mirror of
				https://github.com/ansible-collections/community.general.git
				synced 2025-10-26 05:50:36 -07:00 
			
		
		
		
	* fixed validation-modules for aix_devices.py * fixed validation-modules for aix_filesystem.py * fixed validation-modules for aix_inittab.py * fixed validation-modules for aix_lvg.py * fixed validation-modules for aix_lvol.py * fixed validation-modules for awall.py * fixed validation-modules for dconf.py * fixed validation-modules for gconftool2.py * fixed validation-modules for interfaces_file.py * fixed validation-modules for java_keystore.py * fixed validation-modules for kernel_blacklist.py * fixed validation-modules for plugins/modules/system/lbu.py * fixed validation-modules for plugins/modules/system/locale_gen.py * fixed validation-modules for plugins/modules/system/lvg.py * fixed validation-modules for plugins/modules/system/lvol.py * fixed validation-modules for plugins/modules/system/mksysb.py * fixed validation-modules for plugins/modules/system/modprobe.py * fixed validation-modules for plugins/modules/system/nosh.py * fixed validation-modules for plugins/modules/system/open_iscsi.py * fixed validation-modules for plugins/modules/system/openwrt_init.py * fixed validation-modules for plugins/modules/system/osx_defaults.py * fixed validation-modules for plugins/modules/system/pamd.py * fixed validation-modules for plugins/modules/system/pam_limits.py * fixed validation-modules for plugins/modules/system/parted.py * fixed validation-modules for plugins/modules/system/puppet.py * fixed validation-modules for plugins/modules/system/python_requirements_info.py * fixed validation-modules for plugins/modules/system/runit.py the parameter "dist" is not used anywhere in the module * fixed validation-modules for plugins/modules/system/sefcontext.py * fixed validation-modules for plugins/modules/system/selogin.py * fixed validation-modules for plugins/modules/system/seport.py * fixed validation-modules for plugins/modules/system/solaris_zone.py * fixed validation-modules for plugins/modules/system/syspatch.py * fixed validation-modules for plugins/modules/system/vdo.py * fixed validation-modules for plugins/modules/system/xfconf.py * removed ignore almost all validate-modules lines in system * removed unnecessary validations, per shippable test * kernel_blacklist: keeping blacklist_file as str instead of path * mksysb: keeping storage_path as str instead of path * pam_limits: keeping dest as str instead of path * rollback on adding doc for puppet.py legacy param * rolledback param seuser required in selogin module * rolledback changes in runit * rolledback changes in osx_defaults * rolledback changes in aix_defaults
		
			
				
	
	
		
			153 lines
		
	
	
	
		
			4.3 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
			
		
		
	
	
			153 lines
		
	
	
	
		
			4.3 KiB
		
	
	
	
		
			Python
		
	
	
	
	
	
| #!/usr/bin/python
 | |
| # -*- coding: utf-8 -*-
 | |
| 
 | |
| # Copyright: (c) 2017, Ted Trask <ttrask01@yahoo.com>
 | |
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 | |
| 
 | |
| from __future__ import absolute_import, division, print_function
 | |
| __metaclass__ = type
 | |
| 
 | |
| 
 | |
| DOCUMENTATION = r'''
 | |
| ---
 | |
| module: awall
 | |
| short_description: Manage awall policies
 | |
| author: Ted Trask (@tdtrask) <ttrask01@yahoo.com>
 | |
| description:
 | |
|   - This modules allows for enable/disable/activate of I(awall) policies.
 | |
|   - Alpine Wall (I(awall)) generates a firewall configuration from the enabled policy files
 | |
|     and activates the configuration on the system.
 | |
| options:
 | |
|   name:
 | |
|     description:
 | |
|       - One or more policy names.
 | |
|     type: list
 | |
|     elements: str
 | |
|   state:
 | |
|     description:
 | |
|       - Whether the policies should be enabled or disabled.
 | |
|     type: str
 | |
|     choices: [ disabled, enabled ]
 | |
|     default: enabled
 | |
|   activate:
 | |
|     description:
 | |
|       - Activate the new firewall rules.
 | |
|       - Can be run with other steps or on its own.
 | |
|     type: bool
 | |
|     default: no
 | |
| '''
 | |
| 
 | |
| EXAMPLES = r'''
 | |
| - name: Enable "foo" and "bar" policy
 | |
|   community.general.awall:
 | |
|     name: [ foo bar ]
 | |
|     state: enabled
 | |
| 
 | |
| - name: Disable "foo" and "bar" policy and activate new rules
 | |
|   community.general.awall:
 | |
|     name:
 | |
|     - foo
 | |
|     - bar
 | |
|     state: disabled
 | |
|     activate: no
 | |
| 
 | |
| - name: Activate currently enabled firewall rules
 | |
|   community.general.awall:
 | |
|     activate: yes
 | |
| '''
 | |
| 
 | |
| RETURN = ''' # '''
 | |
| 
 | |
| import re
 | |
| from ansible.module_utils.basic import AnsibleModule
 | |
| 
 | |
| 
 | |
| def activate(module):
 | |
|     cmd = "%s activate --force" % (AWALL_PATH)
 | |
|     rc, stdout, stderr = module.run_command(cmd)
 | |
|     if rc == 0:
 | |
|         return True
 | |
|     else:
 | |
|         module.fail_json(msg="could not activate new rules", stdout=stdout, stderr=stderr)
 | |
| 
 | |
| 
 | |
| def is_policy_enabled(module, name):
 | |
|     cmd = "%s list" % (AWALL_PATH)
 | |
|     rc, stdout, stderr = module.run_command(cmd)
 | |
|     if re.search(r"^%s\s+enabled" % name, stdout, re.MULTILINE):
 | |
|         return True
 | |
|     return False
 | |
| 
 | |
| 
 | |
| def enable_policy(module, names, act):
 | |
|     policies = []
 | |
|     for name in names:
 | |
|         if not is_policy_enabled(module, name):
 | |
|             policies.append(name)
 | |
|     if not policies:
 | |
|         module.exit_json(changed=False, msg="policy(ies) already enabled")
 | |
|     names = " ".join(policies)
 | |
|     if module.check_mode:
 | |
|         cmd = "%s list" % (AWALL_PATH)
 | |
|     else:
 | |
|         cmd = "%s enable %s" % (AWALL_PATH, names)
 | |
|     rc, stdout, stderr = module.run_command(cmd)
 | |
|     if rc != 0:
 | |
|         module.fail_json(msg="failed to enable %s" % names, stdout=stdout, stderr=stderr)
 | |
|     if act and not module.check_mode:
 | |
|         activate(module)
 | |
|     module.exit_json(changed=True, msg="enabled awall policy(ies): %s" % names)
 | |
| 
 | |
| 
 | |
| def disable_policy(module, names, act):
 | |
|     policies = []
 | |
|     for name in names:
 | |
|         if is_policy_enabled(module, name):
 | |
|             policies.append(name)
 | |
|     if not policies:
 | |
|         module.exit_json(changed=False, msg="policy(ies) already disabled")
 | |
|     names = " ".join(policies)
 | |
|     if module.check_mode:
 | |
|         cmd = "%s list" % (AWALL_PATH)
 | |
|     else:
 | |
|         cmd = "%s disable %s" % (AWALL_PATH, names)
 | |
|     rc, stdout, stderr = module.run_command(cmd)
 | |
|     if rc != 0:
 | |
|         module.fail_json(msg="failed to disable %s" % names, stdout=stdout, stderr=stderr)
 | |
|     if act and not module.check_mode:
 | |
|         activate(module)
 | |
|     module.exit_json(changed=True, msg="disabled awall policy(ies): %s" % names)
 | |
| 
 | |
| 
 | |
| def main():
 | |
|     module = AnsibleModule(
 | |
|         argument_spec=dict(
 | |
|             state=dict(type='str', default='enabled', choices=['disabled', 'enabled']),
 | |
|             name=dict(type='list', elements='str'),
 | |
|             activate=dict(type='bool', default=False),
 | |
|         ),
 | |
|         required_one_of=[['name', 'activate']],
 | |
|         supports_check_mode=True,
 | |
|     )
 | |
| 
 | |
|     global AWALL_PATH
 | |
|     AWALL_PATH = module.get_bin_path('awall', required=True)
 | |
| 
 | |
|     p = module.params
 | |
| 
 | |
|     if p['name']:
 | |
|         if p['state'] == 'enabled':
 | |
|             enable_policy(module, p['name'], p['activate'])
 | |
|         elif p['state'] == 'disabled':
 | |
|             disable_policy(module, p['name'], p['activate'])
 | |
| 
 | |
|     if p['activate']:
 | |
|         if not module.check_mode:
 | |
|             activate(module)
 | |
|         module.exit_json(changed=True, msg="activated awall rules")
 | |
| 
 | |
|     module.fail_json(msg="no action defined")
 | |
| 
 | |
| 
 | |
| if __name__ == '__main__':
 | |
|     main()
 |