carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-12 15:45:20 +01:00
Code Issues Projects Releases Packages Wiki Activity

Fix no enabling Icmp block inversion and masquerade

Browse source
This commit is contained in:
vrindle 2021-07-28 22:29:38 -04:00
parent 1ebacfb195
commit 9663125fcf
3 changed files with 39 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
plugins/modules/firewalld.py
View file

@ -224,6 +224,8 @@ except ImportError:
pass pass
NEGATIVES = {"n","N","no","No","NO","false","False","FALSE","off","Off","OFF",None}
class IcmpBlockTransaction(FirewallTransaction): class IcmpBlockTransaction(FirewallTransaction):
""" """
IcmpBlockTransaction IcmpBlockTransaction
@ -859,7 +861,7 @@ def main():
if changed is True: if changed is True:
msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state)) msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
if icmp_block_inversion is not None: if icmp_block_inversion not in NEGATIVES:
transaction = IcmpBlockInversionTransaction( transaction = IcmpBlockInversionTransaction(
module, module,
@ -978,7 +980,7 @@ def main():
changed, transaction_msgs = transaction.run() changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs msgs = msgs + transaction_msgs
if masquerade is not None: if masquerade not in NEGATIVES:
transaction = MasqueradeTransaction( transaction = MasqueradeTransaction(
module, module,

32
tests/integration/targets/firewalld/tasks/icmp_block_inversion_test.yml Normal file
View file

@ -0,0 +1,32 @@
# Test playbook for the firewalld module - port operations
# (c) 2021, Vrinda Punj <vpunj@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: firewalld icmp_block inversion is not enabled by no
firewalld:
zone: drop
state: enabled
permanent: yes
icmp_block_inversion: no
register: result
- name: assert firewalld port test permanent enabled worked
assert:
that:
- result is changed
- name: firewalld icmp_block inversion is enabled by yes
firewalld:
zone: drop
state: enabled
permanent: yes
icmp_block_inversion: yes
register: result
- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
assert:
that:
- result is changed

3
tests/integration/targets/firewalld/tasks/run_all_tests.yml
View file

@ -20,3 +20,6 @@
# firewalld zone target operation test cases # firewalld zone target operation test cases
- import_tasks: zone_target_test_cases.yml - import_tasks: zone_target_test_cases.yml
# firewalld icmp block inversion operation test cases
- import_tasks: icmp_block_inversion_test.yml