Fix no enabling Icmp block inversion and masquerade

2026-01-12 07:35:31 +01:00 · 2021-07-28 22:29:38 -04:00 · 2021-07-28 22:29:38 -04:00 · 9663125fcf
commit 9663125fcf
parent 1ebacfb195
3 changed files with 39 additions and 2 deletions
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@ -224,6 +224,8 @@ except ImportError:
    pass


+NEGATIVES = {"n","N","no","No","NO","false","False","FALSE","off","Off","OFF",None}
+
 class IcmpBlockTransaction(FirewallTransaction):
    """
    IcmpBlockTransaction
@ -859,7 +861,7 @@ def main():
        if changed is True:
            msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))

-    if icmp_block_inversion is not None:
+    if icmp_block_inversion not in NEGATIVES:

        transaction = IcmpBlockInversionTransaction(
            module,
@ -978,7 +980,7 @@ def main():
        changed, transaction_msgs = transaction.run()
        msgs = msgs + transaction_msgs

-    if masquerade is not None:
+    if masquerade not in NEGATIVES:

        transaction = MasqueradeTransaction(
            module,
--- a/tests/integration/targets/firewalld/tasks/icmp_block_inversion_test.yml
+++ b/tests/integration/targets/firewalld/tasks/icmp_block_inversion_test.yml
@ -0,0 +1,32 @@
+# Test playbook for the firewalld module - port operations
+# (c) 2021, Vrinda Punj <vpunj@redhat.com>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: firewalld icmp_block inversion is not enabled by no
+  firewalld:
+    zone: drop
+    state: enabled
+    permanent: yes
+    icmp_block_inversion: no
+  register: result
+
+- name: assert firewalld port test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld icmp_block inversion is enabled by yes
+  firewalld:
+    zone: drop
+    state: enabled
+    permanent: yes
+    icmp_block_inversion: yes
+  register: result
+
+- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is changed
+
+
+
--- a/tests/integration/targets/firewalld/tasks/run_all_tests.yml
+++ b/tests/integration/targets/firewalld/tasks/run_all_tests.yml
@ -20,3 +20,6 @@

 # firewalld zone target operation test cases
 - import_tasks: zone_target_test_cases.yml
+
+# firewalld icmp block inversion operation test cases
+- import_tasks: icmp_block_inversion_test.yml