From e4c7bd3df831832cbb1cc59c4565aeeac930d2fd Mon Sep 17 00:00:00 2001
From: Artem Goncharov <Artem.goncharov@gmail.com>
Date: Fri, 13 Nov 2020 10:52:43 +0100
Subject: [PATCH] Add security_group_info module

Let's add a new missing module for getting info about security groups.
Add tests.

Change-Id: Ib032c8d14444cea1fcbfd98d252cc56b9f5f383e
---
 ci/roles/security_group/tasks/main.yml |  45 ++++++
 meta/runtime.yml                       |   2 +
 plugins/modules/security_group_info.py | 193 +++++++++++++++++++++++++
 3 files changed, 240 insertions(+)
 create mode 100644 plugins/modules/security_group_info.py

diff --git a/ci/roles/security_group/tasks/main.yml b/ci/roles/security_group/tasks/main.yml
index 62e6b5b8..a65db61c 100644
--- a/ci/roles/security_group/tasks/main.yml
+++ b/ci/roles/security_group/tasks/main.yml
@@ -105,11 +105,24 @@
   openstack.cloud.security_group_rule_info:
      cloud: "{{ cloud }}"
   when: sdk_version is version("0.32", '>=')
+  register: test_sec_rules
+
+- name: Check - List all available rules of all security groups in a project
+  assert:
+    that:
+      - test_sec_rules.security_group_rules | length > 0
+  when: sdk_version is version("0.32", '>=')
 
 - name: List all available rules of a specific security group
   openstack.cloud.security_group_rule_info:
      cloud: "{{ cloud }}"
      security_group: "{{ secgroup_name }}"
+  register: test_sec_rule1
+
+- name: Check - List all available rules of a specific security group
+  assert:
+    that:
+      - test_sec_rule1.security_group_rules | length > 0
 
 - name: List all available rules with filters
   openstack.cloud.security_group_rule_info:
@@ -120,6 +133,38 @@
      port_range_max: 80
      remote_ip_prefix: 0.0.0.0/0
   when: sdk_version is version("0.32", '>=')
+  register: test_sec_rule
+
+- name: Check - List all available rules with filters
+  assert:
+    that:
+      - test_sec_rule.security_group_rules | length == 1
+  when: sdk_version is version("0.32", '>=')
+
+- name: List all security groups of a project
+  openstack.cloud.security_group_info:
+     cloud: "{{ cloud }}"
+  register: test_sec_groups
+
+- name: Check - List all security groups of a project
+  assert:
+    that:
+      - test_sec_groups.security_groups | length > 0
+
+- name: Filter security group by name
+  openstack.cloud.security_group_info:
+     cloud: "{{ cloud }}"
+     name: "{{ secgroup_name }}"
+  register: test_sec_group
+
+- name: Check - List all security groups of a project
+  assert:
+    that:
+      - test_sec_group.security_groups | length  == 1
+      - test_sec_group.security_groups[0]['name'] == secgroup_name
+  # This fails on Stein only
+  when: sdk_version is version("0.36.5", '>=')
+
 
 - name: Delete empty ICMP rule
   openstack.cloud.security_group_rule:
diff --git a/meta/runtime.yml b/meta/runtime.yml
index ed294dba..09ece2c4 100644
--- a/meta/runtime.yml
+++ b/meta/runtime.yml
@@ -78,6 +78,7 @@ action_groups:
     - router
     - routers_info
     - security_group
+    - security_group_info
     - security_group_rule
     - security_group_rule_info
     - server
@@ -174,6 +175,7 @@ action_groups:
     - router
     - routers_info
     - security_group
+    - security_group_info
     - security_group_rule
     - security_group_rule_info
     - server
diff --git a/plugins/modules/security_group_info.py b/plugins/modules/security_group_info.py
new file mode 100644
index 00000000..a4e430d7
--- /dev/null
+++ b/plugins/modules/security_group_info.py
@@ -0,0 +1,193 @@
+#!/usr/bin/python
+# coding: utf-8 -*-
+#
+# Copyright (c) 2020 by Open Telekom Cloud, operated by T-Systems International GmbH
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+DOCUMENTATION = '''
+---
+module: security_group_info
+short_description: Lists security groups
+extends_documentation_fragment: openstack.cloud.openstack
+author: OpenStack Ansible SIG
+description:
+  - List security groups
+options:
+  description:
+    description:
+      - Description of the security group
+    type: str
+  name:
+    description:
+      - Name or id of the security group.
+    type: str
+  project_id:
+    description:
+      - Specifies the project id as filter criteria
+    type: str
+  revision_number:
+    description:
+      - Filter the list result by the revision number of the
+      - resource.
+    type: int
+  tags:
+    description:
+      - A list of tags to filter the list result by.
+      - Resources that match all tags in this list will be returned.
+    type: list
+    elements: str
+  any_tags:
+    description:
+      - A list of tags to filter the list result by.
+      - Resources that match any tag in this list will be returned.
+    type: list
+    elements: str
+  not_tags:
+    description:
+      - A list of tags to filter the list result by.
+      - Resources that match all tags in this list will be excluded.
+    type: list
+    elements: str
+  not_any_tags:
+    description:
+      - A list of tags to filter the list result by.
+      - Resources that match any tag in this list will be excluded.
+    type: list
+    elements: str
+
+requirements: ["openstacksdk"]
+'''
+
+RETURN = '''
+security_groups:
+  description: List of dictionaries describing security groups.
+  type: complex
+  returned: On Success.
+  contains:
+    created_at:
+      description: Creation time of the security group
+      type: str
+      sample: "yyyy-mm-dd hh:mm:ss"
+    description:
+      description: Description of the security group
+      type: str
+      sample: "My security group"
+    id:
+      description: ID of the security group
+      type: str
+      sample: "d90e55ba-23bd-4d97-b722-8cb6fb485d69"
+    name:
+      description: Name of the security group.
+      type: str
+      sample: "my-sg"
+    project_id:
+      description: Project ID where the security group is located in.
+      type: str
+      sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567"
+    security_group_rules:
+      description: Specifies the security group rule list
+      type: list
+      sample: [
+        {
+          "id": "d90e55ba-23bd-4d97-b722-8cb6fb485d69",
+          "direction": "ingress",
+          "protocol": null,
+          "ethertype": "IPv4",
+          "description": null,
+          "remote_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2",
+          "remote_ip_prefix": null,
+          "tenant_id": "bbfe8c41dd034a07bebd592bf03b4b0c",
+          "port_range_max": null,
+          "port_range_min": null,
+          "security_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2"
+        },
+        {
+          "id": "aecff4d4-9ce9-489c-86a3-803aedec65f7",
+          "direction": "egress",
+          "protocol": null,
+          "ethertype": "IPv4",
+          "description": null,
+          "remote_group_id": null,
+          "remote_ip_prefix": null,
+          "tenant_id": "bbfe8c41dd034a07bebd592bf03b4b0c",
+          "port_range_max": null,
+          "port_range_min": null,
+          "security_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2"
+        }
+      ]
+    updated_at:
+      description: Update time of the security group
+      type: str
+      sample: "yyyy-mm-dd hh:mm:ss"
+'''
+
+EXAMPLES = '''
+# Get specific security group
+- openstack.cloud.security_group_info:
+    cloud: "{{ cloud }}"
+    name: "{{ my_sg }}"
+  register: sg
+# Get all security groups
+- openstack.cloud.security_group_info:
+    cloud: "{{ cloud }}"
+  register: sg
+'''
+
+from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (
+    OpenStackModule)
+
+
+class SecurityGroupInfoModule(OpenStackModule):
+    argument_spec = dict(
+        description=dict(required=False, type='str'),
+        name=dict(required=False, type='str'),
+        project_id=dict(required=False, type='str'),
+        revision_number=dict(required=False, type='int'),
+        tags=dict(required=False, type='list', elements='str'),
+        any_tags=dict(required=False, type='list', elements='str'),
+        not_tags=dict(required=False, type='list', elements='str'),
+        not_any_tags=dict(required=False, type='list', elements='str')
+    )
+
+    def run(self):
+        description = self.params['description']
+        name = self.params['name']
+        project_id = self.params['project_id']
+        revision_number = self.params['revision_number']
+        tags = self.params['tags']
+        any_tags = self.params['any_tags']
+        not_tags = self.params['not_tags']
+        not_any_tags = self.params['not_any_tags']
+
+        attrs = {}
+
+        if description:
+            attrs['description'] = description
+        if project_id:
+            attrs['project_id'] = project_id
+        if revision_number:
+            attrs['revision_number'] = revision_number
+        if tags:
+            attrs['tags'] = ','.join(tags)
+        if any_tags:
+            attrs['any_tags'] = ','.join(any_tags)
+        if not_tags:
+            attrs['not_tags'] = ','.join(not_tags)
+        if not_any_tags:
+            attrs['not_any_tags'] = ','.join(not_any_tags)
+
+        attrs = self.check_versioned(**attrs)
+        result = self.conn.network.security_groups(**attrs)
+        result = [item if isinstance(item, dict) else item.to_dict() for item in result]
+        if name:
+            result = [item for item in result if name in (item['id'], item['name'])]
+        self.results.update({'security_groups': result})
+
+
+def main():
+    module = SecurityGroupInfoModule()
+    module()
+
+
+if __name__ == "__main__":
+    main()