From cbc07cf9cc028f305a064fb6eee1fded59c0a502 Mon Sep 17 00:00:00 2001 From: Matt Davis Date: Tue, 2 Jan 2018 20:38:00 -0800 Subject: [PATCH] backport win_firewall_rule updates from devel SHA 89d9444ad560ef5c4a8aac911e2e7abcf7aa9c76 --- .../modules/windows/win_firewall_rule.ps1 | 16 +++++++++++++--- .../targets/win_firewall_rule/tasks/main.yml | 17 +++++++++++++++++ 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/lib/ansible/modules/windows/win_firewall_rule.ps1 b/lib/ansible/modules/windows/win_firewall_rule.ps1 index b3077f7c956..4cdf2fa131c 100644 --- a/lib/ansible/modules/windows/win_firewall_rule.ps1 +++ b/lib/ansible/modules/windows/win_firewall_rule.ps1 @@ -137,7 +137,8 @@ function New-FWRule if ($remoteAddresses -and $remoteAddresses -ne "any") { $rule.RemoteAddresses = $remoteAddresses } if ($direction) { $rule.Direction = Parse-Direction -directionStr $direction } if ($action) { $rule.Action = Parse-Action -actionStr $action } - if ($profiles) { $rule.Profiles = Parse-Profiles -profilesStr $profiles } + # Profiles value cannot be a uint32, but the "all profiles" value (0x7FFFFFFF) will often become a uint32, so must cast to [int] + if ($profiles) { $rule.Profiles = [int](Parse-Profiles -profilesStr $profiles) } if ($interfaceTypes -and $interfaceTypes -ne "any") { $rule.InterfaceTypes = Parse-InterfaceTypes -interfaceTypesStr $interfaceTypes } if ($edgeTraversalOptions -and $edgeTraversalOptions -ne "no") { # EdgeTraversalOptions property exists only from Windows 7/Windows Server 2008 R2: https://msdn.microsoft.com/en-us/library/windows/desktop/dd607256(v=vs.85).aspx @@ -256,7 +257,14 @@ try { } if (-not $check_mode) { - $existingRule.$prop = $rule.$prop + # Profiles value cannot be a uint32, but the "all profiles" value (0x7FFFFFFF) will often become a uint32, so must cast to [int] + # to prevent InvalidCastException under PS5+ + If($prop -eq 'Profiles') { + $existingRule.Profiles = [int] $rule.$prop + } + Else { + $existingRule.$prop = $rule.$prop + } } $result.changed = $true } @@ -270,7 +278,9 @@ try { } } } catch [Exception] { - Fail-Json $result $_.Exception.Message + $ex = $_ + $result['exception'] = $($ex | Out-String) + Fail-Json $result $ex.Exception.Message } Exit-Json $result diff --git a/test/integration/targets/win_firewall_rule/tasks/main.yml b/test/integration/targets/win_firewall_rule/tasks/main.yml index b847367ee5e..c014794a160 100644 --- a/test/integration/targets/win_firewall_rule/tasks/main.yml +++ b/test/integration/targets/win_firewall_rule/tasks/main.yml @@ -325,3 +325,20 @@ - add_firewall_rule_with_secure_flags.changed == true # Works on windows >= Windows 8/Windows Server 2012 when: ansible_distribution_version | version_compare('6.2', '>=') + +- name: Set firewall rule profile back to 'all' + win_firewall_rule: + name: http + enabled: yes + state: present + localport: 80 + action: allow + direction: in + protocol: tcp + profiles: 'Domain,Public,Private' + register: add_firewall_rule_with_string_profiles + +- name: Check that setting firewall rule profile back to 'all' succeeds with a change + assert: + that: + - add_firewall_rule_with_string_profiles.changed == true