mirror of
https://github.com/ansible-collections/hetzner.hcloud
synced 2024-09-20 06:22:11 +00:00
docs: improve firewall module documentation (#435)
##### SUMMARY - Improve link to other reference (plugins/modules/options) - Add details to option description. - Reorder options for readability
This commit is contained in:
parent
c41ed8bd60
commit
dc75084743
1 changed files with 74 additions and 65 deletions
|
@ -9,10 +9,8 @@ from __future__ import annotations
|
||||||
DOCUMENTATION = """
|
DOCUMENTATION = """
|
||||||
---
|
---
|
||||||
module: firewall
|
module: firewall
|
||||||
|
|
||||||
short_description: Create and manage firewalls on the Hetzner Cloud.
|
short_description: Create and manage firewalls on the Hetzner Cloud.
|
||||||
|
|
||||||
|
|
||||||
description:
|
description:
|
||||||
- Create, update and manage firewalls on the Hetzner Cloud.
|
- Create, update and manage firewalls on the Hetzner Cloud.
|
||||||
|
|
||||||
|
@ -22,62 +20,69 @@ author:
|
||||||
options:
|
options:
|
||||||
id:
|
id:
|
||||||
description:
|
description:
|
||||||
- The ID of the Hetzner Cloud firewall to manage.
|
- The ID of the Hetzner Cloud Firewall to manage.
|
||||||
- Only required if no firewall I(name) is given
|
- Only required if no firewall O(name) is given.
|
||||||
type: int
|
type: int
|
||||||
name:
|
name:
|
||||||
description:
|
description:
|
||||||
- The Name of the Hetzner Cloud firewall to manage.
|
- The Name of the Hetzner Cloud Firewall to manage.
|
||||||
- Only required if no firewall I(id) is given, or a firewall does not exist.
|
- Only required if no firewall O(id) is given, or the firewall does not exist.
|
||||||
type: str
|
type: str
|
||||||
labels:
|
labels:
|
||||||
description:
|
description:
|
||||||
- User-defined labels (key-value pairs)
|
- User-defined labels (key-value pairs).
|
||||||
type: dict
|
type: dict
|
||||||
rules:
|
rules:
|
||||||
description:
|
description:
|
||||||
- List of rules the firewall should contain.
|
- List of rules the firewall contain.
|
||||||
type: list
|
type: list
|
||||||
elements: dict
|
elements: dict
|
||||||
suboptions:
|
suboptions:
|
||||||
direction:
|
|
||||||
description:
|
|
||||||
- The direction of the firewall rule.
|
|
||||||
type: str
|
|
||||||
choices: [ in, out ]
|
|
||||||
port:
|
|
||||||
description:
|
|
||||||
- The port of the firewall rule.
|
|
||||||
type: str
|
|
||||||
protocol:
|
|
||||||
description:
|
|
||||||
- The protocol of the firewall rule.
|
|
||||||
type: str
|
|
||||||
choices: [ icmp, tcp, udp, esp, gre ]
|
|
||||||
source_ips:
|
|
||||||
description:
|
|
||||||
- List of CIDRs that are allowed within this rule
|
|
||||||
type: list
|
|
||||||
elements: str
|
|
||||||
default: [ ]
|
|
||||||
destination_ips:
|
|
||||||
description:
|
|
||||||
- List of CIDRs that are allowed within this rule
|
|
||||||
type: list
|
|
||||||
elements: str
|
|
||||||
default: [ ]
|
|
||||||
description:
|
description:
|
||||||
description:
|
description:
|
||||||
- User defined description of this rule.
|
- User defined description of this rule.
|
||||||
type: str
|
type: str
|
||||||
|
direction:
|
||||||
|
description:
|
||||||
|
- The direction of the firewall rule.
|
||||||
|
type: str
|
||||||
|
choices: [in, out]
|
||||||
|
protocol:
|
||||||
|
description:
|
||||||
|
- The protocol of the firewall rule.
|
||||||
|
type: str
|
||||||
|
choices: [icmp, tcp, udp, esp, gre]
|
||||||
|
port:
|
||||||
|
description:
|
||||||
|
- The port or port range allowed by this rule.
|
||||||
|
- A port range can be specified by separating two ports with a dash, e.g 1024-5000.
|
||||||
|
- Only used if O(rules[].protocol=tcp) or O(rules[].protocol=udp).
|
||||||
|
type: str
|
||||||
|
source_ips:
|
||||||
|
description:
|
||||||
|
- List of CIDRs that are allowed within this rule.
|
||||||
|
- Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses.
|
||||||
|
- Only used if O(rules[].direction=in).
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
default: []
|
||||||
|
destination_ips:
|
||||||
|
description:
|
||||||
|
- List of CIDRs that are allowed within this rule.
|
||||||
|
- Use 0.0.0.0/0 to allow all IPv4 addresses and ::/0 to allow all IPv6 addresses.
|
||||||
|
- Only used if O(rules[].direction=out).
|
||||||
|
type: list
|
||||||
|
elements: str
|
||||||
|
default: []
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- State of the firewall.
|
- State of the firewall.
|
||||||
default: present
|
default: present
|
||||||
choices: [ absent, present ]
|
choices: [absent, present]
|
||||||
type: str
|
type: str
|
||||||
|
|
||||||
extends_documentation_fragment:
|
extends_documentation_fragment:
|
||||||
- hetzner.hcloud.hcloud
|
- hetzner.hcloud.hcloud
|
||||||
"""
|
"""
|
||||||
|
|
||||||
EXAMPLES = """
|
EXAMPLES = """
|
||||||
|
@ -90,12 +95,12 @@ EXAMPLES = """
|
||||||
hetzner.hcloud.firewall:
|
hetzner.hcloud.firewall:
|
||||||
name: my-firewall
|
name: my-firewall
|
||||||
rules:
|
rules:
|
||||||
- direction: in
|
- description: allow icmp from everywhere
|
||||||
|
direction: in
|
||||||
protocol: icmp
|
protocol: icmp
|
||||||
source_ips:
|
source_ips:
|
||||||
- 0.0.0.0/0
|
- 0.0.0.0/0
|
||||||
- ::/0
|
- ::/0
|
||||||
description: allow icmp in
|
|
||||||
state: present
|
state: present
|
||||||
|
|
||||||
- name: Create a firewall with labels
|
- name: Create a firewall with labels
|
||||||
|
@ -114,58 +119,62 @@ EXAMPLES = """
|
||||||
|
|
||||||
RETURN = """
|
RETURN = """
|
||||||
hcloud_firewall:
|
hcloud_firewall:
|
||||||
description: The firewall instance
|
description: The firewall instance.
|
||||||
returned: Always
|
returned: always
|
||||||
type: complex
|
type: dict
|
||||||
contains:
|
contains:
|
||||||
id:
|
id:
|
||||||
description: Numeric identifier of the firewall
|
description: Numeric identifier of the firewall.
|
||||||
returned: always
|
returned: always
|
||||||
type: int
|
type: int
|
||||||
sample: 1937415
|
sample: 1937415
|
||||||
name:
|
name:
|
||||||
description: Name of the firewall
|
description: Name of the firewall.
|
||||||
returned: always
|
returned: always
|
||||||
type: str
|
type: str
|
||||||
sample: my firewall
|
sample: my-firewall
|
||||||
rules:
|
labels:
|
||||||
description: List of Rules within this Firewall
|
description: User-defined labels (key-value pairs).
|
||||||
returned: always
|
returned: always
|
||||||
type: complex
|
type: dict
|
||||||
|
rules:
|
||||||
|
description: List of rules the firewall contain.
|
||||||
|
returned: always
|
||||||
|
type: list
|
||||||
|
elements: dict
|
||||||
contains:
|
contains:
|
||||||
|
description:
|
||||||
|
description: User defined description of this rule.
|
||||||
|
type: str
|
||||||
|
returned: always
|
||||||
|
sample: allow http from anywhere
|
||||||
direction:
|
direction:
|
||||||
description: Direction of the Firewall Rule
|
description: The direction of the firewall rule.
|
||||||
type: str
|
type: str
|
||||||
returned: always
|
returned: always
|
||||||
sample: in
|
sample: in
|
||||||
protocol:
|
protocol:
|
||||||
description: Protocol of the Firewall Rule
|
description: The protocol of the firewall rule.
|
||||||
type: str
|
type: str
|
||||||
returned: always
|
returned: always
|
||||||
sample: icmp
|
sample: tcp
|
||||||
port:
|
port:
|
||||||
description: Port of the Firewall Rule, None/Null if protocol is icmp
|
description: The port or port range allowed by this rule.
|
||||||
type: str
|
type: str
|
||||||
returned: always
|
returned: if RV(hcloud_firewall.rules[].protocol=tcp) or RV(hcloud_firewall.rules[].protocol=udp)
|
||||||
sample: in
|
sample: "80"
|
||||||
source_ips:
|
source_ips:
|
||||||
description: Source IPs of the Firewall
|
description: List of source CIDRs that are allowed within this rule.
|
||||||
type: list
|
type: list
|
||||||
elements: str
|
elements: str
|
||||||
returned: always
|
returned: always
|
||||||
|
sample: ["0.0.0.0/0", "::/0"]
|
||||||
destination_ips:
|
destination_ips:
|
||||||
description: Source IPs of the Firewall
|
description: List of destination CIDRs that are allowed within this rule.
|
||||||
type: list
|
type: list
|
||||||
elements: str
|
elements: str
|
||||||
returned: always
|
returned: always
|
||||||
description:
|
sample: []
|
||||||
description: User defined description of the Firewall Rule
|
|
||||||
type: str
|
|
||||||
returned: always
|
|
||||||
labels:
|
|
||||||
description: User-defined labels (key-value pairs)
|
|
||||||
returned: always
|
|
||||||
type: dict
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import time
|
import time
|
||||||
|
@ -303,16 +312,17 @@ class AnsibleHCloudFirewall(AnsibleHCloud):
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
id={"type": "int"},
|
id={"type": "int"},
|
||||||
name={"type": "str"},
|
name={"type": "str"},
|
||||||
|
labels={"type": "dict"},
|
||||||
rules=dict(
|
rules=dict(
|
||||||
type="list",
|
type="list",
|
||||||
elements="dict",
|
elements="dict",
|
||||||
options=dict(
|
options=dict(
|
||||||
|
description={"type": "str"},
|
||||||
direction={"type": "str", "choices": ["in", "out"]},
|
direction={"type": "str", "choices": ["in", "out"]},
|
||||||
protocol={"type": "str", "choices": ["icmp", "udp", "tcp", "esp", "gre"]},
|
protocol={"type": "str", "choices": ["icmp", "udp", "tcp", "esp", "gre"]},
|
||||||
port={"type": "str"},
|
port={"type": "str"},
|
||||||
source_ips={"type": "list", "elements": "str", "default": []},
|
source_ips={"type": "list", "elements": "str", "default": []},
|
||||||
destination_ips={"type": "list", "elements": "str", "default": []},
|
destination_ips={"type": "list", "elements": "str", "default": []},
|
||||||
description={"type": "str"},
|
|
||||||
),
|
),
|
||||||
required_together=[["direction", "protocol"]],
|
required_together=[["direction", "protocol"]],
|
||||||
required_if=[
|
required_if=[
|
||||||
|
@ -320,7 +330,6 @@ class AnsibleHCloudFirewall(AnsibleHCloud):
|
||||||
["protocol", "tcp", ["port"]],
|
["protocol", "tcp", ["port"]],
|
||||||
],
|
],
|
||||||
),
|
),
|
||||||
labels={"type": "dict"},
|
|
||||||
state={
|
state={
|
||||||
"choices": ["absent", "present"],
|
"choices": ["absent", "present"],
|
||||||
"default": "present",
|
"default": "present",
|
||||||
|
|
Loading…
Reference in a new issue