New module: Add module to manage Windows Firewall (windows/win_firewall) (#23224)

* added win_firewall module and updated to use list for profiles

* removed unnecessary cast and bug/typo in ForEach block
This commit is contained in:
Michael Eaton 2017-05-26 14:26:48 +01:00 committed by Ryan Brown
parent 6dd1fc6f34
commit 8bfa19c4af
2 changed files with 150 additions and 0 deletions

View file

@ -0,0 +1,68 @@
#!powershell
# This file is part of Ansible
# Copyright 2017, Michael Eaton <meaton@iforium.com>
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# WANT_JSON
# POWERSHELL_COMMON
# get params
$params = Parse-Args $args -supports_check_mode $false
$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default [ "Public", "Domain", "Private" ]
$wantedstate = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'enabled', 'disabled'
$result = @{
changed = $false
}
Try {
ForEach($profile in $profiles)
{
$currentstate = (Get-NetFirewallProfile -Name $profile).Enabled
if ($wantedstate -eq 'enabled')
{
if ($currentstate -eq $false)
{
Set-NetFirewallProfile -name $profile -Enabled true
$result.enabled = $true
$result.changed = $true
}
}
else
{
if ($currentstate -eq $true)
{
Set-NetFirewallProfile -name $profile -Enabled false
$result.enabled = $false
$result.changed = $true
}
}
}
}
Catch {
Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)"
}
Exit-Json $result

View file

@ -0,0 +1,82 @@
#!/usr/bin/python
# -*- coding: utf-8 -*-
# (c) 2017, Michael Eaton <meaton@iforium.com>
#
# This file is part of Ansible
#
# Ansible is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# Ansible is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# this is a windows documentation stub. actual code lives in the .ps1
# file of the same name
ANSIBLE_METADATA = {'metadata_version': '1.0',
'status': ['preview'],
'supported_by': 'community'}
DOCUMENTATION = r'''
---
module: win_firewall
version_added: "2.4"
short_description: Manages Windows Firewall
description:
- Manages Windows Firewall
options:
profile:
description:
- specify the profile to change
choices:
- Public
- Domain
- Private
state:
description:
- set state of firewall for given profile
choices:
- enabled
- disabled
author: "Michael Eaton (@MichaelEaton83)"
'''
EXAMPLES = r'''
- name: Enable all firewalls
win_firewall:
state: enabled
profiles:
- Domain
- Public
- Private
tags: enable_firewall
- name: Disable Domain firewall
win_firewall:
state: disabled
profiles:
- Domain
tags: disable_firewall
'''
RETURN = r'''
profile:
description: chosen profile
returned: always
type: string
sample: Domain
enabled:
description: current firewall status for chosen profile (after any potential change)
returned: always
type: bool
sample: true
'''