New module: Add module to manage Windows Firewall (windows/win_firewall) (#23224)
* added win_firewall module and updated to use list for profiles * removed unnecessary cast and bug/typo in ForEach block
This commit is contained in:
parent
6dd1fc6f34
commit
8bfa19c4af
2 changed files with 150 additions and 0 deletions
68
lib/ansible/modules/windows/win_firewall.ps1
Normal file
68
lib/ansible/modules/windows/win_firewall.ps1
Normal file
|
@ -0,0 +1,68 @@
|
|||
#!powershell
|
||||
# This file is part of Ansible
|
||||
|
||||
# Copyright 2017, Michael Eaton <meaton@iforium.com>
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# WANT_JSON
|
||||
# POWERSHELL_COMMON
|
||||
|
||||
|
||||
# get params
|
||||
$params = Parse-Args $args -supports_check_mode $false
|
||||
|
||||
$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default [ "Public", "Domain", "Private" ]
|
||||
$wantedstate = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'enabled', 'disabled'
|
||||
|
||||
$result = @{
|
||||
changed = $false
|
||||
|
||||
}
|
||||
|
||||
Try {
|
||||
|
||||
ForEach($profile in $profiles)
|
||||
|
||||
{
|
||||
|
||||
$currentstate = (Get-NetFirewallProfile -Name $profile).Enabled
|
||||
|
||||
if ($wantedstate -eq 'enabled')
|
||||
{
|
||||
if ($currentstate -eq $false)
|
||||
{
|
||||
Set-NetFirewallProfile -name $profile -Enabled true
|
||||
$result.enabled = $true
|
||||
$result.changed = $true
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if ($currentstate -eq $true)
|
||||
{
|
||||
Set-NetFirewallProfile -name $profile -Enabled false
|
||||
$result.enabled = $false
|
||||
$result.changed = $true
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
Catch {
|
||||
Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)"
|
||||
}
|
||||
|
||||
Exit-Json $result
|
82
lib/ansible/modules/windows/win_firewall.py
Normal file
82
lib/ansible/modules/windows/win_firewall.py
Normal file
|
@ -0,0 +1,82 @@
|
|||
#!/usr/bin/python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
# (c) 2017, Michael Eaton <meaton@iforium.com>
|
||||
#
|
||||
# This file is part of Ansible
|
||||
#
|
||||
# Ansible is free software: you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation, either version 3 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# Ansible is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
# this is a windows documentation stub. actual code lives in the .ps1
|
||||
# file of the same name
|
||||
|
||||
ANSIBLE_METADATA = {'metadata_version': '1.0',
|
||||
'status': ['preview'],
|
||||
'supported_by': 'community'}
|
||||
|
||||
DOCUMENTATION = r'''
|
||||
---
|
||||
module: win_firewall
|
||||
version_added: "2.4"
|
||||
short_description: Manages Windows Firewall
|
||||
description:
|
||||
- Manages Windows Firewall
|
||||
options:
|
||||
profile:
|
||||
description:
|
||||
- specify the profile to change
|
||||
choices:
|
||||
- Public
|
||||
- Domain
|
||||
- Private
|
||||
state:
|
||||
description:
|
||||
- set state of firewall for given profile
|
||||
choices:
|
||||
- enabled
|
||||
- disabled
|
||||
|
||||
author: "Michael Eaton (@MichaelEaton83)"
|
||||
'''
|
||||
|
||||
EXAMPLES = r'''
|
||||
- name: Enable all firewalls
|
||||
win_firewall:
|
||||
state: enabled
|
||||
profiles:
|
||||
- Domain
|
||||
- Public
|
||||
- Private
|
||||
tags: enable_firewall
|
||||
|
||||
- name: Disable Domain firewall
|
||||
win_firewall:
|
||||
state: disabled
|
||||
profiles:
|
||||
- Domain
|
||||
tags: disable_firewall
|
||||
'''
|
||||
|
||||
RETURN = r'''
|
||||
profile:
|
||||
description: chosen profile
|
||||
returned: always
|
||||
type: string
|
||||
sample: Domain
|
||||
enabled:
|
||||
description: current firewall status for chosen profile (after any potential change)
|
||||
returned: always
|
||||
type: bool
|
||||
sample: true
|
||||
'''
|
Loading…
Reference in a new issue