Migrate win_firewall module to ansible.windows repo from ansible.comm…

…unity repo
ansible-collections · Dec 5, 2024 · f8f3799 · f8f3799
1 parent 129ca10
commit f8f3799
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 28 deletions.
diff --git a/plugins/modules/win_firewall.ps1 b/plugins/modules/win_firewall.ps1
@@ -3,31 +3,40 @@
 # Copyright: (c) 2017, Michael Eaton <meaton@iforium.com>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 
-#Requires -Module Ansible.ModuleUtils.Legacy
+#AnsibleRequires -CSharpUtil Ansible.Basic
 
 $ErrorActionPreference = "Stop"
 $firewall_profiles = @('Domain', 'Private', 'Public')
 
-$params = Parse-Args $args -supports_check_mode $true
-$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false
+$spec = @{
+    options = @{
+        profiles = @{ type = 'list' ; elements = 'str' ; choices = @("Domain", "Private", "Public") ; default = @("Domain", "Private", "Public") }
+        state = @{ type = 'str' ; choices = @('disabled', 'enabled') ; required = $true }
+        inbound_action = @{ type = 'str' ; choices = @('allow', 'block', 'not_configured') }
+        outbound_action = @{ type = 'str' ; choices = @('allow', 'block', 'not_configured') }
+    }
+    supports_check_mode = $true
+}
+$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec)
 
-$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default @("Domain", "Private", "Public")
-$state = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'disabled', 'enabled'
-$inbound_action = Get-AnsibleParam -obj $params -name "inbound_action" -type "str" -validateset 'allow', 'block', 'not_configured'
-$outbound_action = Get-AnsibleParam -obj $params -name "outbound_action" -type "str" -validateset 'allow', 'block', 'not_configured'
+$check_mode = $module.CheckMode
 
-$result = @{
-    changed = $false
-    profiles = $profiles
-    state = $state
-}
+$profiles = $module.Params.profiles
+$state = $module.Params.state
+$inbound_action = $module.Params.inbound_action
+$outbound_action = $module.Params.outbound_action
+
+$module.Result.restart_required = $false
+$module.Result.changed = $false
+$module.Result.profiles = $profiles
+$module.Result.state = $state
 
 try {
     get-command Get-NetFirewallProfile > $null
     get-command Set-NetFirewallProfile > $null
 }
 catch {
-    Fail-Json $result "win_firewall requires Get-NetFirewallProfile and Set-NetFirewallProfile Cmdlets."
+    $module.FailJson("win_firewall requires Get-NetFirewallProfile and Set-NetFirewallProfile Cmdlets.")
 }
 
 $FIREWALL_ENABLED = [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean]::True
@@ -40,7 +49,7 @@ Try {
         $currentstate = $current_profile.Enabled
         $current_inboundaction = $current_profile.DefaultInboundAction
         $current_outboundaction = $current_profile.DefaultOutboundAction
-        $result.$profile = @{
+        $module.Result.$profile = @{
             enabled = ($currentstate -eq $FIREWALL_ENABLED)
             considered = ($profiles -contains $profile)
             currentstate = $currentstate
@@ -54,37 +63,37 @@ Try {
 
             if ($currentstate -eq $FIREWALL_DISABLED) {
                 Set-NetFirewallProfile -name $profile -Enabled true -WhatIf:$check_mode
-                $result.changed = $true
-                $result.$profile.enabled = $true
+                $module.Result.changed = $true
+                $module.Result.$profile.enabled = $true
             }
             if ($null -ne $inbound_action) {
                 $inbound_action = [Globalization.CultureInfo]::InvariantCulture.TextInfo.ToTitleCase($inbound_action.ToLower()) -replace '_', ''
                 if ($inbound_action -ne $current_inboundaction) {
                     Set-NetFirewallProfile -name $profile -DefaultInboundAction $inbound_action -WhatIf:$check_mode
-                    $result.changed = $true
+                    $module.Result.changed = $true
                 }
             }
             if ($null -ne $outbound_action) {
                 $outbound_action = [Globalization.CultureInfo]::InvariantCulture.TextInfo.ToTitleCase($outbound_action.ToLower()) -replace '_', ''
                 if ($outbound_action -ne $current_outboundaction) {
                     Set-NetFirewallProfile -name $profile -DefaultOutboundAction $outbound_action -WhatIf:$check_mode
-                    $result.changed = $true
+                    $module.Result.changed = $true
                 }
             }
         }
         else {
 
             if ($currentstate -eq $FIREWALL_ENABLED) {
                 Set-NetFirewallProfile -name $profile -Enabled false -WhatIf:$check_mode
-                $result.changed = $true
-                $result.$profile.enabled = $false
+                $module.Result.changed = $true
+                $module.Result.$profile.enabled = $false
             }
 
         }
     }
 }
 Catch {
-    Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)"
+    $module.FailJson("an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)")
 }
 
-Exit-Json $result
+$module.ExitJson()
diff --git a/plugins/modules/win_firewall.py b/plugins/modules/win_firewall.py
@@ -12,6 +12,7 @@
 - Enable or Disable Windows Firewall profiles.
 requirements:
   - This module requires Windows Management Framework 5 or later.
+version_added: 2.6.0
 options:
   profiles:
     description:
@@ -31,14 +32,12 @@
     - C(not_configured) is valid when configuring a GPO.
     type: str
     choices: [ allow, block, not_configured ]
-    version_added: 1.1.0
   outbound_action:
     description:
     - Set to C(allow) or C(block) inbound network traffic in the profile.
     - C(not_configured) is valid when configuring a GPO.
     type: str
     choices: [ allow, block, not_configured ]
-    version_added: 1.1.0
 seealso:
 - module: community.windows.win_firewall_rule
 author:
@@ -47,7 +46,7 @@
 
 EXAMPLES = r'''
 - name: Enable firewall for Domain, Public and Private profiles
-  community.windows.win_firewall:
+  ansible.windows.win_firewall:
     state: enabled
     profiles:
       - Domain
@@ -56,14 +55,14 @@
   tags: enable_firewall
 
 - name: Disable Domain firewall
-  community.windows.win_firewall:
+  ansible.windows.win_firewall:
     state: disabled
     profiles:
       - Domain
   tags: disable_firewall
 
 - name: Enable firewall for Domain profile and block outbound connections
-  community.windows.win_firewall:
+  ansible.windows.win_firewall:
     profiles: Domain
     state: enabled
     outbound_action: block

diff --git a/tests/integration/targets/win_firewall/aliases b/tests/integration/targets/win_firewall/aliases
@@ -1 +1 @@
-shippable/windows/group5
+shippable/windows/group1
diff --git a/tests/integration/targets/win_firewall/tasks/tests.yml b/tests/integration/targets/win_firewall/tasks/tests.yml
@@ -203,6 +203,19 @@
     - firewall_domain_on.Domain.enabled
   when: in_check_mode
 
+# Set profile Domain back to default values 
+- name: Restore default value for Windows Firewall on Domain outbound connection
+  win_firewall:
+    profiles: Domain
+    state: enabled
+    outbound_action: allow
+
+- name: Restore default value for Windows Firewall on Domain inbound connection
+  win_firewall:
+    profiles: Domain
+    state: enabled
+    inbound_action: block
+
 # On purpose no profiles added
 - name: Turn on Windows Firewall again
   win_firewall: