Respect description option and delete security group rules first

The description option of security group rules will now be used properly when creating new rules. Security group rules have to be deleted first before new ones get created, because if one changes one rule attribute such as its description, then the old rule must be deleted before recreating it, as rules cannot be updated. Story: 2010605 Task: 47486 Change-Id: I75b900e6675f7ec33532089738a6c2bfc10a898b
2023-02-23 21:18:04 +01:00 · 2023-02-23 21:18:04 +01:00 · 92c3e87467
commit 92c3e87467
parent f73a0e385e
2 changed files with 8 additions and 7 deletions
--- a/plugins/modules/security_group.py
+++ b/plugins/modules/security_group.py
@ -439,7 +439,7 @@ class SecurityGroupModule(OpenStackModule):
        def _generate_security_group_rule(params):
            prototype = dict(
                (k, params[k])
-                for k in ['direction', 'remote_ip_prefix']
+                for k in ['description', 'direction', 'remote_ip_prefix']
                if params[k] is not None)

            # When remote_ip_prefix is missing a netmask, then Neutron will add
@ -521,17 +521,17 @@ class SecurityGroupModule(OpenStackModule):
        return security_group

    def _update_security_group_rules(self, security_group, update):
-        create_security_group_rules = update.get('create_security_group_rules')
-        if create_security_group_rules:
-            self.conn.network.\
-                create_security_group_rules(create_security_group_rules)
-
        delete_security_group_rules = update.get('delete_security_group_rules')
        if delete_security_group_rules:
            for security_group_rule in delete_security_group_rules:
                self.conn.network.\
                    delete_security_group_rule(security_group_rule['id'])

+        create_security_group_rules = update.get('create_security_group_rules')
+        if create_security_group_rules:
+            self.conn.network.\
+                create_security_group_rules(create_security_group_rules)
+
        if create_security_group_rules or delete_security_group_rules:
            # Update security group with created and deleted rules
            return self.conn.network.get_security_group(security_group.id)
--- a/plugins/modules/security_group_rule.py
+++ b/plugins/modules/security_group_rule.py
@ -308,7 +308,8 @@ class SecurityGroupRuleModule(OpenStackModule):
    def _define_prototype(self):
        filters = {}
        prototype = dict((k, self.params[k])
-                         for k in ['direction', 'remote_ip_prefix']
+                         for k in ['description', 'direction',
+                                   'remote_ip_prefix']
                         if self.params[k] is not None)

        # When remote_ip_prefix is missing a netmask, then Neutron will add