mirror of https://github.com/ansible/ansible.git
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
136 lines
4.1 KiB
Python
136 lines
4.1 KiB
Python
#!/usr/bin/python
|
|
# Copyright (c) 2017 Ansible Project
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
ANSIBLE_METADATA = {'metadata_version': '1.1',
|
|
'status': ['preview'],
|
|
'supported_by': 'community'}
|
|
|
|
DOCUMENTATION = '''
|
|
module: aws_waf_facts
|
|
short_description: Retrieve facts for WAF ACLs, Rule , Conditions and Filters.
|
|
description:
|
|
- Retrieve facts for WAF ACLs, Rule , Conditions and Filters.
|
|
version_added: "2.4"
|
|
requirements: [ boto3 ]
|
|
options:
|
|
name:
|
|
description:
|
|
- The name of a Web Application Firewall
|
|
|
|
author:
|
|
- Mike Mochan (@mmochan)
|
|
- Will Thames (@willthames)
|
|
extends_documentation_fragment:
|
|
- aws
|
|
- ec2
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
- name: obtain all WAF facts
|
|
aws_waf_facts:
|
|
|
|
- name: obtain all facts for a single WAF
|
|
aws_waf_facts:
|
|
name: test_waf
|
|
'''
|
|
|
|
RETURN = '''
|
|
wafs:
|
|
description: The WAFs that match the passed arguments
|
|
returned: success
|
|
type: complex
|
|
contains:
|
|
name:
|
|
description: A friendly name or description of the WebACL
|
|
returned: always
|
|
type: string
|
|
sample: test_waf
|
|
default_action:
|
|
description: The action to perform if none of the Rules contained in the WebACL match.
|
|
returned: always
|
|
type: int
|
|
sample: BLOCK
|
|
metric_name:
|
|
description: A friendly name or description for the metrics for this WebACL
|
|
returned: always
|
|
type: string
|
|
sample: test_waf_metric
|
|
rules:
|
|
description: An array that contains the action for each Rule in a WebACL , the priority of the Rule
|
|
returned: always
|
|
type: complex
|
|
contains:
|
|
action:
|
|
description: The action to perform if the Rule matches
|
|
returned: always
|
|
type: string
|
|
sample: BLOCK
|
|
metric_name:
|
|
description: A friendly name or description for the metrics for this Rule
|
|
returned: always
|
|
type: string
|
|
sample: ipblockrule
|
|
name:
|
|
description: A friendly name or description of the Rule
|
|
returned: always
|
|
type: string
|
|
sample: ip_block_rule
|
|
predicates:
|
|
description: The Predicates list contains a Predicate for each
|
|
ByteMatchSet, IPSet, SizeConstraintSet, SqlInjectionMatchSet or XssMatchSet
|
|
object in a Rule
|
|
returned: always
|
|
type: list
|
|
sample:
|
|
[
|
|
{
|
|
"byte_match_set_id": "47b822b5-abcd-1234-faaf-1234567890",
|
|
"byte_match_tuples": [
|
|
{
|
|
"field_to_match": {
|
|
"type": "QUERY_STRING"
|
|
},
|
|
"positional_constraint": "STARTS_WITH",
|
|
"target_string": "bobbins",
|
|
"text_transformation": "NONE"
|
|
}
|
|
],
|
|
"name": "bobbins",
|
|
"negated": false,
|
|
"type": "ByteMatch"
|
|
}
|
|
]
|
|
'''
|
|
|
|
from ansible.module_utils.aws.core import AnsibleAWSModule
|
|
from ansible.module_utils.ec2 import boto3_conn, ec2_argument_spec, get_aws_connection_info
|
|
from ansible.module_utils.aws.waf import list_web_acls, get_web_acl
|
|
|
|
|
|
def main():
|
|
argument_spec = ec2_argument_spec()
|
|
argument_spec.update(
|
|
dict(
|
|
name=dict(required=False),
|
|
)
|
|
)
|
|
module = AnsibleAWSModule(argument_spec=argument_spec, supports_check_mode=True)
|
|
|
|
region, ec2_url, aws_connect_kwargs = get_aws_connection_info(module, boto3=True)
|
|
client = boto3_conn(module, conn_type='client', resource='waf', region=region, endpoint=ec2_url, **aws_connect_kwargs)
|
|
|
|
web_acls = list_web_acls(client, module)
|
|
name = module.params['name']
|
|
if name:
|
|
web_acls = [web_acl for web_acl in web_acls if
|
|
web_acl['Name'] == name]
|
|
if not web_acls:
|
|
module.fail_json(msg="WAF named %s not found" % name)
|
|
module.exit_json(wafs=[get_web_acl(client, module, web_acl['WebACLId'])
|
|
for web_acl in web_acls])
|
|
|
|
|
|
if __name__ == '__main__':
|
|
main()
|