Allow creating resources with protection (#30)

* Allow all supporting resources to be created with protection

Signed-off-by: Lukas Kämmerling <lukas.kaemmerling@hetzner-cloud.de>

changelogs/fragments/gh-28-allow-setting-of-protection-on-creation.yml

@@ -0,0 +1,6 @@
+minor_changes:
+  - hcloud_server Allow creating server with protection
+  - hcloud_floating_ip Allow creating Floating IP with protection
+  - hcloud_load_balancer Allow creating Load Balancer with protection
+  - hcloud_network Allow creating Network with protection
+  - hcloud_volume Allow creating Volumes with protection

plugins/modules/hcloud_floating_ip.py

@@ -237,6 +237,10 @@ class AnsibleHcloudFloatingIP(Hcloud):
             resp = self.client.floating_ips.create(**params)
             self.hcloud_floating_ip = resp.floating_ip
 
+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self.hcloud_floating_ip.change_protection(delete=delete_protection).wait_until_finished()
+
         self._mark_as_changed()
         self._get_floating_ip()
 

plugins/modules/hcloud_load_balancer.py

@@ -217,6 +217,11 @@ class AnsibleHcloudLoadBalancer(Hcloud):
             resp = self.client.load_balancers.create(**params)
             resp.action.wait_until_finished(max_retries=1000)
 
+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self._get_load_balancer()
+                self.hcloud_load_balancer.change_protection(delete=delete_protection).wait_until_finished()
+
         self._mark_as_changed()
         self._get_load_balancer()
 

plugins/modules/hcloud_network.py

@@ -161,6 +161,11 @@ class AnsibleHcloudNetwork(Hcloud):
         if not self.module.check_mode:
             self.client.networks.create(**params)
 
+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self._get_network()
+                self.hcloud_network.change_protection(delete=delete_protection).wait_until_finished()
+
         self._mark_as_changed()
         self._get_network()
 

plugins/modules/hcloud_server.py

@@ -357,6 +357,12 @@ class AnsibleHcloudServer(Hcloud):
                 self._get_server()
                 self.hcloud_server.enable_backup().wait_until_finished()
 
+            delete_protection = self.module.params.get("delete_protection")
+            rebuild_protection = self.module.params.get("rebuild_protection")
+            if delete_protection is not None and rebuild_protection is not None:
+                self._get_server()
+                self.hcloud_server.change_protection(delete=delete_protection,
+                                                     rebuild=rebuild_protection).wait_until_finished()
         self._mark_as_changed()
         self._get_server()
 

plugins/modules/hcloud_volume.py

@@ -228,6 +228,10 @@ class AnsibleHcloudVolume(Hcloud):
             resp = self.client.volumes.create(**params)
             resp.action.wait_until_finished()
             [action.wait_until_finished() for action in resp.next_actions]
+            delete_protection = self.module.params.get("delete_protection")
+            if delete_protection is not None:
+                self._get_volume()
+                self.hcloud_volume.change_protection(delete=delete_protection).wait_until_finished()
 
         self._mark_as_changed()
         self._get_volume()

tests/integration/targets/hcloud_floating_ip/tasks/main.yml

@@ -382,3 +382,50 @@
   assert:
     that:
       - result is changed
+
+- name: test create Floating IP with delete protection
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    type: ipv4
+    home_location: fsn1
+    delete_protection: true
+  register: floatingIP
+- name: verify create Floating IP with delete protection
+  assert:
+    that:
+      - floatingIP is changed
+      - floatingIP.hcloud_floating_ip.delete_protection is sameas true
+
+- name: test delete Floating IP fails if it is protected
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    state: "absent"
+  register: result
+  ignore_errors: yes
+- name: verify test delete floating ip
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "Floating IP deletion is protected"'
+
+- name: test update Floating IP delete protection
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    type: ipv4
+    delete_protection: false
+  register: floatingIP
+- name: verify update Floating IP delete protection
+  assert:
+    that:
+      - floatingIP is changed
+      - floatingIP.hcloud_floating_ip.delete_protection is sameas false
+
+- name: test delete floating ip
+  hcloud_floating_ip:
+    name: "{{ hcloud_floating_ip_name }}"
+    state: "absent"
+  register: result
+- name: verify test delete floating ip
+  assert:
+    that:
+      - result is changed

tests/integration/targets/hcloud_load_balancer/tasks/main.yml

@@ -199,3 +199,49 @@
   assert:
     that:
     - result is success
+
+- name: test create Load Balancer with delete protection
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    load_balancer_type: lb11
+    network_zone: eu-central
+    delete_protection: true
+  register: main_load_balancer
+- name: verify create Load Balancer with delete protection
+  assert:
+    that:
+      - main_load_balancer is changed
+      - main_load_balancer.hcloud_load_balancer.delete_protection is sameas true
+
+- name: test delete Load Balancer fails if it is protected
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    state: "absent"
+  register: result
+  ignore_errors: yes
+- name: verify test delete Load Balancer
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "load balancer deletion is protected"'
+
+- name: test update Load Balancer delete protection
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    delete_protection: false
+  register: main_load_balancer
+- name: verify update Load Balancer delete protection
+  assert:
+    that:
+      - main_load_balancer is changed
+      - main_load_balancer.hcloud_load_balancer.delete_protection is sameas false
+
+- name: test delete Load Balancer
+  hcloud_load_balancer:
+    name: "{{ hcloud_load_balancer_name }}"
+    state: "absent"
+  register: result
+- name: verify test delete Load Balancer
+  assert:
+    that:
+      - result is changed

tests/integration/targets/hcloud_network/tasks/main.yml

@@ -167,3 +167,49 @@
   assert:
     that:
       - result is success
+
+
+- name: test create Network with delete protection
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    ip_range: "10.0.0.0/8"
+    delete_protection: true
+  register: network
+- name: verify create Network with delete protection
+  assert:
+    that:
+      - network is changed
+      - network.hcloud_network.delete_protection is sameas true
+
+- name: test delete Network fails if it is protected
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    state: absent
+  ignore_errors: yes
+  register: result
+- name: verify delete Network
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "network deletion is protected"'
+
+- name: test update Network delete protection
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    delete_protection: false
+  register: network
+- name: verify test update Network delete protection
+  assert:
+    that:
+      - network is changed
+      - network.hcloud_network.delete_protection is sameas false
+
+- name: test delete Network
+  hcloud_network:
+    name: "{{hcloud_network_name}}"
+    state: absent
+  register: result
+- name: verify delete Network
+  assert:
+    that:
+      - result is success

tests/integration/targets/hcloud_server/tasks/main.yml

@@ -589,3 +589,60 @@
   assert:
     that:
     - result is success
+
+- name: test create server with protection
+  hcloud_server:
+    name: "{{ hcloud_server_name }}"
+    delete_protection: true
+    rebuild_protection: true
+    server_type: cpx11
+    image: "ubuntu-20.04"
+    ssh_keys:
+      - ci@ansible.hetzner.cloud
+    state: present
+  register: result_after_test
+  ignore_errors: true
+- name: verify create server with protection
+  assert:
+    that:
+      - result_after_test is changed
+      - result_after_test.hcloud_server.delete_protection is sameas true
+      - result_after_test.hcloud_server.rebuild_protection is sameas true
+
+
+- name: test delete server fails if it is protected
+  hcloud_server:
+    name: "{{hcloud_server_name}}"
+    state: absent
+  ignore_errors: yes
+  register: result
+- name: verify delete server fails if it is protected
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "server deletion is protected"'
+
+- name: remove protection from server
+  hcloud_server:
+    name: "{{ hcloud_server_name }}"
+    delete_protection: false
+    rebuild_protection: false
+    state: present
+  register: result_after_test
+  ignore_errors: true
+- name: verify update server protection
+  assert:
+    that:
+      - result_after_test is changed
+      - result_after_test.hcloud_server.delete_protection is sameas false
+      - result_after_test.hcloud_server.rebuild_protection is sameas false
+
+- name: cleanup
+  hcloud_server:
+    name: "{{ hcloud_server_name }}"
+    state: absent
+  register: result
+- name: verify cleanup
+  assert:
+    that:
+    - result is success

tests/integration/targets/hcloud_volume/tasks/main.yml

@@ -231,6 +231,53 @@
     that:
       - result is success
 
+
+- name: test create Volume with delete protection
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    size: 10
+    location: "fsn1"
+    delete_protection: true
+  register: volume
+- name: verify create Volume with delete protection
+  assert:
+    that:
+      - volume is changed
+      - volume.hcloud_volume.delete_protection is sameas true
+
+- name: test delete Volume fails if it is protected
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    state: absent
+  ignore_errors: yes
+  register: result
+- name: verify delete Volume fails if it is protected
+  assert:
+    that:
+      - result is failed
+      - 'result.msg == "volume deletion is protected"'
+
+- name: test update Volume delete protection
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    delete_protection: false
+  register: volume
+- name: verify test update Volume delete protection
+  assert:
+    that:
+      - volume is changed
+      - volume.hcloud_volume.delete_protection is sameas false
+
+- name: test delete Volume
+  hcloud_volume:
+    name: "{{hcloud_volume_name}}"
+    state: absent
+  register: result
+- name: verify delete Volume
+  assert:
+    that:
+      - result is success
+
 - name: cleanup
   hcloud_server:
     name: "{{ hcloud_server_name }}"