diff --git a/ci/roles/security_group/defaults/main.yml b/ci/roles/security_group/defaults/main.yml index 00310dd1..c2a1a6b0 100644 --- a/ci/roles/security_group/defaults/main.yml +++ b/ci/roles/security_group/defaults/main.yml @@ -1 +1,13 @@ +expected_fields: +- created_at +- description +- name +- project_id +- security_group_rules +- stateful +- tenant_id +- updated_at +- revision_number +- id +- tags secgroup_name: shade_secgroup diff --git a/ci/roles/security_group/tasks/main.yml b/ci/roles/security_group/tasks/main.yml index cde3c707..a1846896 100644 --- a/ci/roles/security_group/tasks/main.yml +++ b/ci/roles/security_group/tasks/main.yml @@ -4,7 +4,6 @@ cloud: "{{ cloud }}" name: "{{ secgroup_name }}" state: absent - description: Created from Ansible playbook - name: Create security group openstack.cloud.security_group: @@ -12,30 +11,62 @@ name: "{{ secgroup_name }}" state: present description: Created from Ansible playbook + register: security_group - name: List all security groups of a project openstack.cloud.security_group_info: cloud: "{{ cloud }}" register: test_sec_groups -- name: Check - List all security groups of a project +- name: Check list all security groups of a project assert: that: - test_sec_groups.security_groups | length > 0 +- name: Assert fields returned by security_group_info + assert: + that: + - item in test_sec_groups.security_groups[0] + loop: "{{ expected_fields }}" + - name: Filter security group by name openstack.cloud.security_group_info: cloud: "{{ cloud }}" name: "{{ secgroup_name }}" register: test_sec_group -- name: Check - List all security groups of a project +- name: Check filter security group by name assert: that: - test_sec_group.security_groups | length == 1 - - test_sec_group.security_groups[0]['name'] == secgroup_name - # This fails on Stein only - when: sdk_version is version("0.36.5", '>=') + - test_sec_group.security_groups[0]['id'] == security_group.id + +- name: Filter security group by description + openstack.cloud.security_group_info: + cloud: "{{ cloud }}" + description: Created from Ansible playbook + register: test_sec_group + +- name: Check filter security group by description + assert: + that: + - test_sec_group.security_groups | length == 1 + - test_sec_group.security_groups[0]['id'] == security_group.id + +- name: Filter security group by not_tags + openstack.cloud.security_group_info: + cloud: "{{ cloud }}" + name: "{{ secgroup_name }}" + not_tags: + - ansibletag1 + - ansibletag2 + register: test_sec_group + +- name: Check filter security group by not_tags + assert: + that: + - test_sec_group.security_groups | length == 1 + - test_sec_group.security_groups[0]['id'] == security_group.id - name: Delete security group openstack.cloud.security_group: diff --git a/plugins/modules/security_group_info.py b/plugins/modules/security_group_info.py index bc05356a..f436acbb 100644 --- a/plugins/modules/security_group_info.py +++ b/plugins/modules/security_group_info.py @@ -61,7 +61,8 @@ requirements: ["openstacksdk"] RETURN = ''' security_groups: description: List of dictionaries describing security groups. - type: complex + type: list + elements: dict returned: On Success. contains: created_at: @@ -84,6 +85,13 @@ security_groups: description: Project ID where the security group is located in. type: str sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567" + revision_number: + description: The revision number of the resource. + type: int + tenant_id: + description: Tenant ID where the security group is located in. Deprecated + type: str + sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567" security_group_rules: description: Specifies the security group rule list type: list @@ -115,6 +123,12 @@ security_groups: "security_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2" } ] + stateful: + description: Indicates if the security group is stateful or stateless. + type: bool + tags: + description: The list of tags on the resource. + type: list updated_at: description: Update time of the security group type: str @@ -153,38 +167,30 @@ class SecurityGroupInfoModule(OpenStackModule): ) def run(self): - description = self.params['description'] name = self.params['name'] - project_id = self.params['project_id'] - revision_number = self.params['revision_number'] - tags = self.params['tags'] - any_tags = self.params['any_tags'] - not_tags = self.params['not_tags'] - not_any_tags = self.params['not_any_tags'] + args = { + k: self.params[k] + for k in ['description', 'project_id', 'revision_number'] + if self.params[k] + } + args.update({ + k: ','.join(self.params[k]) + for k in ['tags', 'any_tags', 'not_tags', 'not_any_tags'] + if self.params[k] + }) - attrs = {} + # self.conn.search_security_groups() cannot be used here, + # refer to git blame for rationale. + security_groups = self.conn.network.security_groups(**args) - if description: - attrs['description'] = description - if project_id: - attrs['project_id'] = project_id - if revision_number: - attrs['revision_number'] = revision_number - if tags: - attrs['tags'] = ','.join(tags) - if any_tags: - attrs['any_tags'] = ','.join(any_tags) - if not_tags: - attrs['not_tags'] = ','.join(not_tags) - if not_any_tags: - attrs['not_any_tags'] = ','.join(not_any_tags) - - attrs = self.check_versioned(**attrs) - result = self.conn.network.security_groups(**attrs) - result = [item if isinstance(item, dict) else item.to_dict() for item in result] if name: - result = [item for item in result if name in (item['id'], item['name'])] - self.results.update({'security_groups': result}) + # TODO: Upgrade name_or_id code to match openstacksdk [1]? + # [1] https://opendev.org/openstack/openstacksdk/src/commit/0898398415ae7b0e2447d61226acf50f01567cdd/openstack/cloud/_utils.py#L89 + security_groups = [item for item in security_groups + if name in (item['id'], item['name'])] + + security_groups = [item.to_dict() for item in security_groups] + self.exit(changed=False, security_groups=security_groups) def main():