From fe84174cb647e6e06752b2ce7f213165cf3c63d6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lukas=20K=C3=A4mmerling?= Date: Thu, 1 Oct 2020 11:09:51 +0200 Subject: [PATCH] Allow creating resources with protection (#30) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Allow all supporting resources to be created with protection Signed-off-by: Lukas Kämmerling --- ...llow-setting-of-protection-on-creation.yml | 6 ++ plugins/modules/hcloud_floating_ip.py | 4 ++ plugins/modules/hcloud_load_balancer.py | 5 ++ plugins/modules/hcloud_network.py | 5 ++ plugins/modules/hcloud_server.py | 6 ++ plugins/modules/hcloud_volume.py | 4 ++ .../targets/hcloud_floating_ip/tasks/main.yml | 51 ++++++++++++++++- .../hcloud_load_balancer/tasks/main.yml | 46 +++++++++++++++ .../targets/hcloud_network/tasks/main.yml | 46 +++++++++++++++ .../targets/hcloud_server/tasks/main.yml | 57 +++++++++++++++++++ .../targets/hcloud_volume/tasks/main.yml | 47 +++++++++++++++ 11 files changed, 275 insertions(+), 2 deletions(-) create mode 100644 changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml diff --git a/changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml b/changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml new file mode 100644 index 0000000..47b0c3c --- /dev/null +++ b/changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml @@ -0,0 +1,6 @@ +minor_changes: + - hcloud_server Allow creating server with protection + - hcloud_floating_ip Allow creating Floating IP with protection + - hcloud_load_balancer Allow creating Load Balancer with protection + - hcloud_network Allow creating Network with protection + - hcloud_volume Allow creating Volumes with protection diff --git a/plugins/modules/hcloud_floating_ip.py b/plugins/modules/hcloud_floating_ip.py index b66492f..a08932e 100644 --- a/plugins/modules/hcloud_floating_ip.py +++ b/plugins/modules/hcloud_floating_ip.py @@ -237,6 +237,10 @@ class AnsibleHcloudFloatingIP(Hcloud): resp = self.client.floating_ips.create(**params) self.hcloud_floating_ip = resp.floating_ip + delete_protection = self.module.params.get("delete_protection") + if delete_protection is not None: + self.hcloud_floating_ip.change_protection(delete=delete_protection).wait_until_finished() + self._mark_as_changed() self._get_floating_ip() diff --git a/plugins/modules/hcloud_load_balancer.py b/plugins/modules/hcloud_load_balancer.py index 3626bea..a09ba4f 100644 --- a/plugins/modules/hcloud_load_balancer.py +++ b/plugins/modules/hcloud_load_balancer.py @@ -217,6 +217,11 @@ class AnsibleHcloudLoadBalancer(Hcloud): resp = self.client.load_balancers.create(**params) resp.action.wait_until_finished(max_retries=1000) + delete_protection = self.module.params.get("delete_protection") + if delete_protection is not None: + self._get_load_balancer() + self.hcloud_load_balancer.change_protection(delete=delete_protection).wait_until_finished() + self._mark_as_changed() self._get_load_balancer() diff --git a/plugins/modules/hcloud_network.py b/plugins/modules/hcloud_network.py index bad11a7..b216583 100644 --- a/plugins/modules/hcloud_network.py +++ b/plugins/modules/hcloud_network.py @@ -161,6 +161,11 @@ class AnsibleHcloudNetwork(Hcloud): if not self.module.check_mode: self.client.networks.create(**params) + delete_protection = self.module.params.get("delete_protection") + if delete_protection is not None: + self._get_network() + self.hcloud_network.change_protection(delete=delete_protection).wait_until_finished() + self._mark_as_changed() self._get_network() diff --git a/plugins/modules/hcloud_server.py b/plugins/modules/hcloud_server.py index cf00ae9..0f83f2c 100644 --- a/plugins/modules/hcloud_server.py +++ b/plugins/modules/hcloud_server.py @@ -357,6 +357,12 @@ class AnsibleHcloudServer(Hcloud): self._get_server() self.hcloud_server.enable_backup().wait_until_finished() + delete_protection = self.module.params.get("delete_protection") + rebuild_protection = self.module.params.get("rebuild_protection") + if delete_protection is not None and rebuild_protection is not None: + self._get_server() + self.hcloud_server.change_protection(delete=delete_protection, + rebuild=rebuild_protection).wait_until_finished() self._mark_as_changed() self._get_server() diff --git a/plugins/modules/hcloud_volume.py b/plugins/modules/hcloud_volume.py index 428cce3..b211775 100644 --- a/plugins/modules/hcloud_volume.py +++ b/plugins/modules/hcloud_volume.py @@ -228,6 +228,10 @@ class AnsibleHcloudVolume(Hcloud): resp = self.client.volumes.create(**params) resp.action.wait_until_finished() [action.wait_until_finished() for action in resp.next_actions] + delete_protection = self.module.params.get("delete_protection") + if delete_protection is not None: + self._get_volume() + self.hcloud_volume.change_protection(delete=delete_protection).wait_until_finished() self._mark_as_changed() self._get_volume() diff --git a/tests/integration/targets/hcloud_floating_ip/tasks/main.yml b/tests/integration/targets/hcloud_floating_ip/tasks/main.yml index eb48ab4..8f9d4dc 100644 --- a/tests/integration/targets/hcloud_floating_ip/tasks/main.yml +++ b/tests/integration/targets/hcloud_floating_ip/tasks/main.yml @@ -372,7 +372,7 @@ - name: verify cleanup assert: that: - - result is changed + - result is changed - name: cleanup another server hcloud_server: name: "{{ main_server2.hcloud_server.name }}" @@ -381,4 +381,51 @@ - name: verify cleanup another server assert: that: - - result is changed + - result is changed + +- name: test create Floating IP with delete protection + hcloud_floating_ip: + name: "{{ hcloud_floating_ip_name }}" + type: ipv4 + home_location: fsn1 + delete_protection: true + register: floatingIP +- name: verify create Floating IP with delete protection + assert: + that: + - floatingIP is changed + - floatingIP.hcloud_floating_ip.delete_protection is sameas true + +- name: test delete Floating IP fails if it is protected + hcloud_floating_ip: + name: "{{ hcloud_floating_ip_name }}" + state: "absent" + register: result + ignore_errors: yes +- name: verify test delete floating ip + assert: + that: + - result is failed + - 'result.msg == "Floating IP deletion is protected"' + +- name: test update Floating IP delete protection + hcloud_floating_ip: + name: "{{ hcloud_floating_ip_name }}" + type: ipv4 + delete_protection: false + register: floatingIP +- name: verify update Floating IP delete protection + assert: + that: + - floatingIP is changed + - floatingIP.hcloud_floating_ip.delete_protection is sameas false + +- name: test delete floating ip + hcloud_floating_ip: + name: "{{ hcloud_floating_ip_name }}" + state: "absent" + register: result +- name: verify test delete floating ip + assert: + that: + - result is changed diff --git a/tests/integration/targets/hcloud_load_balancer/tasks/main.yml b/tests/integration/targets/hcloud_load_balancer/tasks/main.yml index 436ed1a..a25e550 100644 --- a/tests/integration/targets/hcloud_load_balancer/tasks/main.yml +++ b/tests/integration/targets/hcloud_load_balancer/tasks/main.yml @@ -199,3 +199,49 @@ assert: that: - result is success + +- name: test create Load Balancer with delete protection + hcloud_load_balancer: + name: "{{ hcloud_load_balancer_name }}" + load_balancer_type: lb11 + network_zone: eu-central + delete_protection: true + register: main_load_balancer +- name: verify create Load Balancer with delete protection + assert: + that: + - main_load_balancer is changed + - main_load_balancer.hcloud_load_balancer.delete_protection is sameas true + +- name: test delete Load Balancer fails if it is protected + hcloud_load_balancer: + name: "{{ hcloud_load_balancer_name }}" + state: "absent" + register: result + ignore_errors: yes +- name: verify test delete Load Balancer + assert: + that: + - result is failed + - 'result.msg == "load balancer deletion is protected"' + +- name: test update Load Balancer delete protection + hcloud_load_balancer: + name: "{{ hcloud_load_balancer_name }}" + delete_protection: false + register: main_load_balancer +- name: verify update Load Balancer delete protection + assert: + that: + - main_load_balancer is changed + - main_load_balancer.hcloud_load_balancer.delete_protection is sameas false + +- name: test delete Load Balancer + hcloud_load_balancer: + name: "{{ hcloud_load_balancer_name }}" + state: "absent" + register: result +- name: verify test delete Load Balancer + assert: + that: + - result is changed diff --git a/tests/integration/targets/hcloud_network/tasks/main.yml b/tests/integration/targets/hcloud_network/tasks/main.yml index 32bd579..6c40e4e 100644 --- a/tests/integration/targets/hcloud_network/tasks/main.yml +++ b/tests/integration/targets/hcloud_network/tasks/main.yml @@ -167,3 +167,49 @@ assert: that: - result is success + + +- name: test create Network with delete protection + hcloud_network: + name: "{{hcloud_network_name}}" + ip_range: "10.0.0.0/8" + delete_protection: true + register: network +- name: verify create Network with delete protection + assert: + that: + - network is changed + - network.hcloud_network.delete_protection is sameas true + +- name: test delete Network fails if it is protected + hcloud_network: + name: "{{hcloud_network_name}}" + state: absent + ignore_errors: yes + register: result +- name: verify delete Network + assert: + that: + - result is failed + - 'result.msg == "network deletion is protected"' + +- name: test update Network delete protection + hcloud_network: + name: "{{hcloud_network_name}}" + delete_protection: false + register: network +- name: verify test update Network delete protection + assert: + that: + - network is changed + - network.hcloud_network.delete_protection is sameas false + +- name: test delete Network + hcloud_network: + name: "{{hcloud_network_name}}" + state: absent + register: result +- name: verify delete Network + assert: + that: + - result is success diff --git a/tests/integration/targets/hcloud_server/tasks/main.yml b/tests/integration/targets/hcloud_server/tasks/main.yml index 89e8e0f..f4464f1 100644 --- a/tests/integration/targets/hcloud_server/tasks/main.yml +++ b/tests/integration/targets/hcloud_server/tasks/main.yml @@ -589,3 +589,60 @@ assert: that: - result is success + +- name: test create server with protection + hcloud_server: + name: "{{ hcloud_server_name }}" + delete_protection: true + rebuild_protection: true + server_type: cpx11 + image: "ubuntu-20.04" + ssh_keys: + - ci@ansible.hetzner.cloud + state: present + register: result_after_test + ignore_errors: true +- name: verify create server with protection + assert: + that: + - result_after_test is changed + - result_after_test.hcloud_server.delete_protection is sameas true + - result_after_test.hcloud_server.rebuild_protection is sameas true + + +- name: test delete server fails if it is protected + hcloud_server: + name: "{{hcloud_server_name}}" + state: absent + ignore_errors: yes + register: result +- name: verify delete server fails if it is protected + assert: + that: + - result is failed + - 'result.msg == "server deletion is protected"' + +- name: remove protection from server + hcloud_server: + name: "{{ hcloud_server_name }}" + delete_protection: false + rebuild_protection: false + state: present + register: result_after_test + ignore_errors: true +- name: verify update server protection + assert: + that: + - result_after_test is changed + - result_after_test.hcloud_server.delete_protection is sameas false + - result_after_test.hcloud_server.rebuild_protection is sameas false + +- name: cleanup + hcloud_server: + name: "{{ hcloud_server_name }}" + state: absent + register: result +- name: verify cleanup + assert: + that: + - result is success diff --git a/tests/integration/targets/hcloud_volume/tasks/main.yml b/tests/integration/targets/hcloud_volume/tasks/main.yml index 78b9b40..f763a52 100644 --- a/tests/integration/targets/hcloud_volume/tasks/main.yml +++ b/tests/integration/targets/hcloud_volume/tasks/main.yml @@ -231,6 +231,53 @@ that: - result is success + +- name: test create Volume with delete protection + hcloud_volume: + name: "{{hcloud_volume_name}}" + size: 10 + location: "fsn1" + delete_protection: true + register: volume +- name: verify create Volume with delete protection + assert: + that: + - volume is changed + - volume.hcloud_volume.delete_protection is sameas true + +- name: test delete Volume fails if it is protected + hcloud_volume: + name: "{{hcloud_volume_name}}" + state: absent + ignore_errors: yes + register: result +- name: verify delete Volume fails if it is protected + assert: + that: + - result is failed + - 'result.msg == "volume deletion is protected"' + +- name: test update Volume delete protection + hcloud_volume: + name: "{{hcloud_volume_name}}" + delete_protection: false + register: volume +- name: verify test update Volume delete protection + assert: + that: + - volume is changed + - volume.hcloud_volume.delete_protection is sameas false + +- name: test delete Volume + hcloud_volume: + name: "{{hcloud_volume_name}}" + state: absent + register: result +- name: verify delete Volume + assert: + that: + - result is success + - name: cleanup hcloud_server: name: "{{ hcloud_server_name }}"