changed
|
||||
- fw.cidr == "0.0.0.0/0"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ]
|
||||
- fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
|
||||
- fw.network == "{{ cs_firewall_network }}"
|
||||
- fw.protocol == "all"
|
||||
- fw.type == "egress"
|
||||
|
@ -423,8 +424,8 @@
|
|||
that:
|
||||
- fw is successful
|
||||
- fw is changed
|
||||
- fw.cidr == "0.0.0.0/0"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ]
|
||||
- fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24"
|
||||
- fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ]
|
||||
- fw.network == "{{ cs_firewall_network }}"
|
||||
- fw.protocol == "all"
|
||||
- fw.type == "egress"
|
||||
|
|
Loading…
Reference in a new issue