From 8bfa19c4aff827c8b114732f0bd9193df73552bf Mon Sep 17 00:00:00 2001
From: Michael Eaton <meaton@iforium.com>
Date: Fri, 26 May 2017 14:26:48 +0100
Subject: [PATCH] New module: Add module to manage Windows Firewall
 (windows/win_firewall) (#23224)

* added win_firewall module and updated to use list for profiles

* removed unnecessary cast and bug/typo in ForEach block
---
 lib/ansible/modules/windows/win_firewall.ps1 | 68 ++++++++++++++++
 lib/ansible/modules/windows/win_firewall.py  | 82 ++++++++++++++++++++
 2 files changed, 150 insertions(+)
 create mode 100644 lib/ansible/modules/windows/win_firewall.ps1
 create mode 100644 lib/ansible/modules/windows/win_firewall.py

diff --git a/lib/ansible/modules/windows/win_firewall.ps1 b/lib/ansible/modules/windows/win_firewall.ps1
new file mode 100644
index 00000000000..c33789c02cb
--- /dev/null
+++ b/lib/ansible/modules/windows/win_firewall.ps1
@@ -0,0 +1,68 @@
+#!powershell
+# This file is part of Ansible
+
+# Copyright 2017, Michael Eaton <meaton@iforium.com>
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# WANT_JSON
+# POWERSHELL_COMMON
+
+
+# get params
+$params = Parse-Args $args -supports_check_mode $false
+
+$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default [ "Public", "Domain", "Private" ]
+$wantedstate = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'enabled', 'disabled'
+
+$result = @{
+    changed = $false
+
+}
+
+Try {
+
+  ForEach($profile in $profiles)
+
+  {
+
+      $currentstate = (Get-NetFirewallProfile -Name $profile).Enabled
+
+      if ($wantedstate -eq 'enabled')
+      {
+        if ($currentstate -eq $false)
+        {
+            Set-NetFirewallProfile -name $profile -Enabled true
+            $result.enabled = $true
+            $result.changed = $true
+        }
+      }
+      else
+      {
+        if ($currentstate -eq $true)
+        {
+           Set-NetFirewallProfile -name $profile -Enabled false
+           $result.enabled = $false
+           $result.changed = $true
+        }
+
+      }
+
+  }
+}
+Catch {
+    Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)"
+}
+
+Exit-Json $result
\ No newline at end of file
diff --git a/lib/ansible/modules/windows/win_firewall.py b/lib/ansible/modules/windows/win_firewall.py
new file mode 100644
index 00000000000..5c09d69af16
--- /dev/null
+++ b/lib/ansible/modules/windows/win_firewall.py
@@ -0,0 +1,82 @@
+#!/usr/bin/python
+# -*- coding: utf-8 -*-
+
+# (c) 2017, Michael Eaton <meaton@iforium.com>
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+# this is a windows documentation stub.  actual code lives in the .ps1
+# file of the same name
+
+ANSIBLE_METADATA = {'metadata_version': '1.0',
+                    'status': ['preview'],
+                    'supported_by': 'community'}
+
+DOCUMENTATION = r'''
+---
+module: win_firewall
+version_added: "2.4"
+short_description: Manages Windows Firewall
+description:
+    - Manages Windows Firewall
+options:
+  profile:
+    description:
+    - specify the profile to change
+    choices:
+    - Public
+    - Domain
+    - Private
+  state:
+    description:
+    - set state of firewall for given profile
+    choices:
+    - enabled
+    - disabled
+
+author: "Michael Eaton (@MichaelEaton83)"
+'''
+
+EXAMPLES = r'''
+- name: Enable all firewalls
+  win_firewall:
+      state: enabled
+      profiles:
+      - Domain
+      - Public
+      - Private
+  tags: enable_firewall
+
+- name: Disable Domain firewall
+  win_firewall:
+     state: disabled
+     profiles:
+     - Domain
+  tags: disable_firewall
+'''
+
+RETURN = r'''
+profile:
+    description: chosen profile
+    returned: always
+    type: string
+    sample: Domain
+enabled:
+    description: current firewall status for chosen profile (after any potential change)
+    returned: always
+    type: bool
+    sample: true
+'''