Fix issue where interfaces could not be added to a zone when firewalld is offline. Resolves issue #357.

2026-01-11 15:15:26 +01:00 · 2022-12-13 17:27:59 -05:00 · 2022-12-13 17:27:59 -05:00 · 4229db1bbe
commit 4229db1bbe
parent 090706b581
3 changed files with 97 additions and 7 deletions
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@ -469,6 +469,7 @@ class InterfaceTransaction(FirewallTransaction):
                old_zone_obj = self.fw.config.get_zone(zone)
                if interface in old_zone_obj.interfaces:
                    iface_zone_objs.append(old_zone_obj)
            if len(iface_zone_objs) > 1:
                # Even it shouldn't happen, it's actually possible that
                # the same interface is in several zone XML files
@ -478,18 +479,17 @@ class InterfaceTransaction(FirewallTransaction):
                        len(iface_zone_objs)
                    )
                )
-            old_zone_obj = iface_zone_objs[0]
+            elif len(iface_zone_objs) == 1 and iface_zone_objs[0].name != self.zone:
-            if old_zone_obj.name != self.zone:
+                old_zone_obj = iface_zone_objs[0]
-                old_zone_settings = FirewallClientZoneSettings(
+                old_zone_config = self.fw.config.get_zone_config(old_zone_obj)
-                    self.fw.config.get_zone_config(old_zone_obj)
+                old_zone_settings = FirewallClientZoneSettings(list(old_zone_config))
                )
                old_zone_settings.removeInterface(interface)    # remove from old
                self.fw.config.set_zone_config(
                    old_zone_obj,
                    old_zone_settings.settings
                )
-                fw_settings.addInterface(interface)             # add to new
+            fw_settings.addInterface(interface)             # add to new
-                self.fw.config.set_zone_config(fw_zone, fw_settings.settings)
+            self.fw.config.set_zone_config(fw_zone, fw_settings.settings)
        else:
            old_zone_name = self.fw.config().getZoneOfInterface(interface)
            if old_zone_name != self.zone:
--- a/tests/integration/targets/firewalld/tasks/interface_test_cases.yml
+++ b/tests/integration/targets/firewalld/tasks/interface_test_cases.yml
@ -0,0 +1,87 @@
 # Test playbook for the firewalld module - interface operations
 # (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
 - name: Validate adding interface
  block:
  - name: Add lo interface to trusted zone
    ansible.posix.firewalld:
      interface: lo
      zone: trusted
      permanent: Yes
      state: enabled
    register: result
  - name: assert lo was added to trusted zone
    assert:
      that:
      - result is changed
  - name: Add lo interface to trusted zone (verify not changed)
    ansible.posix.firewalld:
      interface: lo
      zone: trusted
      permanent: Yes
      state: enabled
    register: result
  - name: assert lo was added to trusted zone (verify not changed)
    assert:
      that:
      - result is not changed
 - name: Validate moving interfaces
  block:
  - name: Move lo interface from trusted zone to internal zone
    ansible.posix.firewalld:
      interface: lo
      zone: internal
      permanent: Yes
      state: enabled
    register: result
  - name: Assert lo was moved from trusted zone to internal zone
    assert:
      that:
      - result is changed
  - name: Move lo interface from trusted zone to internal zone (verify not changed)
    ansible.posix.firewalld:
      interface: lo
      zone: internal
      permanent: Yes
      state: enabled
    register: result
  - name: assert lo was moved from trusted zone to internal zone (verify not changed)
    assert:
      that:
      - result is not changed
 - name: Validate removing interface
  block:
  - name: Remove lo interface from internal zone
    ansible.posix.firewalld:
      interface: lo
      zone: internal
      permanent: Yes
      state: disabled
    register: result
  - name: Assert lo interface was removed from internal zone
    assert:
      that:
      - result is changed
  - name: Remove lo interface from internal zone (verify not changed)
    ansible.posix.firewalld:
      interface: lo
      zone: internal
      permanent: Yes
      state: disabled
    register: result
  - name: Assert lo interface was removed from internal zone (verify not changed)
    assert:
      that:
      - result is not changed
--- a/tests/integration/targets/firewalld/tasks/run_all_tests.yml
+++ b/tests/integration/targets/firewalld/tasks/run_all_tests.yml
@ -21,3 +21,6 @@
 # firewalld port forwarding operation test cases
 - include_tasks: port_forward_test_cases.yml
 # firewalld interface operation test cases
 - include_tasks: interface_test_cases.yml