carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 15:15:26 +01:00
Code Issues Projects Releases Packages Wiki Activity

Refine the handling of exclusive options using mutually_exclusive

Browse source 
- Fixes #255

Signed-off-by: Hideki Saito <saito@fgrep.org>
This commit is contained in:
Hideki Saito 2021-11-29 17:49:26 +09:00
parent f17fda3162
commit 667ebef95c
3 changed files with 14 additions and 29 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
changelogs/fragments/297_firewalld_exclusive_options_handling.yml Normal file
View file

@ -0,0 +1,3 @@
---
bugfixes:
- firewalld - Refine the handling of exclusive options (https://github.com/ansible-collections/ansible.posix/issues/255).

38
plugins/modules/firewalld.py
View file

@ -760,6 +760,10 @@ def main():
target=('zone',), target=('zone',),
source=('permanent',), source=('permanent',),
), ),
mutually_exclusive=[
['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule',
'interface', 'masquerade', 'source', 'target']
],
) )
permanent = module.params['permanent'] permanent = module.params['permanent']
@ -816,33 +820,11 @@ def main():
if 'toaddr' in port_forward: if 'toaddr' in port_forward:
port_forward_toaddr = port_forward['toaddr'] port_forward_toaddr = port_forward['toaddr']
modification_count = 0 modification = False
if icmp_block is not None: if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule,
modification_count += 1 interface, masquerade, source, target]):
if icmp_block_inversion is not None: modification = True
modification_count += 1 if modification and desired_state in ['absent', 'present'] and target is None:
if service is not None:
modification_count += 1
if port is not None:
modification_count += 1
if port_forward is not None:
modification_count += 1
if rich_rule is not None:
modification_count += 1
if interface is not None:
modification_count += 1
if masquerade is not None:
modification_count += 1
if source is not None:
modification_count += 1
if target is not None:
modification_count += 1
if modification_count > 1:
module.fail_json(
msg='can only operate on port, service, rich_rule, masquerade, icmp_block, icmp_block_inversion, interface or source at once'
)
elif (modification_count > 0) and (desired_state in ['absent', 'present']) and (target is None):
module.fail_json( module.fail_json(
msg='absent and present state can only be used in zone level operations' msg='absent and present state can only be used in zone level operations'
) )
@ -1027,7 +1009,7 @@ def main():
msgs = msgs + transaction_msgs msgs = msgs + transaction_msgs
''' If there are no changes within the zone we are operating on the zone itself ''' ''' If there are no changes within the zone we are operating on the zone itself '''
if modification_count == 0 and desired_state in ['absent', 'present']: if not modification and desired_state in ['absent', 'present']:
transaction = ZoneTransaction( transaction = ZoneTransaction(
module, module,

2
tests/integration/targets/firewalld/tasks/source_test_cases.yml
View file

@ -82,4 +82,4 @@
assert: assert:
that: that:
- result is not changed - result is not changed
- "result.msg == 'can only operate on port, service, rich_rule, masquerade, icmp_block, icmp_block_inversion, interface or source at once'" - "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|port|port_forward|rich_rule|interface|masquerade|source|target'"