diff --git a/lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py b/lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py index 943cacef2d..0477ed5458 100644 --- a/lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py +++ b/lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py @@ -29,76 +29,59 @@ options: state: description: - State of the security group rule. - required: false - default: 'present' - choices: [ 'present', 'absent' ] + default: present + choices: [ present, absent ] protocol: description: - Protocol of the security group rule. - required: false - default: 'tcp' - choices: [ 'tcp', 'udp', 'icmp', 'ah', 'esp', 'gre' ] + default: tcp + choices: [ tcp, udp, icmp, ah, esp, gre ] type: description: - Ingress or egress security group rule. - required: false - default: 'ingress' - choices: [ 'ingress', 'egress' ] + default: ingress + choices: [ ingress, egress ] cidr: description: - CIDR (full notation) to be used for security group rule. - required: false default: '0.0.0.0/0' user_security_group: description: - Security group this rule is based of. - required: false - default: null start_port: description: - Start port for this rule. Required if C(protocol=tcp) or C(protocol=udp). - required: false - default: null - aliases: [ 'port' ] + aliases: [ port ] end_port: description: - End port for this rule. Required if C(protocol=tcp) or C(protocol=udp), but C(start_port) will be used if not set. - required: false - default: null icmp_type: description: - Type of the icmp message being sent. Required if C(protocol=icmp). - required: false - default: null icmp_code: description: - Error code for this icmp message. Required if C(protocol=icmp). - required: false - default: null project: description: - Name of the project the security group to be created in. - required: false - default: null poll_async: description: - Poll async jobs until job has finished. - required: false default: true extends_documentation_fragment: cloudstack ''' EXAMPLES = ''' --- -# Allow inbound port 80/tcp from 1.2.3.4 added to security group 'default' -- local_action: +- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default' + local_action: module: cs_securitygroup_rule security_group: default port: 80 cidr: 1.2.3.4/32 -# Allow tcp/udp outbound added to security group 'default' -- local_action: +- name: allow tcp/udp outbound added to security group 'default' + local_action: module: cs_securitygroup_rule security_group: default type: egress @@ -109,23 +92,23 @@ EXAMPLES = ''' - tcp - udp -# Allow inbound icmp from 0.0.0.0/0 added to security group 'default' -- local_action: +- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default' + local_action: module: cs_securitygroup_rule security_group: default protocol: icmp icmp_code: -1 icmp_type: -1 -# Remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default' -- local_action: +- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default' + local_action: module: cs_securitygroup_rule security_group: default port: 80 state: absent -# Allow inbound port 80/tcp from security group web added to security group 'default' -- local_action: +- name: allow inbound port 80/tcp from security group web added to security group 'default' + local_action: module: cs_securitygroup_rule security_group: default port: 80 @@ -176,11 +159,6 @@ end_port: sample: 80 ''' -try: - from cs import CloudStackException -except ImportError: - pass # Handled in AnsibleCloudStack.__init__ - from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.cloudstack import AnsibleCloudStack, cs_argument_spec, cs_required_together @@ -190,54 +168,48 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack): def __init__(self, module): super(AnsibleCloudStackSecurityGroupRule, self).__init__(module) self.returns = { - 'icmptype': 'icmp_type', - 'icmpcode': 'icmp_code', - 'endport': 'end_port', - 'startport': 'start_port', - 'protocol': 'protocol', - 'cidr': 'cidr', - 'securitygroupname': 'user_security_group', + 'icmptype': 'icmp_type', + 'icmpcode': 'icmp_code', + 'endport': 'end_port', + 'startport': 'start_port', + 'protocol': 'protocol', + 'cidr': 'cidr', + 'securitygroupname': 'user_security_group', } - def _tcp_udp_match(self, rule, protocol, start_port, end_port): - return protocol in ['tcp', 'udp'] \ - and protocol == rule['protocol'] \ - and start_port == int(rule['startport']) \ - and end_port == int(rule['endport']) - + return (protocol in ['tcp', 'udp'] and + protocol == rule['protocol'] and + start_port == int(rule['startport']) and + end_port == int(rule['endport'])) def _icmp_match(self, rule, protocol, icmp_code, icmp_type): - return protocol == 'icmp' \ - and protocol == rule['protocol'] \ - and icmp_code == int(rule['icmpcode']) \ - and icmp_type == int(rule['icmptype']) - + return (protocol == 'icmp' and + protocol == rule['protocol'] and + icmp_code == int(rule['icmpcode']) and + icmp_type == int(rule['icmptype'])) def _ah_esp_gre_match(self, rule, protocol): - return protocol in ['ah', 'esp', 'gre'] \ - and protocol == rule['protocol'] - + return (protocol in ['ah', 'esp', 'gre'] and + protocol == rule['protocol']) def _type_security_group_match(self, rule, security_group_name): - return security_group_name \ - and 'securitygroupname' in rule \ - and security_group_name == rule['securitygroupname'] - + return (security_group_name and + 'securitygroupname' in rule and + security_group_name == rule['securitygroupname']) def _type_cidr_match(self, rule, cidr): - return 'cidr' in rule \ - and cidr == rule['cidr'] - + return ('cidr' in rule and + cidr == rule['cidr']) def _get_rule(self, rules): user_security_group_name = self.module.params.get('user_security_group') - cidr = self.module.params.get('cidr') - protocol = self.module.params.get('protocol') - start_port = self.module.params.get('start_port') - end_port = self.get_or_fallback('end_port', 'start_port') - icmp_code = self.module.params.get('icmp_code') - icmp_type = self.module.params.get('icmp_type') + cidr = self.module.params.get('cidr') + protocol = self.module.params.get('protocol') + start_port = self.module.params.get('start_port') + end_port = self.get_or_fallback('end_port', 'start_port') + icmp_code = self.module.params.get('icmp_code') + icmp_type = self.module.params.get('icmp_type') if protocol in ['tcp', 'udp'] and (start_port is None or end_port is None): self.module.fail_json(msg="no start_port or end_port set for protocol '%s'" % protocol) @@ -251,28 +223,26 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack): else: type_match = self._type_cidr_match(rule, cidr) - protocol_match = ( self._tcp_udp_match(rule, protocol, start_port, end_port) \ - or self._icmp_match(rule, protocol, icmp_code, icmp_type) \ - or self._ah_esp_gre_match(rule, protocol) - ) + protocol_match = (self._tcp_udp_match(rule, protocol, start_port, end_port) or + self._icmp_match(rule, protocol, icmp_code, icmp_type) or + self._ah_esp_gre_match(rule, protocol)) if type_match and protocol_match: return rule return None - def get_security_group(self, security_group_name=None): if not security_group_name: security_group_name = self.module.params.get('security_group') - args = {} - args['securitygroupname'] = security_group_name - args['projectid'] = self.get_project('id') - sgs = self.cs.listSecurityGroups(**args) + args = { + 'securitygroupname': security_group_name, + 'projectid': self.get_project('id'), + } + sgs = self.query_api('listSecurityGroups', **args) if not sgs or 'securitygroup' not in sgs: self.module.fail_json(msg="security group '%s' not found" % security_group_name) return sgs['securitygroup'][0] - def add_rule(self): security_group = self.get_security_group() @@ -291,16 +261,16 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack): else: args['cidrlist'] = self.module.params.get('cidr') - args['protocol'] = self.module.params.get('protocol') - args['startport'] = self.module.params.get('start_port') - args['endport'] = self.get_or_fallback('end_port', 'start_port') - args['icmptype'] = self.module.params.get('icmp_type') - args['icmpcode'] = self.module.params.get('icmp_code') - args['projectid'] = self.get_project('id') + args['protocol'] = self.module.params.get('protocol') + args['startport'] = self.module.params.get('start_port') + args['endport'] = self.get_or_fallback('end_port', 'start_port') + args['icmptype'] = self.module.params.get('icmp_type') + args['icmpcode'] = self.module.params.get('icmp_code') + args['projectid'] = self.get_project('id') args['securitygroupid'] = security_group['id'] rule = None - res = None + res = None sg_type = self.module.params.get('type') if sg_type == 'ingress': if 'ingressrule' in security_group: @@ -308,7 +278,7 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack): if not rule: self.result['changed'] = True if not self.module.check_mode: - res = self.cs.authorizeSecurityGroupIngress(**args) + res = self.query_api('authorizeSecurityGroupIngress', **args) elif sg_type == 'egress': if 'egressrule' in security_group: @@ -316,48 +286,40 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack): if not rule: self.result['changed'] = True if not self.module.check_mode: - res = self.cs.authorizeSecurityGroupEgress(**args) - - if res and 'errortext' in res: - self.module.fail_json(msg="Failed: '%s'" % res['errortext']) + res = self.query_api('authorizeSecurityGroupEgress', **args) poll_async = self.module.params.get('poll_async') if res and poll_async: security_group = self.poll_job(res, 'securitygroup') - key = sg_type + "rule" # ingressrule / egressrule + key = sg_type + "rule" # ingressrule / egressrule if key in security_group: rule = security_group[key][0] return rule - def remove_rule(self): security_group = self.get_security_group() rule = None - res = None + res = None sg_type = self.module.params.get('type') if sg_type == 'ingress': rule = self._get_rule(security_group['ingressrule']) if rule: self.result['changed'] = True if not self.module.check_mode: - res = self.cs.revokeSecurityGroupIngress(id=rule['ruleid']) + res = self.query_api('revokeSecurityGroupIngress', id=rule['ruleid']) elif sg_type == 'egress': rule = self._get_rule(security_group['egressrule']) if rule: self.result['changed'] = True if not self.module.check_mode: - res = self.cs.revokeSecurityGroupEgress(id=rule['ruleid']) - - if res and 'errortext' in res: - self.module.fail_json(msg="Failed: '%s'" % res['errortext']) + res = self.query_api('revokeSecurityGroupEgress', id=rule['ruleid']) poll_async = self.module.params.get('poll_async') if res and poll_async: res = self.poll_job(res, 'securitygroup') return rule - def get_result(self, security_group_rule): super(AnsibleCloudStackSecurityGroupRule, self).get_result(security_group_rule) self.result['type'] = self.module.params.get('type') @@ -368,18 +330,18 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack): def main(): argument_spec = cs_argument_spec() argument_spec.update(dict( - security_group = dict(required=True), - type = dict(choices=['ingress', 'egress'], default='ingress'), - cidr = dict(default='0.0.0.0/0'), - user_security_group = dict(default=None), - protocol = dict(choices=['tcp', 'udp', 'icmp', 'ah', 'esp', 'gre'], default='tcp'), - icmp_type = dict(type='int', default=None), - icmp_code = dict(type='int', default=None), - start_port = dict(type='int', default=None, aliases=['port']), - end_port = dict(type='int', default=None), - state = dict(choices=['present', 'absent'], default='present'), - project = dict(default=None), - poll_async = dict(type='bool', default=True), + security_group=dict(required=True), + type=dict(choices=['ingress', 'egress'], default='ingress'), + cidr=dict(default='0.0.0.0/0'), + user_security_group=dict(), + protocol=dict(choices=['tcp', 'udp', 'icmp', 'ah', 'esp', 'gre'], default='tcp'), + icmp_type=dict(type='int'), + icmp_code=dict(type='int'), + start_port=dict(type='int', aliases=['port']), + end_port=dict(type='int'), + state=dict(choices=['present', 'absent'], default='present'), + project=dict(), + poll_async=dict(type='bool', default=True), )) required_together = cs_required_together() required_together.extend([ @@ -389,7 +351,7 @@ def main(): module = AnsibleModule( argument_spec=argument_spec, required_together=required_together, - mutually_exclusive = ( + mutually_exclusive=( ['icmp_type', 'start_port'], ['icmp_type', 'end_port'], ['icmp_code', 'start_port'], @@ -398,20 +360,15 @@ def main(): supports_check_mode=True ) - try: - acs_sg_rule = AnsibleCloudStackSecurityGroupRule(module) + acs_sg_rule = AnsibleCloudStackSecurityGroupRule(module) - state = module.params.get('state') - if state in ['absent']: - sg_rule = acs_sg_rule.remove_rule() - else: - sg_rule = acs_sg_rule.add_rule() - - result = acs_sg_rule.get_result(sg_rule) - - except CloudStackException as e: - module.fail_json(msg='CloudStackException: %s' % str(e)) + state = module.params.get('state') + if state in ['absent']: + sg_rule = acs_sg_rule.remove_rule() + else: + sg_rule = acs_sg_rule.add_rule() + result = acs_sg_rule.get_result(sg_rule) module.exit_json(**result) diff --git a/test/sanity/pep8/legacy-files.txt b/test/sanity/pep8/legacy-files.txt index 12470a0a2b..f46595dfab 100644 --- a/test/sanity/pep8/legacy-files.txt +++ b/test/sanity/pep8/legacy-files.txt @@ -68,7 +68,6 @@ lib/ansible/modules/cloud/cloudstack/cs_instance.py lib/ansible/modules/cloud/cloudstack/cs_instance_facts.py lib/ansible/modules/cloud/cloudstack/_cs_nic.py lib/ansible/modules/cloud/cloudstack/cs_portforward.py -lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py lib/ansible/modules/cloud/docker/_docker.py lib/ansible/modules/cloud/docker/docker_container.py lib/ansible/modules/cloud/docker/docker_image.py