Skip to content

Commit d00c335

Browse files
JanaHochJanaHoch
committed
proxmox_firewall: new_module for firewall config
- Added method to get FW rules at cluster, node, vm, vnet levels
1 parent 6099b49 commit d00c335

File tree

1 file changed

+122
-0
lines changed

1 file changed

+122
-0
lines changed

plugins/modules/proxmox_firewall.py

Lines changed: 122 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,122 @@
1+
#!/usr/bin/python
2+
# -*- coding: utf-8 -*-
3+
#
4+
# Copyright (c) 2025, Jana Hoch <[email protected]>
5+
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
6+
# SPDX-License-Identifier: GPL-3.0-or-later
7+
8+
from __future__ import absolute_import, division, print_function
9+
10+
__metaclass__ = type
11+
12+
DOCUMENTATION = r""""""
13+
14+
EXAMPLES = r""""""
15+
16+
RETURN = r""""""
17+
18+
from ansible.module_utils.basic import AnsibleModule
19+
from ansible_collections.community.proxmox.plugins.module_utils.proxmox import (
20+
proxmox_auth_argument_spec,
21+
ansible_to_proxmox_bool,
22+
ProxmoxAnsible
23+
)
24+
25+
26+
def get_proxmox_args():
27+
return dict(
28+
state=dict(type="str", choices=["present", "absent", "update"], required=False),
29+
force=dict(type="bool", default=False, required=False),
30+
level=dict(type="str", choices=["cluster", "node", "vm", "vnet"], default="cluster", required=False),
31+
node=dict(type="str", required=False),
32+
vmid=dict(type="int", required=False),
33+
vnet=dict(type="str", required=False)
34+
)
35+
36+
37+
def get_ansible_module():
38+
module_args = proxmox_auth_argument_spec()
39+
module_args.update(get_proxmox_args())
40+
41+
return AnsibleModule(
42+
argument_spec=module_args,
43+
required_if=[
44+
]
45+
)
46+
47+
48+
class ProxmoxFirewallAnsible(ProxmoxAnsible):
49+
def __init__(self, module):
50+
super(ProxmoxFirewallAnsible, self).__init__(module)
51+
self.params = module.params
52+
53+
def run(self):
54+
state = self.params.get("state")
55+
force = self.params.get("force")
56+
level = self.params.get("level")
57+
58+
if level == "vm":
59+
rules = self.get_vmid_fw_rules(vmid=self.params['vmid'])
60+
elif level == "node":
61+
rules = self.get_node_fw_rules(node=self.params['node'])
62+
elif level == "vnet":
63+
rules = self.get_vnet_fw_rules(vnet=self.params['vnet'])
64+
else:
65+
rules = self.get_cluster_fw_rules()
66+
self.module.exit_json(
67+
changed=False, firewall_rules=rules, msg=f'successfully retrieved firewall rules'
68+
)
69+
70+
def get_vnet_fw_rules(self, vnet, pos=None):
71+
try:
72+
vnet = getattr(self.proxmox_api.cluster().sdn().vnets(), vnet)
73+
return vnet().firewall().rules().get()
74+
except Exception as e:
75+
self.module.fail_json(
76+
msg=f'Failed to retrieve vnet level firewall rules: {e}'
77+
)
78+
79+
def get_cluster_fw_rules(self, pos=None):
80+
try:
81+
return self.proxmox_api.cluster().firewall().rules().get(pos=pos)
82+
except Exception as e:
83+
self.module.fail_json(
84+
msg=f'Failed to retrieve cluster level firewall rules: {e}'
85+
)
86+
87+
def get_node_fw_rules(self, node, pos=None):
88+
try:
89+
node = getattr(self.proxmox_api.nodes(), node)
90+
return node().firewall().rules().get(pos=pos)
91+
except Exception as e:
92+
self.module.fail_json(
93+
msg=f'Failed to retrieve cluster level firewall rules: {e}'
94+
)
95+
96+
def get_vmid_fw_rules(self, vmid, pos=None):
97+
try:
98+
vm = self.get_vm(vmid=vmid)
99+
100+
node = getattr(self.proxmox_api.nodes(), vm['node'])
101+
virt = getattr(node(), vm['type'])
102+
vm = getattr(virt(), vmid)
103+
104+
return vm().firewall().rules().get()
105+
except Exception as e:
106+
self.module.fail_json(
107+
msg=f'Failed to retrieve firewall rules for vmid - {vmid}: {e}'
108+
)
109+
110+
111+
def main():
112+
module = get_ansible_module()
113+
proxmox = ProxmoxFirewallAnsible(module)
114+
115+
try:
116+
proxmox.run()
117+
except Exception as e:
118+
module.fail_json(msg=f'An error occurred: {e}')
119+
120+
121+
if __name__ == "__main__":
122+
main()

0 commit comments

Comments
 (0)