Updates security group rule for latest sdk

- Update docs - Change calls from cloud to proxy layer - Make sure return value is a dict - Improve test coverage Change-Id: I857d7ba7b7ca1b23100ee7e85e90e98430d68462
2026-05-08 06:13:13 +00:00 · 2022-06-20 17:08:03 -07:00
parent aa19d74cde
commit e0958c605e
3 changed files with 265 additions and 107 deletions
--- a/ci/roles/security_group/defaults/main.yml
+++ b/ci/roles/security_group/defaults/main.yml
@@ -1 +1,20 @@
+expected_fields:
+  - created_at
+  - description
+  - direction
+  - ether_type
+  - id
+  - name
+  - port_range_max
+  - port_range_min
+  - project_id
+  - protocol
+  - remote_address_group_id
+  - remote_group_id
+  - remote_ip_prefix
+  - revision_number
+  - security_group_id
+  - tags
+  - tenant_id
+  - updated_at
 secgroup_name: shade_secgroup
--- a/ci/roles/security_group/tasks/main.yml
+++ b/ci/roles/security_group/tasks/main.yml
@@ -1,4 +1,11 @@
 ---
+- name: Ensure security group does not exist before tests
+  openstack.cloud.security_group:
+     cloud: "{{ cloud }}"
+     name: "{{ secgroup_name }}"
+     state: absent
+     description: Created from Ansible playbook
+
 - name: Create security group
  openstack.cloud.security_group:
     cloud: "{{ cloud }}"
@@ -13,6 +20,29 @@
     state: present
     protocol: icmp
     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert return fields
+  assert:
+     that: item in rule.rule
+  loop: "{{ expected_fields }}"
+
+- name: Assert changed
+  assert:
+     that: rule is changed
+
+- name: Create empty ICMP rule again
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: icmp
+     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert not changed
+  assert:
+     that: rule is not changed

 - name: Create -1 ICMP rule
  openstack.cloud.security_group_rule:
@@ -23,6 +53,26 @@
     port_range_min: -1
     port_range_max: -1
     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert not changed
+  assert:
+     that: rule is not changed
+
+- name: Create -1 ICMP rule again
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: icmp
+     port_range_min: -1
+     port_range_max: -1
+     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert not changed
+  assert:
+     that: rule is not changed

 - name: Create empty TCP rule
  openstack.cloud.security_group_rule:
@@ -31,6 +81,11 @@
     state: present
     protocol: tcp
     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert changed
+  assert:
+     that: rule is changed

 - name: Create TCP rule again with port range (1, 65535)
  openstack.cloud.security_group_rule:
@@ -41,6 +96,11 @@
     port_range_min: 1
     port_range_max: 65535
     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert changed
+  assert:
+     that: rule is not changed

 - name: Create TCP rule again with port range (-1, -1)
  openstack.cloud.security_group_rule:
@@ -51,6 +111,26 @@
     port_range_min: -1
     port_range_max: -1
     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert changed
+  assert:
+     that: rule is not changed
+
+- name: Create TCP rule again with defined range
+  openstack.cloud.security_group_rule:
+     cloud: "{{ cloud }}"
+     security_group: "{{ secgroup_name }}"
+     state: present
+     protocol: tcp
+     port_range_min: 8000
+     port_range_max: 9000
+     remote_ip_prefix: 0.0.0.0/0
+  register: rule
+
+- name: Assert changed
+  assert:
+     that: rule is changed

 - name: Create empty UDP rule
  openstack.cloud.security_group_rule: