-
Notifications
You must be signed in to change notification settings - Fork 23.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
updates to azure_rm_sqlfirewallrule small fixes move sql client to common adding state fixed sample fixed sanity fixed aliases removed unnecessary object removed unused resource_group changed group to less crowdy tags no tags on firewall rule
- Loading branch information
1 parent
b7d614d
commit 7d81de2
Showing
5 changed files
with
380 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
272 changes: 272 additions & 0 deletions
272
lib/ansible/modules/cloud/azure/azure_rm_sqlfirewallrule.py
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,272 @@ | ||
#!/usr/bin/python | ||
# | ||
# Copyright (c) 2017 Zim Kalinowski, <zikalino@microsoft.com> | ||
# | ||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
|
||
from __future__ import absolute_import, division, print_function | ||
__metaclass__ = type | ||
|
||
|
||
ANSIBLE_METADATA = {'metadata_version': '1.1', | ||
'status': ['preview'], | ||
'supported_by': 'community'} | ||
|
||
|
||
DOCUMENTATION = ''' | ||
--- | ||
module: azure_rm_sqlfirewallrule | ||
version_added: "2.7" | ||
short_description: Manage Firewall Rule instance. | ||
description: | ||
- Create, update and delete instance of Firewall Rule. | ||
options: | ||
resource_group: | ||
description: | ||
- The name of the resource group that contains the resource. You can obtain this value from the Azure Resource Manager API or the portal. | ||
required: True | ||
server_name: | ||
description: | ||
- The name of the server. | ||
required: True | ||
name: | ||
description: | ||
- The name of the firewall rule. | ||
required: True | ||
start_ip_address: | ||
description: | ||
- The start IP address of the firewall rule. Must be IPv4 format. Use value C(0.0.0.0) to represent all Azure-internal IP addresses. | ||
end_ip_address: | ||
description: | ||
- "The end IP address of the firewall rule. Must be IPv4 format. Must be greater than or equal to startIpAddress. Use value C(0.0.0.0) to represe | ||
nt all Azure-internal IP addresses." | ||
state: | ||
description: | ||
- Assert the state of the SQL Database. Use 'present' to create or update an SQL Database and 'absent' to delete it. | ||
default: present | ||
choices: | ||
- absent | ||
- present | ||
extends_documentation_fragment: | ||
- azure | ||
author: | ||
- "Zim Kalinowski (@zikalino)" | ||
''' | ||
|
||
EXAMPLES = ''' | ||
- name: Create (or update) Firewall Rule | ||
azure_rm_sqlfirewallrule: | ||
resource_group: firewallrulecrudtest-12 | ||
server_name: firewallrulecrudtest-6285 | ||
name: firewallrulecrudtest-5370 | ||
start_ip_address: 172.28.10.136 | ||
end_ip_address: 172.28.10.138 | ||
''' | ||
|
||
RETURN = ''' | ||
id: | ||
description: | ||
- Resource ID. | ||
returned: always | ||
type: str | ||
sample: "/subscriptions/00000000-1111-2222-3333-444444444444/resourceGroups/firewallrulecrudtest-12/providers/Microsoft.Sql/servers/firewallrulecrudtest-628 | ||
5/firewallRules/firewallrulecrudtest-5370" | ||
''' | ||
|
||
import time | ||
from ansible.module_utils.azure_rm_common import AzureRMModuleBase | ||
|
||
try: | ||
from msrestazure.azure_exceptions import CloudError | ||
from msrestazure.azure_operation import AzureOperationPoller | ||
from azure.mgmt.sql import SqlManagementClient | ||
from msrest.serialization import Model | ||
except ImportError: | ||
# This is handled in azure_rm_common | ||
pass | ||
|
||
|
||
class Actions: | ||
NoAction, Create, Update, Delete = range(4) | ||
|
||
|
||
class AzureRMFirewallRules(AzureRMModuleBase): | ||
"""Configuration class for an Azure RM Firewall Rule resource""" | ||
|
||
def __init__(self): | ||
self.module_arg_spec = dict( | ||
resource_group=dict( | ||
type='str', | ||
required=True | ||
), | ||
server_name=dict( | ||
type='str', | ||
required=True | ||
), | ||
name=dict( | ||
type='str', | ||
required=True | ||
), | ||
start_ip_address=dict( | ||
type='str' | ||
), | ||
end_ip_address=dict( | ||
type='str' | ||
), | ||
state=dict( | ||
type='str', | ||
default='present', | ||
choices=['present', 'absent'] | ||
) | ||
) | ||
|
||
self.resource_group = None | ||
self.server_name = None | ||
self.name = None | ||
self.start_ip_address = None | ||
self.end_ip_address = None | ||
|
||
self.results = dict(changed=False) | ||
self.state = None | ||
self.to_do = Actions.NoAction | ||
|
||
super(AzureRMFirewallRules, self).__init__(derived_arg_spec=self.module_arg_spec, | ||
supports_check_mode=True, | ||
supports_tags=False) | ||
|
||
def exec_module(self, **kwargs): | ||
"""Main module execution method""" | ||
|
||
for key in list(self.module_arg_spec.keys()): | ||
if hasattr(self, key): | ||
setattr(self, key, kwargs[key]) | ||
|
||
old_response = self.get_firewallrule() | ||
response = None | ||
|
||
if not old_response: | ||
self.log("Firewall Rule instance doesn't exist") | ||
if self.state == 'absent': | ||
self.log("Old instance didn't exist") | ||
else: | ||
self.to_do = Actions.Create | ||
else: | ||
self.log("Firewall Rule instance already exists") | ||
if self.state == 'absent': | ||
self.to_do = Actions.Delete | ||
elif self.state == 'present': | ||
self.log("Need to check if Firewall Rule instance has to be deleted or may be updated") | ||
if (self.start_ip_address is not None) and (self.start_ip_address != old_response['start_ip_address']): | ||
self.to_do = Actions.Update | ||
if (self.end_ip_address is not None) and (self.end_ip_address != old_response['end_ip_address']): | ||
self.to_do = Actions.Update | ||
|
||
if (self.to_do == Actions.Create) or (self.to_do == Actions.Update): | ||
self.log("Need to Create / Update the Firewall Rule instance") | ||
|
||
if self.check_mode: | ||
self.results['changed'] = True | ||
return self.results | ||
|
||
response = self.create_update_firewallrule() | ||
|
||
if not old_response: | ||
self.results['changed'] = True | ||
else: | ||
self.results['changed'] = old_response.__ne__(response) | ||
self.log("Creation / Update done") | ||
elif self.to_do == Actions.Delete: | ||
self.log("Firewall Rule instance deleted") | ||
self.results['changed'] = True | ||
|
||
if self.check_mode: | ||
return self.results | ||
|
||
self.delete_firewallrule() | ||
# make sure instance is actually deleted, for some Azure resources, instance is hanging around | ||
# for some time after deletion -- this should be really fixed in Azure | ||
while self.get_firewallrule(): | ||
time.sleep(20) | ||
else: | ||
self.log("Firewall Rule instance unchanged") | ||
self.results['changed'] = False | ||
response = old_response | ||
|
||
if response: | ||
self.results["id"] = response["id"] | ||
|
||
return self.results | ||
|
||
def create_update_firewallrule(self): | ||
''' | ||
Creates or updates Firewall Rule with the specified configuration. | ||
:return: deserialized Firewall Rule instance state dictionary | ||
''' | ||
self.log("Creating / Updating the Firewall Rule instance {0}".format(self.name)) | ||
|
||
try: | ||
response = self.sql_client.firewall_rules.create_or_update(resource_group_name=self.resource_group, | ||
server_name=self.server_name, | ||
firewall_rule_name=self.name, | ||
start_ip_address=self.start_ip_address, | ||
end_ip_address=self.end_ip_address) | ||
if isinstance(response, AzureOperationPoller): | ||
response = self.get_poller_result(response) | ||
|
||
except CloudError as exc: | ||
self.log('Error attempting to create the Firewall Rule instance.') | ||
self.fail("Error creating the Firewall Rule instance: {0}".format(str(exc))) | ||
return response.as_dict() | ||
|
||
def delete_firewallrule(self): | ||
''' | ||
Deletes specified Firewall Rule instance in the specified subscription and resource group. | ||
:return: True | ||
''' | ||
self.log("Deleting the Firewall Rule instance {0}".format(self.name)) | ||
try: | ||
response = self.sql_client.firewall_rules.delete(resource_group_name=self.resource_group, | ||
server_name=self.server_name, | ||
firewall_rule_name=self.name) | ||
except CloudError as e: | ||
self.log('Error attempting to delete the Firewall Rule instance.') | ||
self.fail("Error deleting the Firewall Rule instance: {0}".format(str(e))) | ||
|
||
return True | ||
|
||
def get_firewallrule(self): | ||
''' | ||
Gets the properties of the specified Firewall Rule. | ||
:return: deserialized Firewall Rule instance state dictionary | ||
''' | ||
self.log("Checking if the Firewall Rule instance {0} is present".format(self.name)) | ||
found = False | ||
try: | ||
response = self.sql_client.firewall_rules.get(resource_group_name=self.resource_group, | ||
server_name=self.server_name, | ||
firewall_rule_name=self.name) | ||
found = True | ||
self.log("Response : {0}".format(response)) | ||
self.log("Firewall Rule instance : {0} found".format(response.name)) | ||
except CloudError as e: | ||
self.log('Did not find the Firewall Rule instance.') | ||
if found is True: | ||
return response.as_dict() | ||
|
||
return False | ||
|
||
|
||
def main(): | ||
"""Main execution""" | ||
AzureRMFirewallRules() | ||
|
||
|
||
if __name__ == '__main__': | ||
main() |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,3 @@ | ||
cloud/azure | ||
destructive | ||
shippable/azure/group2 |
2 changes: 2 additions & 0 deletions
2
test/integration/targets/azure_rm_sqlfirewallrule/meta/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
dependencies: | ||
- setup_azure |
95 changes: 95 additions & 0 deletions
95
test/integration/targets/azure_rm_sqlfirewallrule/tasks/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,95 @@ | ||
- name: Prepare random number | ||
set_fact: | ||
rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}" | ||
run_once: yes | ||
|
||
- name: Create SQL Server | ||
azure_rm_sqlserver: | ||
resource_group: "{{ resource_group }}" | ||
name: "sqlsrv{{ rpfx }}" | ||
location: eastus | ||
admin_username: mylogin | ||
admin_password: Testpasswordxyz12! | ||
|
||
- name: Create instance of Firewall Rule -- check mode | ||
azure_rm_sqlfirewallrule: | ||
resource_group: "{{ resource_group }}" | ||
server_name: "sqlsrv{{ rpfx }}" | ||
name: firewallrule{{ rpfx }} | ||
start_ip_address: 172.28.10.136 | ||
end_ip_address: 172.28.10.138 | ||
check_mode: yes | ||
register: output | ||
- name: Assert the resource instance is well created | ||
assert: | ||
that: | ||
- output.changed | ||
|
||
- name: Create instance of Firewall Rule | ||
azure_rm_sqlfirewallrule: | ||
resource_group: "{{ resource_group }}" | ||
server_name: "sqlsrv{{ rpfx }}" | ||
name: firewallrule{{ rpfx }} | ||
start_ip_address: 172.28.10.136 | ||
end_ip_address: 172.28.10.138 | ||
register: output | ||
- name: Assert the resource instance is well created | ||
assert: | ||
that: | ||
- output.changed | ||
|
||
- name: Create again instance of Firewall Rule | ||
azure_rm_sqlfirewallrule: | ||
resource_group: "{{ resource_group }}" | ||
server_name: "sqlsrv{{ rpfx }}" | ||
name: firewallrule{{ rpfx }} | ||
start_ip_address: 172.28.10.136 | ||
end_ip_address: 172.28.10.138 | ||
register: output | ||
- name: Assert the state has not changed | ||
assert: | ||
that: | ||
- output.changed == false | ||
|
||
- name: Delete instance of Firewall Rule -- check mode | ||
azure_rm_sqlfirewallrule: | ||
resource_group: "{{ resource_group }}" | ||
server_name: "sqlsrv{{ rpfx }}" | ||
name: firewallrule{{ rpfx }} | ||
state: absent | ||
check_mode: yes | ||
register: output | ||
- name: Assert the state has changed | ||
assert: | ||
that: | ||
- output.changed | ||
|
||
- name: Delete instance of Firewall Rule | ||
azure_rm_sqlfirewallrule: | ||
resource_group: "{{ resource_group }}" | ||
server_name: "sqlsrv{{ rpfx }}" | ||
name: firewallrule{{ rpfx }} | ||
state: absent | ||
register: output | ||
- name: Assert the state has changed | ||
assert: | ||
that: | ||
- output.changed | ||
|
||
- name: Delete unexisting instance of Firewall Rule | ||
azure_rm_sqlfirewallrule: | ||
resource_group: "{{ resource_group }}" | ||
server_name: "sqlsrv{{ rpfx }}" | ||
name: firewallrule{{ rpfx }} | ||
state: absent | ||
register: output | ||
- name: Assert the state has changed | ||
assert: | ||
that: | ||
- output.changed == false | ||
|
||
- name: Delete instance of SQL Server | ||
azure_rm_sqlserver: | ||
resource_group: "{{ resource_group }}" | ||
name: "sqlsrv{{ rpfx }}" | ||
state: absent |