cs_network_acl_rule: implement cidr/cidrs as list (#56083)

7 years ago · f42a32ad36
parent 864bd941af
commit f42a32ad36
2 changed files with 36 additions and 28 deletions
--- a/lib/ansible/modules/cloud/cloudstack/cs_network_acl_rule.py
+++ b/lib/ansible/modules/cloud/cloudstack/cs_network_acl_rule.py
@ -23,11 +23,12 @@ options:
    type: str
    required: true
    aliases: [ acl ]
-  cidr:
+  cidrs:
    description:
-      - CIDR of the rule.
-    type: str
-    default: 0.0.0.0/0
+      - CIDRs of the rule.
+    type: list
+    default: [ 0.0.0.0/0 ]
+    aliases: [ cidr ]
  rule_position:
    description:
      - The position of the network ACL rule.
@ -134,7 +135,7 @@ EXAMPLES = '''
    cidr: 0.0.0.0/0
  delegate_to: localhost

- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16
+- name: create a network ACL rule, deny port range 8000-9000 ingress for 10.20.0.0/16 and 10.22.0.0/16
  cs_network_acl_rule:
    network_acl: web
    rule_position: 1
@ -142,20 +143,10 @@ EXAMPLES = '''
    traffic_type: ingress
    action_policy: deny
    start_port: 8000
-    end_port: 8000
-    cidr: 10.20.0.0/16
-  delegate_to: localhost
-
- name: create a network ACL rule
-  cs_network_acl_rule:
-    network_acl: web
-    rule_position: 1
-    vpc: my vpc
-    traffic_type: ingress
-    action_policy: deny
-    start_port: 8000
-    end_port: 8000
-    cidr: 10.20.0.0/16
+    end_port: 9000
+    cidrs:
+    - 10.20.0.0/16
+    - 10.22.0.0/16
  delegate_to: localhost

 - name: remove a network ACL rule
@ -179,6 +170,12 @@ cidr:
  returned: success
  type: str
  sample: 0.0.0.0/0
+cidrs:
+  description: CIDRs of the network ACL rule.
+  returned: success
+  type: list
+  sample: [ 0.0.0.0/0 ]
+  version_added: '2.9'
 rule_position:
  description: Position of the network ACL rule.
  returned: success
@ -357,7 +354,7 @@ class AnsibleCloudStackNetworkAclRule(AnsibleCloudStack):
            'icmpcode': self.module.params.get('icmp_code'),
            'icmptype': self.module.params.get('icmp_type'),
            'traffictype': self.module.params.get('traffic_type'),
-            'cidrlist': self.module.params.get('cidr'),
+            'cidrlist': self.module.params.get('cidrs'),
        }
        if not self.module.check_mode:
            res = self.query_api('createNetworkACL', **args)
@ -379,7 +376,7 @@ class AnsibleCloudStackNetworkAclRule(AnsibleCloudStack):
            'icmpcode': self.module.params.get('icmp_code'),
            'icmptype': self.module.params.get('icmp_type'),
            'traffictype': self.module.params.get('traffic_type'),
-            'cidrlist': self.module.params.get('cidr'),
+            'cidrlist': ",".join(self.module.params.get('cidrs')),
        }
        if self.has_changed(args, network_acl_rule):
            self.result['changed'] = True
@ -395,6 +392,8 @@ class AnsibleCloudStackNetworkAclRule(AnsibleCloudStack):
    def get_result(self, network_acl_rule):
        super(AnsibleCloudStackNetworkAclRule, self).get_result(network_acl_rule)
        if network_acl_rule:
+            if 'cidrlist' in network_acl_rule:
+                self.result['cidrs'] = network_acl_rule['cidrlist'].split(',') or [network_acl_rule['cidrlist']]
            if network_acl_rule['protocol'] not in ['tcp', 'udp', 'icmp', 'all']:
                self.result['protocol_number'] = int(network_acl_rule['protocol'])
                self.result['protocol'] = 'by_number'
@ -409,7 +408,7 @@ def main():
        network_acl=dict(required=True, aliases=['acl']),
        rule_position=dict(required=True, type='int', aliases=['number']),
        vpc=dict(required=True),
-        cidr=dict(default='0.0.0.0/0'),
+        cidrs=dict(type='list', default=['0.0.0.0/0'], aliases=['cidr']),
        protocol=dict(choices=['tcp', 'udp', 'icmp', 'all', 'by_number'], default='tcp'),
        protocol_number=dict(type='int'),
        traffic_type=dict(choices=['ingress', 'egress'], aliases=['type'], default='ingress'),
--- a/test/integration/targets/cs_network_acl_rule/tasks/main.yml
+++ b/test/integration/targets/cs_network_acl_rule/tasks/main.yml
@ -174,7 +174,9 @@
    traffic_type: egress
    action_policy: deny
    port: 81
-    cidr: 0.0.0.0/0
+    cidrs:
+    - 1.2.3.0/24
+    - 3.2.1.0/24
    zone: "{{ cs_common_zone_adv }}"
  register: acl_rule
  check_mode: true
@ -189,6 +191,7 @@
    - acl_rule.end_port == 80
    - acl_rule.action_policy == "allow"
    - acl_rule.cidr == "0.0.0.0/0"
+    - acl_rule.cidrs == [ "0.0.0.0/0" ]
    - acl_rule.traffic_type == "ingress"
    - acl_rule.rule_position == 1

@ -201,7 +204,9 @@
    action_policy: deny
    port: 81
    protocol: udp
-    cidr: 0.0.0.0/0
+    cidrs:
+    - 1.2.3.0/24
+    - 3.2.1.0/24
    zone: "{{ cs_common_zone_adv }}"
  register: acl_rule
 - name: verify test change network acl rule
@ -214,7 +219,8 @@
    - acl_rule.start_port == 81
    - acl_rule.end_port == 81
    - acl_rule.action_policy == "deny"
-    - acl_rule.cidr == "0.0.0.0/0"
+    - acl_rule.cidr == "1.2.3.0/24,3.2.1.0/24"
+    - acl_rule.cidrs == [ "1.2.3.0/24", "3.2.1.0/24" ]
    - acl_rule.traffic_type == "egress"
    - acl_rule.protocol == "udp"
    - acl_rule.rule_position == 1
@ -228,7 +234,9 @@
    action_policy: deny
    port: 81
    protocol: udp
-    cidr: 0.0.0.0/0
+    cidrs:
+    - 1.2.3.0/24
+    - 3.2.1.0/24
    zone: "{{ cs_common_zone_adv }}"
  register: acl_rule
 - name: verify test change network acl idempotence
@ -241,7 +249,8 @@
    - acl_rule.start_port == 81
    - acl_rule.end_port == 81
    - acl_rule.action_policy == "deny"
-    - acl_rule.cidr == "0.0.0.0/0"
+    - acl_rule.cidr == "1.2.3.0/24,3.2.1.0/24"
+    - acl_rule.cidrs == [ "1.2.3.0/24", "3.2.1.0/24" ]
    - acl_rule.traffic_type == "egress"
    - acl_rule.protocol == "udp"
    - acl_rule.rule_position == 1
@ -270,7 +279,7 @@
    - acl_rule.start_port == 81
    - acl_rule.end_port == 81
    - acl_rule.action_policy == "deny"
-    - acl_rule.cidr == "0.0.0.0/0"
+    - acl_rule.cidr == "1.2.3.0/24,3.2.1.0/24"
    - acl_rule.traffic_type == "egress"
    - acl_rule.protocol == "udp"
    - acl_rule.rule_position == 1