From f8f3799aec4b56372fb44eb7569149b14934c2b4 Mon Sep 17 00:00:00 2001 From: Shahar Golshani Date: Thu, 5 Dec 2024 11:44:17 +0200 Subject: [PATCH] Migrate win_firewall module to ansible.windows repo from ansible.community repo --- plugins/modules/win_firewall.ps1 | 53 +++++++++++-------- plugins/modules/win_firewall.py | 9 ++-- .../integration/targets/win_firewall/aliases | 2 +- .../targets/win_firewall/tasks/tests.yml | 13 +++++ 4 files changed, 49 insertions(+), 28 deletions(-) diff --git a/plugins/modules/win_firewall.ps1 b/plugins/modules/win_firewall.ps1 index 9a203986..26f7fd44 100644 --- a/plugins/modules/win_firewall.ps1 +++ b/plugins/modules/win_firewall.ps1 @@ -3,31 +3,40 @@ # Copyright: (c) 2017, Michael Eaton # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) -#Requires -Module Ansible.ModuleUtils.Legacy +#AnsibleRequires -CSharpUtil Ansible.Basic $ErrorActionPreference = "Stop" $firewall_profiles = @('Domain', 'Private', 'Public') -$params = Parse-Args $args -supports_check_mode $true -$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false +$spec = @{ + options = @{ + profiles = @{ type = 'list' ; elements = 'str' ; choices = @("Domain", "Private", "Public") ; default = @("Domain", "Private", "Public") } + state = @{ type = 'str' ; choices = @('disabled', 'enabled') ; required = $true } + inbound_action = @{ type = 'str' ; choices = @('allow', 'block', 'not_configured') } + outbound_action = @{ type = 'str' ; choices = @('allow', 'block', 'not_configured') } + } + supports_check_mode = $true +} +$module = [Ansible.Basic.AnsibleModule]::Create($args, $spec) -$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default @("Domain", "Private", "Public") -$state = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'disabled', 'enabled' -$inbound_action = Get-AnsibleParam -obj $params -name "inbound_action" -type "str" -validateset 'allow', 'block', 'not_configured' -$outbound_action = Get-AnsibleParam -obj $params -name "outbound_action" -type "str" -validateset 'allow', 'block', 'not_configured' +$check_mode = $module.CheckMode -$result = @{ - changed = $false - profiles = $profiles - state = $state -} +$profiles = $module.Params.profiles +$state = $module.Params.state +$inbound_action = $module.Params.inbound_action +$outbound_action = $module.Params.outbound_action + +$module.Result.restart_required = $false +$module.Result.changed = $false +$module.Result.profiles = $profiles +$module.Result.state = $state try { get-command Get-NetFirewallProfile > $null get-command Set-NetFirewallProfile > $null } catch { - Fail-Json $result "win_firewall requires Get-NetFirewallProfile and Set-NetFirewallProfile Cmdlets." + $module.FailJson("win_firewall requires Get-NetFirewallProfile and Set-NetFirewallProfile Cmdlets.") } $FIREWALL_ENABLED = [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.GpoBoolean]::True @@ -40,7 +49,7 @@ Try { $currentstate = $current_profile.Enabled $current_inboundaction = $current_profile.DefaultInboundAction $current_outboundaction = $current_profile.DefaultOutboundAction - $result.$profile = @{ + $module.Result.$profile = @{ enabled = ($currentstate -eq $FIREWALL_ENABLED) considered = ($profiles -contains $profile) currentstate = $currentstate @@ -54,21 +63,21 @@ Try { if ($currentstate -eq $FIREWALL_DISABLED) { Set-NetFirewallProfile -name $profile -Enabled true -WhatIf:$check_mode - $result.changed = $true - $result.$profile.enabled = $true + $module.Result.changed = $true + $module.Result.$profile.enabled = $true } if ($null -ne $inbound_action) { $inbound_action = [Globalization.CultureInfo]::InvariantCulture.TextInfo.ToTitleCase($inbound_action.ToLower()) -replace '_', '' if ($inbound_action -ne $current_inboundaction) { Set-NetFirewallProfile -name $profile -DefaultInboundAction $inbound_action -WhatIf:$check_mode - $result.changed = $true + $module.Result.changed = $true } } if ($null -ne $outbound_action) { $outbound_action = [Globalization.CultureInfo]::InvariantCulture.TextInfo.ToTitleCase($outbound_action.ToLower()) -replace '_', '' if ($outbound_action -ne $current_outboundaction) { Set-NetFirewallProfile -name $profile -DefaultOutboundAction $outbound_action -WhatIf:$check_mode - $result.changed = $true + $module.Result.changed = $true } } } @@ -76,15 +85,15 @@ Try { if ($currentstate -eq $FIREWALL_ENABLED) { Set-NetFirewallProfile -name $profile -Enabled false -WhatIf:$check_mode - $result.changed = $true - $result.$profile.enabled = $false + $module.Result.changed = $true + $module.Result.$profile.enabled = $false } } } } Catch { - Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)" + $module.FailJson("an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)") } -Exit-Json $result +$module.ExitJson() diff --git a/plugins/modules/win_firewall.py b/plugins/modules/win_firewall.py index 551fa3a1..98738e36 100644 --- a/plugins/modules/win_firewall.py +++ b/plugins/modules/win_firewall.py @@ -12,6 +12,7 @@ - Enable or Disable Windows Firewall profiles. requirements: - This module requires Windows Management Framework 5 or later. +version_added: 2.6.0 options: profiles: description: @@ -31,14 +32,12 @@ - C(not_configured) is valid when configuring a GPO. type: str choices: [ allow, block, not_configured ] - version_added: 1.1.0 outbound_action: description: - Set to C(allow) or C(block) inbound network traffic in the profile. - C(not_configured) is valid when configuring a GPO. type: str choices: [ allow, block, not_configured ] - version_added: 1.1.0 seealso: - module: community.windows.win_firewall_rule author: @@ -47,7 +46,7 @@ EXAMPLES = r''' - name: Enable firewall for Domain, Public and Private profiles - community.windows.win_firewall: + ansible.windows.win_firewall: state: enabled profiles: - Domain @@ -56,14 +55,14 @@ tags: enable_firewall - name: Disable Domain firewall - community.windows.win_firewall: + ansible.windows.win_firewall: state: disabled profiles: - Domain tags: disable_firewall - name: Enable firewall for Domain profile and block outbound connections - community.windows.win_firewall: + ansible.windows.win_firewall: profiles: Domain state: enabled outbound_action: block diff --git a/tests/integration/targets/win_firewall/aliases b/tests/integration/targets/win_firewall/aliases index 4f4664b6..4cd27b3c 100644 --- a/tests/integration/targets/win_firewall/aliases +++ b/tests/integration/targets/win_firewall/aliases @@ -1 +1 @@ -shippable/windows/group5 +shippable/windows/group1 diff --git a/tests/integration/targets/win_firewall/tasks/tests.yml b/tests/integration/targets/win_firewall/tasks/tests.yml index 80b5f155..9a1dff65 100644 --- a/tests/integration/targets/win_firewall/tasks/tests.yml +++ b/tests/integration/targets/win_firewall/tasks/tests.yml @@ -203,6 +203,19 @@ - firewall_domain_on.Domain.enabled when: in_check_mode +# Set profile Domain back to default values +- name: Restore default value for Windows Firewall on Domain outbound connection + win_firewall: + profiles: Domain + state: enabled + outbound_action: allow + +- name: Restore default value for Windows Firewall on Domain inbound connection + win_firewall: + profiles: Domain + state: enabled + inbound_action: block + # On purpose no profiles added - name: Turn on Windows Firewall again win_firewall: