ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

cs_securitygroup_rule: remove CloudStackException dependency (#31603)

Browse source 
- fixes pep8
- fixes docs
This commit is contained in:
René Moser 2017-10-11 22:23:00 +02:00 committed by GitHub
parent af6e89fbc8
commit c1121dd5fb
2 changed files with 86 additions and 130 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

215
lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py
View file

@ -29,76 +29,59 @@ options:
state: state:
description: description:
- State of the security group rule. - State of the security group rule.
required: false default: present
default: 'present' choices: [ present, absent ]
choices: [ 'present', 'absent' ]
protocol: protocol:
description: description:
- Protocol of the security group rule. - Protocol of the security group rule.
required: false default: tcp
default: 'tcp' choices: [ tcp, udp, icmp, ah, esp, gre ]
choices: [ 'tcp', 'udp', 'icmp', 'ah', 'esp', 'gre' ]
type: type:
description: description:
- Ingress or egress security group rule. - Ingress or egress security group rule.
required: false default: ingress
default: 'ingress' choices: [ ingress, egress ]
choices: [ 'ingress', 'egress' ]
cidr: cidr:
description: description:
- CIDR (full notation) to be used for security group rule. - CIDR (full notation) to be used for security group rule.
required: false
default: '0.0.0.0/0' default: '0.0.0.0/0'
user_security_group: user_security_group:
description: description:
- Security group this rule is based of. - Security group this rule is based of.
required: false
default: null
start_port: start_port:
description: description:
- Start port for this rule. Required if C(protocol=tcp) or C(protocol=udp). - Start port for this rule. Required if C(protocol=tcp) or C(protocol=udp).
required: false aliases: [ port ]
default: null
aliases: [ 'port' ]
end_port: end_port:
description: description:
- End port for this rule. Required if C(protocol=tcp) or C(protocol=udp), but C(start_port) will be used if not set. - End port for this rule. Required if C(protocol=tcp) or C(protocol=udp), but C(start_port) will be used if not set.
required: false
default: null
icmp_type: icmp_type:
description: description:
- Type of the icmp message being sent. Required if C(protocol=icmp). - Type of the icmp message being sent. Required if C(protocol=icmp).
required: false
default: null
icmp_code: icmp_code:
description: description:
- Error code for this icmp message. Required if C(protocol=icmp). - Error code for this icmp message. Required if C(protocol=icmp).
required: false
default: null
project: project:
description: description:
- Name of the project the security group to be created in. - Name of the project the security group to be created in.
required: false
default: null
poll_async: poll_async:
description: description:
- Poll async jobs until job has finished. - Poll async jobs until job has finished.
required: false
default: true default: true
extends_documentation_fragment: cloudstack extends_documentation_fragment: cloudstack
''' '''
EXAMPLES = ''' EXAMPLES = '''
--- ---
# Allow inbound port 80/tcp from 1.2.3.4 added to security group 'default' - name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
- local_action: local_action:
module: cs_securitygroup_rule module: cs_securitygroup_rule
security_group: default security_group: default
port: 80 port: 80
cidr: 1.2.3.4/32 cidr: 1.2.3.4/32
# Allow tcp/udp outbound added to security group 'default' - name: allow tcp/udp outbound added to security group 'default'
- local_action: local_action:
module: cs_securitygroup_rule module: cs_securitygroup_rule
security_group: default security_group: default
type: egress type: egress
@ -109,23 +92,23 @@ EXAMPLES = '''
- tcp - tcp
- udp - udp
# Allow inbound icmp from 0.0.0.0/0 added to security group 'default' - name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
- local_action: local_action:
module: cs_securitygroup_rule module: cs_securitygroup_rule
security_group: default security_group: default
protocol: icmp protocol: icmp
icmp_code: -1 icmp_code: -1
icmp_type: -1 icmp_type: -1
# Remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default' - name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
- local_action: local_action:
module: cs_securitygroup_rule module: cs_securitygroup_rule
security_group: default security_group: default
port: 80 port: 80
state: absent state: absent
# Allow inbound port 80/tcp from security group web added to security group 'default' - name: allow inbound port 80/tcp from security group web added to security group 'default'
- local_action: local_action:
module: cs_securitygroup_rule module: cs_securitygroup_rule
security_group: default security_group: default
port: 80 port: 80
@ -176,11 +159,6 @@ end_port:
sample: 80 sample: 80
''' '''
try:
from cs import CloudStackException
except ImportError:
pass # Handled in AnsibleCloudStack.__init__
from ansible.module_utils.basic import AnsibleModule from ansible.module_utils.basic import AnsibleModule
from ansible.module_utils.cloudstack import AnsibleCloudStack, cs_argument_spec, cs_required_together from ansible.module_utils.cloudstack import AnsibleCloudStack, cs_argument_spec, cs_required_together
@ -190,54 +168,48 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
def __init__(self, module): def __init__(self, module):
super(AnsibleCloudStackSecurityGroupRule, self).__init__(module) super(AnsibleCloudStackSecurityGroupRule, self).__init__(module)
self.returns = { self.returns = {
'icmptype': 'icmp_type', 'icmptype': 'icmp_type',
'icmpcode': 'icmp_code', 'icmpcode': 'icmp_code',
'endport': 'end_port', 'endport': 'end_port',
'startport': 'start_port', 'startport': 'start_port',
'protocol': 'protocol', 'protocol': 'protocol',
'cidr': 'cidr', 'cidr': 'cidr',
'securitygroupname': 'user_security_group', 'securitygroupname': 'user_security_group',
} }
def _tcp_udp_match(self, rule, protocol, start_port, end_port): def _tcp_udp_match(self, rule, protocol, start_port, end_port):
return protocol in ['tcp', 'udp'] \ return (protocol in ['tcp', 'udp'] and
and protocol == rule['protocol'] \ protocol == rule['protocol'] and
and start_port == int(rule['startport']) \ start_port == int(rule['startport']) and
and end_port == int(rule['endport']) end_port == int(rule['endport']))
def _icmp_match(self, rule, protocol, icmp_code, icmp_type): def _icmp_match(self, rule, protocol, icmp_code, icmp_type):
return protocol == 'icmp' \ return (protocol == 'icmp' and
and protocol == rule['protocol'] \ protocol == rule['protocol'] and
and icmp_code == int(rule['icmpcode']) \ icmp_code == int(rule['icmpcode']) and
and icmp_type == int(rule['icmptype']) icmp_type == int(rule['icmptype']))
def _ah_esp_gre_match(self, rule, protocol): def _ah_esp_gre_match(self, rule, protocol):
return protocol in ['ah', 'esp', 'gre'] \ return (protocol in ['ah', 'esp', 'gre'] and
and protocol == rule['protocol'] protocol == rule['protocol'])
def _type_security_group_match(self, rule, security_group_name): def _type_security_group_match(self, rule, security_group_name):
return security_group_name \ return (security_group_name and
and 'securitygroupname' in rule \ 'securitygroupname' in rule and
and security_group_name == rule['securitygroupname'] security_group_name == rule['securitygroupname'])
def _type_cidr_match(self, rule, cidr): def _type_cidr_match(self, rule, cidr):
return 'cidr' in rule \ return ('cidr' in rule and
and cidr == rule['cidr'] cidr == rule['cidr'])
def _get_rule(self, rules): def _get_rule(self, rules):
user_security_group_name = self.module.params.get('user_security_group') user_security_group_name = self.module.params.get('user_security_group')
cidr = self.module.params.get('cidr') cidr = self.module.params.get('cidr')
protocol = self.module.params.get('protocol') protocol = self.module.params.get('protocol')
start_port = self.module.params.get('start_port') start_port = self.module.params.get('start_port')
end_port = self.get_or_fallback('end_port', 'start_port') end_port = self.get_or_fallback('end_port', 'start_port')
icmp_code = self.module.params.get('icmp_code') icmp_code = self.module.params.get('icmp_code')
icmp_type = self.module.params.get('icmp_type') icmp_type = self.module.params.get('icmp_type')
if protocol in ['tcp', 'udp'] and (start_port is None or end_port is None): if protocol in ['tcp', 'udp'] and (start_port is None or end_port is None):
self.module.fail_json(msg="no start_port or end_port set for protocol '%s'" % protocol) self.module.fail_json(msg="no start_port or end_port set for protocol '%s'" % protocol)
@ -251,28 +223,26 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
else: else:
type_match = self._type_cidr_match(rule, cidr) type_match = self._type_cidr_match(rule, cidr)
protocol_match = ( self._tcp_udp_match(rule, protocol, start_port, end_port) \ protocol_match = (self._tcp_udp_match(rule, protocol, start_port, end_port) or
or self._icmp_match(rule, protocol, icmp_code, icmp_type) \ self._icmp_match(rule, protocol, icmp_code, icmp_type) or
or self._ah_esp_gre_match(rule, protocol) self._ah_esp_gre_match(rule, protocol))
)
if type_match and protocol_match: if type_match and protocol_match:
return rule return rule
return None return None
def get_security_group(self, security_group_name=None): def get_security_group(self, security_group_name=None):
if not security_group_name: if not security_group_name:
security_group_name = self.module.params.get('security_group') security_group_name = self.module.params.get('security_group')
args = {} args = {
args['securitygroupname'] = security_group_name 'securitygroupname': security_group_name,
args['projectid'] = self.get_project('id') 'projectid': self.get_project('id'),
sgs = self.cs.listSecurityGroups(**args) }
sgs = self.query_api('listSecurityGroups', **args)
if not sgs or 'securitygroup' not in sgs: if not sgs or 'securitygroup' not in sgs:
self.module.fail_json(msg="security group '%s' not found" % security_group_name) self.module.fail_json(msg="security group '%s' not found" % security_group_name)
return sgs['securitygroup'][0] return sgs['securitygroup'][0]
def add_rule(self): def add_rule(self):
security_group = self.get_security_group() security_group = self.get_security_group()
@ -291,16 +261,16 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
else: else:
args['cidrlist'] = self.module.params.get('cidr') args['cidrlist'] = self.module.params.get('cidr')
args['protocol'] = self.module.params.get('protocol') args['protocol'] = self.module.params.get('protocol')
args['startport'] = self.module.params.get('start_port') args['startport'] = self.module.params.get('start_port')
args['endport'] = self.get_or_fallback('end_port', 'start_port') args['endport'] = self.get_or_fallback('end_port', 'start_port')
args['icmptype'] = self.module.params.get('icmp_type') args['icmptype'] = self.module.params.get('icmp_type')
args['icmpcode'] = self.module.params.get('icmp_code') args['icmpcode'] = self.module.params.get('icmp_code')
args['projectid'] = self.get_project('id') args['projectid'] = self.get_project('id')
args['securitygroupid'] = security_group['id'] args['securitygroupid'] = security_group['id']
rule = None rule = None
res = None res = None
sg_type = self.module.params.get('type') sg_type = self.module.params.get('type')
if sg_type == 'ingress': if sg_type == 'ingress':
if 'ingressrule' in security_group: if 'ingressrule' in security_group:
@ -308,7 +278,7 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
if not rule: if not rule:
self.result['changed'] = True self.result['changed'] = True
if not self.module.check_mode: if not self.module.check_mode:
res = self.cs.authorizeSecurityGroupIngress(**args) res = self.query_api('authorizeSecurityGroupIngress', **args)
elif sg_type == 'egress': elif sg_type == 'egress':
if 'egressrule' in security_group: if 'egressrule' in security_group:
@ -316,48 +286,40 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
if not rule: if not rule:
self.result['changed'] = True self.result['changed'] = True
if not self.module.check_mode: if not self.module.check_mode:
res = self.cs.authorizeSecurityGroupEgress(**args) res = self.query_api('authorizeSecurityGroupEgress', **args)
if res and 'errortext' in res:
self.module.fail_json(msg="Failed: '%s'" % res['errortext'])
poll_async = self.module.params.get('poll_async') poll_async = self.module.params.get('poll_async')
if res and poll_async: if res and poll_async:
security_group = self.poll_job(res, 'securitygroup') security_group = self.poll_job(res, 'securitygroup')
key = sg_type + "rule" # ingressrule / egressrule key = sg_type + "rule" # ingressrule / egressrule
if key in security_group: if key in security_group:
rule = security_group[key][0] rule = security_group[key][0]
return rule return rule
def remove_rule(self): def remove_rule(self):
security_group = self.get_security_group() security_group = self.get_security_group()
rule = None rule = None
res = None res = None
sg_type = self.module.params.get('type') sg_type = self.module.params.get('type')
if sg_type == 'ingress': if sg_type == 'ingress':
rule = self._get_rule(security_group['ingressrule']) rule = self._get_rule(security_group['ingressrule'])
if rule: if rule:
self.result['changed'] = True self.result['changed'] = True
if not self.module.check_mode: if not self.module.check_mode:
res = self.cs.revokeSecurityGroupIngress(id=rule['ruleid']) res = self.query_api('revokeSecurityGroupIngress', id=rule['ruleid'])
elif sg_type == 'egress': elif sg_type == 'egress':
rule = self._get_rule(security_group['egressrule']) rule = self._get_rule(security_group['egressrule'])
if rule: if rule:
self.result['changed'] = True self.result['changed'] = True
if not self.module.check_mode: if not self.module.check_mode:
res = self.cs.revokeSecurityGroupEgress(id=rule['ruleid']) res = self.query_api('revokeSecurityGroupEgress', id=rule['ruleid'])
if res and 'errortext' in res:
self.module.fail_json(msg="Failed: '%s'" % res['errortext'])
poll_async = self.module.params.get('poll_async') poll_async = self.module.params.get('poll_async')
if res and poll_async: if res and poll_async:
res = self.poll_job(res, 'securitygroup') res = self.poll_job(res, 'securitygroup')
return rule return rule
def get_result(self, security_group_rule): def get_result(self, security_group_rule):
super(AnsibleCloudStackSecurityGroupRule, self).get_result(security_group_rule) super(AnsibleCloudStackSecurityGroupRule, self).get_result(security_group_rule)
self.result['type'] = self.module.params.get('type') self.result['type'] = self.module.params.get('type')
@ -368,18 +330,18 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
def main(): def main():
argument_spec = cs_argument_spec() argument_spec = cs_argument_spec()
argument_spec.update(dict( argument_spec.update(dict(
security_group = dict(required=True), security_group=dict(required=True),
type = dict(choices=['ingress', 'egress'], default='ingress'), type=dict(choices=['ingress', 'egress'], default='ingress'),
cidr = dict(default='0.0.0.0/0'), cidr=dict(default='0.0.0.0/0'),
user_security_group = dict(default=None), user_security_group=dict(),
protocol = dict(choices=['tcp', 'udp', 'icmp', 'ah', 'esp', 'gre'], default='tcp'), protocol=dict(choices=['tcp', 'udp', 'icmp', 'ah', 'esp', 'gre'], default='tcp'),
icmp_type = dict(type='int', default=None), icmp_type=dict(type='int'),
icmp_code = dict(type='int', default=None), icmp_code=dict(type='int'),
start_port = dict(type='int', default=None, aliases=['port']), start_port=dict(type='int', aliases=['port']),
end_port = dict(type='int', default=None), end_port=dict(type='int'),
state = dict(choices=['present', 'absent'], default='present'), state=dict(choices=['present', 'absent'], default='present'),
project = dict(default=None), project=dict(),
poll_async = dict(type='bool', default=True), poll_async=dict(type='bool', default=True),
)) ))
required_together = cs_required_together() required_together = cs_required_together()
required_together.extend([ required_together.extend([
@ -389,7 +351,7 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
required_together=required_together, required_together=required_together,
mutually_exclusive = ( mutually_exclusive=(
['icmp_type', 'start_port'], ['icmp_type', 'start_port'],
['icmp_type', 'end_port'], ['icmp_type', 'end_port'],
['icmp_code', 'start_port'], ['icmp_code', 'start_port'],
@ -398,20 +360,15 @@ def main():
supports_check_mode=True supports_check_mode=True
) )
try: acs_sg_rule = AnsibleCloudStackSecurityGroupRule(module)
acs_sg_rule = AnsibleCloudStackSecurityGroupRule(module)
state = module.params.get('state') state = module.params.get('state')
if state in ['absent']: if state in ['absent']:
sg_rule = acs_sg_rule.remove_rule() sg_rule = acs_sg_rule.remove_rule()
else: else:
sg_rule = acs_sg_rule.add_rule() sg_rule = acs_sg_rule.add_rule()
result = acs_sg_rule.get_result(sg_rule)
except CloudStackException as e:
module.fail_json(msg='CloudStackException: %s' % str(e))
result = acs_sg_rule.get_result(sg_rule)
module.exit_json(**result) module.exit_json(**result)

1
test/sanity/pep8/legacy-files.txt
View file

@ -68,7 +68,6 @@ lib/ansible/modules/cloud/cloudstack/cs_instance.py
lib/ansible/modules/cloud/cloudstack/cs_instance_facts.py lib/ansible/modules/cloud/cloudstack/cs_instance_facts.py
lib/ansible/modules/cloud/cloudstack/_cs_nic.py lib/ansible/modules/cloud/cloudstack/_cs_nic.py
lib/ansible/modules/cloud/cloudstack/cs_portforward.py lib/ansible/modules/cloud/cloudstack/cs_portforward.py
lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py
lib/ansible/modules/cloud/docker/_docker.py lib/ansible/modules/cloud/docker/_docker.py
lib/ansible/modules/cloud/docker/docker_container.py lib/ansible/modules/cloud/docker/docker_container.py
lib/ansible/modules/cloud/docker/docker_image.py lib/ansible/modules/cloud/docker/docker_image.py