From eb5f3f40f332491c70801e587fbf8ed3dccfa622 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Thu, 10 Sep 2020 16:30:37 +0800 Subject: [PATCH 1/8] Add new feature for azure_rm_subnet --- plugins/modules/azure_rm_subnet.py | 84 ++++++++++++++++++++++++- plugins/modules/azure_rm_subnet_info.py | 5 +- 2 files changed, 87 insertions(+), 2 deletions(-) diff --git a/plugins/modules/azure_rm_subnet.py b/plugins/modules/azure_rm_subnet.py index 042d2955f..1e371321c 100644 --- a/plugins/modules/azure_rm_subnet.py +++ b/plugins/modules/azure_rm_subnet.py @@ -84,6 +84,24 @@ description: - A list of locations. type: list + delegations: + description: + - An array of references to the delegations on the subnet. + type: str + private_endpoint_network_policies: + description: + - C(Enabled) or C(Disabled) apply network policies on private endpoints in the subnet. + type: string + choices: + - Enabled + - Dsabled + private_link_service_network_policies: + description: + - Enable or disable apply network policies on private link service in the subnet. + type: string + choices: + - Enabled + - Dsabled extends_documentation_fragment: - azure.azcollection.azure @@ -179,6 +197,8 @@ ''' # NOQA from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase, CIDR_PATTERN, azure_id_to_dict, format_resource_id +import logging +logging.basicConfig(filename='log.log', level=logging.INFO) try: from msrestazure.azure_exceptions import CloudError @@ -195,7 +215,10 @@ def subnet_to_dict(subnet): address_prefix=subnet.address_prefix, address_prefixes=subnet.address_prefixes, network_security_group=dict(), - route_table=dict() + route_table=dict(), + delegations=subnet.delegations, + private_endpoint_network_policies=subnet.private_endpoint_network_policies, + private_link_service_network_policies=subnet.private_link_service_network_policies ) if subnet.network_security_group: id_keys = azure_id_to_dict(subnet.network_security_group.id) @@ -227,6 +250,19 @@ def __init__(self): route_table=dict(type='raw'), service_endpoints=dict( type='list' + ), + delegations=dict( + type='str' + ), + private_endpoint_network_policies=dict( + type='str', + default='Enabled', + choices=[ 'Enabled', 'Disabled' ] + ), + private_link_service_network_policies=dict( + type='str', + default='Enabled', + choices=[ 'Enabled', 'Disabled' ] ) ) @@ -246,6 +282,9 @@ def __init__(self): self.security_group = None self.route_table = None self.service_endpoints = None + self.delegations = None + self.private_link_service_network_policies = None + self.private_endpoint_network_policies = None super(AzureRMSubnet, self).__init__(self.module_arg_spec, supports_check_mode=True, @@ -286,7 +325,31 @@ def exec_module(self, **kwargs): self.check_provisioning_state(subnet, self.state) results = subnet_to_dict(subnet) + logging.info('123') + logging.info(subnet) + logging.info('--------------') + logging.info(results) + logging.info('345') if self.state == 'present': + if self.private_endpoint_network_policies is not None: + if results['private_endpoint_network_policies'] != self.private_endpoint_network_policies: + self.log("CHANGED: subnet {0} private_endpoint_network_policies".format(self.private_endpoint_network_policies)) + changed = True + results['private_endpoint_network_policies'] = self.private_endpoint_network_policies + else: + subnet['private_endpoint_network_policies'] = results['private_endpoint_network_policies'] + if self.private_link_service_network_policies is not None: + if results['private_link_service_network_policies'] is not None: + self.log("CHANGED: subnet {0} private_link_service_network_policies".format(self.private_link_service_network_policies)) + changed = True + results['private_link_service_network_policies'] = self.private_link_service_network_policies + else: + subnet['private_link_service_network_policies'] = results['private_link_service_network_policies'] + if self.delegations is not None and results['delegations'] != self.delegations: + self.log("CHANGED: subnet {0} delegations".format(self.delegations)) + changed = True + results['delegations'] = self.delegations + if self.address_prefix_cidr and results['address_prefix'] != self.address_prefix_cidr: self.log("CHANGED: subnet {0} address_prefix_cidr".format(self.name)) changed = True @@ -350,6 +413,12 @@ def exec_module(self, **kwargs): subnet.route_table = self.network_models.RouteTable(id=self.route_table) if self.service_endpoints: subnet.service_endpoints = self.service_endpoints + if self.delegations: + subnet.delegations = self.delegations + if self.private_endpoint_network_policies: + subnet.private_endpoint_network_policies = self.private_endpoint_network_policies + if self.private_link_service_network_policies: + subnet.private_link_service_network_policies = self.private_link_service_network_policies else: # update subnet self.log('Updating subnet {0}'.format(self.name)) @@ -364,6 +433,12 @@ def exec_module(self, **kwargs): if results.get('service_endpoints') is not None: subnet.service_endpoints = results['service_endpoints'] + if results.get('private_link_service_network_policies') is not None: + subnet.private_link_service_network_policies = results['private_link_service_network_policies'] + if results.get('private_endpoint_network_policies') is not None: + subnet.private_endpoint_network_policies = results['private_endpoint_network_policies'] + if results.get('delegations') is not None: + subnet.delegations = results['delegations'] self.results['state'] = self.create_or_update_subnet(subnet) elif self.state == 'absent' and changed: @@ -376,6 +451,13 @@ def exec_module(self, **kwargs): return self.results def create_or_update_subnet(self, subnet): + subnet.private_link_service_network_policies = 'Disable' + subnet.private_endpoint_network_policies = 'Enable' + subnet.address_prefix_cidr = "10.1.0.0/25" + logging.info('12321') + logging.info(subnet) + logging.info(self.network_client.subnets) + logging.info('12321') try: poller = self.network_client.subnets.create_or_update(self.resource_group, self.virtual_network_name, diff --git a/plugins/modules/azure_rm_subnet_info.py b/plugins/modules/azure_rm_subnet_info.py index 23cca86a6..7611b002e 100644 --- a/plugins/modules/azure_rm_subnet_info.py +++ b/plugins/modules/azure_rm_subnet_info.py @@ -240,7 +240,10 @@ def format_response(self, item): 'route_table': d.get('route_table', {}).get('id'), 'security_group': d.get('network_security_group', {}).get('id'), 'provisioning_state': d.get('provisioning_state'), - 'service_endpoints': d.get('service_endpoints') + 'service_endpoints': d.get('service_endpoints'), + 'private_endpoint_network_policies': d.get('private_endpoint_network_policies'), + 'private_link_service_network_policies': d.get('private_link_service_network_policies'), + 'delegations': d.get('delegations') } return d From bbd24341ae560e844ae7b844520dc9044648927d Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 14:27:27 +0800 Subject: [PATCH 2/8] update new --- plugins/modules/azure_rm_subnet.py | 18 ++---------------- 1 file changed, 2 insertions(+), 16 deletions(-) diff --git a/plugins/modules/azure_rm_subnet.py b/plugins/modules/azure_rm_subnet.py index 1e371321c..d96d1a231 100644 --- a/plugins/modules/azure_rm_subnet.py +++ b/plugins/modules/azure_rm_subnet.py @@ -94,14 +94,14 @@ type: string choices: - Enabled - - Dsabled + - Disabled private_link_service_network_policies: description: - Enable or disable apply network policies on private link service in the subnet. type: string choices: - Enabled - - Dsabled + - Disabled extends_documentation_fragment: - azure.azcollection.azure @@ -197,8 +197,6 @@ ''' # NOQA from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase, CIDR_PATTERN, azure_id_to_dict, format_resource_id -import logging -logging.basicConfig(filename='log.log', level=logging.INFO) try: from msrestazure.azure_exceptions import CloudError @@ -325,11 +323,6 @@ def exec_module(self, **kwargs): self.check_provisioning_state(subnet, self.state) results = subnet_to_dict(subnet) - logging.info('123') - logging.info(subnet) - logging.info('--------------') - logging.info(results) - logging.info('345') if self.state == 'present': if self.private_endpoint_network_policies is not None: if results['private_endpoint_network_policies'] != self.private_endpoint_network_policies: @@ -451,13 +444,6 @@ def exec_module(self, **kwargs): return self.results def create_or_update_subnet(self, subnet): - subnet.private_link_service_network_policies = 'Disable' - subnet.private_endpoint_network_policies = 'Enable' - subnet.address_prefix_cidr = "10.1.0.0/25" - logging.info('12321') - logging.info(subnet) - logging.info(self.network_client.subnets) - logging.info('12321') try: poller = self.network_client.subnets.create_or_update(self.resource_group, self.virtual_network_name, From 09ef3318e007ea4936b69182fb667493bd35e436 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 15:24:20 +0800 Subject: [PATCH 3/8] update api version --- plugins/module_utils/azure_rm_common.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/module_utils/azure_rm_common.py b/plugins/module_utils/azure_rm_common.py index 0724f1248..9a0ca05f7 100644 --- a/plugins/module_utils/azure_rm_common.py +++ b/plugins/module_utils/azure_rm_common.py @@ -967,7 +967,7 @@ def network_client(self): @property def network_models(self): self.log("Getting network models...") - return NetworkManagementClient.models("2018-08-01") + return NetworkManagementClient.models("2019-06-01") @property def rm_client(self): From 531da269e56aac3d3a22eec0a464a2c731fb8915 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 15:50:24 +0800 Subject: [PATCH 4/8] remove delegation --- plugins/modules/azure_rm_subnet.py | 31 +++++++++++++----------------- 1 file changed, 13 insertions(+), 18 deletions(-) diff --git a/plugins/modules/azure_rm_subnet.py b/plugins/modules/azure_rm_subnet.py index d96d1a231..8fc5dc00e 100644 --- a/plugins/modules/azure_rm_subnet.py +++ b/plugins/modules/azure_rm_subnet.py @@ -84,10 +84,6 @@ description: - A list of locations. type: list - delegations: - description: - - An array of references to the delegations on the subnet. - type: str private_endpoint_network_policies: description: - C(Enabled) or C(Disabled) apply network policies on private endpoints in the subnet. @@ -97,7 +93,7 @@ - Disabled private_link_service_network_policies: description: - - Enable or disable apply network policies on private link service in the subnet. + - C(Enabled) or C(Disabled) apply network policies on private link service in the subnet. type: string choices: - Enabled @@ -194,6 +190,18 @@ returned: always type: str sample: "Succeeded" + private_endpoint_network_policies: + description: + - C(Enabled) or C(Disabled) apply network policies on private endpoints in the subnet. + returned: always + type: str + sample: "Enabled" + private_link_service_network_policies: + description: + - C(Enabled) or C(Disabled) apply network policies on private link service in the subnet. + returned: always + type: str + sample: "Disabled" ''' # NOQA from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase, CIDR_PATTERN, azure_id_to_dict, format_resource_id @@ -214,7 +222,6 @@ def subnet_to_dict(subnet): address_prefixes=subnet.address_prefixes, network_security_group=dict(), route_table=dict(), - delegations=subnet.delegations, private_endpoint_network_policies=subnet.private_endpoint_network_policies, private_link_service_network_policies=subnet.private_link_service_network_policies ) @@ -249,9 +256,6 @@ def __init__(self): service_endpoints=dict( type='list' ), - delegations=dict( - type='str' - ), private_endpoint_network_policies=dict( type='str', default='Enabled', @@ -280,7 +284,6 @@ def __init__(self): self.security_group = None self.route_table = None self.service_endpoints = None - self.delegations = None self.private_link_service_network_policies = None self.private_endpoint_network_policies = None @@ -338,10 +341,6 @@ def exec_module(self, **kwargs): results['private_link_service_network_policies'] = self.private_link_service_network_policies else: subnet['private_link_service_network_policies'] = results['private_link_service_network_policies'] - if self.delegations is not None and results['delegations'] != self.delegations: - self.log("CHANGED: subnet {0} delegations".format(self.delegations)) - changed = True - results['delegations'] = self.delegations if self.address_prefix_cidr and results['address_prefix'] != self.address_prefix_cidr: self.log("CHANGED: subnet {0} address_prefix_cidr".format(self.name)) @@ -406,8 +405,6 @@ def exec_module(self, **kwargs): subnet.route_table = self.network_models.RouteTable(id=self.route_table) if self.service_endpoints: subnet.service_endpoints = self.service_endpoints - if self.delegations: - subnet.delegations = self.delegations if self.private_endpoint_network_policies: subnet.private_endpoint_network_policies = self.private_endpoint_network_policies if self.private_link_service_network_policies: @@ -430,8 +427,6 @@ def exec_module(self, **kwargs): subnet.private_link_service_network_policies = results['private_link_service_network_policies'] if results.get('private_endpoint_network_policies') is not None: subnet.private_endpoint_network_policies = results['private_endpoint_network_policies'] - if results.get('delegations') is not None: - subnet.delegations = results['delegations'] self.results['state'] = self.create_or_update_subnet(subnet) elif self.state == 'absent' and changed: From 70852a8dbe64ec06cce7793837cd36050652f1f8 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 16:59:29 +0800 Subject: [PATCH 5/8] add test sample --- plugins/modules/azure_rm_subnet.py | 2 +- plugins/modules/azure_rm_subnet_info.py | 15 +++++++++-- .../targets/azure_rm_subnet/tasks/main.yml | 25 +++++++++++++++++++ 3 files changed, 39 insertions(+), 3 deletions(-) diff --git a/plugins/modules/azure_rm_subnet.py b/plugins/modules/azure_rm_subnet.py index 8fc5dc00e..5ff7644ce 100644 --- a/plugins/modules/azure_rm_subnet.py +++ b/plugins/modules/azure_rm_subnet.py @@ -335,7 +335,7 @@ def exec_module(self, **kwargs): else: subnet['private_endpoint_network_policies'] = results['private_endpoint_network_policies'] if self.private_link_service_network_policies is not None: - if results['private_link_service_network_policies'] is not None: + if results['private_link_service_network_policies'] != self.private_link_service_network_policies is not None: self.log("CHANGED: subnet {0} private_link_service_network_policies".format(self.private_link_service_network_policies)) changed = True results['private_link_service_network_policies'] = self.private_link_service_network_policies diff --git a/plugins/modules/azure_rm_subnet_info.py b/plugins/modules/azure_rm_subnet_info.py index 7611b002e..789722bda 100644 --- a/plugins/modules/azure_rm_subnet_info.py +++ b/plugins/modules/azure_rm_subnet_info.py @@ -106,6 +106,18 @@ returned: always type: str sample: /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/myResourceGroup/providers/Microsoft.Network/routeTables/myRouteTable + private_endpoint_network_policies: + description: + - C(Enabled) or C(Disabled) apply network policies on private endpoints in the subnet. + returned: always + type: str + sample: Enabled + private_endpoint_network_policies: + description: + - C(Enabled) or C(Disabled) apply network policies on private link service in the subnet. + returned: always + type: str + sample: Disabled security_group: description: - Associated security group ID. @@ -242,8 +254,7 @@ def format_response(self, item): 'provisioning_state': d.get('provisioning_state'), 'service_endpoints': d.get('service_endpoints'), 'private_endpoint_network_policies': d.get('private_endpoint_network_policies'), - 'private_link_service_network_policies': d.get('private_link_service_network_policies'), - 'delegations': d.get('delegations') + 'private_link_service_network_policies': d.get('private_link_service_network_policies') } return d diff --git a/tests/integration/targets/azure_rm_subnet/tasks/main.yml b/tests/integration/targets/azure_rm_subnet/tasks/main.yml index 8f41c138c..fc7f1e7a0 100644 --- a/tests/integration/targets/azure_rm_subnet/tasks/main.yml +++ b/tests/integration/targets/azure_rm_subnet/tasks/main.yml @@ -188,6 +188,29 @@ that: - output.changed +- name: Update the subnet with network policies + azure_rm_subnet: + name: foobar01 + virtual_network_name: My_Virtual_Network + resource_group: "{{ resource_group }}" + private_link_service_network_policies: Disabled + private_endpoint_network_policies: Enabled + register: output + +- assert: + that: output + +- name: The subnet with network policies should be idempotent + azure_rm_subnet: + name: foobar01 + virtual_network_name: My_Virtual_Network + resource_group: "{{ resource_group }}" + private_link_service_network_policies: Disabled + private_endpoint_network_policies: Enabled + register: output + +- assert: + that: not output.changed - name: Get subnet facts azure_rm_subnet_info: @@ -208,6 +231,8 @@ - output.subnets[0]['address_prefixes_cidr'] != None - output.subnets[0]['security_group'] != None - output.subnets[0]['provisioning_state'] != None + - output.subnets[0]['private_endpoint_network_policies'] == 'Enabled' + - output.subnets[0]['private_link_service_network_policies'] == 'Disabled' - name: Get subnet facts azure_rm_subnet_info: From 32cb3fbe1695bcc7b9da88ec90de02ab49912d42 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 17:19:12 +0800 Subject: [PATCH 6/8] fix sanity error --- plugins/modules/azure_rm_subnet.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/plugins/modules/azure_rm_subnet.py b/plugins/modules/azure_rm_subnet.py index 5ff7644ce..499b8d3c3 100644 --- a/plugins/modules/azure_rm_subnet.py +++ b/plugins/modules/azure_rm_subnet.py @@ -87,14 +87,16 @@ private_endpoint_network_policies: description: - C(Enabled) or C(Disabled) apply network policies on private endpoints in the subnet. - type: string + type: str + default: Enabled choices: - Enabled - Disabled private_link_service_network_policies: description: - C(Enabled) or C(Disabled) apply network policies on private link service in the subnet. - type: string + type: str + default: Enabled choices: - Enabled - Disabled @@ -259,12 +261,12 @@ def __init__(self): private_endpoint_network_policies=dict( type='str', default='Enabled', - choices=[ 'Enabled', 'Disabled' ] + choices=['Enabled', 'Disabled'] ), private_link_service_network_policies=dict( type='str', default='Enabled', - choices=[ 'Enabled', 'Disabled' ] + choices=['Enabled','Disabled' ] ) ) From 8d49146c3b8c37086963dabc20c5acc2a893b33b Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 17:33:44 +0800 Subject: [PATCH 7/8] fix snaity error --- plugins/modules/azure_rm_subnet.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/azure_rm_subnet.py b/plugins/modules/azure_rm_subnet.py index 499b8d3c3..0453e6f11 100644 --- a/plugins/modules/azure_rm_subnet.py +++ b/plugins/modules/azure_rm_subnet.py @@ -266,7 +266,7 @@ def __init__(self): private_link_service_network_policies=dict( type='str', default='Enabled', - choices=['Enabled','Disabled' ] + choices=['Enabled', 'Disabled'] ) ) From 1432a9cd867c299aa673f2c01a6531110f39efc9 Mon Sep 17 00:00:00 2001 From: Fred-sun Date: Fri, 11 Sep 2020 17:48:33 +0800 Subject: [PATCH 8/8] fix sanity error --- plugins/modules/azure_rm_subnet_info.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/azure_rm_subnet_info.py b/plugins/modules/azure_rm_subnet_info.py index 789722bda..037665c6b 100644 --- a/plugins/modules/azure_rm_subnet_info.py +++ b/plugins/modules/azure_rm_subnet_info.py @@ -112,7 +112,7 @@ returned: always type: str sample: Enabled - private_endpoint_network_policies: + private_link_service_network_policies: description: - C(Enabled) or C(Disabled) apply network policies on private link service in the subnet. returned: always