Do Not Merge - test for PR 417

Signed-off-by: Hideki Saito <saito@fgrep.org>
2026-01-11 15:15:26 +01:00 · 2023-03-06 18:43:30 +09:00 · 2023-03-06 18:43:30 +09:00 · b1897bc107
commit b1897bc107
parent 41d8029ef5
2 changed files with 72 additions and 2 deletions
--- a/changelogs/fragments/dnm-ci_tests_20220306.yml
+++ b/changelogs/fragments/dnm-ci_tests_20220306.yml
@ -0,0 +1,2 @@
+trivial:
+  - test for PR #417
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@ -24,6 +24,10 @@ options:
      - Name of a port or port range to add/remove to/from firewalld.
      - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
    type: str
+  protocol:
+    description:
+      - Name of a protocol to add/remove to/from firewalld.
+    type: str
  port_forward:
    description:
      - Port and protocol to forward using firewalld.
@ -213,6 +217,12 @@ EXAMPLES = r'''
    permanent: true
    immediate: true
    state: enabled
+
+- name: permit ospf traffic
+  ansible.posix.firewalld:
+    protocol: ospf
+    permanent: true
+    state: enabled
 '''

 from ansible.module_utils.basic import AnsibleModule
@ -343,6 +353,47 @@ class ServiceTransaction(FirewallTransaction):
        self.update_fw_settings(fw_zone, fw_settings)


+class ProtocolTransaction(FirewallTransaction):
+    """
+    ProtocolTransaction
+    """
+
+    def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
+        super(ProtocolTransaction, self).__init__(
+            module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
+        )
+
+    def get_enabled_immediate(self, protocol, timeout):
+        if protocol in self.fw.getProtocols(self.zone):
+            return True
+        else:
+            return False
+
+    def get_enabled_permanent(self, protocol, timeout):
+        fw_zone, fw_settings = self.get_fw_zone_settings()
+
+        if protocol in fw_settings.getProtocols():
+            return True
+        else:
+            return False
+
+    def set_enabled_immediate(self, protocol, timeout):
+        self.fw.addProtocol(self.zone, protocol, timeout)
+
+    def set_enabled_permanent(self, protocol, timeout):
+        fw_zone, fw_settings = self.get_fw_zone_settings()
+        fw_settings.addProtocol(protocol)
+        self.update_fw_settings(fw_zone, fw_settings)
+
+    def set_disabled_immediate(self, protocol, timeout):
+        self.fw.removeProtocol(self.zone, protocol)
+
+    def set_disabled_permanent(self, protocol, timeout):
+        fw_zone, fw_settings = self.get_fw_zone_settings()
+        fw_settings.removeProtocol(protocol)
+        self.update_fw_settings(fw_zone, fw_settings)
+
+
 class MasqueradeTransaction(FirewallTransaction):
    """
    MasqueradeTransaction
@ -748,6 +799,7 @@ def main():
            icmp_block=dict(type='str'),
            icmp_block_inversion=dict(type='str'),
            service=dict(type='str'),
+            protocol=dict(type='str'),
            port=dict(type='str'),
            port_forward=dict(type='list', elements='dict'),
            rich_rule=dict(type='str'),
@ -769,7 +821,7 @@ def main():
            source=('permanent',),
        ),
        mutually_exclusive=[
-            ['icmp_block', 'icmp_block_inversion', 'service', 'port', 'port_forward', 'rich_rule',
+            ['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'port_forward', 'rich_rule',
             'interface', 'masquerade', 'source', 'target']
        ],
    )
@ -798,6 +850,7 @@ def main():
    icmp_block = module.params['icmp_block']
    icmp_block_inversion = module.params['icmp_block_inversion']
    service = module.params['service']
+    protocol = module.params['protocol']
    rich_rule = module.params['rich_rule']
    source = module.params['source']
    zone = module.params['zone']
@ -829,7 +882,7 @@ def main():
            port_forward_toaddr = port_forward['toaddr']

    modification = False
-    if any([icmp_block, icmp_block_inversion, service, port, port_forward, rich_rule,
+    if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
            interface, masquerade, source, target]):
        modification = True
    if modification and desired_state in ['absent', 'present'] and target is None:
@ -892,6 +945,21 @@ def main():
        msgs = msgs + transaction_msgs
        if changed is True:
            msgs.append("Changed service %s to %s" % (service, desired_state))
+    if protocol is not None:
+
+        transaction = ProtocolTransaction(
+            module,
+            action_args=(protocol, timeout),
+            zone=zone,
+            desired_state=desired_state,
+            permanent=permanent,
+            immediate=immediate,
+        )
+
+        changed, transaction_msgs = transaction.run()
+        msgs = msgs + transaction_msgs
+        if changed is True:
+            msgs.append("Changed protocol %s to %s" % (protocol, desired_state))

    if source is not None: