Add enable_ip_forwarding option to azure_rm_networkinterface; Fixes #43276 (#43335)

* Merge again trickily similar Accelerated networking and IP forwarding * Add type to enable_ip_forwarding documentation * Fix merge error * auth to auto * azure_rm_networkinterface: remove auth_source from tests * azure_rm_networkinterface: remove spurious auth_source from test * azure_rm_networkinterface: Revert formatting on test * azure_rm_networkinterface: Correct indentation
6 years ago · 42257706b6
parent 5981a7489b
commit 42257706b6
2 changed files with 92 additions and 4 deletions
--- a/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py
+++ b/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py
@ -185,6 +185,14 @@ options:
            - When a default security group is created for a Linux host a rule will be added allowing inbound TCP
              connections to the default SSH port 22, and for a Windows host rules will be added allowing inbound
              access to RDP ports 3389 and 5986. Override the default ports by providing a list of open ports.
+    enable_ip_forwarding:
+        description:
+            - Whether to enable IP forwarding
+        aliases:
+            - ip_forwarding
+        type: bool
+        default: False
+        version_added: 2.7
 extends_documentation_fragment:
    - azure
    - azure_tags
@ -271,6 +279,18 @@ EXAMPLES = '''
        subnet_name: subnet001
        enable_accelerated_networking: True

+    - name: Create a network interface with IP forwarding
+      azure_rm_networkinterface:
+        name: nic001
+        resource_group: Testing
+        virtual_network: vnet001
+        subnet_name: subnet001
+        ip_forwarding: True
+        ip_configurations:
+          - name: ipconfig1
+            public_ip_address_name: publicip001
+            primary: True
+
    - name: Delete network interface
      azure_rm_networkinterface:
        resource_group: Testing
@ -415,6 +435,7 @@ class AzureRMNetworkInterface(AzureRMModuleBase):
            ip_configurations=dict(type='list', default=None, elements='dict', options=ip_configuration_spec),
            os_type=dict(type='str', choices=['Windows', 'Linux'], default='Linux'),
            open_ports=dict(type='list'),
+            enable_ip_forwarding=dict(type='bool', aliases=['ip_forwarding'], default=False),
        )

        required_if = [
@ -438,6 +459,7 @@ class AzureRMNetworkInterface(AzureRMModuleBase):
        self.tags = None
        self.os_type = None
        self.open_ports = None
+        self.enable_ip_forwarding = None
        self.ip_configurations = None

        self.results = dict(
@ -512,6 +534,12 @@ class AzureRMNetworkInterface(AzureRMModuleBase):
                        results.get('enable_accelerated_networking')))
                    changed = True

+                if self.enable_ip_forwarding != bool(results.get('enable_ip_forwarding')):
+                    self.log("CHANGED: IP forwarding set to {0} (previously {1})".format(
+                        self.enable_ip_forwarding,
+                        results.get('enable_ip_forwarding')))
+                    changed = True
+
                if not changed:
                    nsg = self.get_security_group(self.security_group['resource_group'], self.security_group['name'])
                    if nsg and results.get('network_security_group') and results['network_security_group'].get('id') != nsg.id:
@ -591,6 +619,7 @@ class AzureRMNetworkInterface(AzureRMModuleBase):
                    tags=self.tags,
                    ip_configurations=nic_ip_configurations,
                    enable_accelerated_networking=self.enable_accelerated_networking,
+                    enable_ip_forwarding=self.enable_ip_forwarding,
                    network_security_group=nsg
                )
                self.results['state'] = self.create_or_update_nic(nic)
--- a/test/integration/targets/azure_rm_networkinterface/tasks/main.yml
+++ b/test/integration/targets/azure_rm_networkinterface/tasks/main.yml
@ -143,7 +143,7 @@
          primary: True
          public_ip_allocation_method: Static
        - name: ipconfig1
-          public_ip_name: testnic003
+          public_ip_name: "tn{{ rpfx }}3"
  register: output
  check_mode: yes

@ -168,7 +168,7 @@
          primary: True
          public_ip_allocation_method: Static
        - name: ipconfig1
-          public_ip_name: testnic003
+          public_ip_name: "tn{{ rpfx }}3"
          load_balancer_backend_address_pools:
          - "{{ lb.state.backend_address_pools[0].id }}"
          - name: backendaddrpool1
@ -197,7 +197,7 @@
          primary: True
          public_ip_allocation_method: Static
        - name: ipconfig1
-          public_ip_name: testnic003
+          public_ip_name: "tn{{ rpfx }}3"
          load_balancer_backend_address_pools:
          - "{{ lb.state.backend_address_pools[0].id }}"
          - name: backendaddrpool1
@ -219,7 +219,7 @@
      subnet: "tn{{ rpfx }}"
      ip_configurations:
        - name: ipconfig1
-          public_ip_name: testnic003
+          public_ip_name: "tn{{ rpfx }}3"
          load_balancer_backend_address_pools:
          - "{{ lb.state.backend_address_pools[0].id }}"
          - name: backendaddrpool1
@ -292,12 +292,71 @@
 - assert:
    that:
      - not output.state.enable_accelerated_networking
+      - output.changed

 - name: Delete AN NIC
  azure_rm_networkinterface:
      resource_group: "{{ resource_group }}"
      name: "tn{{ rpfx }}an"
      state: absent
+  register: output
+
+- assert:
+    that:
+      - output.changed
+
+- name: NIC with IP forwarding networking enabled
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "tn{{ rpfx }}ipf"
+    virtual_network: "{{ vn.state.id }}"
+    subnet: "tn{{ rpfx }}"
+    enable_ip_forwarding: True
+  register: output
+
+- assert:
+    that:
+      - output.state.enable_ip_forwarding
+      - output.changed
+
+- name: NIC with IP forwarding enabled (check idempotent)
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "tn{{ rpfx }}ipf"
+    virtual_network: "{{ vn.state.id }}"
+    subnet: "tn{{ rpfx }}"
+    enable_ip_forwarding: True
+  register: output
+
+- assert:
+    that:
+      - output.state.enable_ip_forwarding
+      - not output.changed
+
+- name: Disable (previously enabled) IP forwarding
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "tn{{ rpfx }}ipf"
+    virtual_network: "{{ vn.state.id }}"
+    subnet: "tn{{ rpfx }}"
+    enable_ip_forwarding: False
+  register: output
+
+- assert:
+    that:
+      - not output.state.enable_ip_forwarding
+      - output.changed
+
+- name: Delete IP forwarding NIC
+  azure_rm_networkinterface:
+    resource_group: "{{ resource_group }}"
+    name: "tn{{ rpfx }}ipf"
+    state: absent
+  register: output
+
+- assert:
+    that:
+      - output.changed

 - name: Delete the NIC (check mode)
  azure_rm_networkinterface: