From a3ee69a30309b684d593cebac2a63f0152b105f3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lukas=20K=C3=A4mmerling?=
 <lukas.kaemmerling@hetzner-cloud.de>
Date: Thu, 27 May 2021 08:13:57 +0200
Subject: [PATCH] Improve handling of out rules in hcloud_firewall (#89)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Lukas Kämmerling <lukas.kaemmerling@hetzner-cloud.de>
---
 plugins/modules/hcloud_firewall.py            | 12 ++++++------
 .../targets/hcloud_firewall/tasks/main.yml    | 19 ++++++++++++++++---
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/plugins/modules/hcloud_firewall.py b/plugins/modules/hcloud_firewall.py
index 32bb817..83df359 100644
--- a/plugins/modules/hcloud_firewall.py
+++ b/plugins/modules/hcloud_firewall.py
@@ -221,8 +221,8 @@ class AnsibleHcloudFirewall(Hcloud):
                 FirewallRule(
                     direction=rule["direction"],
                     protocol=rule["protocol"],
-                    source_ips=rule["source_ips"],
-                    destination_ips=rule["destination_ips"],
+                    source_ips=rule["source_ips"] if rule["source_ips"] is not None else [],
+                    destination_ips=rule["destination_ips"] if rule["destination_ips"] is not None else [],
                     port=rule["port"]
                 )
                 for rule in rules
@@ -258,8 +258,8 @@ class AnsibleHcloudFirewall(Hcloud):
                     FirewallRule(
                         direction=rule["direction"],
                         protocol=rule["protocol"],
-                        source_ips=rule["source_ips"],
-                        destination_ips=rule["destination_ips"],
+                        source_ips=rule["source_ips"] if rule["source_ips"] is not None else [],
+                        destination_ips=rule["destination_ips"] if rule["destination_ips"] is not None else [],
                         port=rule["port"]
                     )
                     for rule in rules
@@ -296,10 +296,10 @@ class AnsibleHcloudFirewall(Hcloud):
                         direction={"type": "str", "choices": ["in", "out"]},
                         protocol={"type": "str", "choices": ["icmp", "udp", "tcp"]},
                         port={"type": "str"},
-                        source_ips={"type": "list", "elements": "str"},
+                        source_ips={"type": "list", "elements": "str", "default": []},
                         destination_ips={"type": "list", "elements": "str", "default": []},
                     ),
-                    required_together=[["direction", "protocol", "source_ips"]]
+                    required_together=[["direction", "protocol"]],
                 ),
                 labels={"type": "dict"},
                 state={
diff --git a/tests/integration/targets/hcloud_firewall/tasks/main.yml b/tests/integration/targets/hcloud_firewall/tasks/main.yml
index e59da36..28b5372 100644
--- a/tests/integration/targets/hcloud_firewall/tasks/main.yml
+++ b/tests/integration/targets/hcloud_firewall/tasks/main.yml
@@ -81,6 +81,12 @@
         source_ips:
           - 0.0.0.0/0
           - ::/0
+      - direction: out
+        protocol: tcp
+        port: 80
+        destination_ips:
+          - 0.0.0.0/0
+          - ::/0
     labels:
       key: value
       my-label: label
@@ -90,11 +96,12 @@
     that:
       - firewall is changed
       - firewall.hcloud_firewall.name == "{{ hcloud_firewall_name }}"
-      - firewall.hcloud_firewall.rules | list | count == 2
+      - firewall.hcloud_firewall.rules | list | count == 3
       - firewall.hcloud_firewall.rules | selectattr('direction','equalto','in') | list | count == 2
+      - firewall.hcloud_firewall.rules | selectattr('direction','equalto','out') | list | count == 1
       - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','icmp') | list | count == 1
-      - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','tcp') | list | count == 1
-      - firewall.hcloud_firewall.rules | selectattr('port','equalto','80') | list | count == 1
+      - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','tcp') | list | count == 2
+      - firewall.hcloud_firewall.rules | selectattr('port','equalto','80') | list | count == 2
 
 - name: test update firewall rules idempotence
   hcloud_firewall:
@@ -111,6 +118,12 @@
         source_ips:
           - 0.0.0.0/0
           - ::/0
+      - direction: out
+        protocol: tcp
+        port: 80
+        destination_ips:
+          - 0.0.0.0/0
+          - ::/0
     labels:
       key: value
       my-label: label