From 3de89da6f08033cf1a126fc1d0e05946721b2248 Mon Sep 17 00:00:00 2001 From: Yuwei Zhou Date: Thu, 10 May 2018 17:43:26 +0800 Subject: [PATCH] Backport: Fixes some NIC bugs (#39213) (#39266) * cherry-pick 1ecd2c9dcdb6df9baada84d220dddda3423137c2 * Create azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml --- ...nterface-fix-creation-ignore-nsg-name.yaml | 2 + lib/ansible/module_utils/azure_rm_common.py | 11 +++- .../cloud/azure/azure_rm_networkinterface.py | 50 +++++++++++-------- .../azure_rm_networkinterface/tasks/main.yml | 15 ++++-- 4 files changed, 52 insertions(+), 26 deletions(-) create mode 100644 changelogs/fragments/azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml diff --git a/changelogs/fragments/azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml b/changelogs/fragments/azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml new file mode 100644 index 0000000000..ba108c945e --- /dev/null +++ b/changelogs/fragments/azure_rm_networkinterface-fix-creation-ignore-nsg-name.yaml @@ -0,0 +1,2 @@ +bugfixes: +- azure_rm_networkinterface - Network interface can attach an existing NSG or create a new NSG with specified name in Ansible v2.5.0. diff --git a/lib/ansible/module_utils/azure_rm_common.py b/lib/ansible/module_utils/azure_rm_common.py index 0c0d726e31..1a50818399 100644 --- a/lib/ansible/module_utils/azure_rm_common.py +++ b/lib/ansible/module_utils/azure_rm_common.py @@ -767,8 +767,15 @@ class AzureRMModuleBase(object): priority += 1 rule_name = "Rule_{0}".format(priority) parameters.security_rules.append( - self.network_models.SecurityRule('Tcp', '*', '*', 'Allow', 'Inbound', source_port_range='*', - destination_port_range=str(port), priority=priority, name=rule_name) + self.network_models.SecurityRule(protocol='Tcp', + source_address_prefix='*', + destination_address_prefix='*', + access='Allow', + direction='Inbound', + source_port_range='*', + destination_port_range=str(port), + priority=priority, + name=rule_name) ) self.log('Creating default security group {0}'.format(security_group_name)) diff --git a/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py b/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py index 335526b947..d9d56d2ae6 100644 --- a/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py +++ b/lib/ansible/modules/cloud/azure/azure_rm_networkinterface.py @@ -2,6 +2,7 @@ # # Copyright (c) 2016 Matt Davis, # Chris Houseknecht, +# Yuwei ZHou, # # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) @@ -168,6 +169,7 @@ extends_documentation_fragment: author: - "Chris Houseknecht (@chouseknecht)" - "Matt Davis (@nitzmahone)" + - "Yuwei Zhou (@yuwzho)" ''' EXAMPLES = ''' @@ -260,7 +262,8 @@ state: "id": "/subscriptions/XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXX/resourceGroups/Testing/providers/Microsoft.Network/publicIPAddresses/publicip001", "name": "publicip001" }, - "subnet": {} + "subnet": {}, + "load_balancer_backend_address_pools": [] }], "location": "eastus2", "mac_address": null, @@ -334,16 +337,6 @@ def nic_to_dict(nic): ) -def construct_ip_configuration_set(raw): - configurations = [str(dict( - private_ip_allocation_method=to_native(item.get('private_ip_allocation_method')), - public_ip_address_name=(to_native(item.get('public_ip_address').get('name')) - if item.get('public_ip_address') else to_native(item.get('public_ip_address_name'))), - primary=item.get('primary'), - name=to_native(item.get('name')) - )) for item in raw] - return set(configurations) - ip_configuration_spec = dict( name=dict(type='str', required=True), private_ip_address=dict(type='str'), @@ -427,6 +420,9 @@ class AzureRMNetworkInterface(AzureRMModuleBase): virtual_network_name = virtual_network_dict.get('name') virtual_network_resource_group = virtual_network_dict.get('resource_group', self.resource_group) + # if not set the security group name, use nic name for default + self.security_group_name = self.security_group_name or self.name + if self.state == 'present' and not self.ip_configurations: # construct the ip_configurations array for compatiable self.deprecate('Setting ip_configuration flatten is deprecated and will be removed.' @@ -437,7 +433,8 @@ class AzureRMNetworkInterface(AzureRMModuleBase): private_ip_allocation_method=self.private_ip_allocation_method, public_ip_address_name=self.public_ip_address_name if self.public_ip else None, public_ip_allocation_method=self.public_ip_allocation_method, - name='default' + name='default', + primary=True ) ] @@ -457,11 +454,10 @@ class AzureRMNetworkInterface(AzureRMModuleBase): if update_tags: changed = True - if self.security_group_name: - nsg = self.get_security_group(self.security_group_name) - if nsg and results['network_security_group'].get('id') != nsg.id: - self.log("CHANGED: network interface {0} network security group".format(self.name)) - changed = True + nsg = self.get_security_group(self.security_group_name) + if nsg and results.get('network_security_group') and results['network_security_group'].get('id') != nsg.id: + self.log("CHANGED: network interface {0} network security group".format(self.name)) + changed = True if results['ip_configurations'][0]['subnet']['virtual_network_name'] != virtual_network_name: self.log("CHANGED: network interface {0} virtual network name".format(self.name)) @@ -479,8 +475,8 @@ class AzureRMNetworkInterface(AzureRMModuleBase): # construct two set with the same structure and then compare # the list should contains: # name, private_ip_address, public_ip_address_name, private_ip_allocation_method, subnet_name - ip_configuration_result = construct_ip_configuration_set(results['ip_configurations']) - ip_configuration_request = construct_ip_configuration_set(self.ip_configurations) + ip_configuration_result = self.construct_ip_configuration_set(results['ip_configurations']) + ip_configuration_request = self.construct_ip_configuration_set(self.ip_configurations) if ip_configuration_result != ip_configuration_request: self.log("CHANGED: network interface {0} ip configurations".format(self.name)) changed = True @@ -516,7 +512,11 @@ class AzureRMNetworkInterface(AzureRMModuleBase): ) for ip_config in self.ip_configurations ] - nsg = nsg or self.create_default_securitygroup(self.resource_group, self.location, self.name, self.os_type, self.open_ports) + nsg = self.create_default_securitygroup(self.resource_group, + self.location, + self.security_group_name, + self.os_type, + self.open_ports) self.log('Creating or updating network interface {0}'.format(self.name)) nic = self.network_models.NetworkInterface( id=results['id'] if results else None, @@ -590,6 +590,16 @@ class AzureRMNetworkInterface(AzureRMModuleBase): except Exception as exc: return None + def construct_ip_configuration_set(self, raw): + configurations = [str(dict( + private_ip_allocation_method=to_native(item.get('private_ip_allocation_method')), + public_ip_address_name=(to_native(item.get('public_ip_address').get('name')) + if item.get('public_ip_address') else to_native(item.get('public_ip_address_name'))), + primary=item.get('primary'), + name=to_native(item.get('name')) + )) for item in raw] + return set(configurations) + def main(): AzureRMNetworkInterface() diff --git a/test/integration/targets/azure_rm_networkinterface/tasks/main.yml b/test/integration/targets/azure_rm_networkinterface/tasks/main.yml index ec1bd1f613..cba992533c 100644 --- a/test/integration/targets/azure_rm_networkinterface/tasks/main.yml +++ b/test/integration/targets/azure_rm_networkinterface/tasks/main.yml @@ -12,6 +12,11 @@ address_prefix: "10.10.0.0/24" virtual_network: testnic001 +- name: create public ip + azure_rm_publicipaddress: + name: ansiblepip3 + resource_group: '{{ resource_group }}' + - name: Create NIC (check mode) azure_rm_networkinterface: resource_group: "{{ resource_group }}" @@ -121,8 +126,8 @@ virtual_network: "{{ vn.state.id }}" subnet: testnic001 ip_configurations: - - name: ipconfig-add - public_ip_name: testnic002 + - name: ipconfig1 + public_ip_name: testnic003 - name: default public_ip_name: testnic001 public_ip_allocation_method: Static @@ -138,7 +143,6 @@ azure_rm_networkinterface: resource_group: "{{ resource_group }}" name: testnic001noip - security_group: testnic001 virtual_network: "{{ vn.state.id }}" subnet: testnic001 ip_configurations: @@ -165,8 +169,11 @@ - name: Delete the NIC azure_rm_networkinterface: resource_group: "{{ resource_group }}" - name: testnic001 + name: "{{ item }}" state: absent + with_items: + - testnic001 + - testnic001noip register: output - assert: