def associate_subnet(name: str, vnet: VirtualNetwork,
subnet: Subnet) -> Union[None, Error]:
resource_group = get_base_resource_group()
nsg = get_nsg(name)
if not nsg:
return Error(
code=ErrorCode.UNABLE_TO_FIND,
errors=["cannot associate subnet. nsg %s not found" % name],
)
if nsg.location != vnet.location:
return Error(
code=ErrorCode.UNABLE_TO_UPDATE,
errors=[
"subnet and nsg have to be in the same region.",
"nsg %s %s, subnet: %s %s" %
(nsg.name, nsg.location, subnet.name, subnet.location),
],
)
if subnet.network_security_group and subnet.network_security_group.id == nsg.id:
logging.info("Subnet %s and NSG %s already associated, not updating",
subnet.name, name)
return None
logging.info("associating subnet %s with nsg: %s %s", subnet.name,
resource_group, name)
subnet.network_security_group = nsg
network_client = get_network_client()
try:
network_client.subnets.begin_create_or_update(resource_group,
vnet.name, subnet.name,
subnet)
except (ResourceNotFoundError, CloudError) as err:
if is_concurrent_request_error(str(err)):
logging.debug(
"associate NSG with subnet had conflicts",
"with concurrent request, ignoring %s",
err,
)
return None
return Error(
code=ErrorCode.UNABLE_TO_UPDATE,
errors=[
"Unable to associate nsg %s with subnet %s due to %s" % (
name,
subnet.name,
err,
)
],
)
return None
def dissociate_subnet(name: str, vnet: VirtualNetwork,
subnet: Subnet) -> Union[None, Error]:
if subnet.network_security_group is None:
return None
resource_group = get_base_resource_group()
nsg = get_nsg(name)
if not nsg:
return Error(
code=ErrorCode.UNABLE_TO_FIND,
errors=["cannot update nsg rules. nsg %s not found" % name],
)
if nsg.id != subnet.network_security_group.id:
return Error(
code=ErrorCode.UNABLE_TO_UPDATE,
errors=[
"subnet is not associated with this nsg.",
"nsg %s, subnet: %s, subnet.nsg: %s" % (
nsg.id,
subnet.name,
subnet.network_security_group.id,
),
],
)
logging.info("dissociating subnet %s with nsg: %s %s", subnet.name,
resource_group, name)
subnet.network_security_group = None
network_client = get_network_client()
try:
network_client.subnets.begin_create_or_update(resource_group,
vnet.name, subnet.name,
subnet)
except (ResourceNotFoundError, CloudError) as err:
if is_concurrent_request_error(str(err)):
logging.debug(
"dissociate nsg with subnet had conflicts with ",
"concurrent request, ignoring %s",
err,
)
return None
return Error(
code=ErrorCode.UNABLE_TO_UPDATE,
errors=[
"Unable to dissociate nsg %s with subnet %s due to %s" % (
name,
subnet.name,
err,
)
],
)
return None
def create_subnet(resource_group_name, virtual_network_name, subnet_name,
address_prefix='10.0.0.0/24', network_security_group=None):
'''Create a virtual network (VNet) subnet
:param str address_prefix: address prefix in CIDR format.
:param str network_security_group: attach with existing network security group,
both name or id are accepted.
'''
ncf = _network_client_factory()
subnet = Subnet(name=subnet_name, address_prefix=address_prefix)
subnet.address_prefix = address_prefix
if network_security_group:
subnet.network_security_group = NetworkSecurityGroup(network_security_group)
return ncf.subnets.create_or_update(resource_group_name, virtual_network_name,
subnet_name, subnet)
def create_subnet(resource_group_name,
virtual_network_name,
subnet_name,
address_prefix='10.0.0.0/24',
network_security_group=None):
'''Create a virtual network (VNet) subnet
:param str address_prefix: address prefix in CIDR format.
:param str network_security_group: attach with existing network security group,
both name or id are accepted.
'''
ncf = _network_client_factory()
subnet = Subnet(name=subnet_name, address_prefix=address_prefix)
subnet.address_prefix = address_prefix
if network_security_group:
subnet.network_security_group = NetworkSecurityGroup(
network_security_group)
return ncf.subnets.create_or_update(resource_group_name,
virtual_network_name, subnet_name,
subnet)
def exec_module(self, **kwargs):
nsg = None
subnet = None
for key in self.module_arg_spec:
setattr(self, key, kwargs[key])
if self.state == 'present' and not CIDR_PATTERN.match(self.address_prefix_cidr):
self.fail("Invalid address_prefix_cidr value {0}".format(self.address_prefix_cidr))
if self.security_group_name:
nsg = self.get_security_group(self.security_group_name)
results = dict()
changed = False
try:
self.log('Fetching subnet {0}'.format(self.name))
subnet = self.network_client.subnets.get(self.resource_group,
self.virtual_network_name,
self.name)
self.check_provisioning_state(subnet, self.state)
results = subnet_to_dict(subnet)
if self.state == 'present':
if self.address_prefix_cidr:
if results['address_prefix'] != self.address_prefix_cidr:
self.log("CHANGED: subnet {0} address_prefix_cidr".format(self.name))
changed = True
results['address_prefix'] = self.address_prefix_cidr
if self.security_group_name:
if results['network_security_group'].get('id') != nsg.id:
self.log("CHANGED: subnet {0} network security group".format(self.name))
changed = True
results['network_security_group']['id'] = nsg.id
results['network_security_group']['name'] = nsg.name
elif self.state == 'absent':
changed = True
except CloudError:
# the subnet does not exist
if self.state == 'present':
changed = True
self.results['changed'] = changed
self.results['state'] = results
if not self.check_mode:
if self.state == 'present' and changed:
if not subnet:
# create new subnet
self.log('Creating subnet {0}'.format(self.name))
subnet = Subnet(
address_prefix=self.address_prefix_cidr
)
if nsg:
subnet.network_security_group = NetworkSecurityGroup(id=nsg.id,
location=nsg.location,
resource_guid=nsg.resource_guid)
else:
# update subnet
self.log('Updating subnet {0}'.format(self.name))
subnet = Subnet(
address_prefix=results['address_prefix']
)
if results['network_security_group'].get('id'):
nsg = self.get_security_group(results['network_security_group']['name'])
subnet.network_security_group = NetworkSecurityGroup(id=nsg.id,
location=nsg.location,
resource_guid=nsg.resource_guid)
self.results['state'] = self.create_or_update_subnet(subnet)
elif self.state == 'absent':
# delete subnet
self.delete_subnet()
# the delete does not actually return anything. if no exception, then we'll assume
# it worked.
self.results['state']['status'] = 'Deleted'
return self.results
def exec_module(self, **kwargs):
nsg = None
subnet = None
for key in self.module_arg_spec:
setattr(self, key, kwargs[key])
if self.state == 'present' and not CIDR_PATTERN.match(
self.address_prefix_cidr):
self.fail("Invalid address_prefix_cidr value {0}".format(
self.address_prefix_cidr))
if self.security_group_name:
nsg = self.get_security_group(self.security_group_name)
results = dict()
changed = False
try:
self.log('Fetching subnet {0}'.format(self.name))
subnet = self.network_client.subnets.get(self.resource_group,
self.virtual_network_name,
self.name)
self.check_provisioning_state(subnet, self.state)
results = subnet_to_dict(subnet)
if self.state == 'present':
if self.address_prefix_cidr:
if results['address_prefix'] != self.address_prefix_cidr:
self.log(
"CHANGED: subnet {0} address_prefix_cidr".format(
self.name))
changed = True
results['address_prefix'] = self.address_prefix_cidr
if self.security_group_name:
if results['network_security_group'].get('id') != nsg.id:
self.log("CHANGED: subnet {0} network security group".
format(self.name))
changed = True
results['network_security_group']['id'] = nsg.id
results['network_security_group']['name'] = nsg.name
elif self.state == 'absent':
changed = True
except CloudError:
# the subnet does not exist
if self.state == 'present':
changed = True
self.results['changed'] = changed
self.results['state'] = results
if not self.check_mode:
if self.state == 'present' and changed:
if not subnet:
# create new subnet
self.log('Creating subnet {0}'.format(self.name))
subnet = Subnet(address_prefix=self.address_prefix_cidr)
if nsg:
subnet.network_security_group = NetworkSecurityGroup(
id=nsg.id,
location=nsg.location,
resource_guid=nsg.resource_guid)
else:
# update subnet
self.log('Updating subnet {0}'.format(self.name))
subnet = Subnet(address_prefix=results['address_prefix'])
if results['network_security_group'].get('id'):
nsg = self.get_security_group(
results['network_security_group']['name'])
subnet.network_security_group = NetworkSecurityGroup(
id=nsg.id,
location=nsg.location,
resource_guid=nsg.resource_guid)
self.results['state'] = self.create_or_update_subnet(subnet)
elif self.state == 'absent':
# delete subnet
self.delete_subnet()
# the delete does not actually return anything. if no exception, then we'll assume
# it worked.
self.results['state']['status'] = 'Deleted'
return self.results