ansible-collections/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2025-07-23 05:10:22 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

minor updates + tests to win_firewall_rule as per jborean93 review (#29148)

Browse source 
* Added warning for 'force' option

* Changed 'profiles' type to list

* Changed 'interfacetypes' type to list

* Added deprecation warning and fixed doc

* updated force parameter
This commit is contained in:
Artem Zinenko 2017-10-10 09:23:08 +03:00 committed by Jordan Borean
commit 2b63ae61f2
3 changed files with 76 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

24
lib/ansible/modules/windows/win_firewall_rule.ps1
View file

@ -48,9 +48,9 @@ function Parse-Action {
# Profile enum values: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366303(v=vs.85).aspx # Profile enum values: https://msdn.microsoft.com/en-us/library/windows/desktop/aa366303(v=vs.85).aspx
function Parse-Profiles function Parse-Profiles
{ {
param($profilesStr) param($profilesList)
$profiles = ($profilesStr.Split(',') | Select -uniq | ForEach { $profiles = ($profilesList | Select -uniq | ForEach {
switch ($_) { switch ($_) {
"domain" { return 1 } "domain" { return 1 }
"private" { return 2 } "private" { return 2 }
@ -65,9 +65,9 @@ function Parse-Profiles
function Parse-InterfaceTypes function Parse-InterfaceTypes
{ {
param($interfaceTypesStr) param($interfaceTypes)
return ($interfaceTypesStr.Split(',') | Select -uniq | ForEach { return ($interfaceTypes | Select -uniq | ForEach {
switch ($_) { switch ($_) {
"wireless" { return "Wireless" } "wireless" { return "Wireless" }
"lan" { return "Lan" } "lan" { return "Lan" }
@ -117,8 +117,8 @@ function New-FWRule
[string]$direction, [string]$direction,
[string]$action, [string]$action,
[bool]$enabled, [bool]$enabled,
[string]$profiles, [string[]]$profiles,
[string]$interfaceTypes, [string[]]$interfaceTypes,
[string]$edgeTraversalOptions, [string]$edgeTraversalOptions,
[string]$secureFlags [string]$secureFlags
) )
@ -137,8 +137,8 @@ function New-FWRule
if ($remoteAddresses -and $remoteAddresses -ne "any") { $rule.RemoteAddresses = $remoteAddresses } if ($remoteAddresses -and $remoteAddresses -ne "any") { $rule.RemoteAddresses = $remoteAddresses }
if ($direction) { $rule.Direction = Parse-Direction -directionStr $direction } if ($direction) { $rule.Direction = Parse-Direction -directionStr $direction }
if ($action) { $rule.Action = Parse-Action -actionStr $action } if ($action) { $rule.Action = Parse-Action -actionStr $action }
if ($profiles) { $rule.Profiles = Parse-Profiles -profilesStr $profiles } if ($profiles) { $rule.Profiles = Parse-Profiles -profilesList $profiles }
if ($interfaceTypes -and $interfaceTypes -ne "any") { $rule.InterfaceTypes = Parse-InterfaceTypes -interfaceTypesStr $interfaceTypes } if ($interfaceTypes -and @(Compare-Object $interfaceTypes @("any")).Count -ne 0) { $rule.InterfaceTypes = Parse-InterfaceTypes -interfaceTypes $interfaceTypes }
if ($edgeTraversalOptions -and $edgeTraversalOptions -ne "no") { if ($edgeTraversalOptions -and $edgeTraversalOptions -ne "no") {
# EdgeTraversalOptions property exists only from Windows 7/Windows Server 2008 R2: https://msdn.microsoft.com/en-us/library/windows/desktop/dd607256(v=vs.85).aspx # EdgeTraversalOptions property exists only from Windows 7/Windows Server 2008 R2: https://msdn.microsoft.com/en-us/library/windows/desktop/dd607256(v=vs.85).aspx
if ($rule | Get-Member -Name 'EdgeTraversalOptions') { if ($rule | Get-Member -Name 'EdgeTraversalOptions') {
@ -172,18 +172,22 @@ $action = Get-AnsibleParam -obj $params -name "action" -type "str" -failifempty
$program = Get-AnsibleParam -obj $params -name "program" -type "str" $program = Get-AnsibleParam -obj $params -name "program" -type "str"
$service = Get-AnsibleParam -obj $params -name "service" -type "str" $service = Get-AnsibleParam -obj $params -name "service" -type "str"
$enabled = Get-AnsibleParam -obj $params -name "enabled" -type "bool" -default $true -aliases "enable" $enabled = Get-AnsibleParam -obj $params -name "enabled" -type "bool" -default $true -aliases "enable"
$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "str" -default "domain,private,public" -aliases "profile" $profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default @("domain", "private", "public") -aliases "profile"
$localip = Get-AnsibleParam -obj $params -name "localip" -type "str" -default "any" $localip = Get-AnsibleParam -obj $params -name "localip" -type "str" -default "any"
$remoteip = Get-AnsibleParam -obj $params -name "remoteip" -type "str" -default "any" $remoteip = Get-AnsibleParam -obj $params -name "remoteip" -type "str" -default "any"
$localport = Get-AnsibleParam -obj $params -name "localport" -type "str" $localport = Get-AnsibleParam -obj $params -name "localport" -type "str"
$remoteport = Get-AnsibleParam -obj $params -name "remoteport" -type "str" $remoteport = Get-AnsibleParam -obj $params -name "remoteport" -type "str"
$protocol = Get-AnsibleParam -obj $params -name "protocol" -type "str" -default "any" $protocol = Get-AnsibleParam -obj $params -name "protocol" -type "str" -default "any"
$interfacetypes = Get-AnsibleParam -obj $params -name "interfacetypes" -type "str" -default "any" $interfacetypes = Get-AnsibleParam -obj $params -name "interfacetypes" -type "list" -default @("any")
$edge = Get-AnsibleParam -obj $params -name "edge" -type "str" -default "no" -validateset "no","yes","deferapp","deferuser" $edge = Get-AnsibleParam -obj $params -name "edge" -type "str" -default "no" -validateset "no","yes","deferapp","deferuser"
$security = Get-AnsibleParam -obj $params -name "security" -type "str" -default "notrequired" -validateset "notrequired","authnoencap","authenticate","authdynenc","authenc" $security = Get-AnsibleParam -obj $params -name "security" -type "str" -default "notrequired" -validateset "notrequired","authnoencap","authenticate","authdynenc","authenc"
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "present","absent" $state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "present","absent"
$force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $false $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $false
if ($force) {
Add-DeprecationWarning -obj $result -message "'force' isn't required anymore" -version 2.9
}
if ($diff_support) { if ($diff_support) {
$result.diff = @{} $result.diff = @{}

7
lib/ansible/modules/windows/win_firewall_rule.py
View file

@ -76,6 +76,13 @@ options:
- The profile this rule applies to. - The profile this rule applies to.
default: 'domain,private,public' default: 'domain,private,public'
aliases: [ 'profile' ] aliases: [ 'profile' ]
force:
description:
- Replace any existing rule by removing it first.
- This is no longer required in 2.4 as rules no longer need replacing when being modified.
- DEPRECATED in 2.4 and will be removed in 2.9.
default: 'no'
choices: [ 'no', 'yes' ]
''' '''
EXAMPLES = r''' EXAMPLES = r'''

59
test/integration/targets/win_firewall_rule/tasks/main.yml
View file

@ -251,7 +251,7 @@
that: that:
- add_firewall_rule_with_multiple_ports.changed == true - add_firewall_rule_with_multiple_ports.changed == true
- name: Add firewall rule with interface types - name: Add firewall rule with interface types in string format
win_firewall_rule: win_firewall_rule:
name: http name: http
enabled: yes enabled: yes
@ -261,12 +261,29 @@
direction: in direction: in
protocol: tcp protocol: tcp
interfacetypes: 'ras,lan,wireless' interfacetypes: 'ras,lan,wireless'
register: add_firewall_rule_with_interface_types register: add_firewall_rule_with_string_interface_types
- name: Check that creating firewall rule with interface types succeeds with a change - name: Check that creating firewall rule with interface types in string format succeeds with a change
assert: assert:
that: that:
- add_firewall_rule_with_interface_types.changed == true - add_firewall_rule_with_string_interface_types.changed == true
- name: Add firewall rule with interface types in list format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
interfacetypes: [ras, lan]
register: add_firewall_rule_with_list_interface_types
- name: Check that creating firewall rule with interface types in list format succeeds with a change
assert:
that:
- add_firewall_rule_with_list_interface_types.changed == true
- name: Add firewall rule with interface type 'any' - name: Add firewall rule with interface type 'any'
win_firewall_rule: win_firewall_rule:
@ -325,3 +342,37 @@
- add_firewall_rule_with_secure_flags.changed == true - add_firewall_rule_with_secure_flags.changed == true
# Works on windows >= Windows 8/Windows Server 2012 # Works on windows >= Windows 8/Windows Server 2012
when: ansible_distribution_version | version_compare('6.2', '>=') when: ansible_distribution_version | version_compare('6.2', '>=')
- name: Add firewall rule with profiles in string format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
profiles: 'domain,public'
register: add_firewall_rule_with_string_profiles
- name: Check that creating firewall rule with profiles in string format succeeds with a change
assert:
that:
- add_firewall_rule_with_string_profiles.changed == true
- name: Add firewall rule with profiles in list format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
profiles: [Domain, Private]
register: add_firewall_rule_with_list_profiles
- name: Check that creating firewall rule with profiles in list format succeeds with a change
assert:
that:
- add_firewall_rule_with_list_profiles.changed == true