|
|
@ -229,18 +229,21 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|
|
|
and cidr == rule['cidr']
|
|
|
|
and cidr == rule['cidr']
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_end_port(self):
|
|
|
|
|
|
|
|
if self.module.params.get('end_port'):
|
|
|
|
|
|
|
|
return self.module.params.get('end_port')
|
|
|
|
|
|
|
|
return self.module.params.get('start_port')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _get_rule(self, rules):
|
|
|
|
def _get_rule(self, rules):
|
|
|
|
user_security_group_name = self.module.params.get('user_security_group')
|
|
|
|
user_security_group_name = self.module.params.get('user_security_group')
|
|
|
|
cidr = self.module.params.get('cidr')
|
|
|
|
cidr = self.module.params.get('cidr')
|
|
|
|
protocol = self.module.params.get('protocol')
|
|
|
|
protocol = self.module.params.get('protocol')
|
|
|
|
start_port = self.module.params.get('start_port')
|
|
|
|
start_port = self.module.params.get('start_port')
|
|
|
|
end_port = self.module.params.get('end_port')
|
|
|
|
end_port = self.get_end_port()
|
|
|
|
icmp_code = self.module.params.get('icmp_code')
|
|
|
|
icmp_code = self.module.params.get('icmp_code')
|
|
|
|
icmp_type = self.module.params.get('icmp_type')
|
|
|
|
icmp_type = self.module.params.get('icmp_type')
|
|
|
|
|
|
|
|
|
|
|
|
if not end_port:
|
|
|
|
|
|
|
|
end_port = start_port
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if protocol in ['tcp', 'udp'] and not (start_port and end_port):
|
|
|
|
if protocol in ['tcp', 'udp'] and not (start_port and end_port):
|
|
|
|
self.module.fail_json(msg="no start_port or end_port set for protocol '%s'" % protocol)
|
|
|
|
self.module.fail_json(msg="no start_port or end_port set for protocol '%s'" % protocol)
|
|
|
|
|
|
|
|
|
|
|
@ -295,26 +298,23 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|
|
|
|
|
|
|
|
|
|
|
args['protocol'] = self.module.params.get('protocol')
|
|
|
|
args['protocol'] = self.module.params.get('protocol')
|
|
|
|
args['startport'] = self.module.params.get('start_port')
|
|
|
|
args['startport'] = self.module.params.get('start_port')
|
|
|
|
args['endport'] = self.module.params.get('end_port')
|
|
|
|
args['endport'] = self.get_end_port()
|
|
|
|
args['icmptype'] = self.module.params.get('icmp_type')
|
|
|
|
args['icmptype'] = self.module.params.get('icmp_type')
|
|
|
|
args['icmpcode'] = self.module.params.get('icmp_code')
|
|
|
|
args['icmpcode'] = self.module.params.get('icmp_code')
|
|
|
|
args['projectid'] = self.get_project_id()
|
|
|
|
args['projectid'] = self.get_project_id()
|
|
|
|
args['securitygroupid'] = security_group['id']
|
|
|
|
args['securitygroupid'] = security_group['id']
|
|
|
|
|
|
|
|
|
|
|
|
if not args['endport']:
|
|
|
|
|
|
|
|
args['endport'] = args['startport']
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
rule = None
|
|
|
|
rule = None
|
|
|
|
res = None
|
|
|
|
res = None
|
|
|
|
type = self.module.params.get('type')
|
|
|
|
sg_type = self.module.params.get('type')
|
|
|
|
if type == 'ingress':
|
|
|
|
if sg_type == 'ingress':
|
|
|
|
rule = self._get_rule(security_group['ingressrule'])
|
|
|
|
rule = self._get_rule(security_group['ingressrule'])
|
|
|
|
if not rule:
|
|
|
|
if not rule:
|
|
|
|
self.result['changed'] = True
|
|
|
|
self.result['changed'] = True
|
|
|
|
if not self.module.check_mode:
|
|
|
|
if not self.module.check_mode:
|
|
|
|
res = self.cs.authorizeSecurityGroupIngress(**args)
|
|
|
|
res = self.cs.authorizeSecurityGroupIngress(**args)
|
|
|
|
|
|
|
|
|
|
|
|
elif type == 'egress':
|
|
|
|
elif sg_type == 'egress':
|
|
|
|
rule = self._get_rule(security_group['egressrule'])
|
|
|
|
rule = self._get_rule(security_group['egressrule'])
|
|
|
|
if not rule:
|
|
|
|
if not rule:
|
|
|
|
self.result['changed'] = True
|
|
|
|
self.result['changed'] = True
|
|
|
@ -327,22 +327,25 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|
|
|
poll_async = self.module.params.get('poll_async')
|
|
|
|
poll_async = self.module.params.get('poll_async')
|
|
|
|
if res and poll_async:
|
|
|
|
if res and poll_async:
|
|
|
|
security_group = self._poll_job(res, 'securitygroup')
|
|
|
|
security_group = self._poll_job(res, 'securitygroup')
|
|
|
|
return security_group
|
|
|
|
key = sg_type + "rule" # ingressrule / egressrule
|
|
|
|
|
|
|
|
if key in security_group:
|
|
|
|
|
|
|
|
rule = security_group[key][0]
|
|
|
|
|
|
|
|
return rule
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def remove_rule(self):
|
|
|
|
def remove_rule(self):
|
|
|
|
security_group = self.get_security_group()
|
|
|
|
security_group = self.get_security_group()
|
|
|
|
rule = None
|
|
|
|
rule = None
|
|
|
|
res = None
|
|
|
|
res = None
|
|
|
|
type = self.module.params.get('type')
|
|
|
|
sg_type = self.module.params.get('type')
|
|
|
|
if type == 'ingress':
|
|
|
|
if sg_type == 'ingress':
|
|
|
|
rule = self._get_rule(security_group['ingressrule'])
|
|
|
|
rule = self._get_rule(security_group['ingressrule'])
|
|
|
|
if rule:
|
|
|
|
if rule:
|
|
|
|
self.result['changed'] = True
|
|
|
|
self.result['changed'] = True
|
|
|
|
if not self.module.check_mode:
|
|
|
|
if not self.module.check_mode:
|
|
|
|
res = self.cs.revokeSecurityGroupIngress(id=rule['ruleid'])
|
|
|
|
res = self.cs.revokeSecurityGroupIngress(id=rule['ruleid'])
|
|
|
|
|
|
|
|
|
|
|
|
elif type == 'egress':
|
|
|
|
elif sg_type == 'egress':
|
|
|
|
rule = self._get_rule(security_group['egressrule'])
|
|
|
|
rule = self._get_rule(security_group['egressrule'])
|
|
|
|
if rule:
|
|
|
|
if rule:
|
|
|
|
self.result['changed'] = True
|
|
|
|
self.result['changed'] = True
|
|
|
@ -355,34 +358,30 @@ class AnsibleCloudStackSecurityGroupRule(AnsibleCloudStack):
|
|
|
|
poll_async = self.module.params.get('poll_async')
|
|
|
|
poll_async = self.module.params.get('poll_async')
|
|
|
|
if res and poll_async:
|
|
|
|
if res and poll_async:
|
|
|
|
res = self._poll_job(res, 'securitygroup')
|
|
|
|
res = self._poll_job(res, 'securitygroup')
|
|
|
|
return security_group
|
|
|
|
return rule
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def get_result(self, security_group_rule):
|
|
|
|
def get_result(self, security_group_rule):
|
|
|
|
type = self.module.params.get('type')
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
key = 'ingressrule'
|
|
|
|
|
|
|
|
if type == 'egress':
|
|
|
|
|
|
|
|
key = 'egressrule'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
self.result['type'] = type
|
|
|
|
self.result['type'] = self.module.params.get('type')
|
|
|
|
self.result['security_group'] = self.module.params.get('security_group')
|
|
|
|
self.result['security_group'] = self.module.params.get('security_group')
|
|
|
|
|
|
|
|
|
|
|
|
if key in security_group_rule and security_group_rule[key]:
|
|
|
|
if security_group_rule:
|
|
|
|
if 'securitygroupname' in security_group_rule[key][0]:
|
|
|
|
rule = security_group_rule
|
|
|
|
self.result['user_security_group'] = security_group_rule[key][0]['securitygroupname']
|
|
|
|
if 'securitygroupname' in rule:
|
|
|
|
if 'cidr' in security_group_rule[key][0]:
|
|
|
|
self.result['user_security_group'] = rule['securitygroupname']
|
|
|
|
self.result['cidr'] = security_group_rule[key][0]['cidr']
|
|
|
|
if 'cidr' in rule:
|
|
|
|
if 'protocol' in security_group_rule[key][0]:
|
|
|
|
self.result['cidr'] = rule['cidr']
|
|
|
|
self.result['protocol'] = security_group_rule[key][0]['protocol']
|
|
|
|
if 'protocol' in rule:
|
|
|
|
if 'startport' in security_group_rule[key][0]:
|
|
|
|
self.result['protocol'] = rule['protocol']
|
|
|
|
self.result['start_port'] = security_group_rule[key][0]['startport']
|
|
|
|
if 'startport' in rule:
|
|
|
|
if 'endport' in security_group_rule[key][0]:
|
|
|
|
self.result['start_port'] = rule['startport']
|
|
|
|
self.result['end_port'] = security_group_rule[key][0]['endport']
|
|
|
|
if 'endport' in rule:
|
|
|
|
if 'icmpcode' in security_group_rule[key][0]:
|
|
|
|
self.result['end_port'] = rule['endport']
|
|
|
|
self.result['icmp_code'] = security_group_rule[key][0]['icmpcode']
|
|
|
|
if 'icmpcode' in rule:
|
|
|
|
if 'icmptype' in security_group_rule[key][0]:
|
|
|
|
self.result['icmp_code'] = rule['icmpcode']
|
|
|
|
self.result['icmp_type'] = security_group_rule[key][0]['icmptype']
|
|
|
|
if 'icmptype' in rule:
|
|
|
|
|
|
|
|
self.result['icmp_type'] = rule['icmptype']
|
|
|
|
return self.result
|
|
|
|
return self.result
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|