diff --git a/lib/ansible/modules/cloud/azure/azure_rm_azurefirewall_info.py b/lib/ansible/modules/cloud/azure/azure_rm_azurefirewall_info.py new file mode 100644 index 00000000000..3f612c820a9 --- /dev/null +++ b/lib/ansible/modules/cloud/azure/azure_rm_azurefirewall_info.py @@ -0,0 +1,278 @@ +#!/usr/bin/python +# +# Copyright (c) 2019 Liu Qingyi, (@smile37773) +# +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function +__metaclass__ = type + + +ANSIBLE_METADATA = {'metadata_version': '1.1', + 'status': ['preview'], + 'supported_by': 'community'} + + +DOCUMENTATION = ''' +--- +module: azure_rm_azurefirewall_info +version_added: '2.9' +short_description: Get AzureFirewall info. +description: + - Get info of AzureFirewall. +options: + resource_group: + description: + - The name of the resource group. + type: str + name: + description: + - Resource name. + type: str +extends_documentation_fragment: + - azure +author: + - Liu Qingyi (@smile37773) + +''' + +EXAMPLES = ''' +- name: List all Azure Firewalls for a given subscription + azure_rm_azurefirewall_info: +- name: List all Azure Firewalls for a given resource group + azure_rm_azurefirewall_info: + resource_group: myResourceGroup +- name: Get Azure Firewall + azure_rm_azurefirewall_info: + resource_group: myResourceGroup + name: myAzureFirewall + +''' + +RETURN = ''' +firewalls: + description: >- + A list of dict results where the key is the name of the AzureFirewall and + the values are the facts for that AzureFirewall. + returned: always + type: complex + contains: + id: + description: + - Resource ID. + returned: always + type: str + sample: "/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/ + myResourceGroup/providers/Microsoft.Network/azureFirewalls/myAzureFirewall" + name: + description: + - Resource name. + returned: always + type: str + sample: "myAzureFirewall" + location: + description: + - Resource location. + returned: always + type: str + sample: "eastus" + tags: + description: + - Resource tags. + returned: always + type: dict + sample: { "tag": "value" } + etag: + description: + - >- + Gets a unique read-only string that changes whenever the resource + is updated. + returned: always + type: str + sample: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" + nat_rule_collections: + description: + - Collection of NAT rule collections used by Azure Firewall. + type: list + network_rule_collections: + description: + - Collection of network rule collections used by Azure Firewall. + type: list + ip_configurations: + description: + - IP configuration of the Azure Firewall resource. + type: list + provisioning_state: + description: + - The current state of the gallery. + type: str + sample: "Succeeded" + +''' + +import time +import json +from ansible.module_utils.azure_rm_common import AzureRMModuleBase +from ansible.module_utils.azure_rm_common_rest import GenericRestClient +from copy import deepcopy +try: + from msrestazure.azure_exceptions import CloudError +except Exception: + # handled in azure_rm_common + pass + + +class AzureRMAzureFirewallsInfo(AzureRMModuleBase): + def __init__(self): + self.module_arg_spec = dict( + resource_group=dict( + type='str' + ), + name=dict( + type='str' + ) + ) + + self.resource_group = None + self.name = None + + self.results = dict(changed=False) + self.mgmt_client = None + self.state = None + self.url = None + self.status_code = [200] + + self.query_parameters = {} + self.query_parameters['api-version'] = '2018-11-01' + self.header_parameters = {} + self.header_parameters['Content-Type'] = 'application/json; charset=utf-8' + + self.mgmt_client = None + super(AzureRMAzureFirewallsInfo, self).__init__(self.module_arg_spec, supports_tags=False) + + def exec_module(self, **kwargs): + + for key in self.module_arg_spec: + setattr(self, key, kwargs[key]) + + self.mgmt_client = self.get_mgmt_svc_client(GenericRestClient, + base_url=self._cloud_environment.endpoints.resource_manager) + + if (self.resource_group is not None and self.name is not None): + self.results['firewalls'] = self.get() + elif (self.resource_group is not None): + self.results['firewalls'] = self.list() + else: + self.results['firewalls'] = self.listall() + return self.results + + def get(self): + response = None + results = {} + # prepare url + self.url = ('/subscriptions' + + '/{{ subscription_id }}' + + '/resourceGroups' + + '/{{ resource_group }}' + + '/providers' + + '/Microsoft.Network' + + '/azureFirewalls' + + '/{{ azure_firewall_name }}') + self.url = self.url.replace('{{ subscription_id }}', self.subscription_id) + self.url = self.url.replace('{{ resource_group }}', self.resource_group) + self.url = self.url.replace('{{ azure_firewall_name }}', self.name) + + try: + response = self.mgmt_client.query(self.url, + 'GET', + self.query_parameters, + self.header_parameters, + None, + self.status_code, + 600, + 30) + results = json.loads(response.text) + # self.log('Response : {0}'.format(response)) + except CloudError as e: + self.log('Could not get info for @(Model.ModuleOperationNameUpper).') + + return self.format_item(results) + + def list(self): + response = None + results = {} + # prepare url + self.url = ('/subscriptions' + + '/{{ subscription_id }}' + + '/resourceGroups' + + '/{{ resource_group }}' + + '/providers' + + '/Microsoft.Network' + + '/azureFirewalls') + self.url = self.url.replace('{{ subscription_id }}', self.subscription_id) + self.url = self.url.replace('{{ resource_group }}', self.resource_group) + + try: + response = self.mgmt_client.query(self.url, + 'GET', + self.query_parameters, + self.header_parameters, + None, + self.status_code, + 600, + 30) + results = json.loads(response.text) + # self.log('Response : {0}'.format(response)) + except CloudError as e: + self.log('Could not get info for @(Model.ModuleOperationNameUpper).') + + return [self.format_item(x) for x in results['value']] if results['value'] else [] + + def listall(self): + response = None + results = {} + # prepare url + self.url = ('/subscriptions' + + '/{{ subscription_id }}' + + '/providers' + + '/Microsoft.Network' + + '/azureFirewalls') + self.url = self.url.replace('{{ subscription_id }}', self.subscription_id) + + try: + response = self.mgmt_client.query(self.url, + 'GET', + self.query_parameters, + self.header_parameters, + None, + self.status_code, + 600, + 30) + results = json.loads(response.text) + # self.log('Response : {0}'.format(response)) + except CloudError as e: + self.log('Could not get info for @(Model.ModuleOperationNameUpper).') + + return [self.format_item(x) for x in results['value']] if results['value'] else [] + + def format_item(self, item): + d = { + 'id': item['id'], + 'name': item['name'], + 'location': item['location'], + 'etag': item['etag'], + 'tags': item.get('tags'), + 'nat_rule_collections': item['properties']['natRuleCollections'], + 'network_rule_collections': item['properties']['networkRuleCollections'], + 'ip_configurations': item['properties']['ipConfigurations'], + 'provisioning_state': item['properties']['provisioningState'] + } + return d + + +def main(): + AzureRMAzureFirewallsInfo() + + +if __name__ == '__main__': + main() diff --git a/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml b/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml index c8fdac1352c..face59c2b60 100644 --- a/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml +++ b/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml @@ -246,3 +246,32 @@ assert: that: - output.changed + +- name: Get info of the Azure Firewall + azure_rm_azurefirewall_info: + resource_group: '{{resource_group}}' + name: '{{azure_firewall_name}}' + register: output + +- assert: + that: + - not output.changed + - output.firewalls['id'] != None + - output.firewalls['name'] != None + - output.firewalls['location'] != None + - output.firewalls['etag'] != None + - output.firewalls['nat_rule_collections'] != None + - output.firewalls['network_rule_collections'] != None + - output.firewalls['ip_configurations'] != None + - output.firewalls['provisioning_state'] != None + +- name: Delete Azure Firewall + azure_rm_azurefirewall: + resource_group: '{{resource_group}}' + name: '{{azure_firewall_name}}' + state: absent + register: output + +- assert: + that: + - output.changed