From 3bb2a70c144480e1a51f0a7aff33162580147144 Mon Sep 17 00:00:00 2001 From: Mark Chappell Date: Mon, 4 Jul 2022 10:48:19 +0200 Subject: [PATCH] Rename WAF (v1) modules (#1299) Rename WAF (v1) modules SUMMARY In line with the new naming guidelines drop "aws_" from the start of the WAFv1 modules ISSUE TYPE Feature Pull Request COMPONENT NAME plugins/modules/aws_waf_condition.py plugins/modules/aws_waf_info.py plugins/modules/aws_waf_rule.py plugins/modules/aws_waf_web_acl.py plugins/modules/waf_condition.py plugins/modules/waf_info.py plugins/modules/waf_rule.py plugins/modules/waf_web_acl.py ADDITIONAL INFORMATION Reviewed-by: Alina Buzachis --- README.md | 8 +- changelogs/fragments/1299-waf-renames.yml | 5 + ...=> community.aws.waf_condition_module.rst} | 25 +- ....rst => community.aws.waf_info_module.rst} | 21 +- ....rst => community.aws.waf_rule_module.rst} | 19 +- ...t => community.aws.waf_web_acl_module.rst} | 15 +- meta/runtime.yml | 16 ++ ...{aws_waf_condition.py => waf_condition.py} | 247 +++++++++--------- .../modules/{aws_waf_info.py => waf_info.py} | 21 +- .../modules/{aws_waf_rule.py => waf_rule.py} | 101 ++++--- .../{aws_waf_web_acl.py => waf_web_acl.py} | 124 ++++----- .../targets/aws_waf_web_acl/aliases | 12 - tests/integration/targets/waf_web_acl/aliases | 9 + .../meta/main.yml | 0 .../tasks/main.yml | 0 15 files changed, 324 insertions(+), 299 deletions(-) create mode 100644 changelogs/fragments/1299-waf-renames.yml rename docs/{community.aws.aws_waf_condition_module.rst => community.aws.waf_condition_module.rst} (99%) rename docs/{community.aws.aws_waf_info_module.rst => community.aws.waf_info_module.rst} (97%) rename docs/{community.aws.aws_waf_rule_module.rst => community.aws.waf_rule_module.rst} (98%) rename docs/{community.aws.aws_waf_web_acl_module.rst => community.aws.waf_web_acl_module.rst} (98%) rename plugins/modules/{aws_waf_condition.py => waf_condition.py} (84%) rename plugins/modules/{aws_waf_info.py => waf_info.py} (89%) rename plugins/modules/{aws_waf_rule.py => waf_rule.py} (86%) rename plugins/modules/{aws_waf_web_acl.py => waf_web_acl.py} (83%) delete mode 100644 tests/integration/targets/aws_waf_web_acl/aliases create mode 100644 tests/integration/targets/waf_web_acl/aliases rename tests/integration/targets/{aws_waf_web_acl => waf_web_acl}/meta/main.yml (100%) rename tests/integration/targets/{aws_waf_web_acl => waf_web_acl}/tasks/main.yml (100%) diff --git a/README.md b/README.md index 8a977561530..d9aa702a0d7 100644 --- a/README.md +++ b/README.md @@ -56,10 +56,6 @@ Name | Description [community.aws.aws_ssm_parameter_store](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_ssm_parameter_store_module.rst)|Manage key-value pairs in AWS SSM parameter store [community.aws.aws_step_functions_state_machine](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_step_functions_state_machine_module.rst)|Manage AWS Step Functions state machines [community.aws.aws_step_functions_state_machine_execution](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_step_functions_state_machine_execution_module.rst)|Start or stop execution of an AWS Step Functions state machine. -[community.aws.aws_waf_condition](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_waf_condition_module.rst)|Create and delete WAF Conditions -[community.aws.aws_waf_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_waf_info_module.rst)|Retrieve information for WAF ACLs, Rule , Conditions and Filters. -[community.aws.aws_waf_rule](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_waf_rule_module.rst)|Create and delete WAF Rules -[community.aws.aws_waf_web_acl](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.aws_waf_web_acl_module.rst)|Create and delete WAF Web ACLs [community.aws.batch_compute_environment](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.batch_compute_environment_module.rst)|Manage AWS Batch Compute Environments [community.aws.batch_job_definition](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.batch_job_definition_module.rst)|Manage AWS Batch Job Definitions [community.aws.batch_job_queue](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.batch_job_queue_module.rst)|Manage AWS Batch Job Queues @@ -217,6 +213,10 @@ Name | Description [community.aws.storagegateway_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.storagegateway_info_module.rst)|Fetch AWS Storage Gateway information [community.aws.sts_assume_role](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.sts_assume_role_module.rst)|Assume a role using AWS Security Token Service and obtain temporary credentials [community.aws.sts_session_token](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.sts_session_token_module.rst)|Obtain a session token from the AWS Security Token Service +[community.aws.waf_condition](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.waf_condition_module.rst)|Create and delete WAF Conditions +[community.aws.waf_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.waf_info_module.rst)|Retrieve information for WAF ACLs, Rules, Conditions and Filters +[community.aws.waf_rule](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.waf_rule_module.rst)|Create and delete WAF Rules +[community.aws.waf_web_acl](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.waf_web_acl_module.rst)|Create and delete WAF Web ACLs [community.aws.wafv2_ip_set](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_ip_set_module.rst)|wafv2_ip_set [community.aws.wafv2_ip_set_info](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_ip_set_info_module.rst)|Get information about wafv2 ip sets [community.aws.wafv2_resources](https://github.com/ansible-collections/community.aws/blob/main/docs/community.aws.wafv2_resources_module.rst)|wafv2_web_acl diff --git a/changelogs/fragments/1299-waf-renames.yml b/changelogs/fragments/1299-waf-renames.yml new file mode 100644 index 00000000000..a54c9956aac --- /dev/null +++ b/changelogs/fragments/1299-waf-renames.yml @@ -0,0 +1,5 @@ +minor_changes: +- aws_waf_condition - the ``aws_waf_condition`` module has been renamed to ``waf_condition``, ``aws_waf_condition`` remains as an alias (https://github.com/ansible-collections/community.aws/pull/1299). +- aws_waf_info - the ``aws_waf_info`` module has been renamed to ``waf_info``, ``aws_waf_info`` remains as an alias (https://github.com/ansible-collections/community.aws/pull/1299). +- aws_waf_rule - the ``aws_waf_rule`` module has been renamed to ``waf_rule``, ``aws_waf_rule`` remains as an alias (https://github.com/ansible-collections/community.aws/pull/1299). +- aws_waf_web_acl - the ``aws_waf_web_acl`` module has been renamed to ``waf_web_acl``, ``aws_waf_web_acl`` remains as an alias (https://github.com/ansible-collections/community.aws/pull/1299). diff --git a/docs/community.aws.aws_waf_condition_module.rst b/docs/community.aws.waf_condition_module.rst similarity index 99% rename from docs/community.aws.aws_waf_condition_module.rst rename to docs/community.aws.waf_condition_module.rst index 2d48e0f263d..275813ab4f1 100644 --- a/docs/community.aws.aws_waf_condition_module.rst +++ b/docs/community.aws.waf_condition_module.rst @@ -1,9 +1,9 @@ -.. _community.aws.aws_waf_condition_module: +.. _community.aws.waf_condition_module: -******************************* -community.aws.aws_waf_condition -******************************* +*************************** +community.aws.waf_condition +*************************** **Create and delete WAF Conditions** @@ -18,6 +18,7 @@ Version added: 1.0.0 Synopsis -------- - Read the AWS documentation for WAF https://aws.amazon.com/documentation/waf/ +- Prior to release 5.0.0 this module was called ``community.aws.aws_waf_condition``. The usage did not change. @@ -569,7 +570,7 @@ Parameters -
Whether to use waf-regional module.
+
Whether to use waf-regional module.
@@ -592,7 +593,7 @@ Examples .. code-block:: yaml - name: create WAF byte condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_byte_condition filters: - field_to_match: header @@ -602,7 +603,7 @@ Examples type: byte - name: create WAF geo condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_geo_condition filters: - country: US @@ -611,7 +612,7 @@ Examples type: geo - name: create IP address condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "10.0.0.0/8" @@ -619,7 +620,7 @@ Examples type: ip - name: create WAF regex condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_regex_condition filters: - field_to_match: query_string @@ -632,7 +633,7 @@ Examples type: regex - name: create WAF size condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_size_condition filters: - field_to_match: query_string @@ -641,7 +642,7 @@ Examples type: size - name: create WAF sql injection condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_sql_condition filters: - field_to_match: query_string @@ -649,7 +650,7 @@ Examples type: sql - name: create WAF xss condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_xss_condition filters: - field_to_match: query_string diff --git a/docs/community.aws.aws_waf_info_module.rst b/docs/community.aws.waf_info_module.rst similarity index 97% rename from docs/community.aws.aws_waf_info_module.rst rename to docs/community.aws.waf_info_module.rst index f57c90518fc..d2d9cb7a006 100644 --- a/docs/community.aws.aws_waf_info_module.rst +++ b/docs/community.aws.waf_info_module.rst @@ -1,11 +1,11 @@ -.. _community.aws.aws_waf_info_module: +.. _community.aws.waf_info_module: -************************** -community.aws.aws_waf_info -************************** +********************** +community.aws.waf_info +********************** -**Retrieve information for WAF ACLs, Rule , Conditions and Filters.** +**Retrieve information for WAF ACLs, Rules, Conditions and Filters** Version added: 1.0.0 @@ -17,7 +17,8 @@ Version added: 1.0.0 Synopsis -------- -- Retrieve information for WAF ACLs, Rule , Conditions and Filters. +- Retrieve information for WAF ACLs, Rules, Conditions and Filters. +- Prior to release 5.0.0 this module was called ``community.aws.aws_waf_info``. The usage did not change. @@ -242,7 +243,7 @@ Parameters -
Whether to use the waf-regional module.
+
Whether to use the waf-regional module.
@@ -265,14 +266,14 @@ Examples .. code-block:: yaml - name: obtain all WAF information - community.aws.aws_waf_info: + community.aws.waf_info: - name: obtain all information for a single WAF - community.aws.aws_waf_info: + community.aws.waf_info: name: test_waf - name: obtain all information for a single WAF Regional - community.aws.aws_waf_info: + community.aws.waf_info: name: test_waf waf_regional: true diff --git a/docs/community.aws.aws_waf_rule_module.rst b/docs/community.aws.waf_rule_module.rst similarity index 98% rename from docs/community.aws.aws_waf_rule_module.rst rename to docs/community.aws.waf_rule_module.rst index 2c5f330748a..febdf55b173 100644 --- a/docs/community.aws.aws_waf_rule_module.rst +++ b/docs/community.aws.waf_rule_module.rst @@ -1,9 +1,9 @@ -.. _community.aws.aws_waf_rule_module: +.. _community.aws.waf_rule_module: -************************** -community.aws.aws_waf_rule -************************** +********************** +community.aws.waf_rule +********************** **Create and delete WAF Rules** @@ -18,6 +18,7 @@ Version added: 1.0.0 Synopsis -------- - Read the AWS documentation for WAF https://aws.amazon.com/documentation/waf/. +- Prior to release 5.0.0 this module was called ``community.aws.aws_waf_rule``. The usage did not change. @@ -120,7 +121,7 @@ Parameters -
List of conditions used in the rule. community.aws.aws_waf_condition can be used to create new conditions.
+
List of conditions used in the rule. community.aws.waf_condition can be used to create new conditions.
@@ -235,7 +236,7 @@ Parameters
A friendly name or description for the metrics for the rule.
-
The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace.
+
The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name may not contain whitespace.
You can't change metric_name after you create the rule.
Defaults to the same as name with disallowed characters removed.
@@ -379,7 +380,7 @@ Parameters -
Whether to use waf-regional module.
+
Whether to use waf-regional module.
@@ -402,7 +403,7 @@ Examples .. code-block:: yaml - name: create WAF rule - community.aws.aws_waf_rule: + community.aws.waf_rule: name: my_waf_rule conditions: - name: my_regex_condition @@ -416,7 +417,7 @@ Examples negated: yes - name: remove WAF rule - community.aws.aws_waf_rule: + community.aws.waf_rule: name: "my_waf_rule" state: absent diff --git a/docs/community.aws.aws_waf_web_acl_module.rst b/docs/community.aws.waf_web_acl_module.rst similarity index 98% rename from docs/community.aws.aws_waf_web_acl_module.rst rename to docs/community.aws.waf_web_acl_module.rst index 5587bc008d4..54da02531f6 100644 --- a/docs/community.aws.aws_waf_web_acl_module.rst +++ b/docs/community.aws.waf_web_acl_module.rst @@ -1,9 +1,9 @@ -.. _community.aws.aws_waf_web_acl_module: +.. _community.aws.waf_web_acl_module: -***************************** -community.aws.aws_waf_web_acl -***************************** +************************* +community.aws.waf_web_acl +************************* **Create and delete WAF Web ACLs** @@ -19,6 +19,7 @@ Synopsis -------- - Module for WAF classic, for WAF v2 use the *wafv2_** modules. - Read the AWS documentation for WAF https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html. +- Prior to release 5.0.0 this module was called ``community.aws.aws_waf_web_acl``. The usage did not change. @@ -408,7 +409,7 @@ Parameters -
Whether to use waf-regional module.
+
Whether to use waf-regional module.
@@ -431,7 +432,7 @@ Examples .. code-block:: yaml - name: create web ACL - community.aws.aws_waf_web_acl: + community.aws.waf_web_acl: name: my_web_acl rules: - name: my_rule @@ -442,7 +443,7 @@ Examples state: present - name: delete the web acl - community.aws.aws_waf_web_acl: + community.aws.waf_web_acl: name: my_web_acl state: absent diff --git a/meta/runtime.yml b/meta/runtime.yml index bb62596a1ef..81525370404 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -212,6 +212,10 @@ action_groups: - sts_assume_role - sts_session_token - storagegateway_info + - waf_condition + - waf_info + - waf_rule + - waf_web_acl - wafv2_ip_set - wafv2_ip_set_info - wafv2_resources @@ -285,6 +289,18 @@ plugin_routing: aws_sgw_info: # Deprecation for this alias should not *start* prior to 2024-09-01 redirect: community.aws.storagegateway_info + aws_waf_condition: + # Deprecation for this alias should not *start* prior to 2024-09-01 + redirect: community.aws.waf_condition + aws_waf_info: + # Deprecation for this alias should not *start* prior to 2024-09-01 + redirect: community.aws.waf_info + aws_waf_rule: + # Deprecation for this alias should not *start* prior to 2024-09-01 + redirect: community.aws.waf_rule + aws_waf_web_acl: + # Deprecation for this alias should not *start* prior to 2024-09-01 + redirect: community.aws.waf_web_acl ec2_elb: redirect: community.aws.elb_instance ec2_instance: diff --git a/plugins/modules/aws_waf_condition.py b/plugins/modules/waf_condition.py similarity index 84% rename from plugins/modules/aws_waf_condition.py rename to plugins/modules/waf_condition.py index 77f66f9f767..b948ec9a81f 100644 --- a/plugins/modules/aws_waf_condition.py +++ b/plugins/modules/waf_condition.py @@ -8,138 +8,139 @@ DOCUMENTATION = r''' -module: aws_waf_condition +module: waf_condition short_description: Create and delete WAF Conditions version_added: 1.0.0 description: - Read the AWS documentation for WAF U(https://aws.amazon.com/documentation/waf/) + - Prior to release 5.0.0 this module was called C(community.aws.aws_waf_condition). + The usage did not change. author: - Will Thames (@willthames) - Mike Mochan (@mmochan) extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.ec2 options: - name: - description: Name of the Web Application Firewall condition to manage. - required: true - type: str - type: - description: The type of matching to perform. - choices: - - byte - - geo - - ip - - regex - - size - - sql - - xss - type: str - required: true - filters: - description: - - A list of the filters against which to match. - - For I(type=byte), valid keys are I(field_to_match), I(position), I(header), I(transformation) and I(target_string). - - For I(type=geo), the only valid key is I(country). - - For I(type=ip), the only valid key is I(ip_address). - - For I(type=regex), valid keys are I(field_to_match), I(transformation) and I(regex_pattern). - - For I(type=size), valid keys are I(field_to_match), I(transformation), I(comparison) and I(size). - - For I(type=sql), valid keys are I(field_to_match) and I(transformation). - - For I(type=xss), valid keys are I(field_to_match) and I(transformation). - - Required when I(state=present). - type: list - elements: dict - suboptions: - field_to_match: - description: - - The field upon which to perform the match. - - Valid when I(type=byte), I(type=regex), I(type=sql) or I(type=xss). - type: str - choices: ['uri', 'query_string', 'header', 'method', 'body'] - position: - description: - - Where in the field the match needs to occur. - - Only valid when I(type=byte). - type: str - choices: ['exactly', 'starts_with', 'ends_with', 'contains', 'contains_word'] - header: - description: - - Which specific header should be matched. - - Required when I(field_to_match=header). - - Valid when I(type=byte). - type: str - transformation: - description: - - A transform to apply on the field prior to performing the match. - - Valid when I(type=byte), I(type=regex), I(type=sql) or I(type=xss). - type: str - choices: ['none', 'compress_white_space', 'html_entity_decode', 'lowercase', 'cmd_line', 'url_decode'] - country: - description: - - Value of geo constraint (typically a two letter country code). - - The only valid key when I(type=geo). - type: str - ip_address: - description: - - An IP Address or CIDR to match. - - The only valid key when I(type=ip). - type: str - regex_pattern: - description: - - A dict describing the regular expressions used to perform the match. - - Only valid when I(type=regex). - type: dict - suboptions: - name: - description: A name to describe the set of patterns. - type: str - regex_strings: - description: A list of regular expressions to match. - type: list - elements: str - comparison: - description: - - What type of comparison to perform. - - Only valid key when I(type=size). - type: str - choices: ['EQ', 'NE', 'LE', 'LT', 'GE', 'GT'] - size: - description: - - The size of the field (in bytes). - - Only valid key when I(type=size). - type: int - target_string: - description: - - The string to search for. - - May be up to 50 bytes. - - Valid when I(type=byte). - type: str - purge_filters: - description: - - Whether to remove existing filters from a condition if not passed in I(filters). - default: false - type: bool - waf_regional: - description: Whether to use waf-regional module. - default: false - required: no - type: bool - state: - description: Whether the condition should be C(present) or C(absent). - choices: - - present - - absent - default: present - type: str - + name: + description: Name of the Web Application Firewall condition to manage. + required: true + type: str + type: + description: The type of matching to perform. + choices: + - byte + - geo + - ip + - regex + - size + - sql + - xss + type: str + required: true + filters: + description: + - A list of the filters against which to match. + - For I(type=byte), valid keys are I(field_to_match), I(position), I(header), I(transformation) and I(target_string). + - For I(type=geo), the only valid key is I(country). + - For I(type=ip), the only valid key is I(ip_address). + - For I(type=regex), valid keys are I(field_to_match), I(transformation) and I(regex_pattern). + - For I(type=size), valid keys are I(field_to_match), I(transformation), I(comparison) and I(size). + - For I(type=sql), valid keys are I(field_to_match) and I(transformation). + - For I(type=xss), valid keys are I(field_to_match) and I(transformation). + - Required when I(state=present). + type: list + elements: dict + suboptions: + field_to_match: + description: + - The field upon which to perform the match. + - Valid when I(type=byte), I(type=regex), I(type=sql) or I(type=xss). + type: str + choices: ['uri', 'query_string', 'header', 'method', 'body'] + position: + description: + - Where in the field the match needs to occur. + - Only valid when I(type=byte). + type: str + choices: ['exactly', 'starts_with', 'ends_with', 'contains', 'contains_word'] + header: + description: + - Which specific header should be matched. + - Required when I(field_to_match=header). + - Valid when I(type=byte). + type: str + transformation: + description: + - A transform to apply on the field prior to performing the match. + - Valid when I(type=byte), I(type=regex), I(type=sql) or I(type=xss). + type: str + choices: ['none', 'compress_white_space', 'html_entity_decode', 'lowercase', 'cmd_line', 'url_decode'] + country: + description: + - Value of geo constraint (typically a two letter country code). + - The only valid key when I(type=geo). + type: str + ip_address: + description: + - An IP Address or CIDR to match. + - The only valid key when I(type=ip). + type: str + regex_pattern: + description: + - A dict describing the regular expressions used to perform the match. + - Only valid when I(type=regex). + type: dict + suboptions: + name: + description: A name to describe the set of patterns. + type: str + regex_strings: + description: A list of regular expressions to match. + type: list + elements: str + comparison: + description: + - What type of comparison to perform. + - Only valid key when I(type=size). + type: str + choices: ['EQ', 'NE', 'LE', 'LT', 'GE', 'GT'] + size: + description: + - The size of the field (in bytes). + - Only valid key when I(type=size). + type: int + target_string: + description: + - The string to search for. + - May be up to 50 bytes. + - Valid when I(type=byte). + type: str + purge_filters: + description: + - Whether to remove existing filters from a condition if not passed in I(filters). + default: false + type: bool + waf_regional: + description: Whether to use C(waf-regional) module. + default: false + required: no + type: bool + state: + description: Whether the condition should be C(present) or C(absent). + choices: + - present + - absent + default: present + type: str ''' EXAMPLES = r''' - name: create WAF byte condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_byte_condition filters: - field_to_match: header @@ -149,7 +150,7 @@ type: byte - name: create WAF geo condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_geo_condition filters: - country: US @@ -158,7 +159,7 @@ type: geo - name: create IP address condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: "{{ resource_prefix }}_ip_condition" filters: - ip_address: "10.0.0.0/8" @@ -166,7 +167,7 @@ type: ip - name: create WAF regex condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_regex_condition filters: - field_to_match: query_string @@ -179,7 +180,7 @@ type: regex - name: create WAF size condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_size_condition filters: - field_to_match: query_string @@ -188,7 +189,7 @@ type: size - name: create WAF sql injection condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_sql_condition filters: - field_to_match: query_string @@ -196,7 +197,7 @@ type: sql - name: create WAF xss condition - community.aws.aws_waf_condition: + community.aws.waf_condition: name: my_xss_condition filters: - field_to_match: query_string @@ -728,7 +729,7 @@ def main(): if state == 'present': (changed, results) = condition.ensure_condition_present() - # return a condition agnostic ID for use by aws_waf_rule + # return a condition agnostic ID for use by waf_rule results['ConditionId'] = results[condition.conditionsetid] else: (changed, results) = condition.ensure_condition_absent() diff --git a/plugins/modules/aws_waf_info.py b/plugins/modules/waf_info.py similarity index 89% rename from plugins/modules/aws_waf_info.py rename to plugins/modules/waf_info.py index 838f9491dfd..81538e62923 100644 --- a/plugins/modules/aws_waf_info.py +++ b/plugins/modules/waf_info.py @@ -7,18 +7,20 @@ DOCUMENTATION = ''' -module: aws_waf_info -short_description: Retrieve information for WAF ACLs, Rule , Conditions and Filters. +module: waf_info +short_description: Retrieve information for WAF ACLs, Rules, Conditions and Filters version_added: 1.0.0 description: - - Retrieve information for WAF ACLs, Rule , Conditions and Filters. + - Retrieve information for WAF ACLs, Rules, Conditions and Filters. + - Prior to release 5.0.0 this module was called C(community.aws.aws_waf_info). + The usage did not change. options: name: description: - The name of a Web Application Firewall. type: str waf_regional: - description: Whether to use the waf-regional module. + description: Whether to use the C(waf-regional) module. default: false required: no type: bool @@ -27,21 +29,20 @@ - Mike Mochan (@mmochan) - Will Thames (@willthames) extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 - + - amazon.aws.aws + - amazon.aws.ec2 ''' EXAMPLES = ''' - name: obtain all WAF information - community.aws.aws_waf_info: + community.aws.waf_info: - name: obtain all information for a single WAF - community.aws.aws_waf_info: + community.aws.waf_info: name: test_waf - name: obtain all information for a single WAF Regional - community.aws.aws_waf_info: + community.aws.waf_info: name: test_waf waf_regional: true ''' diff --git a/plugins/modules/aws_waf_rule.py b/plugins/modules/waf_rule.py similarity index 86% rename from plugins/modules/aws_waf_rule.py rename to plugins/modules/waf_rule.py index f5701b2ff00..188c6de9df6 100644 --- a/plugins/modules/aws_waf_rule.py +++ b/plugins/modules/waf_rule.py @@ -8,74 +8,73 @@ DOCUMENTATION = r''' -module: aws_waf_rule +module: waf_rule short_description: Create and delete WAF Rules version_added: 1.0.0 description: - Read the AWS documentation for WAF U(https://aws.amazon.com/documentation/waf/). + - Prior to release 5.0.0 this module was called C(community.aws.aws_waf_rule). + The usage did not change. author: - Mike Mochan (@mmochan) - Will Thames (@willthames) extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.ec2 options: - name: - description: Name of the Web Application Firewall rule. - required: yes - type: str - metric_name: - description: - - A friendly name or description for the metrics for the rule. - - The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. - - You can't change I(metric_name) after you create the rule. - - Defaults to the same as I(name) with disallowed characters removed. + name: + description: Name of the Web Application Firewall rule. + required: yes + type: str + metric_name: + description: + - A friendly name or description for the metrics for the rule. + - The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name may not contain whitespace. + - You can't change I(metric_name) after you create the rule. + - Defaults to the same as I(name) with disallowed characters removed. + type: str + state: + description: Whether the rule should be present or absent. + choices: ['present', 'absent'] + default: present + type: str + conditions: + description: > + List of conditions used in the rule. M(community.aws.waf_condition) can be used to create new conditions. + type: list + elements: dict + suboptions: + type: + required: true type: str - state: - description: Whether the rule should be present or absent. - choices: - - present - - absent - default: present - type: str - conditions: - description: > - List of conditions used in the rule. M(community.aws.aws_waf_condition) can be used to - create new conditions. - type: list - elements: dict - suboptions: - type: - required: true - type: str - choices: ['byte','geo','ip','size','sql','xss'] - description: The type of rule to match. - negated: - required: true - type: bool - description: Whether the condition should be negated. - condition: - required: true - type: str - description: The name of the condition. The condition must already exist. - purge_conditions: - description: - - Whether or not to remove conditions that are not passed when updating I(conditions). - default: false - type: bool - waf_regional: - description: Whether to use waf-regional module. - default: false - required: false + choices: ['byte','geo','ip','size','sql','xss'] + description: The type of rule to match. + negated: + required: true type: bool + description: Whether the condition should be negated. + condition: + required: true + type: str + description: The name of the condition. The condition must already exist. + purge_conditions: + description: + - Whether or not to remove conditions that are not passed when updating I(conditions). + default: false + type: bool + waf_regional: + description: Whether to use C(waf-regional) module. + default: false + required: false + type: bool ''' EXAMPLES = r''' - name: create WAF rule - community.aws.aws_waf_rule: + community.aws.waf_rule: name: my_waf_rule conditions: - name: my_regex_condition @@ -89,7 +88,7 @@ negated: yes - name: remove WAF rule - community.aws.aws_waf_rule: + community.aws.waf_rule: name: "my_waf_rule" state: absent ''' diff --git a/plugins/modules/aws_waf_web_acl.py b/plugins/modules/waf_web_acl.py similarity index 83% rename from plugins/modules/aws_waf_web_acl.py rename to plugins/modules/waf_web_acl.py index 609df528a0a..c4958a7c41f 100644 --- a/plugins/modules/aws_waf_web_acl.py +++ b/plugins/modules/waf_web_acl.py @@ -7,86 +7,88 @@ DOCUMENTATION = r''' -module: aws_waf_web_acl +module: waf_web_acl short_description: Create and delete WAF Web ACLs version_added: 1.0.0 description: - Module for WAF classic, for WAF v2 use the I(wafv2_*) modules. - Read the AWS documentation for WAF U(https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html). + - Prior to release 5.0.0 this module was called C(community.aws.aws_waf_web_acl). + The usage did not change. author: - Mike Mochan (@mmochan) - Will Thames (@willthames) extends_documentation_fragment: -- amazon.aws.aws -- amazon.aws.ec2 + - amazon.aws.aws + - amazon.aws.ec2 options: - name: - description: Name of the Web Application Firewall ACL to manage. - required: yes + name: + description: Name of the Web Application Firewall ACL to manage. + required: yes + type: str + default_action: + description: The action that you want AWS WAF to take when a request doesn't + match the criteria specified in any of the Rule objects that are associated with the WebACL. + choices: + - block + - allow + - count + type: str + state: + description: Whether the Web ACL should be present or absent. + choices: + - present + - absent + default: present + type: str + metric_name: + description: + - A friendly name or description for the metrics for this WebACL. + - The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. + - You can't change I(metric_name) after you create the WebACL. + - Metric name will default to I(name) with disallowed characters stripped out. + type: str + rules: + description: + - A list of rules that the Web ACL will enforce. + type: list + elements: dict + suboptions: + name: + description: Name of the rule. type: str - default_action: - description: The action that you want AWS WAF to take when a request doesn't - match the criteria specified in any of the Rule objects that are associated with the WebACL. - choices: - - block - - allow - - count + required: true + action: + description: The action to perform. type: str - state: - description: Whether the Web ACL should be present or absent. + required: true + priority: + description: The priority of the action. Priorities must be unique. Lower numbered priorities are evaluated first. + type: int + required: true + type: + description: The type of rule. choices: - - present - - absent - default: present + - rate_based + - regular type: str - metric_name: - description: - - A friendly name or description for the metrics for this WebACL. - - The name can contain only alphanumeric characters (A-Z, a-z, 0-9); the name can't contain whitespace. - - You can't change I(metric_name) after you create the WebACL. - - Metric name will default to I(name) with disallowed characters stripped out. - type: str - rules: - description: - - A list of rules that the Web ACL will enforce. - type: list - elements: dict - suboptions: - name: - description: Name of the rule. - type: str - required: true - action: - description: The action to perform. - type: str - required: true - priority: - description: The priority of the action. Priorities must be unique. Lower numbered priorities are evaluated first. - type: int - required: true - type: - description: The type of rule. - choices: - - rate_based - - regular - type: str - purge_rules: - description: - - Whether to remove rules that aren't passed with I(rules). - default: False - type: bool - waf_regional: - description: Whether to use waf-regional module. - default: false - required: no - type: bool + purge_rules: + description: + - Whether to remove rules that aren't passed with I(rules). + default: False + type: bool + waf_regional: + description: Whether to use C(waf-regional) module. + default: false + required: no + type: bool ''' EXAMPLES = r''' - name: create web ACL - community.aws.aws_waf_web_acl: + community.aws.waf_web_acl: name: my_web_acl rules: - name: my_rule @@ -97,7 +99,7 @@ state: present - name: delete the web acl - community.aws.aws_waf_web_acl: + community.aws.waf_web_acl: name: my_web_acl state: absent ''' diff --git a/tests/integration/targets/aws_waf_web_acl/aliases b/tests/integration/targets/aws_waf_web_acl/aliases deleted file mode 100644 index 5692e3fb007..00000000000 --- a/tests/integration/targets/aws_waf_web_acl/aliases +++ /dev/null @@ -1,12 +0,0 @@ -# reason: broken -# ansible/ansible#38258 -disabled - -cloud/aws - -aws_waf_info -aws_waf_web_acl -aws_waf_web_match -aws_waf_web_rule -aws_waf_condition -aws_waf_rule \ No newline at end of file diff --git a/tests/integration/targets/waf_web_acl/aliases b/tests/integration/targets/waf_web_acl/aliases new file mode 100644 index 00000000000..7e34262e4d1 --- /dev/null +++ b/tests/integration/targets/waf_web_acl/aliases @@ -0,0 +1,9 @@ +# reason: broken +# ansible/ansible#38258 +disabled + +cloud/aws + +waf_condition +waf_info +waf_rule diff --git a/tests/integration/targets/aws_waf_web_acl/meta/main.yml b/tests/integration/targets/waf_web_acl/meta/main.yml similarity index 100% rename from tests/integration/targets/aws_waf_web_acl/meta/main.yml rename to tests/integration/targets/waf_web_acl/meta/main.yml diff --git a/tests/integration/targets/aws_waf_web_acl/tasks/main.yml b/tests/integration/targets/waf_web_acl/tasks/main.yml similarity index 100% rename from tests/integration/targets/aws_waf_web_acl/tasks/main.yml rename to tests/integration/targets/waf_web_acl/tasks/main.yml