Azure module bugfix backport (#43808)

* Fix nsg cannot add rule with purge_rules false (#43699) (cherry picked from commit 88a738b0ba) * Create azure_securitygroup_fix_adding_rule.yaml * azure_rm_loadbalancer_facts.py: list() takes at least 2 arguments fix (#29046) (#29050) (cherry picked from commit d1d08304f9) * azure_rm_deployment: collect tags from existing Resource Group (#26104) (cherry picked from commit 6741e98c04) * add change log
2018-08-14 06:22:00 +08:00 · 2018-08-14 06:22:00 +08:00 · d49240a619
commit d49240a619
parent c2aadff306
5 changed files with 68 additions and 22 deletions
--- a/changelogs/fragments/azure_nsg_deployment_lb.yaml
+++ b/changelogs/fragments/azure_nsg_deployment_lb.yaml
@ -0,0 +1,5 @@
+---
+bugfixes:
+- fix azure security group cannot add rules when purge_rule set to false. (https://github.com/ansible/ansible/pull/43699)
+- fix azure_rm_deployment collect tags from existing Resource Group. (https://github.com/ansible/ansible/pull/26104)
+- fix azure_rm_loadbalancer_facts list takes at least 2 arguments. (https://github.com/ansible/ansible/pull/29050)
--- a/lib/ansible/modules/cloud/azure/azure_rm_deployment.py
+++ b/lib/ansible/modules/cloud/azure/azure_rm_deployment.py
@ -416,6 +416,7 @@ class AzureRMDeploymentManager(AzureRMModuleBase):
        self.wait_for_deployment_completion = None
        self.wait_for_deployment_polling_period = None
        self.tags = None
+        self.append_tags = None

        self.results = dict(
            deployment=dict(),
@ -429,7 +430,7 @@ class AzureRMDeploymentManager(AzureRMModuleBase):

    def exec_module(self, **kwargs):

-        for key in list(self.module_arg_spec.keys()) + ['tags']:
+        for key in list(self.module_arg_spec.keys()) + ['append_tags', 'tags']:
            setattr(self, key, kwargs[key])

        if self.state == 'present':
@ -454,10 +455,14 @@ class AzureRMDeploymentManager(AzureRMModuleBase):
            self.results['changed'] = True
            self.results['msg'] = 'deployment succeeded'
        else:
-            if self.resource_group_exists(self.resource_group_name):
+            try:
+                if self.get_resource_group(self.resource_group_name):
                    self.destroy_resource_group()
                    self.results['changed'] = True
                    self.results['msg'] = "deployment deleted"
+            except CloudError:
+                # resource group does not exist
+                pass

        return self.results

@ -484,6 +489,15 @@ class AzureRMDeploymentManager(AzureRMModuleBase):
                uri=self.template_link
            )

+        if self.append_tags and self.tags:
+            try:
+                rg = self.get_resource_group(self.resource_group_name)
+                if rg.tags:
+                    self.tags = dict(self.tags, **rg.tags)
+            except CloudError:
+                # resource group does not exist
+                pass
+
        params = self.rm_models.ResourceGroup(location=self.location, tags=self.tags)

        try:
@ -531,19 +545,6 @@ class AzureRMDeploymentManager(AzureRMModuleBase):
                self.fail("Delete resource group and deploy failed with status code: %s and message: %s" %
                          (e.status_code, e.message))

-    def resource_group_exists(self, resource_group):
-        '''
-        Return True/False based on existence of requested resource group.
-
-        :param resource_group: string. Name of a resource group.
-        :return: boolean
-        '''
-        try:
-            self.rm_client.resource_groups.get(resource_group)
-        except CloudError:
-            return False
-        return True
-
    def _get_failed_nested_operations(self, current_operations):
        new_operations = []
        for operation in current_operations:
--- a/lib/ansible/modules/cloud/azure/azure_rm_loadbalancer_facts.py
+++ b/lib/ansible/modules/cloud/azure/azure_rm_loadbalancer_facts.py
@ -64,6 +64,10 @@ EXAMPLES = '''
    - name: Get facts for all load balancers
      azure_rm_loadbalancer_facts:

+    - name: Get facts for all load balancers in a specific resource group
+      azure_rm_loadbalancer_facts:
+        resource_group: TestRG
+
    - name: Get facts by tags
      azure_rm_loadbalancer_facts:
        tags:
@ -152,8 +156,14 @@ class AzureRMLoadBalancerFacts(AzureRMModuleBase):

        self.log('List all load balancers')

+        if self.resource_group:
            try:
-            response = self.network_client.load_balancers.list()
+                response = self.network_client.load_balancers.list(self.resource_group)
+            except AzureHttpError as exc:
+                self.fail('Failed to list items in resource group {} - {}'.format(self.resource_group, str(exc)))
+        else:
+            try:
+                response = self.network_client.load_balancers.list_all()
            except AzureHttpError as exc:
                self.fail('Failed to list all items - {}'.format(str(exc)))

--- a/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py
+++ b/lib/ansible/modules/cloud/azure/azure_rm_securitygroup.py
@ -338,6 +338,7 @@ except ImportError:

 from ansible.module_utils.azure_rm_common import AzureRMModuleBase
 from ansible.module_utils.six import integer_types
+from ansible.module_utils._text import to_native


 def validate_rule(self, rule, rule_type=None):
@ -376,6 +377,11 @@ def compare_rules_change(old_list, new_list, purge_list):
            new_list.append(old_rule)
        else:  # one rule is removed
            changed = True
+    # Compare new list and old list is the same? here only compare names
+    if not changed:
+        new_names = [to_native(x['name']) for x in new_list]
+        old_names = [to_native(x['name']) for x in old_list]
+        changed = (set(new_names) != set(old_names))
    return changed, new_list


--- a/test/integration/targets/azure_rm_securitygroup/tasks/main.yml
+++ b/test/integration/targets/azure_rm_securitygroup/tasks/main.yml
@ -181,6 +181,30 @@
 - assert:
      that: not output.changed

+- name: Add a single one group
+  azure_rm_securitygroup:
+      resource_group: "{{ resource_group }}"
+      name: mysecgroup
+      tags:
+          testing: testing
+          delete: on-exit
+          foo: bar
+      rules:
+          - name: DenySSH
+            protocol: Tcp
+            source_address_prefix:
+            - 54.120.120.240
+            destination_port_range: 22
+            access: Deny
+            priority: 102
+            direction: Inbound
+  register: output
+
+- assert:
+     that: 
+      - output.changed
+      - "{{ output.state.rules | length }} == 2"
+
 - name: Delete all security groups
  azure_rm_securitygroup:
      resource_group: "{{ resource_group }}"