From 92c3e8746747c6c98e1e7a13af3d7aae343f8f05 Mon Sep 17 00:00:00 2001
From: Jakob Meng <code@jakobmeng.de>
Date: Thu, 23 Feb 2023 21:18:04 +0100
Subject: [PATCH] Respect description option and delete security group rules
 first

The description option of security group rules will now be used properly
when creating new rules.

Security group rules have to be deleted first before new ones get
created, because if one changes one rule attribute such as its
description, then the old rule must be deleted before recreating it,
as rules cannot be updated.

Story: 2010605
Task: 47486

Change-Id: I75b900e6675f7ec33532089738a6c2bfc10a898b
---
 plugins/modules/security_group.py      | 12 ++++++------
 plugins/modules/security_group_rule.py |  3 ++-
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/plugins/modules/security_group.py b/plugins/modules/security_group.py
index 721bf61f..5502b3e8 100644
--- a/plugins/modules/security_group.py
+++ b/plugins/modules/security_group.py
@@ -439,7 +439,7 @@ class SecurityGroupModule(OpenStackModule):
         def _generate_security_group_rule(params):
             prototype = dict(
                 (k, params[k])
-                for k in ['direction', 'remote_ip_prefix']
+                for k in ['description', 'direction', 'remote_ip_prefix']
                 if params[k] is not None)
 
             # When remote_ip_prefix is missing a netmask, then Neutron will add
@@ -521,17 +521,17 @@ class SecurityGroupModule(OpenStackModule):
         return security_group
 
     def _update_security_group_rules(self, security_group, update):
-        create_security_group_rules = update.get('create_security_group_rules')
-        if create_security_group_rules:
-            self.conn.network.\
-                create_security_group_rules(create_security_group_rules)
-
         delete_security_group_rules = update.get('delete_security_group_rules')
         if delete_security_group_rules:
             for security_group_rule in delete_security_group_rules:
                 self.conn.network.\
                     delete_security_group_rule(security_group_rule['id'])
 
+        create_security_group_rules = update.get('create_security_group_rules')
+        if create_security_group_rules:
+            self.conn.network.\
+                create_security_group_rules(create_security_group_rules)
+
         if create_security_group_rules or delete_security_group_rules:
             # Update security group with created and deleted rules
             return self.conn.network.get_security_group(security_group.id)
diff --git a/plugins/modules/security_group_rule.py b/plugins/modules/security_group_rule.py
index 97b6f973..a599b5c6 100644
--- a/plugins/modules/security_group_rule.py
+++ b/plugins/modules/security_group_rule.py
@@ -308,7 +308,8 @@ class SecurityGroupRuleModule(OpenStackModule):
     def _define_prototype(self):
         filters = {}
         prototype = dict((k, self.params[k])
-                         for k in ['direction', 'remote_ip_prefix']
+                         for k in ['description', 'direction',
+                                   'remote_ip_prefix']
                          if self.params[k] is not None)
 
         # When remote_ip_prefix is missing a netmask, then Neutron will add