forked from ansible-collections/community.aws
/
wafv2_web_acl_info.py
154 lines (132 loc) · 3.94 KB
/
wafv2_web_acl_info.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#!/usr/bin/python
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import absolute_import, division, print_function
__metaclass__ = type
DOCUMENTATION = '''
---
module: wafv2_web_acl_info
version_added: 1.5.0
author:
- "Markus Bergholz (@markuman)"
short_description: wafv2_web_acl
description:
- Info about web acl
options:
name:
description:
- The name of the web acl.
required: true
type: str
scope:
description:
- Scope of wafv2 web acl.
required: true
choices: ["CLOUDFRONT", "REGIONAL"]
type: str
extends_documentation_fragment:
- amazon.aws.aws
- amazon.aws.ec2
'''
EXAMPLES = '''
- name: get web acl
community.aws.wafv2_web_acl_info:
name: test05
scope: REGIONAL
register: out
'''
RETURN = """
arn:
description: web acl arn
sample: arn:aws:wafv2:eu-central-1:11111111:regional/webacl/test05/318c1ab9-fa74-4b3b-a974-f92e25106f61
type: str
returned: Always, as long as the web acl exists
description:
description: Description of the web acl
sample: Some web acl description
returned: Always, as long as the web acl exists
type: str
capacity:
description: Current capacity of the web acl
sample: 140
returned: Always, as long as the web acl exists
type: int
name:
description: Web acl name
sample: test02
returned: Always, as long as the web acl exists
type: str
rules:
description: Current rules of the web acl
returned: Always, as long as the web acl exists
type: list
sample:
- name: admin_protect
override_action:
none: {}
priority: 1
statement:
managed_rule_group_statement:
name: AWSManagedRulesAdminProtectionRuleSet
vendor_name: AWS
visibility_config:
cloud_watch_metrics_enabled: true
metric_name: admin_protect
sampled_requests_enabled: true
visibility_config:
description: Visibility config of the web acl
returned: Always, as long as the web acl exists
type: dict
sample:
cloud_watch_metrics_enabled: true
metric_name: blub
sampled_requests_enabled: false
"""
try:
from botocore.exceptions import ClientError, BotoCoreError
except ImportError:
pass # caught by AnsibleAWSModule
from ansible_collections.amazon.aws.plugins.module_utils.core import AnsibleAWSModule
from ansible_collections.amazon.aws.plugins.module_utils.ec2 import camel_dict_to_snake_dict
from ansible_collections.community.aws.plugins.module_utils.wafv2 import describe_wafv2_tags
from ansible_collections.community.aws.plugins.module_utils.wafv2 import wafv2_list_web_acls
def get_web_acl(wafv2, name, scope, id, fail_json_aws):
try:
response = wafv2.get_web_acl(
Name=name,
Scope=scope,
Id=id
)
except (BotoCoreError, ClientError) as e:
fail_json_aws(e, msg="Failed to get wafv2 web acl.")
return response
def main():
arg_spec = dict(
name=dict(type='str', required=True),
scope=dict(type='str', required=True, choices=['CLOUDFRONT', 'REGIONAL'])
)
module = AnsibleAWSModule(
argument_spec=arg_spec,
supports_check_mode=True,
)
state = module.params.get("state")
name = module.params.get("name")
scope = module.params.get("scope")
wafv2 = module.client('wafv2')
# check if web acl exists
response = wafv2_list_web_acls(wafv2, scope, module.fail_json_aws)
id = None
arn = None
retval = {}
for item in response.get('WebACLs'):
if item.get('Name') == name:
id = item.get('Id')
arn = item.get('ARN')
if id:
existing_acl = get_web_acl(wafv2, name, scope, id, module.fail_json_aws)
retval = camel_dict_to_snake_dict(existing_acl.get('WebACL'))
tags = describe_wafv2_tags(wafv2, arn, module.fail_json_aws)
retval['tags'] = tags
module.exit_json(**retval)
if __name__ == '__main__':
main()