Vh=ddlmZdZdZdZddlZddlmZddlm Z dd l m Z m Z dd l mZmZmZGd d e Zd Zedk(reyy)) annotationsa --- module: firewall short_description: Create and manage firewalls on the Hetzner Cloud. description: - Create, update and manage firewalls on the Hetzner Cloud. author: - Lukas Kaemmerling (@lkaemmerling) options: id: description: - The ID of the Hetzner Cloud Firewall to manage. - Only required if no firewall O(name) is given. type: int name: description: - The Name of the Hetzner Cloud Firewall to manage. - Only required if no firewall O(id) is given, or the firewall does not exist. type: str labels: description: - User-defined labels (key-value pairs). type: dict rules: description: - List of rules the firewall contain. type: list elements: dict suboptions: description: description: - User defined description of this rule. type: str direction: description: - The direction of the firewall rule. type: str choices: [in, out] protocol: description: - The protocol of the firewall rule. type: str choices: [icmp, tcp, udp, esp, gre] port: description: - The port or port range allowed by this rule. - A port range can be specified by separating two ports with a dash, e.g 1024-5000. - Only used if O(rules[].protocol=tcp) or O(rules[].protocol=udp). type: str source_ips: description: - List of CIDRs that are allowed within this rule. - Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses. - Only used if O(rules[].direction=in). type: list elements: str default: [] destination_ips: description: - List of CIDRs that are allowed within this rule. - Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses. - Only used if O(rules[].direction=out). type: list elements: str default: [] force: description: - Force the deletion of the Firewall when still in use. type: bool default: false state: description: - State of the firewall. default: present choices: [absent, present] type: str extends_documentation_fragment: - hetzner.hcloud.hcloud a - name: Create a basic firewall hetzner.hcloud.firewall: name: my-firewall state: present - name: Create a firewall with rules hetzner.hcloud.firewall: name: my-firewall rules: - description: allow icmp from everywhere direction: in protocol: icmp source_ips: - 0.0.0.0/0 - ::/0 state: present - name: Create a firewall with labels hetzner.hcloud.firewall: name: my-firewall labels: key: value mylabel: 123 state: present - name: Ensure the firewall is absent (remove if needed) hetzner.hcloud.firewall: name: my-firewall state: absent a hcloud_firewall: description: The firewall instance. returned: always type: dict contains: id: description: Numeric identifier of the firewall. returned: always type: int sample: 1937415 name: description: Name of the firewall. returned: always type: str sample: my-firewall labels: description: User-defined labels (key-value pairs). returned: always type: dict rules: description: List of rules the firewall contain. returned: always type: list elements: dict contains: description: description: User defined description of this rule. type: str returned: always sample: allow http from anywhere direction: description: The direction of the firewall rule. type: str returned: always sample: in protocol: description: The protocol of the firewall rule. type: str returned: always sample: tcp port: description: The port or port range allowed by this rule. type: str returned: if RV(hcloud_firewall.rules[].protocol=tcp) or RV(hcloud_firewall.rules[].protocol=udp) sample: "80" source_ips: description: List of source CIDRs that are allowed within this rule. type: list elements: str returned: always sample: ["0.0.0.0/0", "::/0"] destination_ips: description: List of destination CIDRs that are allowed within this rule. type: list elements: str returned: always sample: [] applied_to: description: List of Resources the Firewall is applied to. returned: always type: list elements: dict contains: type: description: Type of the resource. type: str choices: [server, label_selector] sample: label_selector server: description: ID of the server. type: int sample: 12345 label_selector: description: Label selector value. type: str sample: env=prod applied_to_resources: description: List of Resources the Firewall label selector is applied to. returned: if RV(hcloud_firewall.applied_to[].type=label_selector) type: list elements: dict contains: type: description: Type of resource referenced. type: str choices: [server] sample: server server: description: ID of the Server. type: int sample: 12345 N) AnsibleModule) AnsibleHCloud) APIExceptionHCloudException) BoundFirewallFirewallResource FirewallRulecpeZdZUdZdZded<dZd dZddZdZ dZ d Z d Z d Z efd ZxZS)AnsibleHCloudFirewallhcloud_firewallNzBoundFirewall | Nonec tt|jj|jj|jjDcgc]}|j |c}|jj |jjDcgc]}|j|c}dScc}wcc}w)N)idnameruleslabels applied_to) strrrrr_prepare_result_rulerr_prepare_result_applied_to)selfruleresources k/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/hetzner/hcloud/plugins/modules/firewall.py_prepare_resultz%AnsibleHCloudFirewall._prepare_resultsd**--.((--BFBVBVB\B\]$d//5]**11UYUiUiUtUtu4::8Du   ^us B0B5 c|j|j|j|j|j|j dS)N directionprotocolport source_ipsdestination_ips descriptionr)rrs rrz*AnsibleHCloudFirewall._prepare_result_rules: II//#33++   c|j|jt|jjnd|j|jj ndd}|j U|j Dcgc]<}|j|jt|jjndd>c}|d<|Scc}w)N)typeserverlabel_selector)r'r(applied_to_resources)r'r(rrr)selectorr*)rrresultitems rrz0AnsibleHCloudFirewall._prepare_result_applied_tosMM191Lc(//,,-RVBJBYBYBeh55>>ko   ( ( 4 %99 . !II59[[5Lc$++..1RV.F) * .s8ACc  |jjjdN|jjj |jjjd|_y|jjjdN|jjj|jjjd|_yy#t$r}|j|Yd}~yd}~wwxYw)Nrr) moduleparamsgetclient firewalls get_by_idr get_by_namerfail_json_hcloud)r exceptions r _get_firewallz#AnsibleHCloudFirewall._get_firewalls -{{!!%%d+7'+{{'<'<'F'Ft{{GYGYG]G]^bGc'd$##''/;'+{{'<'<'H'HI[I[I_I_`fIg'h$< -  ! !) , , -sA2C)5A2C)) D 2DD c |jjdg|jjjd|jjjdd}|jjjd}|B|Dcgc]3}t |d|d|d|dng|d |d ng|d |d  5c}|d<|jj s' |j jjdi||j|jycc}w#t$r}|j|| Yd}~Gd}~wwxYw)Nrrequired_paramsr)rrrrr r"r#r!r$rr r"r#r!r$)r0) r/fail_on_missing_paramsr0r1r check_moder2r3createrr6_mark_as_changedr8)rr0rrr7s r_create_firewallz&AnsibleHCloudFirewall._create_firewalls] **F8*DKK&&**62kk((,,X6  ""&&w/  " ";/!*-59,5G5StL1Y[?CDU?V?bD):$;hjf $] 3  F7O{{%% @, %%,,6v6  ' # @%%i%?? @s8D0)&D55 E>EEc 2|jjjd}|x|jj|k7r_|jj dg|jj s|jj||j|jjjd}|[|jj|k7rB|jj s|jj||j|jjjd}|||jjDcgc]}|j|c}k7r|jj sY|Dcgc]3}t|d|d |d |d ng|d |d ng|d |d 5}}|jj||j|jycc}wcc}w)Nrrr:)rr)rrrr r"r#r!r$r<)r/r0r1rrr>r?updaterArrrr set_rulesr8)rrrrr new_ruless r_update_firewallz&AnsibleHCloudFirewall._update_firewall7s{{!!%%f-   4 4 9 9T A KK . .v . F;;))$$+++6  ! ! ###''1  $"6"6"="="G;;))$$++6+:  ! ! # ""&&w/  W[WkWkWqWq*rt4+D+DT+J*r!r;;))!& !"&{"3!%j!19=l9K9W4 #5]_CGHYCZCf->(?ln!&\$($7   $$..y9  ! ! # !+s s "H8Hc~|j|j|jy|jy)N)r8rrBrG)rs rpresent_firewallz&AnsibleHCloudFirewall.present_firewallXs2     '  ! ! #  ! ! #r%c<|j|j|jjs|jjr|jj j drG|jj|jj}|D]}|jn3|jjd|jjdd} |jj |j%d|_y#t$rP}d|jvr'|dkr"|dz }tjd|zYd}~s|j!|Yd}~n*d}~wt"$r}|j!|Yd}~nd}~wwxYw) Nforcez Firewall zy is currently used by other resources. You need to unassign the resources before deleting the Firewall or use force=true.rzis still in use g?)r8rr/r?rr0r1remove_from_resourceswait_until_finishedwarnrdeletermessagetimesleepr6rrA)ractionsaction retry_countr7s rdelete_firewallz%AnsibleHCloudFirewall.delete_firewall_sp     +;;))''22{{))--g6"&"6"6"L"LTMaMaMlMl"m&-9F"6689 (('(<(<(A(A'BCGG   9,,335  ! ! ##(9, 0A0AAkTVFV'1,K JJs['89$--i88*9--i889s*,D F(0E3E33 F?FFcttdddiddidditddtddidddgddgd dddiddgd ddgd  d d ggd ddggd ddgggdddddgdddt| ddggdddgggdS)Nr'intrdictlistinout)r'choices)icmpudptcpespgre)r'elementsdefault)r$rr r!r"r#rr rar!rb)r'reoptionsrequired_together required_ifboolF)r'rfabsentpresent)r_rf)rrrrrKstaterrrmT) argument_specrequired_one_ofrisupports_check_moder=)rr[superbase_module_arguments)cls __class__s r define_modulez#AnsibleHCloudFirewall.define_modulesE?e_'# %+UO+0dE]"K*/<`!a$e_,2RT#U17UWY(Z )4Z'@&A#UVH5#UVH5!" &%8 ()4(-4'/158#F^,!9vh78 $?  r%)rr )rr )__name__ __module__ __qualname__ representr__annotations__rrrr8rBrGrIrX classmethodru __classcell__)rts@rr r sQ!I,0O)0   -:B$$B! ! r%r ctj}t|}|jjd}|dk(r|j n|dk(r|j |j di|jy)Nrmrkrlr=)r rur0r1rXrI exit_json get_result)r/hcloudrms rmainrsr " 0 0 2F "6 *F MM  g &E  ) !F+v((*+r%__main__) __future__r DOCUMENTATIONEXAMPLESRETURNrSansible.module_utils.basicrmodule_utils.hcloudrmodule_utils.vendor.hcloudrr$module_utils.vendor.hcloud.firewallsr r r r rrvr=r%rrsd#R h @\ | 4/Fz Mz z , zFr%