Hetzner: Generate firewalls_list

roles/cloud-resources/tasks/hetzner.yml

@@ -324,24 +324,6 @@
             source_ips: ["{{ server_network_ip_range }}"]
       when: firewall | bool
 
-    - name: "Hetzner Cloud: Gather information about firewalls"
-      ansible.builtin.uri:
-        url: "https://api.hetzner.cloud/v1/firewalls"
-        method: GET
-        headers:
-          Authorization: "Bearer {{ lookup('ansible.builtin.env', 'HCLOUD_API_TOKEN') }}"
-        return_content: true
-      register: hetzner_firewalls_response
-      failed_when: hetzner_firewalls_response.status != 200
-
-    - name: "Hetzner Cloud: Extract firewall names for '{{ patroni_cluster_name }}'"
-      ansible.builtin.set_fact:
-        firewall_names: >-
-          {{ hetzner_firewalls_response.json.firewalls
-          | selectattr('name', 'search', patroni_cluster_name)
-          | map(attribute='name')
-          | list }}
-
     # Server and volume
     - name: "Hetzner Cloud: Create or modify server"
       hetzner.hcloud.hcloud_server:
@@ -356,12 +338,19 @@
         enable_ipv6: false
         private_networks:
           - "{{ server_network }}"
-        firewalls: "{{ firewall_names }}"
+        firewalls: "{{ firewalls_list }}"
       loop: "{{ range(0, servers_count | int) | list }}"
       loop_control:
         index_var: idx
         label: "{{ server_name | lower }}{{ '%02d' % (idx + 1) }}"
       register: server_result
+      vars:
+        firewalls_list: >-
+          {{
+            ([] if not ssh_public_access | bool else [patroni_cluster_name + '-public-ssh-firewall-rule']) +
+            ([] if not database_public_access | bool else [patroni_cluster_name + '-public-database-firewall-rule']) +
+            ([] if not firewall | bool else [patroni_cluster_name + '-private-firewall-rule'])
+          }}
 
     - name: "Hetzner Cloud: Add server to network '{{ server_network }}'"
       hetzner.hcloud.hcloud_server_network: