diff --git a/plugins/modules/firewall.py b/plugins/modules/firewall.py index ef72e832..109f8da1 100644 --- a/plugins/modules/firewall.py +++ b/plugins/modules/firewall.py @@ -175,6 +175,40 @@ elements: str returned: always sample: [] + applied_to: + description: List of Resources the Firewall is applied to. + returned: always + type: list + elements: dict + contains: + type: + description: Type of the resource. + type: str + choices: [server, label_selector] + sample: label_selector + server: + description: ID of the server. + type: int + sample: 12345 + label_selector: + description: Label selector value. + type: str + sample: env=prod + applied_to_resources: + description: List of Resources the Firewall label selector is applied to. + returned: if RV(type=label_selector) + type: list + elements: dict + contains: + type: + description: Type of resource referenced. + type: str + choices: [server] + sample: server + server: + description: ID of the Server. + type: int + sample: 12345 """ import time @@ -184,7 +218,11 @@ from ..module_utils.hcloud import AnsibleHCloud from ..module_utils.vendor.hcloud import APIException, HCloudException -from ..module_utils.vendor.hcloud.firewalls import BoundFirewall, FirewallRule +from ..module_utils.vendor.hcloud.firewalls import ( + BoundFirewall, + FirewallResource, + FirewallRule, +) class AnsibleHCloudFirewall(AnsibleHCloud): @@ -198,9 +236,10 @@ def _prepare_result(self): "name": to_native(self.hcloud_firewall.name), "rules": [self._prepare_result_rule(rule) for rule in self.hcloud_firewall.rules], "labels": self.hcloud_firewall.labels, + "applied_to": [self._prepare_result_applied_to(resource) for resource in self.hcloud_firewall.applied_to], } - def _prepare_result_rule(self, rule): + def _prepare_result_rule(self, rule: FirewallRule): return { "direction": rule.direction, "protocol": to_native(rule.protocol), @@ -210,6 +249,22 @@ def _prepare_result_rule(self, rule): "description": to_native(rule.description) if rule.description is not None else None, } + def _prepare_result_applied_to(self, resource: FirewallResource) -> Dict[str, Any]: + result = { + "type": resource.type, + "server": to_native(resource.server.id) if resource.server is not None else None, + "label_selector": resource.label_selector.selector if resource.label_selector is not None else None, + } + if resource.applied_to_resources is not None: + result["applied_to_resources"] = [ + { + "type": item.type, + "server": item.server.id if item.server is not None else None, + } + for item in resource.applied_to_resources + ] + return result + def _get_firewall(self): try: if self.module.params.get("id") is not None: @@ -239,11 +294,13 @@ def _create_firewall(self): ) for rule in rules ] + if not self.module.check_mode: try: self.client.firewalls.create(**params) except HCloudException as exception: self.fail_json_hcloud(exception, params=params) + self._mark_as_changed() self._get_firewall() @@ -277,6 +334,7 @@ def _update_firewall(self): ] self.hcloud_firewall.set_rules(new_rules) self._mark_as_changed() + self._get_firewall() def present_firewall(self): diff --git a/tests/integration/targets/firewall/tasks/test.yml b/tests/integration/targets/firewall/tasks/test.yml index 790ed569..ff581705 100644 --- a/tests/integration/targets/firewall/tasks/test.yml +++ b/tests/integration/targets/firewall/tasks/test.yml @@ -51,6 +51,7 @@ - result.hcloud_firewall.rules[0].protocol == "icmp" - result.hcloud_firewall.rules[0].source_ips == ["0.0.0.0/0", "::/0"] - result.hcloud_firewall.labels.key == "value" + - result.hcloud_firewall.applied_to | list | count == 0 - name: Test create idempotency hetzner.hcloud.firewall: