diff --git a/changelogs/fragments/399_firewalld_create_remove_zone_when_offline.yml b/changelogs/fragments/399_firewalld_create_remove_zone_when_offline.yml new file mode 100644 index 0000000..691fc65 --- /dev/null +++ b/changelogs/fragments/399_firewalld_create_remove_zone_when_offline.yml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Fixed a bug where firewalld module fails to create/remove zones when the daemon is stopped diff --git a/plugins/modules/firewalld.py b/plugins/modules/firewalld.py index dba16aa..52a2a5a 100644 --- a/plugins/modules/firewalld.py +++ b/plugins/modules/firewalld.py @@ -675,25 +675,33 @@ class ZoneTransaction(FirewallTransaction): self.module.fail_json(msg=self.tx_not_permanent_error_msg) def get_enabled_permanent(self): - zones = self.fw.config().listZones() - zone_names = [self.fw.config().getZone(z).get_property("name") for z in zones] - if self.zone in zone_names: - return True + if self.fw_offline: + zones = self.fw.config.get_zones() + zone_names = [self.fw.config.get_zone(z).name for z in zones] else: - return False + zones = self.fw.config().listZones() + zone_names = [self.fw.config().getZone(z).get_property("name") for z in zones] + return self.zone in zone_names def set_enabled_immediate(self): self.module.fail_json(msg=self.tx_not_permanent_error_msg) def set_enabled_permanent(self): - self.fw.config().addZone(self.zone, FirewallClientZoneSettings()) + if self.fw_offline: + self.fw.config.new_zone(self.zone, FirewallClientZoneSettings().settings) + else: + self.fw.config().addZone(self.zone, FirewallClientZoneSettings()) def set_disabled_immediate(self): self.module.fail_json(msg=self.tx_not_permanent_error_msg) def set_disabled_permanent(self): - zone_obj = self.fw.config().getZoneByName(self.zone) - zone_obj.remove() + if self.fw_offline: + zone = self.fw.config.get_zone(self.zone) + self.fw.config.remove_zone(zone) + else: + zone_obj = self.fw.config().getZoneByName(self.zone) + zone_obj.remove() class ForwardPortTransaction(FirewallTransaction): diff --git a/tests/integration/targets/firewalld/tasks/run_all_tests.yml b/tests/integration/targets/firewalld/tasks/run_all_tests.yml index 4270e89..5027c1c 100644 --- a/tests/integration/targets/firewalld/tasks/run_all_tests.yml +++ b/tests/integration/targets/firewalld/tasks/run_all_tests.yml @@ -16,6 +16,9 @@ # firewalld source operation test cases - include_tasks: source_test_cases.yml +# firewalld zone operation test cases +- include_tasks: zone_test_cases.yml + # firewalld zone target operation test cases - include_tasks: zone_target_test_cases.yml diff --git a/tests/integration/targets/firewalld/tasks/zone_test_cases.yml b/tests/integration/targets/firewalld/tasks/zone_test_cases.yml new file mode 100644 index 0000000..c9d54c6 --- /dev/null +++ b/tests/integration/targets/firewalld/tasks/zone_test_cases.yml @@ -0,0 +1,47 @@ +- name: firewalld create zone custom + firewalld: + zone: custom + permanent: True + state: present + register: result + +- name: assert firewalld custom zone created worked + assert: + that: + - result is changed + +- name: firewalld create zone custom rerun (verify not changed) + firewalld: + zone: custom + permanent: True + state: present + register: result + +- name: assert firewalld custom zone created worked (verify not changed) + assert: + that: + - result is not changed + +- name: firewalld remove zone custom + firewalld: + zone: custom + permanent: True + state: absent + register: result + +- name: assert firewalld custom zone removed worked + assert: + that: + - result is changed + +- name: firewalld remove custom zone rerun (verify not changed) + firewalld: + zone: custom + permanent: True + state: absent + register: result + +- name: assert firewalld custom zone removed worked (verify not changed) + assert: + that: + - result is not changed