Improve handling of out rules in hcloud_firewall (#89)

Signed-off-by: Lukas Kämmerling <lukas.kaemmerling@hetzner-cloud.de>
This commit is contained in:
Lukas Kämmerling 2021-05-27 08:13:57 +02:00 committed by GitHub
parent 2c9d708d86
commit a3ee69a303
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 9 deletions

View file

@ -221,8 +221,8 @@ class AnsibleHcloudFirewall(Hcloud):
FirewallRule(
direction=rule["direction"],
protocol=rule["protocol"],
source_ips=rule["source_ips"],
destination_ips=rule["destination_ips"],
source_ips=rule["source_ips"] if rule["source_ips"] is not None else [],
destination_ips=rule["destination_ips"] if rule["destination_ips"] is not None else [],
port=rule["port"]
)
for rule in rules
@ -258,8 +258,8 @@ class AnsibleHcloudFirewall(Hcloud):
FirewallRule(
direction=rule["direction"],
protocol=rule["protocol"],
source_ips=rule["source_ips"],
destination_ips=rule["destination_ips"],
source_ips=rule["source_ips"] if rule["source_ips"] is not None else [],
destination_ips=rule["destination_ips"] if rule["destination_ips"] is not None else [],
port=rule["port"]
)
for rule in rules
@ -296,10 +296,10 @@ class AnsibleHcloudFirewall(Hcloud):
direction={"type": "str", "choices": ["in", "out"]},
protocol={"type": "str", "choices": ["icmp", "udp", "tcp"]},
port={"type": "str"},
source_ips={"type": "list", "elements": "str"},
source_ips={"type": "list", "elements": "str", "default": []},
destination_ips={"type": "list", "elements": "str", "default": []},
),
required_together=[["direction", "protocol", "source_ips"]]
required_together=[["direction", "protocol"]],
),
labels={"type": "dict"},
state={

View file

@ -81,6 +81,12 @@
source_ips:
- 0.0.0.0/0
- ::/0
- direction: out
protocol: tcp
port: 80
destination_ips:
- 0.0.0.0/0
- ::/0
labels:
key: value
my-label: label
@ -90,11 +96,12 @@
that:
- firewall is changed
- firewall.hcloud_firewall.name == "{{ hcloud_firewall_name }}"
- firewall.hcloud_firewall.rules | list | count == 2
- firewall.hcloud_firewall.rules | list | count == 3
- firewall.hcloud_firewall.rules | selectattr('direction','equalto','in') | list | count == 2
- firewall.hcloud_firewall.rules | selectattr('direction','equalto','out') | list | count == 1
- firewall.hcloud_firewall.rules | selectattr('protocol','equalto','icmp') | list | count == 1
- firewall.hcloud_firewall.rules | selectattr('protocol','equalto','tcp') | list | count == 1
- firewall.hcloud_firewall.rules | selectattr('port','equalto','80') | list | count == 1
- firewall.hcloud_firewall.rules | selectattr('protocol','equalto','tcp') | list | count == 2
- firewall.hcloud_firewall.rules | selectattr('port','equalto','80') | list | count == 2
- name: test update firewall rules idempotence
hcloud_firewall:
@ -111,6 +118,12 @@
source_ips:
- 0.0.0.0/0
- ::/0
- direction: out
protocol: tcp
port: 80
destination_ips:
- 0.0.0.0/0
- ::/0
labels:
key: value
my-label: label