diff --git a/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py b/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py index fc66972974f..331672ad526 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py @@ -185,6 +185,14 @@ options: - When a default security group is created for a Linux host a rule will be added allowing inbound TCP connections to the default SSH port 22, and for a Windows host rules will be added allowing inbound access to RDP ports 3389 and 5986. Override the default ports by providing a list of open ports. + enable_ip_forwarding: + description: + - Whether to enable IP forwarding + aliases: + - ip_forwarding + type: bool + default: False + version_added: 2.7 extends_documentation_fragment: - azure - azure_tags @@ -271,6 +279,18 @@ EXAMPLES = ''' subnet_name: subnet001 enable_accelerated_networking: True + - name: Create a network interface with IP forwarding + azure_rm_networkinterface: + name: nic001 + resource_group: Testing + virtual_network: vnet001 + subnet_name: subnet001 + ip_forwarding: True + ip_configurations: + - name: ipconfig1 + public_ip_address_name: publicip001 + primary: True + - name: Delete network interface azure_rm_networkinterface: resource_group: Testing @@ -415,6 +435,7 @@ class AzureRMNetworkInterface(AzureRMModuleBase): ip_configurations=dict(type='list', default=None, elements='dict', options=ip_configuration_spec), os_type=dict(type='str', choices=['Windows', 'Linux'], default='Linux'), open_ports=dict(type='list'), + enable_ip_forwarding=dict(type='bool', aliases=['ip_forwarding'], default=False), ) required_if = [ @@ -438,6 +459,7 @@ class AzureRMNetworkInterface(AzureRMModuleBase): self.tags = None self.os_type = None self.open_ports = None + self.enable_ip_forwarding = None self.ip_configurations = None self.results = dict( @@ -512,6 +534,12 @@ class AzureRMNetworkInterface(AzureRMModuleBase): results.get('enable_accelerated_networking'))) changed = True + if self.enable_ip_forwarding != bool(results.get('enable_ip_forwarding')): + self.log("CHANGED: IP forwarding set to {0} (previously {1})".format( + self.enable_ip_forwarding, + results.get('enable_ip_forwarding'))) + changed = True + if not changed: nsg = self.get_security_group(self.security_group['resource_group'], self.security_group['name']) if nsg and results.get('network_security_group') and results['network_security_group'].get('id') != nsg.id: @@ -591,6 +619,7 @@ class AzureRMNetworkInterface(AzureRMModuleBase): tags=self.tags, ip_configurations=nic_ip_configurations, enable_accelerated_networking=self.enable_accelerated_networking, + enable_ip_forwarding=self.enable_ip_forwarding, network_security_group=nsg ) self.results['state'] = self.create_or_update_nic(nic) diff --git a/test/integration/targets/azure_rm_networkinterface/tasks/main.yml b/test/integration/targets/azure_rm_networkinterface/tasks/main.yml index 899cf1c48b7..a26a00f726d 100644 --- a/test/integration/targets/azure_rm_networkinterface/tasks/main.yml +++ b/test/integration/targets/azure_rm_networkinterface/tasks/main.yml @@ -143,7 +143,7 @@ primary: True public_ip_allocation_method: Static - name: ipconfig1 - public_ip_name: testnic003 + public_ip_name: "tn{{ rpfx }}3" register: output check_mode: yes @@ -168,7 +168,7 @@ primary: True public_ip_allocation_method: Static - name: ipconfig1 - public_ip_name: testnic003 + public_ip_name: "tn{{ rpfx }}3" load_balancer_backend_address_pools: - "{{ lb.state.backend_address_pools[0].id }}" - name: backendaddrpool1 @@ -197,7 +197,7 @@ primary: True public_ip_allocation_method: Static - name: ipconfig1 - public_ip_name: testnic003 + public_ip_name: "tn{{ rpfx }}3" load_balancer_backend_address_pools: - "{{ lb.state.backend_address_pools[0].id }}" - name: backendaddrpool1 @@ -219,7 +219,7 @@ subnet: "tn{{ rpfx }}" ip_configurations: - name: ipconfig1 - public_ip_name: testnic003 + public_ip_name: "tn{{ rpfx }}3" load_balancer_backend_address_pools: - "{{ lb.state.backend_address_pools[0].id }}" - name: backendaddrpool1 @@ -292,12 +292,71 @@ - assert: that: - not output.state.enable_accelerated_networking + - output.changed - name: Delete AN NIC azure_rm_networkinterface: resource_group: "{{ resource_group }}" name: "tn{{ rpfx }}an" state: absent + register: output + +- assert: + that: + - output.changed + +- name: NIC with IP forwarding networking enabled + azure_rm_networkinterface: + resource_group: "{{ resource_group }}" + name: "tn{{ rpfx }}ipf" + virtual_network: "{{ vn.state.id }}" + subnet: "tn{{ rpfx }}" + enable_ip_forwarding: True + register: output + +- assert: + that: + - output.state.enable_ip_forwarding + - output.changed + +- name: NIC with IP forwarding enabled (check idempotent) + azure_rm_networkinterface: + resource_group: "{{ resource_group }}" + name: "tn{{ rpfx }}ipf" + virtual_network: "{{ vn.state.id }}" + subnet: "tn{{ rpfx }}" + enable_ip_forwarding: True + register: output + +- assert: + that: + - output.state.enable_ip_forwarding + - not output.changed + +- name: Disable (previously enabled) IP forwarding + azure_rm_networkinterface: + resource_group: "{{ resource_group }}" + name: "tn{{ rpfx }}ipf" + virtual_network: "{{ vn.state.id }}" + subnet: "tn{{ rpfx }}" + enable_ip_forwarding: False + register: output + +- assert: + that: + - not output.state.enable_ip_forwarding + - output.changed + +- name: Delete IP forwarding NIC + azure_rm_networkinterface: + resource_group: "{{ resource_group }}" + name: "tn{{ rpfx }}ipf" + state: absent + register: output + +- assert: + that: + - output.changed - name: Delete the NIC (check mode) azure_rm_networkinterface: