mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
cs_securitygroup_rule: remove CloudStackException dependency (#31603)
- fixes pep8 - fixes docs
This commit is contained in:
parent
af6e89fbc8
commit
c1121dd5fb
2 changed files with 86 additions and 130 deletions
|
@ -29,76 +29,59 @@ options:
|
|||
state:
|
||||
description:
|
||||
- State of the security group rule.
|
||||
required: false
|
||||
default: 'present'
|
||||
choices: [ 'present', 'absent' ]
|
||||
default: present
|
||||
choices: [ present, absent ]
|
||||
protocol:
|
||||
description:
|
||||
- Protocol of the security group rule.
|
||||
required: false
|
||||
default: 'tcp'
|
||||
choices: [ 'tcp', 'udp', 'icmp', 'ah', 'esp', 'gre' ]
|
||||
default: tcp
|
||||
choices: [ tcp, udp, icmp, ah, esp, gre ]
|
||||
type:
|
||||
description:
|
||||
- Ingress or egress security group rule.
|
||||
required: false
|
||||
default: 'ingress'
|
||||
choices: [ 'ingress', 'egress' ]
|
||||
default: ingress
|
||||
choices: [ ingress, egress ]
|
||||
cidr:
|
||||
description:
|
||||
- CIDR (full notation) to be used for security group rule.
|
||||
required: false
|
||||
default: '0.0.0.0/0'
|
||||
user_security_group:
|
||||
description:
|
||||
- Security group this rule is based of.
|
||||
required: false
|
||||
default: null
|
||||
start_port:
|
||||
description:
|
||||
- Start port for this rule. Required if C(protocol=tcp) or C(protocol=udp).
|
||||
required: false
|
||||
default: null
|
||||
aliases: [ 'port' ]
|
||||
aliases: [ port ]
|
||||
end_port:
|
||||
description:
|
||||
- End port for this rule. Required if C(protocol=tcp) or C(protocol=udp), but C(start_port) will be used if not set.
|
||||
required: false
|
||||
default: null
|
||||
icmp_type:
|
||||
description:
|
||||
- Type of the icmp message being sent. Required if C(protocol=icmp).
|
||||
required: false
|
||||
default: null
|
||||
icmp_code:
|
||||
description:
|
||||
- Error code for this icmp message. Required if C(protocol=icmp).
|
||||
required: false
|
||||
default: null
|
||||
project:
|
||||
description:
|
||||
- Name of the project the security group to be created in.
|
||||
required: false
|
||||
default: null
|
||||
poll_async:
|
||||
description:
|
||||
- Poll async jobs until job has finished.
|
||||
required: false
|
||||
default: true
|
||||
extends_documentation_fragment: cloudstack
|
||||
'''
|
||||
|
||||
EXAMPLES = '''
|
||||
---
|
||||
# Allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
|
||||
- local_action:
|
||||
- name: allow inbound port 80/tcp from 1.2.3.4 added to security group 'default'
|
||||
local_action:
|
||||
module: cs_securitygroup_rule
|
||||
security_group: default
|
||||
port: 80
|
||||
cidr: 1.2.3.4/32
|
||||
|
||||
# Allow tcp/udp outbound added to security group 'default'
|
||||
- local_action:
|
||||
- name: allow tcp/udp outbound added to security group 'default'
|
||||
local_action:
|
||||
module: cs_securitygroup_rule
|
||||
security_group: default
|
||||
type: egress
|
||||
|
@ -109,23 +92,23 @@ EXAMPLES = '''
|
|||
- tcp
|
||||
- udp
|
||||
|
||||
# Allow inbound icmp from 0.0.0.0/0 added to security group 'default'
|
||||
- local_action:
|
||||
- name: allow inbound icmp from 0.0.0.0/0 added to security group 'default'
|
||||
local_action:
|
||||
module: cs_securitygroup_rule
|
||||
security_group: default
|
||||
protocol: icmp
|
||||
icmp_code: -1
|
||||
icmp_type: -1
|
||||
|
||||
# Remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
|
||||
- local_action:
|
||||
- name: remove rule inbound port 80/tcp from 0.0.0.0/0 from security group 'default'
|
||||
local_action:
|
||||
module: cs_securitygroup_rule
|
||||
security_group: default
|
||||
port: 80
|
||||
state: absent
|
||||
|
||||
# Allow inbound port 80/tcp from security group web added to security group 'default'
|
||||
- local_action:
|
||||
- name: allow inbound port 80/tcp from security group web added to security group 'default'
|
||||
local_action:
|
||||
module: cs_securitygroup_rule
|
||||
security_group: default
|
||||
port: 80
|
||||
|
@ -176,11 +159,6 @@ end_port:
|
|||
sample: 80
|
||||
'''
|
||||
|
||||
try:
|
||||
from cs import CloudStackException
|
||||
except ImportError:
|
||||
pass # Handled in AnsibleCloudStack.__init__
|
||||
|
||||
from ansible.module_utils.basic import AnsibleModule
|
||||
from ansible.module_utils.cloudstack import AnsibleCloudStack, cs_argument_spec, cs_required_together
|
||||
|
||||
|
@ -199,36 +177,30 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|||
'securitygroupname': 'user_security_group',
|
||||
}
|
||||
|
||||
|
||||
def _tcp_udp_match(self, rule, protocol, start_port, end_port):
|
||||
return protocol in ['tcp', 'udp'] \
|
||||
and protocol == rule['protocol'] \
|
||||
and start_port == int(rule['startport']) \
|
||||
and end_port == int(rule['endport'])
|
||||
|
||||
return (protocol in ['tcp', 'udp'] and
|
||||
protocol == rule['protocol'] and
|
||||
start_port == int(rule['startport']) and
|
||||
end_port == int(rule['endport']))
|
||||
|
||||
def _icmp_match(self, rule, protocol, icmp_code, icmp_type):
|
||||
return protocol == 'icmp' \
|
||||
and protocol == rule['protocol'] \
|
||||
and icmp_code == int(rule['icmpcode']) \
|
||||
and icmp_type == int(rule['icmptype'])
|
||||
|
||||
return (protocol == 'icmp' and
|
||||
protocol == rule['protocol'] and
|
||||
icmp_code == int(rule['icmpcode']) and
|
||||
icmp_type == int(rule['icmptype']))
|
||||
|
||||
def _ah_esp_gre_match(self, rule, protocol):
|
||||
return protocol in ['ah', 'esp', 'gre'] \
|
||||
and protocol == rule['protocol']
|
||||
|
||||
return (protocol in ['ah', 'esp', 'gre'] and
|
||||
protocol == rule['protocol'])
|
||||
|
||||
def _type_security_group_match(self, rule, security_group_name):
|
||||
return security_group_name \
|
||||
and 'securitygroupname' in rule \
|
||||
and security_group_name == rule['securitygroupname']
|
||||
|
||||
return (security_group_name and
|
||||
'securitygroupname' in rule and
|
||||
security_group_name == rule['securitygroupname'])
|
||||
|
||||
def _type_cidr_match(self, rule, cidr):
|
||||
return 'cidr' in rule \
|
||||
and cidr == rule['cidr']
|
||||
|
||||
return ('cidr' in rule and
|
||||
cidr == rule['cidr'])
|
||||
|
||||
def _get_rule(self, rules):
|
||||
user_security_group_name = self.module.params.get('user_security_group')
|
||||
|
@ -251,28 +223,26 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|||
else:
|
||||
type_match = self._type_cidr_match(rule, cidr)
|
||||
|
||||
protocol_match = ( self._tcp_udp_match(rule, protocol, start_port, end_port) \
|
||||
or self._icmp_match(rule, protocol, icmp_code, icmp_type) \
|
||||
or self._ah_esp_gre_match(rule, protocol)
|
||||
)
|
||||
protocol_match = (self._tcp_udp_match(rule, protocol, start_port, end_port) or
|
||||
self._icmp_match(rule, protocol, icmp_code, icmp_type) or
|
||||
self._ah_esp_gre_match(rule, protocol))
|
||||
|
||||
if type_match and protocol_match:
|
||||
return rule
|
||||
return None
|
||||
|
||||
|
||||
def get_security_group(self, security_group_name=None):
|
||||
if not security_group_name:
|
||||
security_group_name = self.module.params.get('security_group')
|
||||
args = {}
|
||||
args['securitygroupname'] = security_group_name
|
||||
args['projectid'] = self.get_project('id')
|
||||
sgs = self.cs.listSecurityGroups(**args)
|
||||
args = {
|
||||
'securitygroupname': security_group_name,
|
||||
'projectid': self.get_project('id'),
|
||||
}
|
||||
sgs = self.query_api('listSecurityGroups', **args)
|
||||
if not sgs or 'securitygroup' not in sgs:
|
||||
self.module.fail_json(msg="security group '%s' not found" % security_group_name)
|
||||
return sgs['securitygroup'][0]
|
||||
|
||||
|
||||
def add_rule(self):
|
||||
security_group = self.get_security_group()
|
||||
|
||||
|
@ -308,7 +278,7 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|||
if not rule:
|
||||
self.result['changed'] = True
|
||||
if not self.module.check_mode:
|
||||
res = self.cs.authorizeSecurityGroupIngress(**args)
|
||||
res = self.query_api('authorizeSecurityGroupIngress', **args)
|
||||
|
||||
elif sg_type == 'egress':
|
||||
if 'egressrule' in security_group:
|
||||
|
@ -316,10 +286,7 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|||
if not rule:
|
||||
self.result['changed'] = True
|
||||
if not self.module.check_mode:
|
||||
res = self.cs.authorizeSecurityGroupEgress(**args)
|
||||
|
||||
if res and 'errortext' in res:
|
||||
self.module.fail_json(msg="Failed: '%s'" % res['errortext'])
|
||||
res = self.query_api('authorizeSecurityGroupEgress', **args)
|
||||
|
||||
poll_async = self.module.params.get('poll_async')
|
||||
if res and poll_async:
|
||||
|
@ -329,7 +296,6 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|||
rule = security_group[key][0]
|
||||
return rule
|
||||
|
||||
|
||||
def remove_rule(self):
|
||||
security_group = self.get_security_group()
|
||||
rule = None
|
||||
|
@ -340,24 +306,20 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|||
if rule:
|
||||
self.result['changed'] = True
|
||||
if not self.module.check_mode:
|
||||
res = self.cs.revokeSecurityGroupIngress(id=rule['ruleid'])
|
||||
res = self.query_api('revokeSecurityGroupIngress', id=rule['ruleid'])
|
||||
|
||||
elif sg_type == 'egress':
|
||||
rule = self._get_rule(security_group['egressrule'])
|
||||
if rule:
|
||||
self.result['changed'] = True
|
||||
if not self.module.check_mode:
|
||||
res = self.cs.revokeSecurityGroupEgress(id=rule['ruleid'])
|
||||
|
||||
if res and 'errortext' in res:
|
||||
self.module.fail_json(msg="Failed: '%s'" % res['errortext'])
|
||||
res = self.query_api('revokeSecurityGroupEgress', id=rule['ruleid'])
|
||||
|
||||
poll_async = self.module.params.get('poll_async')
|
||||
if res and poll_async:
|
||||
res = self.poll_job(res, 'securitygroup')
|
||||
return rule
|
||||
|
||||
|
||||
def get_result(self, security_group_rule):
|
||||
super(AnsibleCloudStackSecurityGroupRule, self).get_result(security_group_rule)
|
||||
self.result['type'] = self.module.params.get('type')
|
||||
|
@ -371,14 +333,14 @@ def main():
|
|||
security_group=dict(required=True),
|
||||
type=dict(choices=['ingress', 'egress'], default='ingress'),
|
||||
cidr=dict(default='0.0.0.0/0'),
|
||||
user_security_group = dict(default=None),
|
||||
user_security_group=dict(),
|
||||
protocol=dict(choices=['tcp', 'udp', 'icmp', 'ah', 'esp', 'gre'], default='tcp'),
|
||||
icmp_type = dict(type='int', default=None),
|
||||
icmp_code = dict(type='int', default=None),
|
||||
start_port = dict(type='int', default=None, aliases=['port']),
|
||||
end_port = dict(type='int', default=None),
|
||||
icmp_type=dict(type='int'),
|
||||
icmp_code=dict(type='int'),
|
||||
start_port=dict(type='int', aliases=['port']),
|
||||
end_port=dict(type='int'),
|
||||
state=dict(choices=['present', 'absent'], default='present'),
|
||||
project = dict(default=None),
|
||||
project=dict(),
|
||||
poll_async=dict(type='bool', default=True),
|
||||
))
|
||||
required_together = cs_required_together()
|
||||
|
@ -398,7 +360,6 @@ def main():
|
|||
supports_check_mode=True
|
||||
)
|
||||
|
||||
try:
|
||||
acs_sg_rule = AnsibleCloudStackSecurityGroupRule(module)
|
||||
|
||||
state = module.params.get('state')
|
||||
|
@ -408,10 +369,6 @@ def main():
|
|||
sg_rule = acs_sg_rule.add_rule()
|
||||
|
||||
result = acs_sg_rule.get_result(sg_rule)
|
||||
|
||||
except CloudStackException as e:
|
||||
module.fail_json(msg='CloudStackException: %s' % str(e))
|
||||
|
||||
module.exit_json(**result)
|
||||
|
||||
|
||||
|
|
|
@ -68,7 +68,6 @@ lib/ansible/modules/cloud/cloudstack/cs_instance.py
|
|||
lib/ansible/modules/cloud/cloudstack/cs_instance_facts.py
|
||||
lib/ansible/modules/cloud/cloudstack/_cs_nic.py
|
||||
lib/ansible/modules/cloud/cloudstack/cs_portforward.py
|
||||
lib/ansible/modules/cloud/cloudstack/cs_securitygroup_rule.py
|
||||
lib/ansible/modules/cloud/docker/_docker.py
|
||||
lib/ansible/modules/cloud/docker/docker_container.py
|
||||
lib/ansible/modules/cloud/docker/docker_image.py
|
||||
|
|
Loading…
Reference in a new issue