Vh.HdZdZdZddlmZddlmZdZe dk(reyy) a" module: networkfirewall short_description: manage AWS Network Firewall firewalls version_added: 4.0.0 description: - A module for creating, updating and deleting AWS Network Firewall firewalls. options: arn: description: - The ARN of the firewall. - Exactly one of I(arn) or I(name) must be provided. required: false type: str aliases: ['firewall_arn'] name: description: - The name of the firewall. - Cannot be updated after creation. - Exactly one of I(arn) or I(name) must be provided. required: false type: str aliases: ['firewall_name'] state: description: - Create or remove the firewall. required: false choices: ['present', 'absent'] default: 'present' type: str description: description: - A description for the firewall. required: false type: str delete_protection: description: - When I(delete_protection=True), the firewall is protected from deletion. - Defaults to C(false) when not provided on creation. type: bool required: false policy_change_protection: description: - When I(policy_change_protection=True), the firewall is protected from changes to which policy is attached to the firewall. - Defaults to C(false) when not provided on creation. type: bool required: false aliases: ['firewall_policy_change_protection'] subnet_change_protection: description: - When I(subnet_change_protection=True), the firewall is protected from changes to which subnets is attached to the firewall. - Defaults to C(false) when not provided on creation. type: bool required: false wait: description: - On creation, whether to wait for the firewall to reach the C(READY) state. - On deletion, whether to wait for the firewall to reach the C(DELETED) state. - On update, whether to wait for the firewall to reach the C(IN_SYNC) configuration synchronization state. type: bool required: false default: true wait_timeout: description: - Maximum time, in seconds, to wait for the firewall to reach the expected state. - Defaults to 600 seconds. type: int required: false subnets: description: - The ID of the subnets to which the firewall will be associated. - Required when creating a new firewall. type: list elements: str required: false purge_subnets: description: - If I(purge_subnets=true), existing subnets will be removed from the firewall as necessary to match exactly what is defined by I(subnets). type: bool required: false default: true policy: description: - The ARN of the Network Firewall policy to use for the firewall. - Required when creating a new firewall. type: str required: false aliases: ['firewall_policy_arn'] author: - Mark Chappell (@tremble) extends_documentation_fragment: - amazon.aws.common.modules - amazon.aws.region.modules - amazon.aws.tags - amazon.aws.boto3 a5 # Create an AWS Network Firewall - community.aws.networkfirewall: name: 'ExampleFirewall' state: present policy: 'ExamplePolicy' subnets: - 'subnet-123456789abcdef01' # Create an AWS Network Firewall with various options, don't wait for creation # to finish. - community.aws.networkfirewall: name: 'ExampleFirewall' state: present delete_protection: true description: "An example Description" policy: 'ExamplePolicy' policy_change_protection: true subnets: - 'subnet-123456789abcdef01' - 'subnet-abcdef0123456789a' subnet_change_protection: true tags: ExampleTag: Example Value another_tag: another_example wait: false # Delete an AWS Network Firewall - community.aws.networkfirewall: state: absent name: 'ExampleFirewall' am firewall: description: The full details of the firewall returned: success type: dict contains: firewall: description: The details of the firewall type: dict returned: success contains: delete_protection: description: A flag indicating whether it is possible to delete the firewall. type: str returned: success example: true description: description: A description of the firewall. type: str returned: success example: "Description" firewall_arn: description: The ARN of the firewall. type: str returned: success example: "arn:aws:network-firewall:us-east-1:123456789012:firewall/ExampleFirewall" firewall_id: description: A unique ID for the firewall. type: str returned: success example: "12345678-abcd-1234-abcd-123456789abc" firewall_name: description: The name of the firewall. type: str returned: success example: "ExampleFirewall" firewall_policy_arn: description: The ARN of the firewall policy used by the firewall. type: str returned: success example: "arn:aws:network-firewall:us-east-1:123456789012:firewall-policy/ExamplePolicy" firewall_policy_change_protection: description: - A flag indicating whether it is possible to change which firewall policy is used by the firewall. type: bool returned: success example: false subnet_change_protection: description: - A flag indicating whether it is possible to change which subnets the firewall endpoints are in. type: bool returned: success example: true subnets: description: A list of the subnets the firewall endpoints are in. type: list elements: str example: ["subnet-12345678", "subnet-87654321"] subnet_mappings: description: A list representing the subnets the firewall endpoints are in. type: list elements: dict contains: subnet_id: description: The ID of the subnet. type: str returned: success example: "subnet-12345678" tags: description: The tags associated with the firewall. type: dict returned: success example: '{"SomeTag": "SomeValue"}' vpc_id: description: The ID of the VPC that the firewall is used by. type: str returned: success example: "vpc-0123456789abcdef0" firewall_metadata: description: Metadata about the firewall type: dict returned: success contains: configuration_sync_state_summary: description: - A short summary of the synchronization status of the policy and rule groups. type: str returned: success example: "IN_SYNC" status: description: - A short summary of the status of the firewall endpoints. type: str returned: success example: "READY" sync_states: description: - A description, broken down by availability zone, of the status of the firewall endpoints as well as the synchronization status of the policies and rule groups. type: dict returned: success example: { "us-east-1a": { "attachment": { "endpoint_id": "vpce-123456789abcdef01", "status": "READY", "subnet_id": "subnet-12345678" }, "config": { "arn:aws:network-firewall:us-east-1:123456789012:firewall-policy/Ansible-Example": { "sync_status": "IN_SYNC", "update_token": "abcdef01-0000-0000-0000-123456789abc" }, "arn:aws:network-firewall:us-east-1:123456789012:stateful-rulegroup/ExampleDomainList": { "sync_status": "IN_SYNC", "update_token": "12345678-0000-0000-0000-abcdef012345" } } } } )AnsibleCommunityAWSModule)NetworkFirewallManagerc*ttdddgtdddgtdddddgtdd td dd gtd dd td dd tdd td d td ddgtd d tdddtd dd tdddg}ddgg}ddgg}t|d ||}|jjd}|jjd}|jjd}t |||}|j |jjdd|j |jjdd|dk(r=|j|jjdd|jn|jsZ|jjdds|jd|jjdds|jd |j|jjd!d|j|jjd"d|jjd#d|j|jjd$d|j|jjd%d|j|jjdd|j|jjdd|jjd&d|j!|jjdd|j#t|j$|j&'}|j$r&t|j|j&(} | |d)<|j(d*i|y)+NstrF firewall_name)typerequiredaliases firewall_arnpresentabsent)rr defaultchoices)rr dict resource_tagsboolT)rr rint!firewall_policy_change_protectionlist)relementsr firewall_policy_arn)namearnstate descriptiontags purge_tagswait wait_timeoutsubnet_change_protectionpolicy_change_protectiondelete_protectionsubnets purge_subnetspolicyrr) argument_specsupports_check_modemutually_exclusiverequired_one_ofr)rrrrr"r#z3The subnets parameter must be provided on creation.r%z2The policy parameter must be provided on creation.rrrr r!r$)changedfirewall)beforeafterdiff)rAnsibleAWSModuleparamsgetrset_waitset_wait_timeoutset_delete_protectiondeleteoriginal_resource fail_jsonset_descriptionset_tagsset_subnet_change_protectionset_policy_change_protection set_subnets set_policy flush_changesr*updated_resource exit_json) r&r(r)modulerrrmanagerresultsr.s q/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/aws/plugins/modules/networkfirewall.pymainrFsy uu6G H een5E Fy9V^J_`ee4 v7H IVeTB vt <uu5!%6E!B!%6ELoKp!qFU;&55AE9N8OPM$  O# -' F --  E "C ==  V $D MM  g &E$V$C@G V]]&&vt45 V]]..~tDE %%fmm&7&78KT&RS((==$$Y5  !VW==$$Xt4  !UV 1 1- FG**648&--:K:KLZ^:_`,,V]]->->?Y[_-`a,,V]]->->?Y[_-`a%%fmm&7&78KT&RSFMM--i> @Q@QRacg@hi6==,,Xt<=))G,,** Fw__main__N) DOCUMENTATIONEXAMPLESRETURN>ansible_collections.community.aws.plugins.module_utils.modulesrr0Fansible_collections.community.aws.plugins.module_utils.networkfirewallrrF__name__r/rGrErOsCf P D} ~yiD N zFrG