1b38b7c500
With "extends_documentation_fragment: ['openstack.cloud.openstack']" it is not necessary to list required Python libraries in section 'requirements' of DOCUMENTATION docstring in modules. Ansible will merge requirements from doc fragments and DOCUMENTATION docstring which previously resulted in duplicates such as in server module [0]: * openstacksdk * openstacksdk >= 0.36, < 0.99.0 * python >= 3.6 When removing the 'requirements' section from server module, then Ansible will list openstacksdk once only: * openstacksdk >= 0.36, < 0.99.0 * python >= 3.6 To see what documentation Ansible will produce for server module run: ansible-doc --type module openstack.cloud.server [0] https://docs.ansible.com/ansible/latest/collections/openstack/\ cloud/server_module.html Change-Id: I727ed95ee480bb644b5a533f6a9526973677064c
245 lines
7.4 KiB
Python
245 lines
7.4 KiB
Python
#!/usr/bin/python
|
|
# -*- coding: utf-8 -*-
|
|
|
|
# Copyright (c) 2020 by Tino Schreiber (Open Telekom Cloud), operated by T-Systems International GmbH
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
DOCUMENTATION = r'''
|
|
---
|
|
module: security_group_rule_info
|
|
short_description: Fetch OpenStack network (Neutron) security group rules
|
|
author: OpenStack Ansible SIG
|
|
description:
|
|
- Fetch security group rules from OpenStack network (Neutron) API.
|
|
options:
|
|
description:
|
|
description:
|
|
- Filter the list result by the human-readable description of
|
|
the resource.
|
|
type: str
|
|
direction:
|
|
description:
|
|
- Filter the security group rule list result by the direction in
|
|
which the security group rule is applied.
|
|
choices: ['egress', 'ingress']
|
|
type: str
|
|
ether_type:
|
|
description:
|
|
- Filter the security group rule list result by the ether_type of
|
|
network traffic. The value must be IPv4 or IPv6.
|
|
choices: ['IPv4', 'IPv6']
|
|
type: str
|
|
aliases: ['ethertype']
|
|
id:
|
|
description:
|
|
- Filter the list result by the ID of the security group rule.
|
|
type: str
|
|
aliases: ['rule']
|
|
port_range_min:
|
|
description:
|
|
- Starting port
|
|
type: int
|
|
port_range_max:
|
|
description:
|
|
- Ending port
|
|
type: int
|
|
project:
|
|
description:
|
|
- Unique name or ID of the project.
|
|
required: false
|
|
type: str
|
|
protocol:
|
|
description:
|
|
- Filter the security group rule list result by the IP protocol.
|
|
type: str
|
|
remote_group:
|
|
description:
|
|
- Filter the security group rule list result by the name or ID of the
|
|
remote group that associates with this security group rule.
|
|
type: str
|
|
remote_ip_prefix:
|
|
description:
|
|
- Source IP address(es) in CIDR notation (exclusive with remote_group)
|
|
type: str
|
|
revision_number:
|
|
description:
|
|
- Filter the list result by the revision number of the resource.
|
|
type: int
|
|
security_group:
|
|
description:
|
|
- Name or ID of the security group
|
|
type: str
|
|
extends_documentation_fragment:
|
|
- openstack.cloud.openstack
|
|
'''
|
|
|
|
EXAMPLES = r'''
|
|
- name: Fetch all security group rules
|
|
openstack.cloud.security_group_rule_info:
|
|
cloud: devstack
|
|
|
|
- name: Filter security group rules for port 80 and name
|
|
openstack.cloud.security_group_rule_info:
|
|
cloud: devstack
|
|
security_group: foo
|
|
protocol: tcp
|
|
port_range_min: 80
|
|
port_range_max: 80
|
|
remote_ip_prefix: 0.0.0.0/0
|
|
|
|
- name: Filter for ICMP rules
|
|
openstack.cloud.security_group_rule_info:
|
|
cloud: devstack
|
|
protocol: icmp
|
|
'''
|
|
|
|
RETURN = r'''
|
|
security_group_rules:
|
|
description: List of dictionaries describing security group rules.
|
|
type: list
|
|
elements: dict
|
|
returned: always
|
|
contains:
|
|
created_at:
|
|
description: Timestamp when the security group rule was created.
|
|
type: str
|
|
description:
|
|
description: Human-readable description of the resource.
|
|
type: str
|
|
sample: 'My description.'
|
|
direction:
|
|
description: The direction in which the security group rule is applied.
|
|
type: str
|
|
sample: 'egress'
|
|
ether_type:
|
|
description: One of IPv4 or IPv6.
|
|
type: str
|
|
sample: 'IPv4'
|
|
id:
|
|
description: Unique rule UUID.
|
|
type: str
|
|
name:
|
|
description: Name of the resource.
|
|
type: str
|
|
port_range_max:
|
|
description: The maximum port number in the range that is matched by
|
|
the security group rule.
|
|
type: int
|
|
sample: 8000
|
|
port_range_min:
|
|
description: The minimum port number in the range that is matched by
|
|
the security group rule.
|
|
type: int
|
|
sample: 8000
|
|
project_id:
|
|
description: The ID of the project.
|
|
type: str
|
|
sample: 'e4f50856753b4dc6afee5fa6b9b6c550'
|
|
protocol:
|
|
description: The protocol that is matched by the security group rule.
|
|
type: str
|
|
sample: 'tcp'
|
|
remote_address_group_id:
|
|
description: The remote address group ID to be associated with this
|
|
security group rule.
|
|
type: str
|
|
remote_group_id:
|
|
description: The remote security group ID to be associated with this
|
|
security group rule.
|
|
type: str
|
|
remote_ip_prefix:
|
|
description: The remote IP prefix to be associated with this security
|
|
group rule.
|
|
type: str
|
|
revision_number:
|
|
description: The remote IP prefix to be associated with this security
|
|
group rule.
|
|
type: str
|
|
sample: '0.0.0.0/0'
|
|
security_group_id:
|
|
description: The security group ID to associate with this security
|
|
group rule.
|
|
type: str
|
|
sample: '729b9660-a20a-41fe-bae6-ed8fa7f69123'
|
|
tags:
|
|
description: The security group ID to associate with this security
|
|
group rule.
|
|
type: str
|
|
sample: '729b9660-a20a-41fe-bae6-ed8fa7f69123'
|
|
tenant_id:
|
|
description: The ID of the project. Deprecated.
|
|
type: str
|
|
sample: 'e4f50856753b4dc6afee5fa6b9b6c550'
|
|
updated_at:
|
|
description: Time at which the resource has been updated
|
|
(in UTC ISO8601 format).
|
|
type: str
|
|
sample: '2018-03-19T19:16:56Z'
|
|
'''
|
|
|
|
from ansible_collections.openstack.cloud.plugins.module_utils.openstack import (
|
|
OpenStackModule)
|
|
|
|
|
|
class SecurityGroupRuleInfoModule(OpenStackModule):
|
|
argument_spec = dict(
|
|
description=dict(),
|
|
direction=dict(choices=['egress', 'ingress']),
|
|
ether_type=dict(choices=['IPv4', 'IPv6'], aliases=['ethertype']),
|
|
id=dict(aliases=['rule']),
|
|
port_range_min=dict(type='int'),
|
|
port_range_max=dict(type='int'),
|
|
project=dict(),
|
|
protocol=dict(),
|
|
remote_group=dict(),
|
|
remote_ip_prefix=dict(),
|
|
revision_number=dict(type='int'),
|
|
security_group=dict()
|
|
)
|
|
|
|
module_kwargs = dict(
|
|
mutually_exclusive=[
|
|
('remote_ip_prefix', 'remote_group'),
|
|
],
|
|
supports_check_mode=True
|
|
)
|
|
|
|
def run(self):
|
|
filters = dict((k, self.params[k])
|
|
for k in ['description', 'direction', 'ether_type',
|
|
'id', 'port_range_min', 'port_range_max',
|
|
'protocol', 'remote_group',
|
|
'revision_number', 'remote_ip_prefix']
|
|
if self.params[k] is not None)
|
|
|
|
project_name_or_id = self.params['project']
|
|
if project_name_or_id is not None:
|
|
project = self.conn.find_project(project_name_or_id)
|
|
if not project:
|
|
self.exit_json(changed=False, security_group_rules=[])
|
|
filters['project_id'] = project.id
|
|
|
|
security_group_name_or_id = self.params['security_group']
|
|
if security_group_name_or_id is not None:
|
|
security_group = self.conn.network.\
|
|
find_security_group(security_group_name_or_id)
|
|
if not security_group:
|
|
self.exit_json(changed=False, security_group_rules=[])
|
|
filters['security_group_id'] = security_group.id
|
|
|
|
security_group_rules = \
|
|
self.conn.network.security_group_rules(**filters)
|
|
|
|
self.exit_json(changed=False,
|
|
security_group_rules=[r.to_dict(computed=False)
|
|
for r in security_group_rules])
|
|
|
|
|
|
def main():
|
|
module = SecurityGroupRuleInfoModule()
|
|
module()
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|