Vh0 zddlmZmZmZeZdZdZdZddl m Z ddl m Z m Z Gdd e Zd Zed k(rey y ) )absolute_importdivisionprint_functionu --- module: firewall_rule short_description: Manages firewall rules on Vultr description: - Create and remove firewall rules. version_added: "1.0.0" author: "René Moser (@resmo)" options: group: description: - Name of the firewall group. required: true type: str ip_type: description: - IP address version choices: [ v4, v6 ] type: str default: v4 protocol: description: - Protocol of the firewall rule. choices: [ icmp, tcp, udp, gre, esp, ah ] type: str default: tcp subnet: description: - The network or IP, e.g. 192.0.2.123 or 0.0.0.0. - Mutally exclusive with I(source). type: str subnet_size: description: - The number of bits for the netmask in CIDR notation, e.g. C(32). type: int port: description: - Single port or port range, e.g. C(80) or C(8000:8080). - Required if I(protocol) is tcp or udp and I(state=present). aliases: [ port_range ] type: str source: description: - Possible values are C(cloudflare) or a loadbalancer label. - Mutally exclusive with I(subnet). type: str notes: description: - Notes of the firewall rule. type: str state: description: - State of the firewall rule. default: present choices: [ present, absent ] type: str extends_documentation_fragment: - vultr.cloud.vultr_v2 a_ - name: Ensure a firewall rule is present vultr.cloud.firewall_rule: group: web port: 80 protocol: tcp ip_type: v4 subnet: "0.0.0.0" subnet_size: 0 notes: "open HTTP to the world" - name: Ensure a firewall rule with port range is present vultr.cloud.firewall_rule: group: apps port: "8000:8999" protocol: tcp ip_type: v4 subnet: "10.10.10.0" subnet_size: 24 - name: Ensure a firewall rule is absent vultr.cloud.firewall_rule: group: apps port: "443" protocol: tcp ip_type: v6 subnet: "::" subnet_size: 0 state: absent a --- vultr_api: description: Response from Vultr API with a few additions/modification. returned: success type: dict contains: api_timeout: description: Timeout used for the API requests. returned: success type: int sample: 60 api_retries: description: Amount of max retries for the API requests. returned: success type: int sample: 5 api_retry_max_delay: description: Exponential backoff delay in seconds between retries up to this max delay value. returned: success type: int sample: 12 api_endpoint: description: Endpoint used for the API requests. returned: success type: str sample: "https://api.vultr.com/v2" vultr_firewall_rule: description: Response from Vultr API. returned: success type: dict contains: id: description: ID of the firewall rule. returned: success type: int sample: 1 action: description: Action of the firewall rule. returned: success type: str sample: accept protocol: description: Protocol of the firewall rule. returned: success type: str sample: tcp port: description: Port or port range of the firewall rule. returned: success type: str sample: "80" source: description: Source string of the firewall rule. returned: success type: str sample: cloudflare notes: description: Supplied description of the firewall rule. returned: success type: str sample: my rule subnet: description: Subnet of the firewall rule. returned: success type: str sample: 0.0.0.0 subnet_size: description: Size of the subnet of the firewall rule. returned: success type: int sample: 0 ip_type: description: IP type of the firewall rule. returned: success type: str sample: v4 ) AnsibleModule) AnsibleVultrvultr_argument_specc*eZdZdZdZdZdZdZy)AnsibleVultrFirewallRulec.|jdddddS)N descriptiongroupz /firewallsfirewall_groupsTkey_name param_keypath result_keyfail_not_foundquery_filter_list_by_nameselfs m/home/dcms/DCMS/lib/python3.12/site-packages/ansible_collections/vultr/cloud/plugins/modules/firewall_rule.pyget_firewall_groupz+AnsibleVultrFirewallRule.get_firewall_groups)--"( .  c.|jdddddS)Nlabelsourcez/load-balancersload_balancersTrrrs rget_load_balancerz*AnsibleVultrFirewallRule.get_load_balancers)--"' .  rc|j|jdz|_|jjj d}|/|dk7r*|j d|jjd<|jjj ddvr|jjj d|jj d|jjj dd|jjj dd d|jjd<yyy) Nidr cloudflareprotocol)tcpudpportzSetting a port (z3) only affects protocols TCP/UDP, but protocol is: z . Ignoring.) resource_pathrmoduleparamsgetr!warn)rrs r configurez"AnsibleVultrFirewallRule.configures!//$2I2I2KD2QQ##''1  &L"8+/+A+A+CD+IDKK  x ( KK   " ": .   ""&&v.: KK  ;;%%))&14;;3E3E3I3I*3UW *.DKK  v & ;  rct}|jD]N}dD]@}|jjj |}|+|j ||k7s@n|}|sM|S|S)N)ip_typer%r(rsubnet subnet_size)dict query_listr*r+r,)rresultresourcekeyparams rqueryzAnsibleVultrFirewallRule.querys) H " **..s3=<<$- " " - , rc|S)N)rr6s rupdatezAnsibleVultrFirewallRule.updatesrN)__name__ __module__ __qualname__rr!r.r9r<r;rrr r s  .04rr ct}|jttdtddtddgtdtdtdtdgdd tdd d gd tdd dgd  t|dddd}t |ddddgd}|j j ddk(r|jy|jy)Nstr)typeT)rBrequired port_range)rBaliasesint)icmpr&r'greespahr&)rBchoicesdefaultv4v6presentabsent) notesrr(r1r2rr%r0state))rr1))r1r2) argument_specrequired_one_ofmutually_exclusiverequired_togethersupports_check_modevultr_firewall_rulez/firewalls/%s/rules firewall_rulez ##unused##)rQr(r1r2rr%r0)r* namespacer)ressource_result_key_singularresource_key_nameresource_create_param_keysrR) r r<r3rr r+r,rPrO)rSr*vultrs rmainr_s')M E"ED15<.9U#%(U#B edD\4HEIx+@)T $#/26 F %'+&5&$  E"}}!X-  r__main__N) __future__rrrrB __metaclass__ DOCUMENTATIONEXAMPLESRETURNansible.module_utils.basicrmodule_utils.vultr_v2rr r r_r=r;rrrhs\A@ : x >M ^5EF|FR0f zFr