in src/ansible_collections/alibaba/apsarastack/plugins/modules/ali_security_group.py [0:0]
def main():
argument_spec = common_argument_spec()
argument_spec.update(dict(
state=dict(default='present', type='str', choices=['present', 'absent']),
name=dict(type='str', required=True, aliases=['group_name']),
description=dict(type='str'),
vpc_id=dict(type='str'),
security_group_id=dict(type='str', aliases=['id', 'group_id']),
tags=dict(type='dict', aliases=['group_tags']),
rules=dict(type='list', elements='dict'),
rules_egress=dict(type='list', elements='dict'),
purge_rules=dict(type='bool', default=True),
purge_rules_egress=dict(type='bool', default=True),
multi_ok=dict(type='bool', default=False),
recent=dict(type='bool', default=False)
))
module = AnsibleModule(argument_spec=argument_spec)
if HAS_FOOTMARK is False:
module.fail_json(msg='footmark is required for the module ali_security_group.')
ecs = ecs_connect(module)
state = module.params['state']
security_group_id = module.params['security_group_id']
group_name = module.params['name']
if str(group_name).startswith('http://') or str(group_name).startswith('https://'):
module.fail_json(msg='Name can not start with http:// or https://')
description = module.params['description']
if str(description).startswith('http://') or str(description).startswith('https://'):
module.fail_json(msg='description can not start with http:// or https://')
multi = module.params['multi_ok']
recent = module.params['recent']
if multi and recent:
module.fail_json(msg='multi_ok and recent can not be True at the same time.')
changed = False
group = group_exists(ecs, module, module.params['vpc_id'], group_name, security_group_id, multi, recent)
if state == 'absent':
if not group:
module.exit_json(changed=changed, group={})
try:
module.exit_json(changed=group.delete(), group={})
except ECSResponseError as e:
module.fail_json(msg="Deleting security group {0} is failed. Error: {1}".format(group.id, e))
if not group:
try:
params = module.params
params['security_group_name'] = group_name
params['client_token'] = "Ansible-Apsarastack-%s-%s" % (hash(str(module.params)), str(time.time()))
group = ecs.create_security_group(**params)
except ECSResponseError as e:
module.fail_json(changed=changed, msg='Creating a security group is failed. Error: {0}'.format(e))
if not description:
description = group.description
if group.modify(name=group_name, description=description):
changed = True
# validating rules if provided
ingress_rules = module.params['rules']
if ingress_rules:
direction = 'ingress'
for rule in ingress_rules:
validate_group_rule_keys(module, rule, direction)
if module.params['purge_rules']:
for existing in group.permissions:
if existing['direction'] != direction:
continue
if purge_rules(module, group, existing, ingress_rules, direction):
changed = True
for rule in ingress_rules:
if group.authorize(rule, direction):
changed = True
egress_rules = module.params['rules_egress']
if egress_rules:
direction = 'egress'
for rule in egress_rules:
validate_group_rule_keys(module, rule, direction)
if module.params['purge_rules_egress']:
for existing in group.permissions:
if existing['direction'] != direction:
continue
if purge_rules(module, group, existing, egress_rules, direction):
changed = True
for rule in egress_rules:
if group.authorize(rule, direction):
changed = True
module.exit_json(changed=changed, group=group.get().read())