Merge 469234db06 into 41d8029ef5

2026-01-11 23:25:28 +01:00 · 2023-02-26 04:52:04 +00:00 · 2023-02-26 04:52:04 +00:00 · 6cb5a17ecb
commit 6cb5a17ecb
parent 41d8029ef5 469234db06
2 changed files with 105 additions and 83 deletions
--- a/changelogs/fragments/firewalld_multiple_input_values.yml
+++ b/changelogs/fragments/firewalld_multiple_input_values.yml
@ -0,0 +1,3 @@
+minor_changes:
+  - firewalld - Allow multiple values input as a list or coma separated string
+    for input types source, service, port, icmp_block, interface, rich_rule.
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@ -18,12 +18,16 @@ options:
    description:
      - Name of a service to add/remove to/from firewalld.
      - The service must be listed in output of firewall-cmd --get-services.
-    type: str
+      - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
+    type: list
+    elements: str
  port:
    description:
      - Name of a port or port range to add/remove to/from firewalld.
      - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
-    type: str
+      - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
+    type: list
+    elements: str
  port_forward:
    description:
      - Port and protocol to forward using firewalld.
@ -54,19 +58,27 @@ options:
    description:
      - Rich rule to add/remove to/from firewalld.
      - See L(Syntax for firewalld rich language rules,https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html).
-    type: str
+      - Multiple values can be provided using a list.
+    type: list
+    elements: str
  source:
    description:
      - The source/network you would like to add/remove to/from firewalld.
-    type: str
+      - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
+    type: list
+    elements: str
  interface:
    description:
      - The interface you would like to add/remove to/from a zone in firewalld.
-    type: str
+      - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
+    type: list
+    elements: str
  icmp_block:
    description:
      - The ICMP block you would like to add/remove to/from a zone in firewalld.
-    type: str
+      - Multiple values can be provided using a list or a comma separated list (space after comma is allowed).
+    type: list
+    elements: str
  icmp_block_inversion:
    description:
      - Enable/Disable inversion of ICMP blocks for a zone in firewalld.
@ -745,19 +757,19 @@ def main():

    module = AnsibleModule(
        argument_spec=dict(
-            icmp_block=dict(type='str'),
+            icmp_block=dict(type='list', elements='str'),
            icmp_block_inversion=dict(type='str'),
-            service=dict(type='str'),
-            port=dict(type='str'),
+            service=dict(type='list', elements='str'),
+            port=dict(type='list', elements='str'),
            port_forward=dict(type='list', elements='dict'),
-            rich_rule=dict(type='str'),
+            rich_rule=dict(type='list', elements='str'),
            zone=dict(type='str'),
            immediate=dict(type='bool', default=False),
-            source=dict(type='str'),
+            source=dict(type='list', elements='str'),
            permanent=dict(type='bool'),
            state=dict(type='str', required=True, choices=['absent', 'disabled', 'enabled', 'present']),
            timeout=dict(type='int', default=0),
-            interface=dict(type='str'),
+            interface=dict(type='list', elements='str'),
            masquerade=dict(type='str'),
            offline=dict(type='bool'),
            target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
@ -838,10 +850,11 @@ def main():
        )

    if icmp_block is not None:
-
+        for _icmp_block in icmp_block:
+            _icmp_block = _icmp_block.strip()
            transaction = IcmpBlockTransaction(
                module,
-            action_args=(icmp_block, timeout),
+                action_args=(_icmp_block, timeout),
                zone=zone,
                desired_state=desired_state,
                permanent=permanent,
@ -851,7 +864,7 @@ def main():
            changed, transaction_msgs = transaction.run()
            msgs = msgs + transaction_msgs
            if changed is True:
-            msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
+                msgs.append("Changed icmp-block %s to %s" % (_icmp_block, desired_state))

    if icmp_block_inversion is not None:

@ -878,10 +891,11 @@ def main():
                        'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)

    if service is not None:
-
+        for _service in service:
+            _service = _service.strip()
            transaction = ServiceTransaction(
                module,
-            action_args=(service, timeout),
+                action_args=(_service, timeout),
                zone=zone,
                desired_state=desired_state,
                permanent=permanent,
@ -891,13 +905,14 @@ def main():
            changed, transaction_msgs = transaction.run()
            msgs = msgs + transaction_msgs
            if changed is True:
-            msgs.append("Changed service %s to %s" % (service, desired_state))
+                msgs.append("Changed service %s to %s" % (_service, desired_state))

    if source is not None:
-
+        for _source in source:
+            _source = _source.strip()
            transaction = SourceTransaction(
                module,
-            action_args=(source,),
+                action_args=(_source,),
                zone=zone,
                desired_state=desired_state,
                permanent=permanent,
@ -908,10 +923,11 @@ def main():
            msgs = msgs + transaction_msgs

    if port is not None:
-
+        for _port in port:
+            _port = _port.strip()
            transaction = PortTransaction(
                module,
-            action_args=(port, protocol, timeout),
+                action_args=(_port, protocol, timeout),
                zone=zone,
                desired_state=desired_state,
                permanent=permanent,
@ -923,7 +939,7 @@ def main():
        if changed is True:
            msgs.append(
                "Changed port %s to %s" % (
-                    "%s/%s" % (port, protocol), desired_state
+                    "%s/%s" % (_port, protocol), desired_state
                )
            )

@ -951,10 +967,12 @@ def main():
            )

    if rich_rule is not None:
-
+        for _rich_rule in rich_rule:
+            if _rich_rule == '':
+                continue
            transaction = RichRuleTransaction(
                module,
-            action_args=(rich_rule, timeout),
+                action_args=(_rich_rule, timeout),
                zone=zone,
                desired_state=desired_state,
                permanent=permanent,
@ -964,13 +982,14 @@ def main():
            changed, transaction_msgs = transaction.run()
            msgs = msgs + transaction_msgs
            if changed is True:
-            msgs.append("Changed rich_rule %s to %s" % (rich_rule, desired_state))
+                msgs.append("Changed rich_rule %s to %s" % (_rich_rule, desired_state))

    if interface is not None:
-
+        for _interface in interface:
+            _interface = _interface.strip()
            transaction = InterfaceTransaction(
                module,
-            action_args=(interface,),
+                action_args=(_interface,),
                zone=zone,
                desired_state=desired_state,
                permanent=permanent,