backport win_firewall_rule updates

from devel SHA 89d9444ad560ef5c4a8aac911e2e7abcf7aa9c76
2018-01-02 20:38:00 -08:00 · 2018-01-02 20:38:00 -08:00 · cbc07cf9cc
commit cbc07cf9cc
parent 8708105616
2 changed files with 30 additions and 3 deletions
--- a/lib/ansible/modules/windows/win_firewall_rule.ps1
+++ b/lib/ansible/modules/windows/win_firewall_rule.ps1
@ -137,7 +137,8 @@ function New-FWRule
    if ($remoteAddresses -and $remoteAddresses -ne "any") { $rule.RemoteAddresses = $remoteAddresses }
    if ($direction) { $rule.Direction = Parse-Direction -directionStr $direction }
    if ($action) { $rule.Action = Parse-Action -actionStr $action }
-    if ($profiles) { $rule.Profiles = Parse-Profiles -profilesStr $profiles }
+    # Profiles value cannot be a uint32, but the "all profiles" value (0x7FFFFFFF) will often become a uint32, so must cast to [int]
+    if ($profiles) { $rule.Profiles = [int](Parse-Profiles -profilesStr $profiles) }
    if ($interfaceTypes -and $interfaceTypes -ne "any") { $rule.InterfaceTypes = Parse-InterfaceTypes -interfaceTypesStr $interfaceTypes }
    if ($edgeTraversalOptions -and $edgeTraversalOptions -ne "no") {
        # EdgeTraversalOptions property exists only from Windows 7/Windows Server 2008 R2: https://msdn.microsoft.com/en-us/library/windows/desktop/dd607256(v=vs.85).aspx
@ -256,7 +257,14 @@ try {
                    }

                    if (-not $check_mode) {
-                        $existingRule.$prop = $rule.$prop
+                        # Profiles value cannot be a uint32, but the "all profiles" value (0x7FFFFFFF) will often become a uint32, so must cast to [int]
+                        # to prevent InvalidCastException under PS5+
+                        If($prop -eq 'Profiles') {
+                            $existingRule.Profiles = [int] $rule.$prop
+                        }
+                        Else {
+                            $existingRule.$prop = $rule.$prop
+                        }
                    }
                    $result.changed = $true
                }
@ -270,7 +278,9 @@ try {
        }
    }
 } catch [Exception] {
-    Fail-Json $result $_.Exception.Message
+    $ex = $_
+    $result['exception'] = $($ex | Out-String)
+    Fail-Json $result $ex.Exception.Message
 }

 Exit-Json $result
--- a/test/integration/targets/win_firewall_rule/tasks/main.yml
+++ b/test/integration/targets/win_firewall_rule/tasks/main.yml
@ -325,3 +325,20 @@
    - add_firewall_rule_with_secure_flags.changed == true
  # Works on windows >= Windows 8/Windows Server 2012
  when: ansible_distribution_version | version_compare('6.2', '>=')
+
+- name: Set firewall rule profile back to 'all'
+  win_firewall_rule:
+    name: http
+    enabled: yes
+    state: present
+    localport: 80
+    action: allow
+    direction: in
+    protocol: tcp
+    profiles: 'Domain,Public,Private'
+  register: add_firewall_rule_with_string_profiles
+
+- name: Check that setting firewall rule profile back to 'all' succeeds with a change
+  assert:
+    that:
+    - add_firewall_rule_with_string_profiles.changed == true