Vh%vddlmZmZmZeZdZdZdZddl m Z ddl m Z m Z mZmZmZdZdZed k(rey y ) )absolute_importdivisionprint_functiona module: firewall_info short_description: Manage Hetzner's dedicated server firewall author: - Felix Fontein (@felixfontein) description: - Manage Hetzner's dedicated server firewall. seealso: - name: Firewall documentation description: Hetzner's documentation on the stateless firewall for dedicated servers. link: https://docs.hetzner.com/robot/dedicated-server/firewall/ - module: community.hrobot.firewall description: Configure firewall. extends_documentation_fragment: - community.hrobot.robot - community.hrobot.attributes - community.hrobot.attributes.actiongroup_robot - community.hrobot.attributes.idempotent_not_modify_state - community.hrobot.attributes.info_module attributes: action_group: version_added: 1.6.0 options: server_ip: description: - The server's main IP address. - Exactly one of O(server_ip) and O(server_number) must be specified. - Note that Hetzner deprecated identifying the server's firewall by the server's main IP. Using this option can thus stop working at any time in the future. Use O(server_number) instead. type: str server_number: description: - The server's number. - Exactly one of O(server_ip) and O(server_number) must be specified. type: int version_added: 1.8.0 wait_for_configured: description: - Whether to wait until the firewall has been successfully configured before returning from the module. - The API returns status C(in progress) when the firewall is currently being configured. If this happens, the module will try again until the status changes to C(active) or C(disabled). - Please note that there is a request limit. If you have to do multiple updates, it can be better to disable waiting, and regularly use M(community.hrobot.firewall_info) to query status. type: bool default: true wait_delay: description: - Delay to wait (in seconds) before checking again whether the firewall has been configured. type: int default: 10 timeout: description: - Timeout (in seconds) for waiting for firewall to be configured. type: int default: 180 z --- - name: Get firewall configuration for server with main IP 1.2.3.4 community.hrobot.firewall_info: hetzner_user: foo hetzner_password: bar server_ip: 1.2.3.4 register: result - ansible.builtin.debug: msg: "{{ result.firewall }}" a firewall: description: - The firewall configuration. type: dict returned: success contains: port: description: - Switch port of firewall. - V(main) or V(kvm). type: str sample: main filter_ipv6: description: - Whether the firewall rules apply to IPv6 as well or not. type: bool sample: false server_ip: description: - Server's main IP address. type: str sample: 1.2.3.4 server_number: description: - Hetzner's internal server number. type: int sample: 12345 status: description: - Status of the firewall. - V(active) or V(disabled). - Will be V(in process) if the firewall is currently updated, and O(wait_for_configured) is set to V(false) or O(timeout) to a too small value. type: str sample: active allowlist_hos: description: - Whether Hetzner services have access. type: bool sample: true version_added: 1.2.0 whitelist_hos: description: - Whether Hetzner services have access. - Old name of return value V(allowlist_hos), will be removed eventually. type: bool sample: true rules: description: - Firewall rules. type: dict contains: input: description: - Input firewall rules. type: list elements: dict contains: name: description: - Name of the firewall rule. type: str sample: Allow HTTP access to server ip_version: description: - Internet protocol version. - No value means the rule applies both to IPv4 and IPv6. type: str sample: ipv4 dst_ip: description: - Destination IP address or subnet address. - CIDR notation. type: str sample: 1.2.3.4/32 dst_port: description: - Destination port or port range. type: str sample: "443" src_ip: description: - Source IP address or subnet address. - CIDR notation. type: str sample: src_port: description: - Source port or port range. type: str sample: protocol: description: - Protocol above IP layer. type: str sample: tcp tcp_flags: description: - TCP flags or logical combination of flags. type: str sample: action: description: - Action if rule matches. - V(accept) or V(discard). type: str sample: accept choices: - accept - discard output: description: - Output firewall rules. type: list elements: dict contains: name: description: - Name of the firewall rule. type: str sample: Allow HTTP access to server ip_version: description: - Internet protocol version. - No value means the rule applies both to IPv4 and IPv6. type: str sample: dst_ip: description: - Destination IP address or subnet address. - CIDR notation. type: str sample: 1.2.3.4/32 dst_port: description: - Destination port or port range. type: str sample: "443" src_ip: description: - Source IP address or subnet address. - CIDR notation. type: str sample: src_port: description: - Source port or port range. type: str sample: protocol: description: - Protocol above IP layer. type: str sample: tcp tcp_flags: description: - TCP flags or logical combination of flags. type: str sample: action: description: - Action if rule matches. - V(accept) or V(discard). type: str sample: accept choices: - accept - discard ) AnsibleModule)ROBOT_DEFAULT_ARGUMENT_SPECBASE_URLfetch_url_jsonfetch_url_json_with_retriesCheckDoneTimeoutExceptionc|dddk7S)Nfirewallstatusz in process)resulterrors r/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/community/hrobot/plugins/modules/firewall_info.pyfirewall_configuredr s * h '< 77c ttdtdtddtddtdd }|jtt|d }|jd xs|jd }d j t |}|jdr3 t||t|jd|jd\}}nt||\}}d}|jdd|d<|jdst|d<dD] }g|d|< |jd|y#t$r}|jdYd}~{d}~wwxYw)Nstr)typeintboolT)rdefault ) server_ip server_numberwait_for_configured wait_delaytimeout) argument_specsupports_check_moderrz{0}/firewall/{1}rr r!)check_done_callbackcheck_done_delaycheck_done_timeoutz4Timeout while waiting for firewall to be configured.)msgr whitelist_hosF allowlist_hosrules)input)changedr )dictupdaterrparamsformatrr rr fail_jsonr get exit_json) r"module server_idurlrrdummyr rulesets rmainr9 szE"& fd;UB/%- M45 # F  k*LfmmO.LI  # #Hi 8C }}*+ Y7$7!'|!<#)==#; MFE'vs3 j!H ( _e DH_ <<  F  ,G)+HW g & , ) Y   !W  X X Ys.1E E/E**E/__main__N) __future__rrrr __metaclass__ DOCUMENTATIONEXAMPLESRETURNansible.module_utils.basicr?ansible_collections.community.hrobot.plugins.module_utils.robotrrr r r rr9__name__rrrrCsYA@ 9 v i V58*Z zFr