ansible-collection-ibm
ansible-collection-ibm copied to clipboard
ibm_is_security_group_rule is not idempotent
https://github.com/IBM-Cloud/ansible-collection-ibm/blob/master/plugins/modules/ibm_is_security_group_rule.py
If you run this module multiple times with the same ports,
- name: "Configure Security Group Rule to open certain ports on the VSI"
ibm.cloudcollection.ibm_is_security_group_rule:
state: available
group: "{{ vpc.default_security_group }}"
region: "{{ ibmcloud_ic_region }}"
direction: inbound
remote: 0.0.0.0/0
tcp:
- port_max: "{{ item }}"
port_min: "{{ item }}"
loop: "{{ list_of_ports }}"
It just keeps adding more rules, even though the rules are the same. This is not idempotent behavior, and causes users to run into the max limit of 50 rules per security group
@kdelee I could be wrong, but I've found that for many modules, idempotency is controlled via the usage of the id
parameter:
id:
description:
- (Required when updating or destroying existing resource) IBM Cloud Resource ID.
required: False
type: str
This however requires you to retrieve the ID before creating the resource. In your case, you'd need to use the ibm_is_security_group_info
module and retrieve the resource via the resource.id
key.
Confused as it seems you can not get it? rule_id is *nothing??
ok: [localhost] => { "ansible_facts": { "vpc_security_group": { "crn": "crn:v1:bluemix:public:is:us-east:a/934a2fceb1944dd68f378c52b5f02dde::security-group:r014-3ebc609d-960a-41d2-b82d-69ccb0218188", "id": "r014-3ebc609d-960a-41d2-b82d-69ccb0218188", "name": "vpc-security-group-vmwareansible", "resource_controller_url": "https://cloud.ibm.com/vpc/network/securityGroups", "resource_crn": "crn:v1:bluemix:public:is:us-east:a/934a2fceb1944dd68f378c52b5f02dde::security-group:r014-3ebc609d-960a-41d2-b82d-69ccb0218188", "resource_group_name": "VMwareAnsible", "resource_name": "vpc-security-group-vmwareansible", "rules": [ { "code": 0, "direction": "inbound", "ip_version": "ipv4", "port_max": 22, "port_min": 22, "protocol": "tcp", "remote": "0.0.0.0/0", "rule_id": "", "type": 0 }, { "code": 0, "direction": "inbound", "ip_version": "ipv4", "port_max": 22, "port_min": 22, "protocol": "tcp", "remote": "0.0.0.0/0", "rule_id": "", "type": 0 } ], "tags": [], "vpc": "r014-d79642d3-f6f0-4eaf-9d8f-7eccb14ac154" } }, "changed": false }
ID is there, try r014-3ebc609d-960a-41d2-b82d-69ccb0218188