adding group parameter for win_firewall_rule (#55109)

* adding group parameter for win_firewall_rule * integration test fix * changing the version add to 2.9 * setting group optional * fix:setting required to optional
5 years ago · 48eed0b6c8
parent 9786e2b559
commit 48eed0b6c8
3 changed files with 37 additions and 3 deletions
--- a/lib/ansible/modules/windows/win_firewall_rule.ps1
+++ b/lib/ansible/modules/windows/win_firewall_rule.ps1
@ -117,6 +117,7 @@ $description = Get-AnsibleParam -obj $params -name "description" -type "str"
 $direction = Get-AnsibleParam -obj $params -name "direction" -type "str" -validateset "in","out"
 $action = Get-AnsibleParam -obj $params -name "action" -type "str" -validateset "allow","block"
 $program = Get-AnsibleParam -obj $params -name "program" -type "str"
+$group = Get-AnsibleParam -obj $params -name "group" -type "str"
 $service = Get-AnsibleParam -obj $params -name "service" -type "str"
 $enabled = Get-AnsibleParam -obj $params -name "enabled" -type "bool" -aliases "enable"
 $profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -aliases "profile"
@ -151,6 +152,7 @@ try {
    # the default for enabled in module description is "true", but the actual COM object defaults to "false" when created
    if ($null -ne $enabled) { $new_rule.Enabled = $enabled } else { $new_rule.Enabled = $true }
    if ($null -ne $description) { $new_rule.Description = $description }
+    if ($null -ne $group) { $new_rule.Grouping = $group }
    if ($null -ne $program -and $program -ne "any") { $new_rule.ApplicationName = [System.Environment]::ExpandEnvironmentVariables($program) }
    if ($null -ne $service -and $program -ne "any") { $new_rule.ServiceName = $service }
    if ($null -ne $protocol -and $protocol -ne "any") { $new_rule.Protocol = Parse-ProtocolType -protocol $protocol }
@ -176,8 +178,8 @@ try {
        }
    }

-    $fwPropertiesToCompare = @('Name','Description','Direction','Action','ApplicationName','ServiceName','Enabled','Profiles','LocalAddresses','RemoteAddresses','LocalPorts','RemotePorts','Protocol','InterfaceTypes', 'EdgeTraversalOptions', 'SecureFlags')
-    $userPassedArguments = @($name, $description, $direction, $action, $program, $service, $enabled, $profiles, $localip, $remoteip, $localport, $remoteport, $protocol, $interfacetypes, $edge, $security)
+    $fwPropertiesToCompare = @('Name','Description','Direction','Action','ApplicationName','Grouping','ServiceName','Enabled','Profiles','LocalAddresses','RemoteAddresses','LocalPorts','RemotePorts','Protocol','InterfaceTypes', 'EdgeTraversalOptions', 'SecureFlags')
+    $userPassedArguments = @($name, $description, $direction, $action, $program, $group, $service, $enabled, $profiles, $localip, $remoteip, $localport, $remoteport, $protocol, $interfacetypes, $edge, $security)

    if ($state -eq "absent") {
        if ($null -eq $existingRule) {
--- a/lib/ansible/modules/windows/win_firewall_rule.py
+++ b/lib/ansible/modules/windows/win_firewall_rule.py
@ -34,6 +34,11 @@ options:
      - The rule's display name.
    type: str
    required: yes
+  group:
+    description:
+      - The group name for the rule.
+    version_added: '2.9'
+    type: str
  direction:
    description:
      - Whether this rule is for inbound or outbound traffic.
@ -128,4 +133,15 @@ EXAMPLES = r'''
    profiles: private
    state: present
    enabled: yes
+
+- name: Firewall rule to be created for application group
+  win_firewall_rule:
+    name: SMTP
+    group: application
+    localport: 25
+    action: allow
+    direction: in
+    protocol: tcp
+    state: present
+    enabled: yes
 '''
--- a/test/integration/targets/win_firewall_rule/tasks/main.yml
+++ b/test/integration/targets/win_firewall_rule/tasks/main.yml
@ -437,4 +437,20 @@
 - name: Check that creating same firewall rule with expanded vars identified
  assert:
    that:
-    - add_firewall_rule_with_var_expand_path.changed == false
+    - add_firewall_rule_with_var_expand_path.changed == false
+- name: Add firewall rule for application group
+  win_firewall_rule:
+    name: Rule for application group
+    enabled: yes
+    state: present
+    localport: 80
+    action: allow
+    direction: in
+    protocol: tcp
+    group: application
+  register: add_firewall_rule_with_group
+
+- name: Check that creating firewall rule for application group succeeds with a change
+  assert:
+    that:
+    - add_firewall_rule_with_group.changed == true