1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/plugins/modules/oneandone_firewall_policy.py

580 lines
18 KiB
Python
Raw Permalink Normal View History

2020-03-09 10:11:07 +01:00
#!/usr/bin/python
# -*- coding: utf-8 -*-
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
2020-03-09 10:11:07 +01:00
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
---
module: oneandone_firewall_policy
2022-11-09 13:57:41 +01:00
short_description: Configure 1&1 firewall policy
2020-03-09 10:11:07 +01:00
description:
- Create, remove, reconfigure, update firewall policies.
This module has a dependency on 1and1 >= 1.0.
extends_documentation_fragment:
- community.general.attributes
attributes:
check_mode:
support: full
diff_mode:
support: none
2020-03-09 10:11:07 +01:00
options:
state:
description:
- Define a firewall policy state to create, remove, or update.
required: false
type: str
2020-03-09 10:11:07 +01:00
default: 'present'
choices: [ "present", "absent", "update" ]
auth_token:
description:
- Authenticating API token provided by 1&1.
type: str
2020-03-09 10:11:07 +01:00
api_url:
description:
- Custom API URL. Overrides the
ONEANDONE_API_URL environment variable.
type: str
2020-03-09 10:11:07 +01:00
required: false
name:
description:
- Firewall policy name used with present state. Used as identifier (id or name) when used with absent state.
maxLength=128
type: str
2020-03-09 10:11:07 +01:00
firewall_policy:
description:
- The identifier (id or name) of the firewall policy used with update state.
type: str
2020-03-09 10:11:07 +01:00
rules:
description:
- A list of rules that will be set for the firewall policy.
Each rule must contain protocol parameter, in addition to three optional parameters
(port_from, port_to, and source)
type: list
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) * fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py * fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py * fixed validation-modules for plugins/modules/packaging/language/bundler.py * fixed validation-modules for plugins/modules/notification/pushbullet.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py * fixed validation-modules for plugins/modules/monitoring/icinga2_host.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py * fixed validation-modules for plugins/modules/clustering/znode.py * fixed validation-modules for plugins/modules/clustering/etcd3.py * fixed validation-modules for plugins/modules/clustering/consul/consul_session.py * fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py * fixed validation-modules for plugins/modules/clustering/consul/consul.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py * fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py * missed one "elements" in sensu_handler * Tidy up batch of sanity checks ignore lines * missed lines in ignore-2.9.txt * fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py * Update ignore-2.9.txt Removed consul_acl.py from ignore-2.9.txt * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/notification/pushbullet.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py Co-authored-by: Felix Fontein <felix@fontein.de> * added changelog fragment * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-02-26 11:37:23 +01:00
elements: dict
2022-11-01 19:25:51 +01:00
default: []
2020-03-09 10:11:07 +01:00
add_server_ips:
description:
- A list of server identifiers (id or name) to be assigned to a firewall policy.
Used in combination with update state.
type: list
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) * fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py * fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py * fixed validation-modules for plugins/modules/packaging/language/bundler.py * fixed validation-modules for plugins/modules/notification/pushbullet.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py * fixed validation-modules for plugins/modules/monitoring/icinga2_host.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py * fixed validation-modules for plugins/modules/clustering/znode.py * fixed validation-modules for plugins/modules/clustering/etcd3.py * fixed validation-modules for plugins/modules/clustering/consul/consul_session.py * fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py * fixed validation-modules for plugins/modules/clustering/consul/consul.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py * fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py * missed one "elements" in sensu_handler * Tidy up batch of sanity checks ignore lines * missed lines in ignore-2.9.txt * fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py * Update ignore-2.9.txt Removed consul_acl.py from ignore-2.9.txt * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/notification/pushbullet.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py Co-authored-by: Felix Fontein <felix@fontein.de> * added changelog fragment * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-02-26 11:37:23 +01:00
elements: str
2020-03-09 10:11:07 +01:00
required: false
2022-11-01 19:25:51 +01:00
default: []
2020-03-09 10:11:07 +01:00
remove_server_ips:
description:
- A list of server IP ids to be unassigned from a firewall policy. Used in combination with update state.
type: list
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) * fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py * fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py * fixed validation-modules for plugins/modules/packaging/language/bundler.py * fixed validation-modules for plugins/modules/notification/pushbullet.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py * fixed validation-modules for plugins/modules/monitoring/icinga2_host.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py * fixed validation-modules for plugins/modules/clustering/znode.py * fixed validation-modules for plugins/modules/clustering/etcd3.py * fixed validation-modules for plugins/modules/clustering/consul/consul_session.py * fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py * fixed validation-modules for plugins/modules/clustering/consul/consul.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py * fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py * missed one "elements" in sensu_handler * Tidy up batch of sanity checks ignore lines * missed lines in ignore-2.9.txt * fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py * Update ignore-2.9.txt Removed consul_acl.py from ignore-2.9.txt * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/notification/pushbullet.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py Co-authored-by: Felix Fontein <felix@fontein.de> * added changelog fragment * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-02-26 11:37:23 +01:00
elements: str
2020-03-09 10:11:07 +01:00
required: false
2022-11-01 19:25:51 +01:00
default: []
2020-03-09 10:11:07 +01:00
add_rules:
description:
- A list of rules that will be added to an existing firewall policy.
It is syntax is the same as the one used for rules parameter. Used in combination with update state.
type: list
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) * fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py * fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py * fixed validation-modules for plugins/modules/packaging/language/bundler.py * fixed validation-modules for plugins/modules/notification/pushbullet.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py * fixed validation-modules for plugins/modules/monitoring/icinga2_host.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py * fixed validation-modules for plugins/modules/clustering/znode.py * fixed validation-modules for plugins/modules/clustering/etcd3.py * fixed validation-modules for plugins/modules/clustering/consul/consul_session.py * fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py * fixed validation-modules for plugins/modules/clustering/consul/consul.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py * fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py * missed one "elements" in sensu_handler * Tidy up batch of sanity checks ignore lines * missed lines in ignore-2.9.txt * fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py * Update ignore-2.9.txt Removed consul_acl.py from ignore-2.9.txt * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/notification/pushbullet.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py Co-authored-by: Felix Fontein <felix@fontein.de> * added changelog fragment * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-02-26 11:37:23 +01:00
elements: dict
2020-03-09 10:11:07 +01:00
required: false
2022-11-01 19:25:51 +01:00
default: []
2020-03-09 10:11:07 +01:00
remove_rules:
description:
- A list of rule ids that will be removed from an existing firewall policy. Used in combination with update state.
type: list
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) * fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py * fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py * fixed validation-modules for plugins/modules/packaging/language/bundler.py * fixed validation-modules for plugins/modules/notification/pushbullet.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py * fixed validation-modules for plugins/modules/monitoring/icinga2_host.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py * fixed validation-modules for plugins/modules/clustering/znode.py * fixed validation-modules for plugins/modules/clustering/etcd3.py * fixed validation-modules for plugins/modules/clustering/consul/consul_session.py * fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py * fixed validation-modules for plugins/modules/clustering/consul/consul.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py * fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py * missed one "elements" in sensu_handler * Tidy up batch of sanity checks ignore lines * missed lines in ignore-2.9.txt * fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py * Update ignore-2.9.txt Removed consul_acl.py from ignore-2.9.txt * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/notification/pushbullet.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py Co-authored-by: Felix Fontein <felix@fontein.de> * added changelog fragment * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-02-26 11:37:23 +01:00
elements: str
2020-03-09 10:11:07 +01:00
required: false
2022-11-01 19:25:51 +01:00
default: []
2020-03-09 10:11:07 +01:00
description:
description:
- Firewall policy description. maxLength=256
type: str
2020-03-09 10:11:07 +01:00
required: false
wait:
description:
- wait for the instance to be in state 'running' before returning
required: false
default: true
2020-03-09 10:11:07 +01:00
type: bool
wait_timeout:
description:
- how long before wait gives up, in seconds
type: int
2020-03-09 10:11:07 +01:00
default: 600
wait_interval:
description:
- Defines the number of seconds to wait when using the _wait_for methods
type: int
2020-03-09 10:11:07 +01:00
default: 5
requirements:
- "1and1"
author:
- "Amel Ajdinovic (@aajdinov)"
- "Ethan Devenport (@edevenport)"
'''
EXAMPLES = '''
- name: Create a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
name: ansible-firewall-policy
description: Testing creation of firewall policies with ansible
rules:
-
protocol: TCP
port_from: 80
port_to: 80
source: 0.0.0.0
wait: true
wait_timeout: 500
- name: Destroy a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
state: absent
name: ansible-firewall-policy
- name: Update a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
state: update
firewall_policy: ansible-firewall-policy
name: ansible-firewall-policy-updated
description: Testing creation of firewall policies with ansible - updated
- name: Add server to a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
firewall_policy: ansible-firewall-policy-updated
add_server_ips:
- server_identifier (id or name)
- server_identifier #2 (id or name)
wait: true
wait_timeout: 500
state: update
- name: Remove server from a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
firewall_policy: ansible-firewall-policy-updated
remove_server_ips:
- B2504878540DBC5F7634EB00A07C1EBD (server's IP id)
wait: true
wait_timeout: 500
state: update
- name: Add rules to a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
firewall_policy: ansible-firewall-policy-updated
description: Adding rules to an existing firewall policy
add_rules:
-
protocol: TCP
port_from: 70
port_to: 70
source: 0.0.0.0
-
protocol: TCP
port_from: 60
port_to: 60
source: 0.0.0.0
wait: true
wait_timeout: 500
state: update
- name: Remove rules from a firewall policy
community.general.oneandone_firewall_policy:
2020-03-09 10:11:07 +01:00
auth_token: oneandone_private_api_key
firewall_policy: ansible-firewall-policy-updated
remove_rules:
- rule_id #1
- rule_id #2
- ...
wait: true
wait_timeout: 500
state: update
'''
RETURN = '''
firewall_policy:
description: Information about the firewall policy that was processed
type: dict
sample: '{"id": "92B74394A397ECC3359825C1656D67A6", "name": "Default Policy"}'
returned: always
'''
import os
from ansible.module_utils.basic import AnsibleModule
from ansible_collections.community.general.plugins.module_utils.oneandone import (
get_firewall_policy,
get_server,
OneAndOneResources,
wait_for_resource_creation_completion
)
HAS_ONEANDONE_SDK = True
try:
import oneandone.client
except ImportError:
HAS_ONEANDONE_SDK = False
def _check_mode(module, result):
if module.check_mode:
module.exit_json(
changed=result
)
def _add_server_ips(module, oneandone_conn, firewall_id, server_ids):
"""
Assigns servers to a firewall policy.
"""
try:
attach_servers = []
for _server_id in server_ids:
server = get_server(oneandone_conn, _server_id, True)
attach_server = oneandone.client.AttachServer(
server_id=server['id'],
server_ip_id=next(iter(server['ips'] or []), None)['id']
)
attach_servers.append(attach_server)
if module.check_mode:
if attach_servers:
return True
return False
firewall_policy = oneandone_conn.attach_server_firewall_policy(
firewall_id=firewall_id,
server_ips=attach_servers)
return firewall_policy
except Exception as e:
module.fail_json(msg=str(e))
def _remove_firewall_server(module, oneandone_conn, firewall_id, server_ip_id):
"""
Unassigns a server/IP from a firewall policy.
"""
try:
if module.check_mode:
firewall_server = oneandone_conn.get_firewall_server(
firewall_id=firewall_id,
server_ip_id=server_ip_id)
if firewall_server:
return True
return False
firewall_policy = oneandone_conn.remove_firewall_server(
firewall_id=firewall_id,
server_ip_id=server_ip_id)
return firewall_policy
except Exception as e:
module.fail_json(msg=str(e))
def _add_firewall_rules(module, oneandone_conn, firewall_id, rules):
"""
Adds new rules to a firewall policy.
"""
try:
firewall_rules = []
for rule in rules:
firewall_rule = oneandone.client.FirewallPolicyRule(
protocol=rule['protocol'],
port_from=rule['port_from'],
port_to=rule['port_to'],
source=rule['source'])
firewall_rules.append(firewall_rule)
if module.check_mode:
firewall_policy_id = get_firewall_policy(oneandone_conn, firewall_id)
if (firewall_rules and firewall_policy_id):
return True
return False
firewall_policy = oneandone_conn.add_firewall_policy_rule(
firewall_id=firewall_id,
firewall_policy_rules=firewall_rules
)
return firewall_policy
except Exception as e:
module.fail_json(msg=str(e))
def _remove_firewall_rule(module, oneandone_conn, firewall_id, rule_id):
"""
Removes a rule from a firewall policy.
"""
try:
if module.check_mode:
rule = oneandone_conn.get_firewall_policy_rule(
firewall_id=firewall_id,
rule_id=rule_id)
if rule:
return True
return False
firewall_policy = oneandone_conn.remove_firewall_rule(
firewall_id=firewall_id,
rule_id=rule_id
)
return firewall_policy
except Exception as e:
module.fail_json(msg=str(e))
def update_firewall_policy(module, oneandone_conn):
"""
Updates a firewall policy based on input arguments.
Firewall rules and server ips can be added/removed to/from
firewall policy. Firewall policy name and description can be
updated as well.
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
"""
try:
firewall_policy_id = module.params.get('firewall_policy')
name = module.params.get('name')
description = module.params.get('description')
add_server_ips = module.params.get('add_server_ips')
remove_server_ips = module.params.get('remove_server_ips')
add_rules = module.params.get('add_rules')
remove_rules = module.params.get('remove_rules')
changed = False
firewall_policy = get_firewall_policy(oneandone_conn, firewall_policy_id, True)
if firewall_policy is None:
_check_mode(module, False)
if name or description:
_check_mode(module, True)
firewall_policy = oneandone_conn.modify_firewall(
firewall_id=firewall_policy['id'],
name=name,
description=description)
changed = True
if add_server_ips:
if module.check_mode:
_check_mode(module, _add_server_ips(module,
oneandone_conn,
firewall_policy['id'],
add_server_ips))
firewall_policy = _add_server_ips(module, oneandone_conn, firewall_policy['id'], add_server_ips)
changed = True
if remove_server_ips:
chk_changed = False
for server_ip_id in remove_server_ips:
if module.check_mode:
chk_changed |= _remove_firewall_server(module,
oneandone_conn,
firewall_policy['id'],
server_ip_id)
_remove_firewall_server(module,
oneandone_conn,
firewall_policy['id'],
server_ip_id)
_check_mode(module, chk_changed)
firewall_policy = get_firewall_policy(oneandone_conn, firewall_policy['id'], True)
changed = True
if add_rules:
firewall_policy = _add_firewall_rules(module,
oneandone_conn,
firewall_policy['id'],
add_rules)
_check_mode(module, firewall_policy)
changed = True
if remove_rules:
chk_changed = False
for rule_id in remove_rules:
if module.check_mode:
chk_changed |= _remove_firewall_rule(module,
oneandone_conn,
firewall_policy['id'],
rule_id)
_remove_firewall_rule(module,
oneandone_conn,
firewall_policy['id'],
rule_id)
_check_mode(module, chk_changed)
firewall_policy = get_firewall_policy(oneandone_conn, firewall_policy['id'], True)
changed = True
return (changed, firewall_policy)
except Exception as e:
module.fail_json(msg=str(e))
def create_firewall_policy(module, oneandone_conn):
"""
Create a new firewall policy.
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
"""
try:
name = module.params.get('name')
description = module.params.get('description')
rules = module.params.get('rules')
wait = module.params.get('wait')
wait_timeout = module.params.get('wait_timeout')
wait_interval = module.params.get('wait_interval')
firewall_rules = []
for rule in rules:
firewall_rule = oneandone.client.FirewallPolicyRule(
protocol=rule['protocol'],
port_from=rule['port_from'],
port_to=rule['port_to'],
source=rule['source'])
firewall_rules.append(firewall_rule)
firewall_policy_obj = oneandone.client.FirewallPolicy(
name=name,
description=description
)
_check_mode(module, True)
firewall_policy = oneandone_conn.create_firewall_policy(
firewall_policy=firewall_policy_obj,
firewall_policy_rules=firewall_rules
)
if wait:
wait_for_resource_creation_completion(
oneandone_conn,
OneAndOneResources.firewall_policy,
firewall_policy['id'],
wait_timeout,
wait_interval)
firewall_policy = get_firewall_policy(oneandone_conn, firewall_policy['id'], True) # refresh
changed = True if firewall_policy else False
_check_mode(module, False)
return (changed, firewall_policy)
except Exception as e:
module.fail_json(msg=str(e))
def remove_firewall_policy(module, oneandone_conn):
"""
Removes a firewall policy.
module : AnsibleModule object
oneandone_conn: authenticated oneandone object
"""
try:
fp_id = module.params.get('name')
firewall_policy_id = get_firewall_policy(oneandone_conn, fp_id)
if module.check_mode:
if firewall_policy_id is None:
_check_mode(module, False)
_check_mode(module, True)
firewall_policy = oneandone_conn.delete_firewall(firewall_policy_id)
changed = True if firewall_policy else False
return (changed, {
'id': firewall_policy['id'],
'name': firewall_policy['name']
})
except Exception as e:
module.fail_json(msg=str(e))
def main():
module = AnsibleModule(
argument_spec=dict(
auth_token=dict(
type='str', no_log=True,
2020-03-09 10:11:07 +01:00
default=os.environ.get('ONEANDONE_AUTH_TOKEN')),
api_url=dict(
type='str',
default=os.environ.get('ONEANDONE_API_URL')),
name=dict(type='str'),
firewall_policy=dict(type='str'),
description=dict(type='str'),
Tidy up sanity checks (2021/Batch 3 - who's counting) (#1885) * fixed validation-modules for plugins/modules/packaging/language/pip_package_info.py * fixed validation-modules for plugins/modules/packaging/language/maven_artifact.py * fixed validation-modules for plugins/modules/packaging/language/bundler.py * fixed validation-modules for plugins/modules/notification/pushbullet.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_handler.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_check.py * fixed validation-modules for plugins/modules/monitoring/sensu/sensu_client.py * fixed validation-modules for plugins/modules/monitoring/icinga2_host.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_monitor.py * fixed validation-modules for plugins/modules/monitoring/datadog/datadog_event.py * fixed validation-modules for plugins/modules/clustering/znode.py * fixed validation-modules for plugins/modules/clustering/etcd3.py * fixed validation-modules for plugins/modules/clustering/consul/consul_session.py * fixed validation-modules for plugins/modules/clustering/consul/consul_kv.py * fixed validation-modules for plugins/modules/clustering/consul/consul.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks.py * fixed validation-modules for plugins/modules/cloud/profitbricks/profitbricks_volume.py * fixed validation-modules for plugins/modules/cloud/packet/packet_sshkey.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_server.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_private_network.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_load_balancer.py * fixed validation-modules for plugins/modules/cloud/oneandone/oneandone_firewall_policy.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_app.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_db.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_domain.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_mailbox.py * fixed validation-modules for plugins/modules/cloud/webfaction/webfaction_site.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_cmms.py * fixed validation-modules for plugins/modules/remote_management/lxca/lxca_nodes.py * missed one "elements" in sensu_handler * Tidy up batch of sanity checks ignore lines * missed lines in ignore-2.9.txt * fixed validation-modules for plugins/modules/clustering/consul/consul_acl.py * Update ignore-2.9.txt Removed consul_acl.py from ignore-2.9.txt * Apply suggestions from code review Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru> * Update plugins/modules/notification/pushbullet.py Co-authored-by: Felix Fontein <felix@fontein.de> * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py Co-authored-by: Felix Fontein <felix@fontein.de> * added changelog fragment * Update plugins/modules/cloud/oneandone/oneandone_monitoring_policy.py * Update changelogs/fragments/1885-sanity-check-fixes-batch3.yml Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Felix Fontein <felix@fontein.de> Co-authored-by: Andrew Klychkov <aaklychkov@mail.ru>
2021-02-26 11:37:23 +01:00
rules=dict(type='list', elements="dict", default=[]),
add_server_ips=dict(type='list', elements="str", default=[]),
remove_server_ips=dict(type='list', elements="str", default=[]),
add_rules=dict(type='list', elements="dict", default=[]),
remove_rules=dict(type='list', elements="str", default=[]),
2020-03-09 10:11:07 +01:00
wait=dict(type='bool', default=True),
wait_timeout=dict(type='int', default=600),
wait_interval=dict(type='int', default=5),
state=dict(type='str', default='present', choices=['present', 'absent', 'update']),
),
supports_check_mode=True
)
if not HAS_ONEANDONE_SDK:
module.fail_json(msg='1and1 required for this module')
if not module.params.get('auth_token'):
module.fail_json(
msg='The "auth_token" parameter or ' +
'ONEANDONE_AUTH_TOKEN environment variable is required.')
if not module.params.get('api_url'):
oneandone_conn = oneandone.client.OneAndOneService(
api_token=module.params.get('auth_token'))
else:
oneandone_conn = oneandone.client.OneAndOneService(
api_token=module.params.get('auth_token'), api_url=module.params.get('api_url'))
state = module.params.get('state')
if state == 'absent':
if not module.params.get('name'):
module.fail_json(
msg="'name' parameter is required to delete a firewall policy.")
try:
(changed, firewall_policy) = remove_firewall_policy(module, oneandone_conn)
except Exception as e:
module.fail_json(msg=str(e))
elif state == 'update':
if not module.params.get('firewall_policy'):
module.fail_json(
msg="'firewall_policy' parameter is required to update a firewall policy.")
try:
(changed, firewall_policy) = update_firewall_policy(module, oneandone_conn)
except Exception as e:
module.fail_json(msg=str(e))
elif state == 'present':
for param in ('name', 'rules'):
if not module.params.get(param):
module.fail_json(
msg="%s parameter is required for new firewall policies." % param)
try:
(changed, firewall_policy) = create_firewall_policy(module, oneandone_conn)
except Exception as e:
module.fail_json(msg=str(e))
module.exit_json(changed=changed, firewall_policy=firewall_policy)
if __name__ == '__main__':
main()