carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-12 07:35:31 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge 469234db06 into 41d8029ef5

Browse source
This commit is contained in:
Steve Kieu 2023-02-26 04:52:04 +00:00 committed by GitHub
commit 6cb5a17ecb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 105 additions and 83 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/firewalld_multiple_input_values.yml Normal file
View file

@ -0,0 +1,3 @@
minor_changes:
- firewalld - Allow multiple values input as a list or coma separated string
for input types source, service, port, icmp_block, interface, rich_rule.

185
plugins/modules/firewalld.py
View file

@ -18,12 +18,16 @@ options:
description: description:
- Name of a service to add/remove to/from firewalld. - Name of a service to add/remove to/from firewalld.
- The service must be listed in output of firewall-cmd --get-services. - The service must be listed in output of firewall-cmd --get-services.
type: str - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
type: list
elements: str
port: port:
description: description:
- Name of a port or port range to add/remove to/from firewalld. - Name of a port or port range to add/remove to/from firewalld.
- Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges. - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
type: str - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
type: list
elements: str
port_forward: port_forward:
description: description:
- Port and protocol to forward using firewalld. - Port and protocol to forward using firewalld.
@ -54,19 +58,27 @@ options:
description: description:
- Rich rule to add/remove to/from firewalld. - Rich rule to add/remove to/from firewalld.
- See L(Syntax for firewalld rich language rules,https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html). - See L(Syntax for firewalld rich language rules,https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html).
type: str - Multiple values can be provided using a list.
type: list
elements: str
source: source:
description: description:
- The source/network you would like to add/remove to/from firewalld. - The source/network you would like to add/remove to/from firewalld.
type: str - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
type: list
elements: str
interface: interface:
description: description:
- The interface you would like to add/remove to/from a zone in firewalld. - The interface you would like to add/remove to/from a zone in firewalld.
type: str - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
type: list
elements: str
icmp_block: icmp_block:
description: description:
- The ICMP block you would like to add/remove to/from a zone in firewalld. - The ICMP block you would like to add/remove to/from a zone in firewalld.
type: str - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
type: list
elements: str
icmp_block_inversion: icmp_block_inversion:
description: description:
- Enable/Disable inversion of ICMP blocks for a zone in firewalld. - Enable/Disable inversion of ICMP blocks for a zone in firewalld.
@ -745,19 +757,19 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=dict( argument_spec=dict(
icmp_block=dict(type='str'), icmp_block=dict(type='list', elements='str'),
icmp_block_inversion=dict(type='str'), icmp_block_inversion=dict(type='str'),
service=dict(type='str'), service=dict(type='list', elements='str'),
port=dict(type='str'), port=dict(type='list', elements='str'),
port_forward=dict(type='list', elements='dict'), port_forward=dict(type='list', elements='dict'),
rich_rule=dict(type='str'), rich_rule=dict(type='list', elements='str'),
zone=dict(type='str'), zone=dict(type='str'),
immediate=dict(type='bool', default=False), immediate=dict(type='bool', default=False),
source=dict(type='str'), source=dict(type='list', elements='str'),
permanent=dict(type='bool'), permanent=dict(type='bool'),
state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']), state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
timeout=dict(type='int', default=0), timeout=dict(type='int', default=0),
interface=dict(type='str'), interface=dict(type='list', elements='str'),
masquerade=dict(type='str'), masquerade=dict(type='str'),
offline=dict(type='bool'), offline=dict(type='bool'),
target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']), target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
@ -838,20 +850,21 @@ def main():
) )
if icmp_block is not None: if icmp_block is not None:
for _icmp_block in icmp_block:
_icmp_block = _icmp_block.strip()
transaction = IcmpBlockTransaction(
module,
action_args=(_icmp_block, timeout),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
transaction = IcmpBlockTransaction( changed, transaction_msgs = transaction.run()
module, msgs = msgs + transaction_msgs
action_args=(icmp_block, timeout), if changed is True:
zone=zone, msgs.append("Changed icmp-block %s to %s" % (_icmp_block, desired_state))
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if changed is True:
msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
if icmp_block_inversion is not None: if icmp_block_inversion is not None:
@ -878,52 +891,55 @@ def main():
'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion) 'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
if service is not None: if service is not None:
for _service in service:
_service = _service.strip()
transaction = ServiceTransaction(
module,
action_args=(_service, timeout),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
transaction = ServiceTransaction( changed, transaction_msgs = transaction.run()
module, msgs = msgs + transaction_msgs
action_args=(service, timeout), if changed is True:
zone=zone, msgs.append("Changed service %s to %s" % (_service, desired_state))
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if changed is True:
msgs.append("Changed service %s to %s" % (service, desired_state))
if source is not None: if source is not None:
for _source in source:
_source = _source.strip()
transaction = SourceTransaction(
module,
action_args=(_source,),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
transaction = SourceTransaction( changed, transaction_msgs = transaction.run()
module, msgs = msgs + transaction_msgs
action_args=(source,),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if port is not None: if port is not None:
for _port in port:
transaction = PortTransaction( _port = _port.strip()
module, transaction = PortTransaction(
action_args=(port, protocol, timeout), module,
zone=zone, action_args=(_port, protocol, timeout),
desired_state=desired_state, zone=zone,
permanent=permanent, desired_state=desired_state,
immediate=immediate, permanent=permanent,
) immediate=immediate,
)
changed, transaction_msgs = transaction.run() changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs msgs = msgs + transaction_msgs
if changed is True: if changed is True:
msgs.append( msgs.append(
"Changed port %s to %s" % ( "Changed port %s to %s" % (
"%s/%s" % (port, protocol), desired_state "%s/%s" % (_port, protocol), desired_state
) )
) )
@ -951,34 +967,37 @@ def main():
) )
if rich_rule is not None: if rich_rule is not None:
for _rich_rule in rich_rule:
if _rich_rule == '':
continue
transaction = RichRuleTransaction(
module,
action_args=(_rich_rule, timeout),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
transaction = RichRuleTransaction( changed, transaction_msgs = transaction.run()
module, msgs = msgs + transaction_msgs
action_args=(rich_rule, timeout), if changed is True:
zone=zone, msgs.append("Changed rich_rule %s to %s" % (_rich_rule, desired_state))
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if changed is True:
msgs.append("Changed rich_rule %s to %s" % (rich_rule, desired_state))
if interface is not None: if interface is not None:
for _interface in interface:
_interface = _interface.strip()
transaction = InterfaceTransaction(
module,
action_args=(_interface,),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
transaction = InterfaceTransaction( changed, transaction_msgs = transaction.run()
module, msgs = msgs + transaction_msgs
action_args=(interface,),
zone=zone,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
if masquerade is not None: if masquerade is not None: