Allow creating resources with protection (#30)

* Allow all supporting resources to be created with protection Signed-off-by: Lukas Kämmerling <lukas.kaemmerling@hetzner-cloud.de>
2024-12-13 14:02:31 +00:00 · 2020-10-01 11:09:51 +02:00 · 2020-10-01 11:09:51 +02:00 · fe84174cb6
commit fe84174cb6
parent 87d989fcbe
11 changed files with 275 additions and 2 deletions
--- a/changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml
+++ b/changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml
@ -0,0 +1,6 @@
+minor_changes:
+  - hcloud_server Allow creating server with protection
+  - hcloud_floating_ip Allow creating Floating IP with protection
+  - hcloud_load_balancer Allow creating Load Balancer with protection
+  - hcloud_network Allow creating Network with protection
+  - hcloud_volume Allow creating Volumes with protection
--- a/plugins/modules/hcloud_floating_ip.py
+++ b/plugins/modules/hcloud_floating_ip.py
@ -237,6 +237,10 @@ class AnsibleHcloudFloatingIP(Hcloud):
            resp = self.client.floating_ips.create(**params)
            self.hcloud_floating_ip = resp.floating_ip

+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self.hcloud_floating_ip.change_protection(delete=delete_protection).wait_until_finished()
+
        self._mark_as_changed()
        self._get_floating_ip()

--- a/plugins/modules/hcloud_load_balancer.py
+++ b/plugins/modules/hcloud_load_balancer.py
@ -217,6 +217,11 @@ class AnsibleHcloudLoadBalancer(Hcloud):
            resp = self.client.load_balancers.create(**params)
            resp.action.wait_until_finished(max_retries=1000)

+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self._get_load_balancer()
+                self.hcloud_load_balancer.change_protection(delete=delete_protection).wait_until_finished()
+
        self._mark_as_changed()
        self._get_load_balancer()

--- a/plugins/modules/hcloud_network.py
+++ b/plugins/modules/hcloud_network.py
@ -161,6 +161,11 @@ class AnsibleHcloudNetwork(Hcloud):
        if not self.module.check_mode:
            self.client.networks.create(**params)

+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self._get_network()
+                self.hcloud_network.change_protection(delete=delete_protection).wait_until_finished()
+
        self._mark_as_changed()
        self._get_network()

--- a/plugins/modules/hcloud_server.py
+++ b/plugins/modules/hcloud_server.py
@ -357,6 +357,12 @@ class AnsibleHcloudServer(Hcloud):
                self._get_server()
                self.hcloud_server.enable_backup().wait_until_finished()

+            delete_protection = self.module.params.get("delete_protection")
+            rebuild_protection = self.module.params.get("rebuild_protection")
+            if delete_protection is not None and rebuild_protection is not None:
+                self._get_server()
+                self.hcloud_server.change_protection(delete=delete_protection,
+                                                     rebuild=rebuild_protection).wait_until_finished()
        self._mark_as_changed()
        self._get_server()

--- a/plugins/modules/hcloud_volume.py
+++ b/plugins/modules/hcloud_volume.py
@ -228,6 +228,10 @@ class AnsibleHcloudVolume(Hcloud):
            resp = self.client.volumes.create(**params)
            resp.action.wait_until_finished()
            [action.wait_until_finished() for action in resp.next_actions]
+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self._get_volume()
+                self.hcloud_volume.change_protection(delete=delete_protection).wait_until_finished()

        self._mark_as_changed()
        self._get_volume()
--- a/tests/integration/targets/hcloud_floating_ip/tasks/main.yml
+++ b/tests/integration/targets/hcloud_floating_ip/tasks/main.yml
@ -372,7 +372,7 @@
 - name: verify cleanup
  assert:
    that:
-    - result is changed
+      - result is changed
 - name: cleanup another server
  hcloud_server:
    name: "{{ main_server2.hcloud_server.name }}"
@ -381,4 +381,51 @@
 - name: verify cleanup another server
  assert:
    that:
-    - result is changed
+      - result is changed
+
+- name: test create Floating IP with delete protection
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    type: ipv4
+    home_location: fsn1
+    delete_protection: true
+  register: floatingIP
+- name: verify create Floating IP with delete protection
+  assert:
+    that:
+      - floatingIP is changed
+      - floatingIP.hcloud_floating_ip.delete_protection is sameas true
+
+- name: test delete Floating IP fails if it is protected
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    state: "absent"
+  register: result
+  ignore_errors: yes
+- name: verify test delete floating ip
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "Floating IP deletion is protected"'
+
+- name: test update Floating IP delete protection
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    type: ipv4
+    delete_protection: false
+  register: floatingIP
+- name: verify update Floating IP delete protection
+  assert:
+    that:
+      - floatingIP is changed
+      - floatingIP.hcloud_floating_ip.delete_protection is sameas false
+
+- name: test delete floating ip
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    state: "absent"
+  register: result
+- name: verify test delete floating ip
+  assert:
+    that:
+      - result is changed
--- a/tests/integration/targets/hcloud_load_balancer/tasks/main.yml
+++ b/tests/integration/targets/hcloud_load_balancer/tasks/main.yml
@ -199,3 +199,49 @@
  assert:
    that:
    - result is success
+
+- name: test create Load Balancer with delete protection
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    load_balancer_type: lb11
+    network_zone: eu-central
+    delete_protection: true
+  register: main_load_balancer
+- name: verify create Load Balancer with delete protection
+  assert:
+    that:
+      - main_load_balancer is changed
+      - main_load_balancer.hcloud_load_balancer.delete_protection is sameas true
+
+- name: test delete Load Balancer fails if it is protected
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    state: "absent"
+  register: result
+  ignore_errors: yes
+- name: verify test delete Load Balancer
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "load balancer deletion is protected"'
+
+- name: test update Load Balancer delete protection
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    delete_protection: false
+  register: main_load_balancer
+- name: verify update Load Balancer delete protection
+  assert:
+    that:
+      - main_load_balancer is changed
+      - main_load_balancer.hcloud_load_balancer.delete_protection is sameas false
+
+- name: test delete Load Balancer
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    state: "absent"
+  register: result
+- name: verify test delete Load Balancer
+  assert:
+    that:
+      - result is changed
--- a/tests/integration/targets/hcloud_network/tasks/main.yml
+++ b/tests/integration/targets/hcloud_network/tasks/main.yml
@ -167,3 +167,49 @@
  assert:
    that:
      - result is success
+
+
+- name: test create Network with delete protection
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    ip_range: "10.0.0.0/8"
+    delete_protection: true
+  register: network
+- name: verify create Network with delete protection
+  assert:
+    that:
+      - network is changed
+      - network.hcloud_network.delete_protection is sameas true
+
+- name: test delete Network fails if it is protected
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    state: absent
+  ignore_errors: yes
+  register: result
+- name: verify delete Network
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "network deletion is protected"'
+
+- name: test update Network delete protection
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    delete_protection: false
+  register: network
+- name: verify test update Network delete protection
+  assert:
+    that:
+      - network is changed
+      - network.hcloud_network.delete_protection is sameas false
+
+- name: test delete Network
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    state: absent
+  register: result
+- name: verify delete Network
+  assert:
+    that:
+      - result is success
--- a/tests/integration/targets/hcloud_server/tasks/main.yml
+++ b/tests/integration/targets/hcloud_server/tasks/main.yml
@ -589,3 +589,60 @@
  assert:
    that:
    - result is success
+
+- name: test create server with protection
+  hcloud_server:
+    name: "{{ hcloud_server_name }}"
+    delete_protection: true
+    rebuild_protection: true
+    server_type: cpx11
+    image: "ubuntu-20.04"
+    ssh_keys:
+      - ci@ansible.hetzner.cloud
+    state: present
+  register: result_after_test
+  ignore_errors: true
+- name: verify create server with protection
+  assert:
+    that:
+      - result_after_test is changed
+      - result_after_test.hcloud_server.delete_protection is sameas true
+      - result_after_test.hcloud_server.rebuild_protection is sameas true
+
+
+- name: test delete server fails if it is protected
+  hcloud_server:
+    name: "{{hcloud_server_name}}"
+    state: absent
+  ignore_errors: yes
+  register: result
+- name: verify delete server fails if it is protected
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "server deletion is protected"'
+
+- name: remove protection from server
+  hcloud_server:
+    name: "{{ hcloud_server_name }}"
+    delete_protection: false
+    rebuild_protection: false
+    state: present
+  register: result_after_test
+  ignore_errors: true
+- name: verify update server protection
+  assert:
+    that:
+      - result_after_test is changed
+      - result_after_test.hcloud_server.delete_protection is sameas false
+      - result_after_test.hcloud_server.rebuild_protection is sameas false
+
+- name: cleanup
+  hcloud_server:
+    name: "{{ hcloud_server_name }}"
+    state: absent
+  register: result
+- name: verify cleanup
+  assert:
+    that:
+    - result is success
--- a/tests/integration/targets/hcloud_volume/tasks/main.yml
+++ b/tests/integration/targets/hcloud_volume/tasks/main.yml
@ -231,6 +231,53 @@
    that:
      - result is success

+
+- name: test create Volume with delete protection
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    size: 10
+    location: "fsn1"
+    delete_protection: true
+  register: volume
+- name: verify create Volume with delete protection
+  assert:
+    that:
+      - volume is changed
+      - volume.hcloud_volume.delete_protection is sameas true
+
+- name: test delete Volume fails if it is protected
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    state: absent
+  ignore_errors: yes
+  register: result
+- name: verify delete Volume fails if it is protected
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "volume deletion is protected"'
+
+- name: test update Volume delete protection
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    delete_protection: false
+  register: volume
+- name: verify test update Volume delete protection
+  assert:
+    that:
+      - volume is changed
+      - volume.hcloud_volume.delete_protection is sameas false
+
+- name: test delete Volume
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    state: absent
+  register: result
+- name: verify delete Volume
+  assert:
+    that:
+      - result is success
+
 - name: cleanup
  hcloud_server:
    name: "{{ hcloud_server_name }}"