This collection provides modules for working with Sophos Firewall running SFOS 18.0+. The modules leverage the sophosfirewall-python SDK to perform operations on the firewall using the embedded XML API.
For installation and usage details, please see the Documentation
This is an open source project and we welcome contributions from the community. To get started, fork this repository and perform development in the fork. The following guidelines should be followed:
- This project uses Semantic Versioning
- When adding new modules, increment the
MINORversion - When making bug fixes, increment the
PATCHversion - When adding new modules, configure the
version_addedfield in the module to the new version
- Update the
versionfield ingalaxy.ymlto the new version - Update the
versionfield inpyproject.tomlto the new version - In the
changelogs/fragmentsdirectory, add a file namedx.y.z.yamlwhere x.y.z indicates the version - The file should have at a minimum, a
release_summaryfield for example:
release_summary: |
This release introduces new modules for working with the X feature on Sophos FirewallIf only bug fixes are in the release:
bugfixes:
- docker_container - wait for removal of container if docker API returns early
(https://github.com/ansible/ansible/issues/65811).- Run
antsibull-changelogto update the change log
antsibull-changelog release --version x.y.z -vThe fragment file will be deleted and the
changelogs/changelog.yamlwill be updated. The Actions workflow will take care of updating the change log in the documentation.
- Merge a PR
- Check out the
mainbranch and do agit pullto incorporate changes merged in the PR - Create and push a new tag
git tag vx.y.z
git push --tagsThis will cause the Actions workflow to build the collection and upload it to Ansible galaxy. When complete, it should be possible to update clients using the
--forceflag:ansible-galaxy collection install sophos.sophos_firewall --force
When adding a new module, integration tests should be written and stored under the tests/integration directory. Each module should have a directory in the targets folder, and a main.yml file implementing the test cases. Tests can be run against a physical or virtual Sophos Firewall appliance. To run these tests against your own firewall, a file integration_config.yml must be created in the tests directory. An file integration.yml.template file is provided as an example. The variables in the example file should be replaced with the actual values, and the file renamed to integration.yml. Once these steps are complete, tests for a specific module can be run using ansible-test integration [module_name]:
ansible-test integration sfos_syslog -v