fb0fb529b7
- Changed get_security_group_rule to find_security_group_rule as get_security_group_rule throws an exception if the rule is not found - Updated docs - Updated tests - Renamed ethertype to ether_type to match openstacksdk's attribute names and added the former as an alias to keep backward compat - Renamed rule to id to match openstacksdk's attribute names and added the former as an alias to keep backward compat Change-Id: Ieb99f875c990e11623c81e482013d0ecb8e61055
248 lines
7.2 KiB
Python
248 lines
7.2 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright (c) 2020 by Tino Schreiber (Open Telekom Cloud), operated by T-Systems International GmbH
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: security_group_rule_info
|
|
short_description: Querying security group rules
|
|
author: OpenStack Ansible SIG
|
|
description:
|
|
- Querying security group rules
|
|
options:
|
|
description:
|
|
description:
|
|
- Filter the list result by the human-readable description of
|
|
the resource.
|
|
type: str
|
|
direction:
|
|
description:
|
|
- Filter the security group rule list result by the direction in
|
|
which the security group rule is applied.
|
|
choices: ['egress', 'ingress']
|
|
type: str
|
|
ether_type:
|
|
description:
|
|
- Filter the security group rule list result by the ether_type of
|
|
network traffic. The value must be IPv4 or IPv6.
|
|
choices: ['IPv4', 'IPv6']
|
|
type: str
|
|
aliases: ['ethertype']
|
|
id:
|
|
description:
|
|
- Filter the list result by the ID of the security group rule.
|
|
type: str
|
|
aliases: ['rule']
|
|
port_range_min:
|
|
description:
|
|
- Starting port
|
|
type: int
|
|
port_range_max:
|
|
description:
|
|
- Ending port
|
|
type: int
|
|
project:
|
|
description:
|
|
- Unique name or ID of the project.
|
|
required: false
|
|
type: str
|
|
protocol:
|
|
description:
|
|
- Filter the security group rule list result by the IP protocol.
|
|
type: str
|
|
remote_group:
|
|
description:
|
|
- Filter the security group rule list result by the name or ID of the
|
|
remote group that associates with this security group rule.
|
|
type: str
|
|
remote_ip_prefix:
|
|
description:
|
|
- Source IP address(es) in CIDR notation (exclusive with remote_group)
|
|
type: str
|
|
revision_number:
|
|
description:
|
|
- Filter the list result by the revision number of the resource.
|
|
type: int
|
|
security_group:
|
|
description:
|
|
- Name or ID of the security group
|
|
type: str
|
|
|
|
requirements:
|
|
- "python >= 3.6"
|
|
- "openstacksdk"
|
|
|
|
extends_documentation_fragment:
|
|
- openstack.cloud.openstack
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
# Get all security group rules
|
|
- openstack.cloud.security_group_rule_info:
|
|
cloud: devstack
|
|
register: sg
|
|
|
|
# Filter security group rules for port 80 and name
|
|
- openstack.cloud.security_group_rule_info:
|
|
cloud: devstack
|
|
security_group: foo
|
|
protocol: tcp
|
|
port_range_min: 80
|
|
port_range_max: 80
|
|
remote_ip_prefix: 0.0.0.0/0
|
|
|
|
# Filter for ICMP rules
|
|
- openstack.cloud.security_group_rule_info:
|
|
cloud: devstack
|
|
protocol: icmp
|
|
'''
|
|
|
|
RETURN = '''
|
|
security_group_rules:
|
|
description: List of dictionaries describing security group rules.
|
|
type: list
|
|
elements: dict
|
|
returned: always
|
|
contains:
|
|
created_at:
|
|
description: Timestamp when the security group rule was created.
|
|
type: str
|
|
description:
|
|
description: Human-readable description of the resource.
|
|
type: str
|
|
sample: 'My description.'
|
|
direction:
|
|
description: The direction in which the security group rule is applied.
|
|
type: str
|
|
sample: 'egress'
|
|
ether_type:
|
|
description: One of IPv4 or IPv6.
|
|
type: str
|
|
sample: 'IPv4'
|
|
id:
|
|
description: Unique rule UUID.
|
|
type: str
|
|
name:
|
|
description: Name of the resource.
|
|
type: str
|
|
port_range_max:
|
|
description: The maximum port number in the range that is matched by
|
|
the security group rule.
|
|
type: int
|
|
sample: 8000
|
|
port_range_min:
|
|
description: The minimum port number in the range that is matched by
|
|
the security group rule.
|
|
type: int
|
|
sample: 8000
|
|
project_id:
|
|
description: The ID of the project.
|
|
type: str
|
|
sample: 'e4f50856753b4dc6afee5fa6b9b6c550'
|
|
protocol:
|
|
description: The protocol that is matched by the security group rule.
|
|
type: str
|
|
sample: 'tcp'
|
|
remote_address_group_id:
|
|
description: The remote address group ID to be associated with this
|
|
security group rule.
|
|
type: str
|
|
remote_group_id:
|
|
description: The remote security group ID to be associated with this
|
|
security group rule.
|
|
type: str
|
|
remote_ip_prefix:
|
|
description: The remote IP prefix to be associated with this security
|
|
group rule.
|
|
type: str
|
|
revision_number:
|
|
description: The remote IP prefix to be associated with this security
|
|
group rule.
|
|
type: str
|
|
sample: '0.0.0.0/0'
|
|
security_group_id:
|
|
description: The security group ID to associate with this security
|
|
group rule.
|
|
type: str
|
|
sample: '729b9660-a20a-41fe-bae6-ed8fa7f69123'
|
|
tags:
|
|
description: The security group ID to associate with this security
|
|
group rule.
|
|
type: str
|
|
sample: '729b9660-a20a-41fe-bae6-ed8fa7f69123'
|
|
tenant_id:
|
|
description: The ID of the project. Deprecated.
|
|
type: str
|
|
sample: 'e4f50856753b4dc6afee5fa6b9b6c550'
|
|
updated_at:
|
|
description: Time at which the resource has been updated
|
|
(in UTC ISO8601 format).
|
|
type: str
|
|
sample: '2018-03-19T19:16:56Z'
|
|
'''
|
|
|
|
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (
|
|
OpenStackModule)
|
|
|
|
|
|
class SecurityGroupRuleInfoModule(OpenStackModule):
|
|
argument_spec = dict(
|
|
description=dict(),
|
|
direction=dict(choices=['egress', 'ingress']),
|
|
ether_type=dict(choices=['IPv4', 'IPv6'], aliases=['ethertype']),
|
|
id=dict(aliases=['rule']),
|
|
port_range_min=dict(type='int'),
|
|
port_range_max=dict(type='int'),
|
|
project=dict(),
|
|
protocol=dict(),
|
|
remote_group=dict(),
|
|
remote_ip_prefix=dict(),
|
|
revision_number=dict(type='int'),
|
|
security_group=dict()
|
|
)
|
|
|
|
module_kwargs = dict(
|
|
mutually_exclusive=[
|
|
('remote_ip_prefix', 'remote_group'),
|
|
],
|
|
supports_check_mode=True
|
|
)
|
|
|
|
def run(self):
|
|
filters = dict((k, self.params[k])
|
|
for k in ['description', 'direction', 'ether_type',
|
|
'port_range_min', 'port_range_max',
|
|
'protocol', 'remote_group',
|
|
'revision_number', 'remote_ip_prefix']
|
|
if self.params[k] is not None)
|
|
|
|
if self.params['id']:
|
|
filters['id'] = self.params['id']
|
|
if self.params['project']:
|
|
proj = self.conn.find_project(self.params['project'],
|
|
ignore_missing=False)
|
|
filters['project_id'] = proj.id
|
|
if self.params['security_group']:
|
|
sec_grp = self.conn.network.find_security_group(
|
|
name_or_id=self.params['security_group'],
|
|
ignore_missing=False)
|
|
filters['security_group_id'] = sec_grp.id
|
|
|
|
security_group_rules = [
|
|
rule.to_dict(computed=False)
|
|
for rule in self.conn.network.security_group_rules(**filters)]
|
|
|
|
self.exit_json(changed=False,
|
|
security_group_rules=security_group_rules)
|
|
|
|
|
|
def main():
|
|
module = SecurityGroupRuleInfoModule()
|
|
module()
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|