mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
ec2_group: add ports and multiple source lists (#19888).
This commit is contained in:
anryko
Brian Coca
parent
7d64ac95df
commit
bd05c653fd
1 changed files with 115 additions and 5 deletions
|
|
@ -135,8 +135,47 @@ EXAMPLES = '''
|
|||
group_name: example-other
|
||||
# description to use if example-other needs to be created
|
||||
group_desc: other example EC2 group
|
||||
|
||||
- name: example2 ec2 group
|
||||
ec2_group:
|
||||
name: example2
|
||||
description: an example2 EC2 group
|
||||
vpc_id: 12345
|
||||
region: eu-west-1a
|
||||
rules:
|
||||
# 'ports' rule keyword was introduced in version 2.3. It accepts a single port value or a list of values including ranges (from_port-to_port).
|
||||
- proto: tcp
|
||||
ports: 22
|
||||
group_name: example-vpn
|
||||
- proto: tcp
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
- 8080-8099
|
||||
cidr_ip: 0.0.0.0/0
|
||||
# Rule sources list support was added in version 2.3. This allows to define multiple sources per source type as well as multiple source types per rule.
|
||||
- proto: tcp
|
||||
ports:
|
||||
- 6379
|
||||
- 26379
|
||||
group_name:
|
||||
- example-vpn
|
||||
- example-redis
|
||||
- proto: tcp
|
||||
ports: 5665
|
||||
group_name: example-vpn
|
||||
cidr_ip:
|
||||
- 172.16.1.0/24
|
||||
- 172.16.17.0/24
|
||||
group_id:
|
||||
- sg-edcd9784
|
||||
'''
|
||||
|
||||
import re
|
||||
import time
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.ec2 import ec2_connect, ec2_argument_spec
|
||||
|
||||
try:
|
||||
import boto.ec2
|
||||
from boto.ec2.securitygroup import SecurityGroup
|
||||
|
|
@ -245,6 +284,80 @@ def get_target_from_rule(module, ec2, rule, name, group, groups, vpc_id):
|
|||
return group_id, ip, target_group_created
|
||||
|
||||
|
||||
def ports_expand(ports):
|
||||
# takes a list of ports and returns a list of (port_from, port_to)
|
||||
ports_expanded = []
|
||||
for port in ports:
|
||||
if not isinstance(port, str):
|
||||
ports_expanded.append((port,) * 2)
|
||||
elif '-' in port:
|
||||
ports_expanded.append(tuple(p.strip() for p in
|
||||
port.split('-', 1)))
|
||||
else:
|
||||
ports_expanded.append((port.strip(),) * 2)
|
||||
|
||||
return ports_expanded
|
||||
|
||||
|
||||
def rule_expand_ports(rule):
|
||||
# takes a rule dict and returns a list of expanded rule dicts
|
||||
if 'ports' not in rule:
|
||||
return [rule]
|
||||
|
||||
ports = rule['ports'] if isinstance(rule['ports'], list) else [rule['ports']]
|
||||
|
||||
rule_expanded = []
|
||||
for from_to in ports_expand(ports):
|
||||
temp_rule = rule.copy()
|
||||
del temp_rule['ports']
|
||||
temp_rule['from_port'], temp_rule['to_port'] = from_to
|
||||
rule_expanded.append(temp_rule)
|
||||
|
||||
return rule_expanded
|
||||
|
||||
|
||||
def rules_expand_ports(rules):
|
||||
# takes a list of rules and expands it based on 'ports'
|
||||
if not rules:
|
||||
return rules
|
||||
|
||||
return [rule for rule_complex in rules
|
||||
for rule in rule_expand_ports(rule_complex)]
|
||||
|
||||
|
||||
def rule_expand_source(rule, source_type):
|
||||
# takes a rule dict and returns a list of expanded rule dicts for specified source_type
|
||||
sources = rule[source_type] if isinstance(rule[source_type], list) else [rule[source_type]]
|
||||
source_types_all = ('cidr_ip', 'group_id', 'group_name')
|
||||
|
||||
rule_expanded = []
|
||||
for source in sources:
|
||||
temp_rule = rule.copy()
|
||||
for s in source_types_all:
|
||||
temp_rule.pop(s, None)
|
||||
temp_rule[source_type] = source
|
||||
rule_expanded.append(temp_rule)
|
||||
|
||||
return rule_expanded
|
||||
|
||||
|
||||
def rule_expand_sources(rule):
|
||||
# takes a rule dict and returns a list of expanded rule discts
|
||||
source_types = (stype for stype in ('cidr_ip', 'group_id', 'group_name') if stype in rule)
|
||||
|
||||
return [r for stype in source_types
|
||||
for r in rule_expand_source(rule, stype)]
|
||||
|
||||
|
||||
def rules_expand_sources(rules):
|
||||
# takes a list of rules and expands it based on 'cidr_ip', 'group_id', 'group_name'
|
||||
if not rules:
|
||||
return rules
|
||||
|
||||
return [rule for rule_complex in rules
|
||||
for rule in rule_expand_sources(rule_complex)]
|
||||
|
||||
|
||||
def main():
|
||||
argument_spec = ec2_argument_spec()
|
||||
argument_spec.update(dict(
|
||||
|
|
@ -270,8 +383,8 @@ def main():
|
|||
name = module.params['name']
|
||||
description = module.params['description']
|
||||
vpc_id = module.params['vpc_id']
|
||||
rules = module.params['rules']
|
||||
rules_egress = module.params['rules_egress']
|
||||
rules = rules_expand_sources(rules_expand_ports(module.params['rules']))
|
||||
rules_egress = rules_expand_sources(rules_expand_ports(module.params['rules_egress']))
|
||||
state = module.params.get('state')
|
||||
purge_rules = module.params['purge_rules']
|
||||
purge_rules_egress = module.params['purge_rules_egress']
|
||||
|
|
@ -484,9 +597,6 @@ def main():
|
|||
else:
|
||||
module.exit_json(changed=changed, group_id=None)
|
||||
|
||||
# import module snippets
|
||||
from ansible.module_utils.basic import *
|
||||
from ansible.module_utils.ec2 import *
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
|
|
|||
Loading…
Reference in a new issue