cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

win_firewall_rule: strictmode fixes (#2432)

Browse source 
I set the default values to `netsh advfirewall firewall add rule` defaults.
This commit is contained in:
Andrea Scarpino 2016-06-20 23:35:27 +02:00 committed by Matt Clay
parent 3cb598f9f8
commit 9b41c6bfe3
2 changed files with 48 additions and 78 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
lib/ansible/modules/extras/windows/win_firewall_rule.ps1
View file

@ -20,9 +20,6 @@
# WANT_JSON # WANT_JSON
# POWERSHELL_COMMON # POWERSHELL_COMMON
# temporarily disable strictmode, for this module only
Set-StrictMode -Off
function getFirewallRule ($fwsettings) { function getFirewallRule ($fwsettings) {
try { try {
@ -205,81 +202,55 @@ $fwsettings=@{}
# Variabelise the arguments # Variabelise the arguments
$params=Parse-Args $args; $params=Parse-Args $args;
$enable=Get-Attr $params "enable" $null; $name = Get-AnsibleParam -obj $params -name "name" -failifempty $true
$state=Get-Attr $params "state" "present"; $direction = Get-AnsibleParam -obj $params -name "direction" -failifempty $true -validateSet "in","out"
$name=Get-Attr $params "name" ""; $action = Get-AnsibleParam -obj $params -name "action" -failifempty $true -validateSet "allow","block","bypass"
$direction=Get-Attr $params "direction" ""; $program = Get-AnsibleParam -obj $params -name "program"
$force=Get-Attr $params "force" $false; $service = Get-AnsibleParam -obj $params -name "service" -default "any"
$action=Get-Attr $params "action" ""; $description = Get-AnsibleParam -obj $params -name "description"
$enable = ConvertTo-Bool (Get-AnsibleParam -obj $params -name "enable" -default "true")
$winprofile = Get-AnsibleParam -obj $params -name "profile" -default "any"
$localip = Get-AnsibleParam -obj $params -name "localip" -default "any"
$remoteip = Get-AnsibleParam -obj $params -name "remoteip" -default "any"
$localport = Get-AnsibleParam -obj $params -name "localport" -default "any"
$remoteport = Get-AnsibleParam -obj $params -name "remoteport" -default "any"
$protocol = Get-AnsibleParam -obj $params -name "protocol" -default "any"
$state = Get-AnsibleParam -obj $params -name "state" -failifempty $true -validateSet "present","absent"
$force = ConvertTo-Bool (Get-AnsibleParam -obj $params -name "force" -default "false")
$misArg = ''
# Check the arguments # Check the arguments
if ($enable -ne $null) { If ($enable -eq $true) {
$enable=ConvertTo-Bool $enable; $fwsettings.Add("Enabled", "yes");
if ($enable -eq $true) { } Else {
$fwsettings.Add("Enabled", "yes"); $fwsettings.Add("Enabled", "no");
} elseif ($enable -eq $false) {
$fwsettings.Add("Enabled", "no");
} else {
$misArg+="enable";
$msg+=@("for the enable parameter only yes and no is allowed");
};
}; };
if (($state -ne "present") -And ($state -ne "absent")){ $fwsettings.Add("Rule Name", $name)
$misArg+="state"; #$fwsettings.Add("displayname", $name)
$msg+=@("for the state parameter only present and absent is allowed");
};
if ($name -eq ""){ $state = $state.ToString().ToLower()
$misArg+="Name"; If ($state -eq "present")){
$msg+=@("name is a required argument");
} else {
$fwsettings.Add("Rule Name", $name)
#$fwsettings.Add("displayname", $name)
};
if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){
$misArg+="Direction";
$msg+=@("for the Direction parameter only the values 'In' and 'Out' are allowed");
} else {
$fwsettings.Add("Direction", $direction) $fwsettings.Add("Direction", $direction)
};
if ((($action.ToLower() -ne "allow") -And ($action.ToLower() -ne "block")) -And ($state -eq "present")){
$misArg+="Action";
$msg+=@("for the Action parameter only the values 'allow' and 'block' are allowed");
} else {
$fwsettings.Add("Action", $action) $fwsettings.Add("Action", $action)
}; };
$args=@(
"Description",
"LocalIP",
"RemoteIP",
"LocalPort",
"RemotePort",
"Program",
"Service",
"Protocol"
)
foreach ($arg in $args){ If ($description) {
New-Variable -Name $arg -Value $(Get-Attr $params $arg ""); $fwsettings.Add("Description", $description);
if ((Get-Variable -Name $arg -ValueOnly) -ne ""){ }
$fwsettings.Add($arg, $(Get-Variable -Name $arg -ValueOnly));
};
};
$winprofile=Get-Attr $params "profile" "current"; If ($program) {
$fwsettings.Add("Program", $program);
}
$fwsettings.Add("LocalIP", $localip);
$fwsettings.Add("RemoteIP", $remoteip);
$fwsettings.Add("LocalPort", $localport);
$fwsettings.Add("RemotePort", $remoteport);
$fwsettings.Add("Service", $service);
$fwsettings.Add("Protocol", $protocol);
$fwsettings.Add("Profiles", $winprofile) $fwsettings.Add("Profiles", $winprofile)
if ($misArg){
$result=New-Object psobject @{
changed=$false
failed=$true
msg=$msg
};
Exit-Json($result);
};
$output=@() $output=@()
$capture=getFirewallRule ($fwsettings); $capture=getFirewallRule ($fwsettings);
if ($capture.failed -eq $true) { if ($capture.failed -eq $true) {
@ -299,7 +270,7 @@ if ($capture.failed -eq $true) {
} }
switch ($state.ToLower()){ switch ($state){
"present" { "present" {
if ($capture.exists -eq $false) { if ($capture.exists -eq $false) {
$capture=createFireWallRule($fwsettings); $capture=createFireWallRule($fwsettings);

21
lib/ansible/modules/extras/windows/win_firewall_rule.py
View file

@ -29,9 +29,8 @@ options:
enable: enable:
description: description:
- is this firewall rule enabled or disabled - is this firewall rule enabled or disabled
default: null default: true
required: false required: false
choices: ['yes', 'no']
state: state:
description: description:
- should this rule be added or removed - should this rule be added or removed
@ -48,13 +47,13 @@ options:
- is this rule for inbound or outbound trafic - is this rule for inbound or outbound trafic
default: null default: null
required: true required: true
choices: [ 'In', 'Out' ] choices: ['in', 'out']
action: action:
description: description:
- what to do with the items this rule is for - what to do with the items this rule is for
default: null default: null
required: true required: true
choices: [ 'allow', 'block' ] choices: ['allow', 'block', 'bypass']
description: description:
description: description:
- description for the firewall rule - description for the firewall rule
@ -63,22 +62,22 @@ options:
localip: localip:
description: description:
- the local ip address this rule applies to - the local ip address this rule applies to
default: null default: 'any'
required: false required: false
remoteip: remoteip:
description: description:
- the remote ip address/range this rule applies to - the remote ip address/range this rule applies to
default: null default: 'any'
required: false required: false
localport: localport:
description: description:
- the local port this rule applies to - the local port this rule applies to
default: null default: 'any'
required: false required: false
remoteport: remoteport:
description: description:
- the remote port this rule applies to - the remote port this rule applies to
default: null default: 'any'
required: false required: false
program: program:
description: description:
@ -88,17 +87,17 @@ options:
service: service:
description: description:
- the service this rule applies to - the service this rule applies to
default: null default: 'any'
required: false required: false
protocol: protocol:
description: description:
- the protocol this rule applies to - the protocol this rule applies to
default: null default: 'any'
required: false required: false
profile: profile:
description: description:
- the profile this rule applies to, e.g. Domain,Private,Public - the profile this rule applies to, e.g. Domain,Private,Public
default: null default: 'any'
required: false required: false
force: force:
description: description: