Fix: add missing priority

[danielmonterocr]

SUMMARY

Appengine create firewall rule is missing priority in request body. According to documentation this is mandatory: https://cloud.google.com/appengine/docs/admin-api/reference/rest/v1/apps.firewall.ingressRules#FirewallRule

ISSUE TYPE

• Bugfix Pull Request

COMPONENT NAME

gcp_appengine_firewall_rule

ADDITIONAL INFORMATION

When no priority is sent in the request body the rule is added at the end of the list.

Before:

TASK [create a firewall rule] ****************************************************************************************
task path: /Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-templates/playbooks/GCP/appengine_firewall_operations/manage_firewall_rules.yml:39
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: danielmontero
<localhost> EXEC /bin/sh -c 'echo ~danielmontero && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/danielmontero/.ansible/tmp `"&& mkdir "` echo /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991 `" && echo ansible-tmp-1654304486.602481-9542-146118232977991="` echo /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991 `" ) && sleep 0'
Using module file /Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-ansible-runner/app/library/mcas_gcp_appengine_firewall_rule.py
<localhost> PUT /Users/danielmontero/.ansible/tmp/ansible-local-9503erti1x8j/tmp6x7suf2e TO /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991/AnsiballZ_mcas_gcp_appengine_firewall_rule.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991/ /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991/AnsiballZ_mcas_gcp_appengine_firewall_rule.py && sleep 0'
<localhost> EXEC /bin/sh -c 'http_proxy='"'"''"'"' https_proxy='"'"''"'"' /Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-templates/venv-gcp/bin/python /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991/AnsiballZ_mcas_gcp_appengine_firewall_rule.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/danielmontero/.ansible/tmp/ansible-tmp-1654304486.602481-9542-146118232977991/ > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
    "action": "ALLOW",
    "changed": true,
    "description": "daniel",
    "invocation": {
        "module_args": {
            "action": "ALLOW",
            "auth_kind": "serviceaccount",
            "description": "daniel",
            "env_type": null,
            "priority": 567788,
            "project": "mcmp-actions-svt",
            "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
            ],
            "service_account_contents": null,
            "service_account_email": null,
            "service_account_file": "/Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-templates/cred.json",
            "source_range": "14.0.0.0/24",
            "state": "present"
        }
    },
    "priority": 18001,
    "sourceRange": "14.0.0.0/24"
}

After:

TASK [create a firewall rule] ****************************************************************************************
task path: /Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-templates/playbooks/GCP/appengine_firewall_operations/manage_firewall_rules.yml:39
<localhost> ESTABLISH LOCAL CONNECTION FOR USER: danielmontero
<localhost> EXEC /bin/sh -c 'echo ~danielmontero && sleep 0'
<localhost> EXEC /bin/sh -c '( umask 77 && mkdir -p "` echo /Users/danielmontero/.ansible/tmp `"&& mkdir "` echo /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328 `" && echo ansible-tmp-1654305961.025613-12184-140947765431328="` echo /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328 `" ) && sleep 0'
Using module file /Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-ansible-runner/app/library/mcas_gcp_appengine_firewall_rule.py
<localhost> PUT /Users/danielmontero/.ansible/tmp/ansible-local-12145ok0ztvfy/tmp1ajgdf4b TO /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328/AnsiballZ_mcas_gcp_appengine_firewall_rule.py
<localhost> EXEC /bin/sh -c 'chmod u+x /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328/ /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328/AnsiballZ_mcas_gcp_appengine_firewall_rule.py && sleep 0'
<localhost> EXEC /bin/sh -c 'http_proxy='"'"''"'"' https_proxy='"'"''"'"' /Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-templates/venv-gcp/bin/python /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328/AnsiballZ_mcas_gcp_appengine_firewall_rule.py && sleep 0'
<localhost> EXEC /bin/sh -c 'rm -f -r /Users/danielmontero/.ansible/tmp/ansible-tmp-1654305961.025613-12184-140947765431328/ > /dev/null 2>&1 && sleep 0'
changed: [localhost] => {
    "action": "ALLOW",
    "changed": true,
    "description": "daniel",
    "invocation": {
        "module_args": {
            "action": "ALLOW",
            "auth_kind": "serviceaccount",
            "description": "daniel",
            "env_type": null,
            "priority": 567788,
            "project": "mcmp-actions-svt",
            "scopes": [
                "https://www.googleapis.com/auth/cloud-platform"
            ],
            "service_account_contents": null,
            "service_account_email": null,
            "service_account_file": "/Users/danielmontero/mcmp/dev/mcmp-actions/mcmp-actions-templates/cred.json",
            "source_range": "14.0.0.0/24",
            "state": "present"
        }
    },
    "priority": 567788,
    "sourceRange": "14.0.0.0/24"
}

[toumorokoshi]

Thanks for the PR! What's strange is that the ansible test is passing for gcp_appengine_firewall_rule:

$ ansible-test integration gcp_appengine_firewall_rule -vvv
....
META: role_complete for testhost
META: ran handlers
META: ran handlers

PLAY RECAP *********************************************************************
testhost                   : ok=15   changed=2    unreachable=0    failed=0    skipped=0    rescued=0    ignored=0   

Cleaning up temporary python directory: /tmp/python-5172hinc-ansible

I'll mark this as bug to investigate later, but is there a specific configuration you've noticed is failing?

[danielmonterocr]

@toumorokoshi in my case this would be the case for any fire rule I would try to create. Here's how I call it:

 31     - block:
 32       - name: create a firewall rule
 33         google.cloud.gcp_appengine_firewall_rule:
 34           priority: "{{ rule_priority }}"
 35           source_range: "{{ source_range }}"
 36           action: "{{ firewall_action }}"
 37           description: "{{ description }}"
 38           project: "{{ gcp_project }}"
 39           auth_kind: serviceaccount
 40           service_account_file: "{{ gcp_cred_file }}"
 41           state: present
 42         environment: "{{ proxy_env }}"
 43         ignore_errors: true
 44         register: response
 45
 46       - name: check if there is failure
 47         fail: msg="Error found in command execution"
 48         when: "'exception' in response or response.failed | default(false)"
 49
 50       - set_fact:
 51           status: "Firewall rule created for source range: {{ source_range }}"
 52         when: response.changed == true
 53         ignore_errors: true
 54       - set_fact:
 55           status: "Firewall rule not created for source range: {{ source_range }}"
 56         when: response.changed == false
 57         ignore_errors: true
 58       when: new_action == 'create_firewall_rule'