Skip to content

Commit

Permalink
Support more parameters to azure_rm_webappaccessrestriction.py's ip_s…
Browse files Browse the repository at this point in the history 
…ecurity_restrictions (#1558)

* Support more parameters to azure_rm_webappaccessrestriction.py's ip_security_restrictions

* Fix sanity error

* Fix sanity error 02
  • Loading branch information
@Fred-sun
Fred-sun authored May 16, 2024
1 parent d3fcb5d commit e0d86aa
Show file tree
Hide file tree
Showing 3 changed files with 221 additions and 16 deletions.
141 changes: 127 additions & 14 deletions plugins/modules/azure_rm_webappaccessrestriction.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@
- The web app's HTTP access restrictions.
type: list
elements: dict
default: []
suboptions:
name:
description:
Expand All @@ -66,15 +65,35 @@
description:
- IPv4 address (with subnet mask) of the access restriction.
type: str
required: true
subnet_traffic_tag:
description:
- (internal) Subnet traffic tags.
type: int
vnet_traffic_tag:
description:
- (internal) Vnet traffic tag.
type: int
tag:
description:
- IP restriction rule description.
type: str
choices:
- Default
- XffProxy
- ServiceTag
vnet_subnet_resource_id:
description:
- The Virtual network relaste subnet resource id.
- Only I(ip_adress) or I(vnet_subnet_resource_id) property must be specified.
- Parameter I(vnet_subnet_resource_id) cannot be used with I(subnet_traffic_tag) or I(vnet_traffic_tag) at the same time.
type: str
scm_ip_security_restrictions:
description:
- >-
The web app's SCM access restrictions. If I(scm_ip_security_restrictions_use_main) is set to C(true),
the SCM restrictions will be configured but not used.
type: list
elements: dict
default: []
suboptions:
name:
description:
Expand All @@ -101,7 +120,28 @@
description:
- IPv4 address (with subnet mask) of the access restriction.
type: str
required: true
subnet_traffic_tag:
description:
- (internal) Subnet traffic tags.
type: int
vnet_traffic_tag:
description:
- (internal) Vnet traffic tag.
type: int
tag:
description:
- IP restriction rule description.
type: str
choices:
- Default
- XffProxy
- ServiceTag
vnet_subnet_resource_id:
description:
- The Virtual network relaste subnet resource id.
- Only I(ip_adress) or I(vnet_subnet_resource_id) property must be specified.
- Parameter I(vnet_subnet_resource_id) cannot be used with I(subnet_traffic_tag) or I(vnet_traffic_tag) at the same time.
type: str
scm_ip_security_restrictions_use_main:
description:
- >-
Expand Down Expand Up @@ -131,6 +171,12 @@
action: "Allow"
ip_address: "2.2.2.2/24"
priority: 2
- name: "Datacenter 3"
action: Allow
priority: 3
description: "for test 02"
tag: XffProxy
vnet_subnet_resource_id: "{{ subnet_output.state.id }}"
scm_ip_security_restrictions_use_main: true
- name: Delete web app network access restrictions.
Expand Down Expand Up @@ -178,6 +224,30 @@
returned: always
type: str
sample: 1.1.1.1/32
subnet_traffic_tag:
description:
- (internal) Subnet traffic tags.
type: int
returned: always
sample: int
vnet_traffic_tag:
description:
- (internal) Vnet traffic tag.
type: int
returned: always
sample: 3
tag:
description:
- IP restriction rule description.
type: str
returned: always
sample: default
vnet_subnet_resource_id:
description:
- The Virtual network relaste subnet resource id.
type: str
returned: always
sample: "/subscriptions/xxx-xxx/resourceGroups/testRG/providers/Microsoft.Network/virtualNetworks/vnet01/subnets/subnet01"
scm_ip_security_restrictions:
description:
- The web app's SCM access restrictions.
Expand Down Expand Up @@ -215,6 +285,30 @@
returned: always
type: str
sample: 1.1.1.1/32
subnet_traffic_tag:
description:
- (internal) Subnet traffic tags.
type: int
returned: always
sample: int
vnet_traffic_tag:
description:
- (internal) Vnet traffic tag.
type: int
returned: always
sample: 3
tag:
description:
- IP restriction rule description.
type: str
returned: always
sample: default
vnet_subnet_resource_id:
description:
- The Virtual network relaste subnet resource id.
type: str
returned: always
sample: "/subscriptions/xxx-xxx/resourceGroups/testRG/providers/Microsoft.Network/virtualNetworks/vnet01/subnets/subnet01"
scm_ip_security_restrictions_use_main:
description:
- Whether the HTTP access restrictions are used for SCM access.
Expand All @@ -223,7 +317,7 @@
sample: false
'''

from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common import AzureRMModuleBase
from ansible_collections.azure.azcollection.plugins.module_utils.azure_rm_common_ext import AzureRMModuleBaseExt

try:
from azure.mgmt.web.models import IpSecurityRestriction
Expand All @@ -236,20 +330,24 @@
description=dict(type='str'),
action=dict(type='str', default='Allow', choices=['Allow', 'Deny']),
priority=dict(type='int', required=True),
ip_address=dict(type='str', required=True),
ip_address=dict(type='str'),
vnet_subnet_resource_id=dict(type='str'),
vnet_traffic_tag=dict(type='int'),
subnet_traffic_tag=dict(type='int'),
tag=dict(type='str', choices=["Default", "XffProxy", "ServiceTag"]),
)


class AzureRMWebAppAccessRestriction(AzureRMModuleBase):
class AzureRMWebAppAccessRestriction(AzureRMModuleBaseExt):

def __init__(self):

self.module_arg_spec = dict(
name=dict(type='str', required=True),
resource_group=dict(type='str', required=True),
state=dict(type='str', default='present', choices=['present', 'absent']),
ip_security_restrictions=dict(type='list', default=[], elements='dict', options=ip_restriction_spec),
scm_ip_security_restrictions=dict(type='list', default=[], elements='dict', options=ip_restriction_spec),
ip_security_restrictions=dict(type='list', elements='dict', options=ip_restriction_spec),
scm_ip_security_restrictions=dict(type='list', elements='dict', options=ip_restriction_spec),
scm_ip_security_restrictions_use_main=dict(type='bool', default=False),
)

Expand All @@ -263,8 +361,8 @@ def __init__(self):
self.state = None
self.name = None
self.resource_group = None
self.ip_security_restrictions = []
self.scm_ip_security_restrictions = []
self.ip_security_restrictions = None
self.scm_ip_security_restrictions = None
self.scm_ip_security_restrictions_use_main = False

super(AzureRMWebAppAccessRestriction, self).__init__(self.module_arg_spec,
Expand Down Expand Up @@ -318,9 +416,16 @@ def get_updated_config(self, site_config):
return site_config

def has_updates(self, site_config):
return (site_config.scm_ip_security_restrictions_use_main != self.scm_ip_security_restrictions_use_main or self.ip_security_restrictions and
self.ip_security_restrictions != self.to_restriction_dict_list(site_config.ip_security_restrictions) or self.scm_ip_security_restrictions and
self.scm_ip_security_restrictions != self.to_restriction_dict_list(site_config.scm_ip_security_restrictions))
changed = False
if site_config.scm_ip_security_restrictions_use_main != self.scm_ip_security_restrictions_use_main:
changed = True
elif not self.default_compare({}, self.ip_security_restrictions,
self.to_restriction_dict_list(site_config.ip_security_restrictions), '', dict(compare=[])):
changed = True
elif not self.default_compare({}, self.scm_ip_security_restrictions,
self.to_restriction_dict_list(site_config.scm_ip_security_restrictions), '', dict(compare=[])):
changed = True
return changed

def has_access_restrictions(self, site_config):
return site_config.ip_security_restrictions or site_config.scm_ip_security_restrictions
Expand Down Expand Up @@ -356,6 +461,10 @@ def to_restriction_obj(self, restriction_dict):
action=restriction_dict['action'],
priority=restriction_dict['priority'],
ip_address=restriction_dict['ip_address'],
vnet_subnet_resource_id=restriction_dict['vnet_subnet_resource_id'],
vnet_traffic_tag=restriction_dict['vnet_traffic_tag'],
subnet_traffic_tag=restriction_dict['subnet_traffic_tag'],
tag=restriction_dict['tag'],
)

def to_restriction_dict_list(self, restriction_obj_list):
Expand All @@ -379,6 +488,10 @@ def to_restriction_dict(self, restriction_obj):
action=restriction_obj.action,
priority=restriction_obj.priority,
ip_address=restriction_obj.ip_address,
vnet_subnet_resource_id=restriction_obj.vnet_subnet_resource_id,
vnet_traffic_tag=restriction_obj.vnet_traffic_tag,
subnet_traffic_tag=restriction_obj.subnet_traffic_tag,
tag=restriction_obj.tag,
)


Expand Down
52 changes: 52 additions & 0 deletions plugins/modules/azure_rm_webappaccessrestriction_info.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,30 @@
returned: always
type: str
sample: 1.1.1.1/32
subnet_traffic_tag:
description:
- (internal) Subnet traffic tags.
type: int
returned: always
sample: int
vnet_traffic_tag:
description:
- (internal) Vnet traffic tag.
type: int
returned: always
sample: 3
tags:
description:
- IP restriction rule description.
type: str
returned: always
sample: default
vnet_subnet_resource_id:
description:
- The Virtual network relaste subnet resource id.
type: str
returned: always
sample: "/subscriptions/xxx-xxx/resourceGroups/testRG/providers/Microsoft.Network/virtualNetworks/vnet01/subnets/subnet01"
scm_ip_security_restrictions:
description:
- The web app's SCM access restrictions.
Expand Down Expand Up @@ -116,6 +140,30 @@
returned: always
type: str
sample: 1.1.1.1/32
subnet_traffic_tag:
description:
- (internal) Subnet traffic tags.
type: int
returned: always
sample: int
vnet_traffic_tag:
description:
- (internal) Vnet traffic tag.
type: int
returned: always
sample: 3
tag:
description:
- IP restriction rule description.
type: str
returned: always
sample: default
vnet_subnet_resource_id:
description:
- The Virtual network relaste subnet resource id.
type: str
returned: always
sample: "/subscriptions/xxx-xxx/resourceGroups/testRG/providers/Microsoft.Network/virtualNetworks/vnet01/subnets/subnet01"
scm_ip_security_restrictions_use_main:
description:
- Whether the HTTP access restrictions are used for SCM access.
Expand Down Expand Up @@ -196,6 +244,10 @@ def to_restriction_dict(self, restriction_obj):
action=restriction_obj.action,
priority=restriction_obj.priority,
ip_address=restriction_obj.ip_address,
vnet_subnet_resource_id=restriction_obj.vnet_subnet_resource_id,
vnet_traffic_tag=restriction_obj.vnet_traffic_tag,
subnet_traffic_tag=restriction_obj.subnet_traffic_tag,
tag=restriction_obj.tag,
)


Expand Down
Loading

0 comments on commit e0d86aa

Please sign in to comment.