Add description field to firewall rules

2026-02-04 08:01:49 +00:00 · 2021-08-03 15:01:45 +02:00 · 2021-08-03 15:01:45 +02:00 · e7e8a4e316
commit e7e8a4e316
parent c1b3c0e5b1
3 changed files with 24 additions and 3 deletions
--- a/changelogs/fragments/hcloud_firewall-add-description-field-to-rules.yml
+++ b/changelogs/fragments/hcloud_firewall-add-description-field-to-rules.yml
@ -0,0 +1,2 @@
+minor_changes:
+  - hcloud_firewall Add description field to firewall rules
--- a/plugins/modules/hcloud_firewall.py
+++ b/plugins/modules/hcloud_firewall.py
@ -66,6 +66,10 @@ options:
                    - List of CIDRs that are allowed within this rule
                type: list
                elements: str
+            description:
+                description:
+                    - User defined description of this rule.
+                type: str
    state:
        description:
            - State of the firewall.
@ -91,6 +95,7 @@ EXAMPLES = """
         source_ips:
           - 0.0.0.0/0
           - ::/0
+         description: allow icmp in
    state: present

 - name: Create a firewall with labels
@ -153,6 +158,10 @@ hcloud_firewall:
                    type: list
                    elements: str
                    returned: always
+                description:
+                    description: User defined description of the Firewall Rule
+                    type: str
+                    returned: always
        labels:
            description: User-defined labels (key-value pairs)
            returned: always
@ -190,7 +199,8 @@ class AnsibleHcloudFirewall(Hcloud):
            "protocol": to_native(rule.protocol),
            "port": to_native(rule.port) if rule.port is not None else None,
            "source_ips": [to_native(cidr) for cidr in rule.source_ips],
-            "destination_ips": [to_native(cidr) for cidr in rule.destination_ips]
+            "destination_ips": [to_native(cidr) for cidr in rule.destination_ips],
+            "description": to_native(rule.description) if rule.description is not None else None,
        }

    def _get_firewall(self):
@ -223,7 +233,8 @@ class AnsibleHcloudFirewall(Hcloud):
                    protocol=rule["protocol"],
                    source_ips=rule["source_ips"] if rule["source_ips"] is not None else [],
                    destination_ips=rule["destination_ips"] if rule["destination_ips"] is not None else [],
-                    port=rule["port"]
+                    port=rule["port"],
+                    description=rule["description"],
                )
                for rule in rules
            ]
@ -260,7 +271,8 @@ class AnsibleHcloudFirewall(Hcloud):
                        protocol=rule["protocol"],
                        source_ips=rule["source_ips"] if rule["source_ips"] is not None else [],
                        destination_ips=rule["destination_ips"] if rule["destination_ips"] is not None else [],
-                        port=rule["port"]
+                        port=rule["port"],
+                        description=rule["description"],
                    )
                    for rule in rules
                ]
@ -298,6 +310,7 @@ class AnsibleHcloudFirewall(Hcloud):
                        port={"type": "str"},
                        source_ips={"type": "list", "elements": "str", "default": []},
                        destination_ips={"type": "list", "elements": "str", "default": []},
+                        description={"type": "str"},
                    ),
                    required_together=[["direction", "protocol"]],
                ),
--- a/tests/integration/targets/hcloud_firewall/tasks/main.yml
+++ b/tests/integration/targets/hcloud_firewall/tasks/main.yml
@ -35,6 +35,7 @@
        source_ips:
          - 0.0.0.0/0
          - ::/0
+        description: "allow icmp in"
    labels:
      key: value
      my-label: label
@ -47,6 +48,7 @@
      - firewall.hcloud_firewall.rules | list | count == 1
      - firewall.hcloud_firewall.rules | selectattr('direction','equalto','in') | list | count == 1
      - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','icmp') | list | count == 1
+      - firewall.hcloud_firewall.rules | selectattr('description', 'equalto', 'allow icmp in') | list | count == 1

 - name: test create firewall idempotence
  hcloud_firewall:
@ -57,6 +59,7 @@
        source_ips:
          - 0.0.0.0/0
          - ::/0
+        description: "allow icmp in"
    labels:
      key: value
      my-label: label
@ -87,6 +90,7 @@
        destination_ips:
          - 0.0.0.0/0
          - ::/0
+        description: allow tcp out
    labels:
      key: value
      my-label: label
@ -102,6 +106,7 @@
      - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','icmp') | list | count == 1
      - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','tcp') | list | count == 2
      - firewall.hcloud_firewall.rules | selectattr('port','equalto','80') | list | count == 2
+      - firewall.hcloud_firewall.rules | selectattr('description', 'equalto', 'allow tcp out') | list | count == 1

 - name: test update firewall rules idempotence
  hcloud_firewall:
@ -124,6 +129,7 @@
        destination_ips:
          - 0.0.0.0/0
          - ::/0
+        description: allow tcp out
    labels:
      key: value
      my-label: label