Makes security_group_info compatible with new openstacksdk

Updated documentation of return values and added test to verify return values Function self.conn.search_security_groups() cannot be used here. Arguments for filtering such as 'description' would have to be passed to self.conn.search_security_groups() in its 'filters' argument [1]. The latter is passed to both as query arguments to OpenStack API and later to _utils._filter_list() [2] for filtering the results. Some arguments such as 'any_tags' are only used as query arguments by openstacksdk [3] when querying OpenStack API. They are no valid attributes in security_group.py [4]. Whenever those non-attribute arguments are passed to self.conn.search_security_groups(), _utils._filter_list() [2] would drop all results because no result would have a matching attributes. [1] 0898398415/openstack/cloud/_security_group.py (L31) [2] 0898398415/openstack/cloud/_utils.py (L63) [3] 0898398415/openstack/common/tag.py (L19) [4] 0898398415/openstack/network/v2/security_group.py Change-Id: Ie7fe9d2e973d38751c48e71e6bd55e56a591ac1f
2022-05-05 14:49:54 +02:00 · 2022-05-05 14:49:54 +02:00 · d600284645
commit d600284645
parent 0e675a9129
3 changed files with 84 additions and 35 deletions
--- a/ci/roles/security_group/defaults/main.yml
+++ b/ci/roles/security_group/defaults/main.yml
@ -1 +1,13 @@
+expected_fields:
+- created_at
+- description
+- name
+- project_id
+- security_group_rules
+- stateful
+- tenant_id
+- updated_at
+- revision_number
+- id
+- tags
 secgroup_name: shade_secgroup
--- a/ci/roles/security_group/tasks/main.yml
+++ b/ci/roles/security_group/tasks/main.yml
@ -4,7 +4,6 @@
     cloud: "{{ cloud }}"
     name: "{{ secgroup_name }}"
     state: absent
-     description: Created from Ansible playbook

 - name: Create security group
  openstack.cloud.security_group:
@ -12,30 +11,62 @@
     name: "{{ secgroup_name }}"
     state: present
     description: Created from Ansible playbook
+  register: security_group

 - name: List all security groups of a project
  openstack.cloud.security_group_info:
     cloud: "{{ cloud }}"
  register: test_sec_groups

- name: Check - List all security groups of a project
+- name: Check list all security groups of a project
  assert:
    that:
      - test_sec_groups.security_groups | length > 0

+- name: Assert fields returned by security_group_info
+  assert:
+    that:
+      - item in test_sec_groups.security_groups[0]
+  loop: "{{ expected_fields }}"
+
 - name: Filter security group by name
  openstack.cloud.security_group_info:
     cloud: "{{ cloud }}"
     name: "{{ secgroup_name }}"
  register: test_sec_group

- name: Check - List all security groups of a project
+- name: Check filter security group by name
  assert:
    that:
      - test_sec_group.security_groups | length  == 1
-      - test_sec_group.security_groups[0]['name'] == secgroup_name
-  # This fails on Stein only
-  when: sdk_version is version("0.36.5", '>=')
+      - test_sec_group.security_groups[0]['id'] == security_group.id
+
+- name: Filter security group by description
+  openstack.cloud.security_group_info:
+     cloud: "{{ cloud }}"
+     description: Created from Ansible playbook
+  register: test_sec_group
+
+- name: Check filter security group by description
+  assert:
+    that:
+      - test_sec_group.security_groups | length  == 1
+      - test_sec_group.security_groups[0]['id'] == security_group.id
+
+- name: Filter security group by not_tags
+  openstack.cloud.security_group_info:
+     cloud: "{{ cloud }}"
+     name: "{{ secgroup_name }}"
+     not_tags:
+     - ansibletag1
+     - ansibletag2
+  register: test_sec_group
+
+- name: Check filter security group by not_tags
+  assert:
+    that:
+      - test_sec_group.security_groups | length  == 1
+      - test_sec_group.security_groups[0]['id'] == security_group.id

 - name: Delete security group
  openstack.cloud.security_group:
--- a/plugins/modules/security_group_info.py
+++ b/plugins/modules/security_group_info.py
@ -61,7 +61,8 @@ requirements: ["openstacksdk"]
 RETURN = '''
 security_groups:
  description: List of dictionaries describing security groups.
-  type: complex
+  type: list
+  elements: dict
  returned: On Success.
  contains:
    created_at:
@ -84,6 +85,13 @@ security_groups:
      description: Project ID where the security group is located in.
      type: str
      sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567"
+    revision_number:
+      description: The revision number of the resource.
+      type: int
+    tenant_id:
+      description: Tenant ID where the security group is located in. Deprecated
+      type: str
+      sample: "25d24fc8-d019-4a34-9fff-0a09fde6a567"
    security_group_rules:
      description: Specifies the security group rule list
      type: list
@ -115,6 +123,12 @@ security_groups:
          "security_group_id": "0431c9c5-1660-42e0-8a00-134bec7f03e2"
        }
      ]
+    stateful:
+      description: Indicates if the security group is stateful or stateless.
+      type: bool
+    tags:
+      description: The list of tags on the resource.
+      type: list
    updated_at:
      description: Update time of the security group
      type: str
@ -153,38 +167,30 @@ class SecurityGroupInfoModule(OpenStackModule):
    )

    def run(self):
-        description = self.params['description']
        name = self.params['name']
-        project_id = self.params['project_id']
-        revision_number = self.params['revision_number']
-        tags = self.params['tags']
-        any_tags = self.params['any_tags']
-        not_tags = self.params['not_tags']
-        not_any_tags = self.params['not_any_tags']
+        args = {
+            k: self.params[k]
+            for k in ['description', 'project_id', 'revision_number']
+            if self.params[k]
+        }
+        args.update({
+            k: ','.join(self.params[k])
+            for k in ['tags', 'any_tags', 'not_tags', 'not_any_tags']
+            if self.params[k]
+        })

-        attrs = {}
+        # self.conn.search_security_groups() cannot be used here,
+        # refer to git blame for rationale.
+        security_groups = self.conn.network.security_groups(**args)

-        if description:
-            attrs['description'] = description
-        if project_id:
-            attrs['project_id'] = project_id
-        if revision_number:
-            attrs['revision_number'] = revision_number
-        if tags:
-            attrs['tags'] = ','.join(tags)
-        if any_tags:
-            attrs['any_tags'] = ','.join(any_tags)
-        if not_tags:
-            attrs['not_tags'] = ','.join(not_tags)
-        if not_any_tags:
-            attrs['not_any_tags'] = ','.join(not_any_tags)
-
-        attrs = self.check_versioned(**attrs)
-        result = self.conn.network.security_groups(**attrs)
-        result = [item if isinstance(item, dict) else item.to_dict() for item in result]
        if name:
-            result = [item for item in result if name in (item['id'], item['name'])]
-        self.results.update({'security_groups': result})
+            # TODO: Upgrade name_or_id code to match openstacksdk [1]?
+            # [1] https://opendev.org/openstack/openstacksdk/src/commit/0898398415ae7b0e2447d61226acf50f01567cdd/openstack/cloud/_utils.py#L89
+            security_groups = [item for item in security_groups
+                               if name in (item['id'], item['name'])]
+
+        security_groups = [item.to_dict() for item in security_groups]
+        self.exit(changed=False, security_groups=security_groups)


 def main():