From fb58b522fd1d59bbe5c5f84a1cab6e7a59935643 Mon Sep 17 00:00:00 2001 From: abhinavbansal29 Date: Thu, 3 Oct 2024 12:27:59 +0530 Subject: [PATCH 1/3] Added fix for purpose field. Added description field in ansible. Issue: https://github.com/nutanix/nutanix.ansible/issues/485 --- plugins/modules/ntnx_security_rules.py | 7 + .../ntnx_security_rules/tasks/app_rule.yml | 182 +++++++++--------- 2 files changed, 94 insertions(+), 95 deletions(-) diff --git a/plugins/modules/ntnx_security_rules.py b/plugins/modules/ntnx_security_rules.py index 84f78fae..59a56286 100644 --- a/plugins/modules/ntnx_security_rules.py +++ b/plugins/modules/ntnx_security_rules.py @@ -61,6 +61,10 @@ description: security_rule Name required: false type: str + description: + description: security_rule Description + required: false + type: str security_rule_uuid: description: - security_rule UUID @@ -881,6 +885,7 @@ - name: create app security rule ntnx_security_rules: name: test_app_rule + description: App Security Rule allow_ipv6_traffic: true policy_hitlog: true app_rule: @@ -986,6 +991,7 @@ type: dict sample: name: test_app_rule + description: App Security Rule resources: allow_ipv6_traffic: true app_rule: @@ -1184,6 +1190,7 @@ def get_module_spec(): ) module_args = dict( name=dict(type="str"), + description=dict(type="str"), security_rule_uuid=dict(type="str"), allow_ipv6_traffic=dict(type="bool"), policy_hitlog=dict(type="bool"), diff --git a/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml b/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml index 0e9b038e..9bb73dc8 100644 --- a/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml +++ b/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml @@ -1,81 +1,74 @@ - name: create app security rule with inbound and outbound list ntnx_security_rules: name: test_app_rule + description: App Security Rule app_rule: target_group: - categories: - apptype: Apache_Spark - apptype_filter_by_category: - AppFamily: - - Backup - apptiers: - - "{{categories.apptiers[0]}}" - - "{{categories.apptiers[1]}}" + categories: + apptype: Apache_Spark + apptype_filter_by_category: + AppFamily: + - Backup + apptiers: + - "{{categories.apptiers[0]}}" + - "{{categories.apptiers[1]}}" - default_internal_policy: DENY_ALL + default_internal_policy: DENY_ALL inbounds: - - - categories: - AppFamily: - - Databases - - DevOps - description: test description - protocol: - tcp: - - start_port: 22 - end_port: 80 - - - categories: - AppFamily: - - Databases - - DevOps - protocol: - icmp: - - code: 1 - type: 1 - - - categories: - AppFamily: - - Databases - - DevOps - protocol: - udp: - - start_port: 82 - end_port: 8080 - - - categories: - AppFamily: - - Databases - - DevOps - protocol: - service: - name: 6a44 - - - ip_subnet: - prefix_length: 24 - ip: 192.168.1.0 - description: test description - - - address: + - categories: + AppFamily: + - Databases + - DevOps + description: test description + protocol: + tcp: + - start_port: 22 + end_port: 80 + - categories: + AppFamily: + - Databases + - DevOps + protocol: + icmp: + - code: 1 + type: 1 + - categories: + AppFamily: + - Databases + - DevOps + protocol: + udp: + - start_port: 82 + end_port: 8080 + - categories: + AppFamily: + - Databases + - DevOps + protocol: + service: + name: 6a44 + - ip_subnet: + prefix_length: 24 + ip: 192.168.1.0 + description: test description + - address: name: dest outbounds: - - - categories: - AppFamily: - - Databases - - DevOps - protocol: - icmp: - - code: 1 - type: 1 + - categories: + AppFamily: + - Databases + - DevOps + protocol: + icmp: + - code: 1 + type: 1 policy_mode: MONITOR allow_ipv6_traffic: true policy_hitlog: true register: result ignore_errors: true - - name: Creation Status assert: that: @@ -84,28 +77,27 @@ - result.response.status.state == 'COMPLETE' - result.response.status.name=="test_app_rule" - result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2 - fail_msg: ' fail: unable to create app security rule with inbound and outbound list' - success_msg: 'pass: create app security rule with inbound and outbound list successfully' + - result.response.description=="App Security Rule" + fail_msg: " fail: unable to create app security rule with inbound and outbound list" + success_msg: "pass: create app security rule with inbound and outbound list successfully" - name: update app security rule by adding to outbound list and remove tule from inbound list ntnx_security_rules: - security_rule_uuid: '{{ result.response.metadata.uuid }}' + security_rule_uuid: "{{ result.response.metadata.uuid }}" app_rule: policy_mode: APPLY inbounds: - - - rule_id: "{{result.response.spec.resources.app_rule.inbound_allow_list.0.rule_id}}" + - rule_id: "{{result.response.spec.resources.app_rule.inbound_allow_list.0.rule_id}}" state: absent outbounds: - - - protocol: - icmp: - - code: 1 - type: 1 - categories: - AppFamily: - - Databases - - DevOps + - protocol: + icmp: + - code: 1 + type: 1 + categories: + AppFamily: + - Databases + - DevOps register: result ignore_errors: true @@ -117,13 +109,13 @@ - result.response.status.state == 'COMPLETE' - result.response.spec.resources.app_rule.action == "APPLY" - result.response.spec.resources.app_rule.outbound_allow_list.0.icmp_type_code_list is defined - fail_msg: ' fail: unable to update app security rule with outbound list ' - success_msg: 'pass :update app security rule with outbound list successfully' + fail_msg: " fail: unable to update app security rule with outbound list " + success_msg: "pass :update app security rule with outbound list successfully" - name: delete app security rule ntnx_security_rules: state: absent - security_rule_uuid: '{{ result.response.metadata.uuid }}' + security_rule_uuid: "{{ result.response.metadata.uuid }}" register: result ignore_errors: true @@ -133,22 +125,22 @@ - result.response is defined - result.failed == false - result.response.status == 'SUCCEEDED' - fail_msg: ' fail: unable to delete app security rule ' - success_msg: 'pass : delete app security rule successfully' + fail_msg: " fail: unable to delete app security rule " + success_msg: "pass : delete app security rule successfully" - name: create app security rule with allow all inbound and outbound list ntnx_security_rules: name: test_app_rule app_rule: target_group: - categories: - apptype: Apache_Spark - apptype_filter_by_category: - AppFamily: - - Backup - apptiers: - - "{{categories.apptiers[0]}}" - - "{{categories.apptiers[1]}}" - default_internal_policy: DENY_ALL + categories: + apptype: Apache_Spark + apptype_filter_by_category: + AppFamily: + - Backup + apptiers: + - "{{categories.apptiers[0]}}" + - "{{categories.apptiers[1]}}" + default_internal_policy: DENY_ALL allow_all_outbounds: true allow_all_inbounds: true policy_mode: MONITOR @@ -166,12 +158,12 @@ - result.response.spec.name=="test_app_rule" - result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2 - fail_msg: ' fail: unable to create app security rule with allow all inbound and outbound list' - success_msg: 'pass: create app security rule with allow all inbound and outbound list successfully' + fail_msg: " fail: unable to create app security rule with allow all inbound and outbound list" + success_msg: "pass: create app security rule with allow all inbound and outbound list successfully" - name: delete app security rule ntnx_security_rules: state: absent - security_rule_uuid: '{{ result.response.metadata.uuid }}' + security_rule_uuid: "{{ result.response.metadata.uuid }}" register: result ignore_errors: true @@ -181,5 +173,5 @@ - result.response is defined - result.failed == false - result.response.status == 'SUCCEEDED' - fail_msg: ' fail: unable to delete app security rule ' - success_msg: 'pass : delete app security rule successfully' + fail_msg: " fail: unable to delete app security rule " + success_msg: "pass : delete app security rule successfully" From 8492a1a1dc3d02a709d6106659698357cf71f1e0 Mon Sep 17 00:00:00 2001 From: abhinavbansal29 Date: Wed, 9 Oct 2024 00:30:41 +0530 Subject: [PATCH 2/3] Minor Fixes --- plugins/modules/ntnx_security_rules.py | 4 ++-- .../targets/ntnx_security_rules/tasks/app_rule.yml | 6 ++++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/plugins/modules/ntnx_security_rules.py b/plugins/modules/ntnx_security_rules.py index 59a56286..0eb71627 100644 --- a/plugins/modules/ntnx_security_rules.py +++ b/plugins/modules/ntnx_security_rules.py @@ -61,7 +61,7 @@ description: security_rule Name required: false type: str - description: + desc: description: security_rule Description required: false type: str @@ -1190,7 +1190,7 @@ def get_module_spec(): ) module_args = dict( name=dict(type="str"), - description=dict(type="str"), + desc=dict(type="str"), security_rule_uuid=dict(type="str"), allow_ipv6_traffic=dict(type="bool"), policy_hitlog=dict(type="bool"), diff --git a/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml b/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml index 9bb73dc8..6ec2f17f 100644 --- a/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml +++ b/tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml @@ -1,7 +1,7 @@ - name: create app security rule with inbound and outbound list ntnx_security_rules: name: test_app_rule - description: App Security Rule + desc: App Security Rule app_rule: target_group: categories: @@ -77,13 +77,14 @@ - result.response.status.state == 'COMPLETE' - result.response.status.name=="test_app_rule" - result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2 - - result.response.description=="App Security Rule" + - result.response.spec.description == "App Security Rule" fail_msg: " fail: unable to create app security rule with inbound and outbound list" success_msg: "pass: create app security rule with inbound and outbound list successfully" - name: update app security rule by adding to outbound list and remove tule from inbound list ntnx_security_rules: security_rule_uuid: "{{ result.response.metadata.uuid }}" + desc: App Security Rule Updated app_rule: policy_mode: APPLY inbounds: @@ -107,6 +108,7 @@ - result.response is defined - result.failed == false - result.response.status.state == 'COMPLETE' + - result.response.spec.description == "App Security Rule Updated" - result.response.spec.resources.app_rule.action == "APPLY" - result.response.spec.resources.app_rule.outbound_allow_list.0.icmp_type_code_list is defined fail_msg: " fail: unable to update app security rule with outbound list " From b81bde6ff7e760ca253e426e62dc2621e6fdd290 Mon Sep 17 00:00:00 2001 From: abhinavbansal29 Date: Wed, 9 Oct 2024 00:34:59 +0530 Subject: [PATCH 3/3] Minor Fixes in description --- plugins/modules/ntnx_security_rules.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/modules/ntnx_security_rules.py b/plugins/modules/ntnx_security_rules.py index 0eb71627..8b87ccfb 100644 --- a/plugins/modules/ntnx_security_rules.py +++ b/plugins/modules/ntnx_security_rules.py @@ -885,7 +885,7 @@ - name: create app security rule ntnx_security_rules: name: test_app_rule - description: App Security Rule + desc: App Security Rule allow_ipv6_traffic: true policy_hitlog: true app_rule: