Mirrors/ansible-collection-hetzner-hcloud
2
0
Fork 0
mirror of https://github.com/ansible-collections/hetzner.hcloud synced 2024-09-20 06:22:11 +00:00
Code Issues Projects Releases Packages Wiki Activity

docs: improve firewall module documentation (#435)

Browse source 
##### SUMMARY

- Improve link to other reference (plugins/modules/options)
- Add details to option description.
- Reorder options for readability
This commit is contained in:
Jonas L 2023-12-21 17:47:56 +01:00 committed by GitHub
parent c41ed8bd60
commit dc75084743
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 74 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

139
plugins/modules/firewall.py
View file

@ -9,10 +9,8 @@ from __future__ import annotations
DOCUMENTATION = """ DOCUMENTATION = """
--- ---
module: firewall module: firewall
short_description: Create and manage firewalls on the Hetzner Cloud. short_description: Create and manage firewalls on the Hetzner Cloud.
description: description:
- Create, update and manage firewalls on the Hetzner Cloud. - Create, update and manage firewalls on the Hetzner Cloud.
@ -22,62 +20,69 @@ author:
options: options:
id: id:
description: description:
- The ID of the Hetzner Cloud firewall to manage. - The ID of the Hetzner Cloud Firewall to manage.
- Only required if no firewall I(name) is given - Only required if no firewall O(name) is given.
type: int type: int
name: name:
description: description:
- The Name of the Hetzner Cloud firewall to manage. - The Name of the Hetzner Cloud Firewall to manage.
- Only required if no firewall I(id) is given, or a firewall does not exist. - Only required if no firewall O(id) is given, or the firewall does not exist.
type: str type: str
labels: labels:
description: description:
- User-defined labels (key-value pairs) - User-defined labels (key-value pairs).
type: dict type: dict
rules: rules:
description: description:
- List of rules the firewall should contain. - List of rules the firewall contain.
type: list type: list
elements: dict elements: dict
suboptions: suboptions:
direction:
description:
- The direction of the firewall rule.
type: str
choices: [ in, out ]
port:
description:
- The port of the firewall rule.
type: str
protocol:
description:
- The protocol of the firewall rule.
type: str
choices: [ icmp, tcp, udp, esp, gre ]
source_ips:
description:
- List of CIDRs that are allowed within this rule
type: list
elements: str
default: [ ]
destination_ips:
description:
- List of CIDRs that are allowed within this rule
type: list
elements: str
default: [ ]
description: description:
description: description:
- User defined description of this rule. - User defined description of this rule.
type: str type: str
direction:
description:
- The direction of the firewall rule.
type: str
choices: [in, out]
protocol:
description:
- The protocol of the firewall rule.
type: str
choices: [icmp, tcp, udp, esp, gre]
port:
description:
- The port or port range allowed by this rule.
- A port range can be specified by separating two ports with a dash, e.g 1024-5000.
- Only used if O(rules[].protocol=tcp) or O(rules[].protocol=udp).
type: str
source_ips:
description:
- List of CIDRs that are allowed within this rule.
- Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses.
- Only used if O(rules[].direction=in).
type: list
elements: str
default: []
destination_ips:
description:
- List of CIDRs that are allowed within this rule.
- Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses.
- Only used if O(rules[].direction=out).
type: list
elements: str
default: []
state: state:
description: description:
- State of the firewall. - State of the firewall.
default: present default: present
choices: [ absent, present ] choices: [absent, present]
type: str type: str
extends_documentation_fragment: extends_documentation_fragment:
- hetzner.hcloud.hcloud - hetzner.hcloud.hcloud
""" """
EXAMPLES = """ EXAMPLES = """
@ -90,12 +95,12 @@ EXAMPLES = """
hetzner.hcloud.firewall: hetzner.hcloud.firewall:
name: my-firewall name: my-firewall
rules: rules:
- direction: in - description: allow icmp from everywhere
direction: in
protocol: icmp protocol: icmp
source_ips: source_ips:
- 0.0.0.0/0 - 0.0.0.0/0
- ::/0 - ::/0
description: allow icmp in
state: present state: present
- name: Create a firewall with labels - name: Create a firewall with labels
@ -114,58 +119,62 @@ EXAMPLES = """
RETURN = """ RETURN = """
hcloud_firewall: hcloud_firewall:
description: The firewall instance description: The firewall instance.
returned: Always returned: always
type: complex type: dict
contains: contains:
id: id:
description: Numeric identifier of the firewall description: Numeric identifier of the firewall.
returned: always returned: always
type: int type: int
sample: 1937415 sample: 1937415
name: name:
description: Name of the firewall description: Name of the firewall.
returned: always returned: always
type: str type: str
sample: my firewall sample: my-firewall
rules: labels:
description: List of Rules within this Firewall description: User-defined labels (key-value pairs).
returned: always returned: always
type: complex type: dict
rules:
description: List of rules the firewall contain.
returned: always
type: list
elements: dict
contains: contains:
description:
description: User defined description of this rule.
type: str
returned: always
sample: allow http from anywhere
direction: direction:
description: Direction of the Firewall Rule description: The direction of the firewall rule.
type: str type: str
returned: always returned: always
sample: in sample: in
protocol: protocol:
description: Protocol of the Firewall Rule description: The protocol of the firewall rule.
type: str type: str
returned: always returned: always
sample: icmp sample: tcp
port: port:
description: Port of the Firewall Rule, None/Null if protocol is icmp description: The port or port range allowed by this rule.
type: str type: str
returned: always returned: if RV(hcloud_firewall.rules[].protocol=tcp) or RV(hcloud_firewall.rules[].protocol=udp)
sample: in sample: "80"
source_ips: source_ips:
description: Source IPs of the Firewall description: List of source CIDRs that are allowed within this rule.
type: list type: list
elements: str elements: str
returned: always returned: always
sample: ["0.0.0.0/0", "::/0"]
destination_ips: destination_ips:
description: Source IPs of the Firewall description: List of destination CIDRs that are allowed within this rule.
type: list type: list
elements: str elements: str
returned: always returned: always
description: sample: []
description: User defined description of the Firewall Rule
type: str
returned: always
labels:
description: User-defined labels (key-value pairs)
returned: always
type: dict
""" """
import time import time
@ -303,16 +312,17 @@ class AnsibleHCloudFirewall(AnsibleHCloud):
argument_spec=dict( argument_spec=dict(
id={"type": "int"}, id={"type": "int"},
name={"type": "str"}, name={"type": "str"},
labels={"type": "dict"},
rules=dict( rules=dict(
type="list", type="list",
elements="dict", elements="dict",
options=dict( options=dict(
description={"type": "str"},
direction={"type": "str", "choices": ["in", "out"]}, direction={"type": "str", "choices": ["in", "out"]},
protocol={"type": "str", "choices": ["icmp", "udp", "tcp", "esp", "gre"]}, protocol={"type": "str", "choices": ["icmp", "udp", "tcp", "esp", "gre"]},
port={"type": "str"}, port={"type": "str"},
source_ips={"type": "list", "elements": "str", "default": []}, source_ips={"type": "list", "elements": "str", "default": []},
destination_ips={"type": "list", "elements": "str", "default": []}, destination_ips={"type": "list", "elements": "str", "default": []},
description={"type": "str"},
), ),
required_together=[["direction", "protocol"]], required_together=[["direction", "protocol"]],
required_if=[ required_if=[
@ -320,7 +330,6 @@ class AnsibleHCloudFirewall(AnsibleHCloud):
["protocol", "tcp", ["port"]], ["protocol", "tcp", ["port"]],
], ],
), ),
labels={"type": "dict"},
state={ state={
"choices": ["absent", "present"], "choices": ["absent", "present"],
"default": "present", "default": "present",