ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

[ec2_vpc_nacl] revert suboptions for ingress and egress module parameters (#38071)

Browse source
This commit is contained in:
Sloane Hertel 2018-03-29 16:16:01 -04:00 committed by GitHub
parent 800dad5bdf
commit ee06f57f0d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 23 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

92
lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
View file

@ -43,49 +43,23 @@ options:
required: false required: false
egress: egress:
description: description:
- A list of rules for outgoing traffic. Each rule must be specified as a list. See examples. - A list of rules for outgoing traffic. Each rule must be specified as a list.
suboptions: Each rule may contain the rule number (integer 1-32766), protocol (one of ['tcp', 'udp', 'icmp', '-1', 'all']),
rule_number: the rule action ('allow' or 'deny') the CIDR of the IPv4 network range to allow or deny,
description: an integer from 1 to 32766 the ICMP type (-1 means all types), the ICMP code (-1 means all codes), the last port in the range for
required: true TCP or UDP protocols, and the first port in the range for TCP or UDP protocols.
protocol: See examples.
description: the protocol for the rule default: []
required: true
choices: ['tcp', 'udp', 'icmp', '-1', 'all']
cidr_ipv4:
description: The CIDR of the IPv4 network range to allow or deny
required: true
icmp_type:
description: An integer, the ICMP type if the protocol is icmp. A value of -1 means all types.
icmp_code:
description: An integer, the ICMP code if the protocol is icmp. A value of -1 means all codes.
from_port:
description: An integer, the last port in the range for TCP or UDP protocols.
to_port:
description: An integer, the first port in the range for TCP or UDP protocols.
required: false required: false
ingress: ingress:
description: description:
- List of rules for incoming traffic. Each rule must be specified as a list. See examples. - List of rules for incoming traffic. Each rule must be specified as a list.
suboptions: Each rule may contain the rule number (integer 1-32766), protocol (one of ['tcp', 'udp', 'icmp', '-1', 'all']),
rule_number: the rule action ('allow' or 'deny') the CIDR of the IPv4 network range to allow or deny,
description: an integer from 1 to 32766 the ICMP type (-1 means all types), the ICMP code (-1 means all codes), the last port in the range for
required: true TCP or UDP protocols, and the first port in the range for TCP or UDP protocols.
protocol: See examples.
description: the protocol for the rule default: []
required: true
choices: ['tcp', 'udp', 'icmp', '-1', 'all']
cidr_ipv4:
description: The CIDR of the IPv4 network range to allow or deny
required: true
icmp_type:
description: An integer, the ICMP type if the protocol is icmp. A value of -1 means all types.
icmp_code:
description: An integer, the ICMP code if the protocol is icmp. A value of -1 means all codes.
from_port:
description: An integer, the last port in the range for TCP or UDP protocols.
to_port:
description: An integer, the first port in the range for TCP or UDP protocols.
required: false required: false
tags: tags:
description: description:
@ -119,16 +93,14 @@ EXAMPLES = '''
CostCode: CC1234 CostCode: CC1234
Project: phoenix Project: phoenix
Description: production DMZ Description: production DMZ
ingress: [ ingress:
# rule no, protocol, allow/deny, cidr, icmp_type, icmp_code, # rule no, protocol, allow/deny, cidr, icmp_type, icmp_code,
# port from, port to # port from, port to
[100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22], - [100, 'tcp', 'allow', '0.0.0.0/0', null, null, 22, 22]
[200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80], - [200, 'tcp', 'allow', '0.0.0.0/0', null, null, 80, 80]
[300, 'icmp', 'allow', '0.0.0.0/0', 0, 8], - [300, 'icmp', 'allow', '0.0.0.0/0', 0, 8]
] egress:
egress: [ - [100, 'all', 'allow', '0.0.0.0/0', null, null, null, null]
[100, 'all', 'allow', '0.0.0.0/0', null, null, null, null]
]
state: 'present' state: 'present'
- name: "Remove the ingress and egress rules - defaults to deny all" - name: "Remove the ingress and egress rules - defaults to deny all"
@ -199,7 +171,7 @@ PROTOCOL_NUMBERS = {'all': -1, 'icmp': 1, 'tcp': 6, 'udp': 17, }
# Utility methods # Utility methods
def icmp_present(entry): def icmp_present(entry):
if entry[1] == 'icmp' or entry[1] == 1: if len(entry) == 6 and entry[1] == 'icmp' or entry[1] == 1:
return True return True
@ -574,24 +546,6 @@ def subnets_to_associate(nacl, client, module):
def main(): def main():
rule_list_options = {
'required': False,
'type': 'list',
'elements': 'list',
'options': {
'rule_number': dict(required=True, type='int'),
'protocol': dict(required=True, choices=['tcp', 'udp', 'icmp', '-1', 'all']),
'rule_action': dict(required=True, choices=['allow', 'deny']),
'ipv4_cidr': dict(required=True),
'icmp_type': dict(type='int'),
'icmp_code': dict(type='int'),
'from_port': dict(type='int'),
'to_port': dict(type='int')
},
'required_together': [('from_port', 'to_port'),
('icmp_type', 'icmp_code')],
'mutually_exclusive': [('icmp_type', 'from_port')]
}
argument_spec = ec2_argument_spec() argument_spec = ec2_argument_spec()
argument_spec.update(dict( argument_spec.update(dict(
vpc_id=dict(), vpc_id=dict(),
@ -599,8 +553,8 @@ def main():
nacl_id=dict(), nacl_id=dict(),
subnets=dict(required=False, type='list', default=list()), subnets=dict(required=False, type='list', default=list()),
tags=dict(required=False, type='dict'), tags=dict(required=False, type='dict'),
ingress=rule_list_options, ingress=dict(required=False, type='list', default=list()),
egress=rule_list_options, egress=dict(required=False, type='list', default=list()),
state=dict(default='present', choices=['present', 'absent']), state=dict(default='present', choices=['present', 'absent']),
), ),
) )