VhVRdZdZdZddlmZGddeZdZedk(rey y ) a% --- module: security_group short_description: Manage Neutron security groups of an OpenStack cloud. author: OpenStack Ansible SIG description: - Add or remove Neutron security groups to/from an OpenStack cloud. options: description: description: - Long description of the purpose of the security group. type: str name: description: - Name that has to be given to the security group. This module requires that security group names be unique. required: true type: str project: description: - Unique name or ID of the project. type: str security_group_rules: description: - List of security group rules. - When I(security_group_rules) is not defined, Neutron might create this security group with a default set of rules. - Security group rules which are listed in I(security_group_rules) but not defined in this security group will be created. - When I(security_group_rules) is not set, existing security group rules which are not listed in I(security_group_rules) will be deleted. - When updating a security group, one has to explicitly list rules from Neutron's defaults in I(security_group_rules) if those rules should be kept. Rules which are not listed in I(security_group_rules) will be deleted. type: list elements: dict suboptions: description: description: - Description of the security group rule. type: str direction: description: - The direction in which the security group rule is applied. - Not all providers support C(egress). choices: ['egress', 'ingress'] default: ingress type: str ether_type: description: - Must be IPv4 or IPv6, and addresses represented in CIDR must match the ingress or egress rules. Not all providers support IPv6. choices: ['IPv4', 'IPv6'] default: IPv4 type: str port_range_max: description: - The maximum port number in the range that is matched by the security group rule. - If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be greater than or equal to the I(port_range_min) attribute value. - If the protocol is ICMP, this value must be an ICMP code. type: int port_range_min: description: - The minimum port number in the range that is matched by the security group rule. - If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be less than or equal to the port_range_max attribute value. - If the protocol is ICMP, this value must be an ICMP type. type: int protocol: description: - The IP protocol can be represented by a string, an integer, or null. - Valid string or integer values are C(any) or C(0), C(ah) or C(51), C(dccp) or C(33), C(egp) or C(8), C(esp) or C(50), C(gre) or C(47), C(icmp) or C(1), C(icmpv6) or C(58), C(igmp) or C(2), C(ipip) or C(4), C(ipv6-encap) or C(41), C(ipv6-frag) or C(44), C(ipv6-icmp) or C(58), C(ipv6-nonxt) or C(59), C(ipv6-opts) or C(60), C(ipv6-route) or C(43), C(ospf) or C(89), C(pgm) or C(113), C(rsvp) or C(46), C(sctp) or C(132), C(tcp) or C(6), C(udp) or C(17), C(udplite) or C(136), C(vrrp) or C(112). - Additionally, any integer value between C([0-255]) is also valid. - The string any (or integer 0) means all IP protocols. - See the constants in neutron_lib.constants for the most up-to-date list of supported strings. type: str remote_group: description: - Name or ID of the security group to link. - Mutually exclusive with I(remote_ip_prefix). type: str remote_ip_prefix: description: - Source IP address(es) in CIDR notation. - When a netmask such as C(/32) is missing from I(remote_ip_prefix), then this module will fail on updates with OpenStack error message C(Security group rule already exists.). - Mutually exclusive with I(remote_group). type: str state: description: - Should the resource be present or absent. choices: [present, absent] default: present type: str stateful: description: - Should the resource be stateful or stateless. type: bool extends_documentation_fragment: - openstack.cloud.openstack az security_group: description: Dictionary describing the security group. type: dict returned: On success when I(state) is C(present). contains: created_at: description: Creation time of the security group type: str sample: "yyyy-mm-dd hh:mm:ss" description: description: Description of the security group type: str sample: "My security group" id: description: ID of the security group type: str sample: "d90e55ba-23bd-4d97-b722-8cb6fb485d69" name: description: Name of the security group. type: str sample: "my-sg" project_id: description: Project ID where the security group is located in. type: str sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567" revision_number: description: The revision number of the resource. type: int tenant_id: description: Tenant ID where the security group is located in. Deprecated type: str sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567" security_group_rules: description: Specifies the security group rule list type: list sample: [ { "id": "d90e55ba-23bd-4d97-b722-8cb6fb485d69", "direction": "ingress", "protocol": null, "ethertype": "IPv4", "description": null, "remote_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2", "remote_ip_prefix": null, "tenant_id": "bbfe8c41dd034a07bebd592bf03b4b0c", "port_range_max": null, "port_range_min": null, "security_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2" }, { "id": "aecff4d4-9ce9-489c-86a3-803aedec65f7", "direction": "egress", "protocol": null, "ethertype": "IPv4", "description": null, "remote_group_id": null, "remote_ip_prefix": null, "tenant_id": "bbfe8c41dd034a07bebd592bf03b4b0c", "port_range_max": null, "port_range_min": null, "security_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2" } ] stateful: description: Indicates if the security group is stateful or stateless. type: bool tags: description: The list of tags on the resource. type: list updated_at: description: Update time of the security group type: str sample: "yyyy-mm-dd hh:mm:ss" a - name: Create a security group openstack.cloud.security_group: cloud: mordred state: present name: foo description: security group for foo servers - name: Create a stateless security group openstack.cloud.security_group: cloud: mordred state: present stateful: false name: foo description: stateless security group for foo servers - name: Update the existing 'foo' security group description openstack.cloud.security_group: cloud: mordred state: present name: foo description: updated description for the foo security group - name: Create a security group for a given project openstack.cloud.security_group: cloud: mordred state: present name: foo project: myproj - name: Create (or update) a security group with security group rules openstack.cloud.security_group: cloud: mordred state: present name: foo security_group_rules: - ether_type: IPv6 direction: egress - ether_type: IPv4 direction: egress - name: Create (or update) security group without security group rules openstack.cloud.security_group: cloud: mordred state: present name: foo security_group_rules: [] )OpenStackModulec`eZdZeeedeeddeeedddgeddd ged ed eee  edddged ZedZdZdZdZdZ dZ dZ dZ dZ dZdZdZdZy) SecurityGroupModuleT)requiredlistdictingressegress)defaultchoicesIPv4IPv6int)type) description direction ether_typeport_range_maxport_range_minprotocol remote_groupremote_ip_prefix)relementsoptionspresentabsentbool)rnameprojectsecurity_group_rulesstatestateful)supports_check_modecf|jd}|j}|jjr"|j |j |||dk(r6|s4|j }|j d|jdy|dk(rT|rR|j|}|r|j||}|j t||jdy|dk(r&|r$|j||j dy|dk(r|s|j dyyy) Nr!)changedrTF)computed)r%security_groupr) params_findansible check_mode exit_json _will_change_createto_dict _build_update_updater_delete)selfr!r'updates r/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/openstack/cloud/plugins/modules/security_group.pyrunzSecurityGroupModule.runs G$ << " " NN4#4#4UN#KN L I n!\\^N NN-55u5E  Gi N''7F!%nf!E NNV -55u5E  Gh > LL ( NN4N ( h ~ NN5N )(6 cJi|j||j|SN)_build_update_security_group"_build_update_security_group_rulesr3r's r5r0z!SecurityGroupModule._build_update<s6G//?G55nEG Gr7ci}dDcgc](}j|j||k7r|*}}|r!jdj|tfddD}|r||d<|Scc}w)NzCannot update parameters {0}msgc3K|]9}j|(j||k7r|j|f;ywr9r().0kr'r3s r5 zCSecurityGroupModule._build_update_security_group..OsKC![[^7"kk!nq0AAdkk!n-Cs?A)r attributes)r( fail_jsonformatr)r3r'r4rDnon_updateable_keysrFs`` r5r:z0SecurityGroupModule._build_update_security_groupAs +-HQ"&++a."<#';;q>^A5F#F !HH  NN= &': ;  =C#2CC #-F<  !Hs-A9cd jdiS fd}d i}i}g}g}j|D]1}|||j}|r |||d<!|j|3|jD])} | d|j vs|j| +|r||d<|r||d<|S)Nr c|Dcgc] }||r|}}t|dkDrjdyt|dk(r|dSycc}w)NzRFound more a single matching security group rule which match the given parameters.r?r)lenrG) prototyper rmatchesis_security_group_rule_matchr3s r5find_security_group_rule_matchz^SecurityGroupModule._build_update_security_group_rules..find_security_group_rule_matchasl"6FQ6y!DFGF7|a$23W"qz!FsAc@dg}dvr ddk7rydvrKddvrDdvrddvrdy|jddvrdd vrdy|jdtfd tjt|z DrSy) Nr ethertypeFrtcpudpr)ir)rXrLc34K|]}||k(ywr9r>)rCrDrNsecurity_group_rules r5rEzoSecurityGroupModule._build_update_security_group_rules..is_security_group_rule_match..s)F'q)Yq\9Fs)appendallsetkeys)rNrZ skip_keyss`` r5rQz\SecurityGroupModule._build_update_security_group_rules..is_security_group_rule_matchms%Iy(&{3y7NNY&Z(N:$y0 !12kA*+;<H$$$%56#y0 !12g=*+;<H$$$%56F !12S^CFF**r7idcreate_security_group_rulesdelete_security_group_rules)r(_generate_security_group_rulesr r[r^) r3r'rRr4keep_security_group_rulesrarbrNmatchrZrQs ` @r5r;z6SecurityGroupModule._build_update_security_group_rulesYs ;;- . 6I  8$&!&(#&(#<<^L >I2>>>@E9>)%+6+229=  >$2#F#F H #D)/4467+223FG H '4OF0 1 &4OF0 1 r7cTtfddD}jd}|6jjj |d}|j |d<jj jdi|}j|}|rj||}|S)Nc3^K|]$}j||j|f&ywr9rB)rCrDr3s r5rEz.SecurityGroupModule._create..s45Q3$++a.)5s*-)rrr"rF name_or_idignore_missing project_idr>) rr(connidentity find_projectr`networkcreate_security_groupr;_update_security_group_rules)r3kwargsproject_name_or_idrr'r4s` r5r.zSecurityGroupModule._creates5B55"[[3  )ii((55-e6EG#*::F< @**@@J6J88H !>>~?EGNr7cb|jjj|jyr9)rlrodelete_security_groupr`r<s r5r2zSecurityGroupModule._deletes  //0A0ABr7ct|jd}|jd}|6|jjj |d}|j |d<|jj jdi|S)Nr)rirFrhrkr>)rr(rlrmrnr`rofind_security_group)r3rrrsrs r5r)zSecurityGroupModule._finds}V!45![[3  )ii((55-e6EG#*::F< 4tyy  44>v>>r7cij<j<fd}jdxsgDcgc] }|| c}Scc}w)NctfddD}j|d<j|d<d}|E| vr |}n, jjj |d}| |<|j|d<d }|||d <d }| |d vr||d <d }d }|dvr>|t |dk7rt ||d <|t |dk7rt ||d <|S|dvr>|t |dk7rt ||d <|t |dk7rt ||d <|S|d vr |S|t ||d <|t ||d <|S)Nc36K|]}| ||fywr9r>)rCrDr(s r5rEzlSecurityGroupModule._generate_security_group_rules.._generate_security_group_rule..s+*!9(F1I*s)rrrrksecurity_group_idrF)rjremote_group_idrr)any0rr)icmpz ipv6-icmprXrU)rrkr`rlrorwr) r(rNremote_group_name_or_idrrrrrr'security_group_cacher3s ` r5_generate_security_group_rulezYSecurityGroupModule._generate_security_group_rules.._generate_security_group_rules*I**I&'5&?&?Il #-;->->I) *&,^&< #&2*.BB,-DE!$(99#4#4#H#H/$I$GL%))@A0< +, -J%*4 ,'j)H# (D(0 *%#$45N#$45N00!-#n2E2K25n2EI./!-#n2E2K25n2EI./ ^+!-#n2E2K25n2EI./!-#n2E2K25n2EI./ \)  "-25n2EI./!-25n2EI./ r7r )rr`r()r3r'rrOrs`` @r5rcz2SecurityGroupModule._generate_security_group_rulessl!4B^0012@^../C L++&<=CF.a0F FFsAcJ|j||}|j||Sr9)_update_security_grouprq)r3r'r4s r5r1zSecurityGroupModule._updates'44^VL00HHr7c|jd}|r1|jjj|jfi|}|S)NrF)getrlroupdate_security_groupr`)r3r'r4rFs r5rz*SecurityGroupModule._update_security_groupsHZZ - DTYY..DD!!1%/1Nr7c`|jd}|r/|D]*}|jjj|d,|jd}|r%|jjj ||s|r/|jjj |j S|S)Nrbr`ra)rrlrodelete_security_group_ruleraget_security_groupr`)r3r'r4rbrZras r5rqz0SecurityGroupModule._update_security_group_ruless&,jj1N&O# &'B J# !!../B4/HI J'-jj1N&O# & II  ++,GH &*E99$$778I8IJ J! !r7cf|dk(r|sy|dk(r|rt|j|S|dk(r|ryy)NrTrF)rr0)r3r!r's r5r-z SecurityGroupModule._will_change0sA I n i N**>:; ; h >r7N)__name__ __module__ __qualname__r argument_spec module_kwargsr6r0r:r;r.r2r)rcr1rrqr-r>r7r5rrsF 4 !& Fy(0)'<>8HI#/#/!V!%   9x.CD6"'M, M *DG 0HT(C ?KFZI"$ r7rc&t}|yr9)r)modules r5mainr<s "F Hr7__main__N) DOCUMENTATIONRETURNEXAMPLESBansible_collections.openstack.cloud.plugins.module_utils.openstackrrrrr>r7r5rsMr hJ X/ b_}/}@   zFr7