Merge c4ff0545f1 into 692b906b82

chore: remove .github/BOTMETA.yml (#706 )
ci: add certification.yml GitHub workflow (#705 )
2026-03-07 10:05:18 +01:00 · 2026-02-27 12:39:59 -05:00 · 2026-02-25 09:38:38 +01:00 · 2026-02-25 09:38:02 +01:00 · 2026-02-25 08:19:39 +00:00 · 2026-02-25 08:47:31 +01:00
8 changed files with 268 additions and 119 deletions
--- a/.ansible-lint
+++ b/.ansible-lint
@ -7,5 +7,9 @@ skip_list:
  - meta-runtime[unsupported-version]  # This rule doesn't make any sense
  - fqcn[deep]  # This rule produces false positives for files in tests/unit/plugins/action/fixtures/
  - sanity[cannot-ignore]  # This rule is skipped to keep backward compatibility with Python 2
 exclude_paths:
  - changelogs/
  - .github/
  - tests/
  - meta/
--- a/.azure-pipelines/azure-pipelines.yml
+++ b/.azure-pipelines/azure-pipelines.yml
@ -57,6 +57,7 @@ stages:
              test: units
            - name: Lint
              test: lint
  - stage: Sanity_2_20
    displayName: Ansible 2.20 Sanity & Units & Lint
    dependsOn: []
@ -72,6 +73,7 @@ stages:
              test: units
            - name: Lint
              test: lint
  - stage: Sanity_2_19
    displayName: Ansible 2.19 Sanity & Units & Lint
    dependsOn: []
@ -87,6 +89,7 @@ stages:
              test: units
            - name: Lint
              test: lint
  - stage: Sanity_2_18
    displayName: Ansible 2.18 Sanity & Units & Lint
    dependsOn: []
@ -102,6 +105,7 @@ stages:
              test: units
            - name: Lint
              test: lint
  - stage: Sanity_2_17
    displayName: Ansible 2.17 Sanity & Units & Lint
    dependsOn: []
@ -117,21 +121,7 @@ stages:
              test: units
            - name: Lint
              test: lint
-  - stage: Sanity_2_16
+
    displayName: Ansible 2.16 Sanity & Units & Lint
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          nameFormat: "{0}"
          testFormat: 2.16/{0}
          targets:
            - name: Sanity
              test: sanity
            - name: Units
              test: units
            - name: Lint
              test: lint
  ## Docker
  - stage: Docker_devel
    displayName: Docker devel
@ -141,12 +131,13 @@ stages:
        parameters:
          testFormat: devel/linux/{0}/1
          targets:
-            - name: Fedora 42
+            - name: Fedora 43
-              test: fedora42
+              test: fedora43
            - name: Ubuntu 22.04
              test: ubuntu2204
            - name: Ubuntu 24.04
              test: ubuntu2404
  - stage: Docker_2_20
    displayName: Docker 2.20
    dependsOn: []
@ -161,6 +152,7 @@ stages:
              test: ubuntu2204
            - name: Ubuntu 24.04
              test: ubuntu2404
  - stage: Docker_2_19
    displayName: Docker 2.19
    dependsOn: []
@ -175,6 +167,7 @@ stages:
              test: ubuntu2204
            - name: Ubuntu 24.04
              test: ubuntu2404
  - stage: Docker_2_18
    displayName: Docker 2.18
    dependsOn: []
@ -189,6 +182,7 @@ stages:
              test: ubuntu2204
            - name: Ubuntu 24.04
              test: ubuntu2404
  - stage: Docker_2_17
    displayName: Docker 2.17
    dependsOn: []
@ -201,20 +195,6 @@ stages:
              test: fedora39
            - name: Ubuntu 22.04
              test: ubuntu2204
  - stage: Docker_2_16
    displayName: Docker 2.16
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          testFormat: 2.16/linux/{0}/1
          targets:
            - name: CentOS 7
              test: centos7
            - name: Fedora 38
              test: fedora38
            - name: Ubuntu 22.04
              test: ubuntu2204
  ## Remote
  - stage: Remote_devel
@ -225,14 +205,15 @@ stages:
        parameters:
          testFormat: devel/{0}/1
          targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.6
+            - name: RHEL 9.7
-              test: rhel/9.6
+              test: rhel/9.7
            - name: FreeBSD 14.3
              test: freebsd/14.3
-            - name: FreeBSD 13.5
+            - name: FreeBSD 15.0
-              test: freebsd/13.5
+              test: freebsd/15.0
  - stage: Remote_2_20
    displayName: Remote 2.20
    dependsOn: []
@ -241,14 +222,15 @@ stages:
        parameters:
          testFormat: 2.20/{0}/1
          targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.6
+            - name: RHEL 9.7
-              test: rhel/9.6
+              test: rhel/9.7
            - name: FreeBSD 14.3
              test: freebsd/14.3
            - name: FreeBSD 13.5
              test: freebsd/13.5
  - stage: Remote_2_19
    displayName: Remote 2.19
    dependsOn: []
@ -257,14 +239,15 @@ stages:
        parameters:
          testFormat: 2.19/{0}/1
          targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.5
+            - name: RHEL 9.7
-              test: rhel/9.5
+              test: rhel/9.7
            - name: FreeBSD 14.2
              test: freebsd/14.2
            - name: FreeBSD 13.5
              test: freebsd/13.5
  - stage: Remote_2_18
    displayName: Remote 2.18
    dependsOn: []
@ -273,12 +256,13 @@ stages:
        parameters:
          testFormat: 2.18/{0}/1
          targets:
-            - name: RHEL 10.0
+            - name: RHEL 10.1
-              test: rhel/10.0
+              test: rhel/10.1
-            - name: RHEL 9.4
+            - name: RHEL 9.7
-              test: rhel/9.4
+              test: rhel/9.7
            - name: FreeBSD 13.5
              test: freebsd/13.5
  - stage: Remote_2_17
    displayName: Remote 2.17
    dependsOn: []
@ -292,26 +276,12 @@ stages:
              test: rhel/10.0
            - name: FreeBSD 13.5
              test: freebsd/13.5
  - stage: Remote_2_16
    displayName: Remote 2.16
    dependsOn: []
    jobs:
      - template: templates/matrix.yml
        parameters:
          testFormat: 2.16/{0}/1
          targets:
            # 2.16 remote target only has RHEL 9.6 image
            - name: RHEL 9.6
              test: rhel/9.6
  ## Finally
  - stage: Summary
    condition: succeededOrFailed()
    dependsOn:
      - Sanity_2_16
      - Remote_2_16
      - Docker_2_16
      - Sanity_2_17
      - Remote_2_17
      - Docker_2_17
--- a/.github/BOTMETA.yml
+++ b/.github/BOTMETA.yml
@ -1,52 +0,0 @@
 ---
 automerge: false
 files:
  $module_utils/mount.py:
    labels: mount
  $modules/acl.py:
    authors: astorije bcoca
    labels: acl
    ignore: astorije
  $modules/at.py:
    authors: risaacson
    labels: at
  $modules/authorized_key.py:
    authors: ansible
    labels: authorized_key
  $modules/mount.py:
    authors: ansible skvidal
    maintainers: jtyr
    labels: mount
    ignore: skvidal
  $modules/patch.py:
    authors: jirutka luisperlaz
  $modules/seboolean.py:
    authors: sfromm
    labels: seboolean
  $modules/selinux.py:
    authors: goozbach
    maintainers: samdoran
    labels: selinux
  $modules/synchronize.py:
    authors: tima
    labels: synchronize
  $modules/sysctl.py:
    authors: davixx
    maintainers: Akasurde
    labels: sysctl
  $plugins/:
    labels: profile
  $plugins/debug.py:
    labels: debug
  $plugins/patch.py:
    labels: patch
  $plugins/synchronize.py:
    labels: synchronize
  $plugins/timer.py:
 macros:
  actions: plugins/action
  callbacks: plugins/callback
  module_utils: plugins/module_utils
  modules: plugins/modules
  plugins: plugins/plugins
  shells: plugins/shell
--- a/.github/workflows/certification.yml
+++ b/.github/workflows/certification.yml
@ -0,0 +1,35 @@
 ---
 # This workflow calls the latest version of the
 # reusable workflow.
 # You can copy this file into your respository if
 # you want to check against pinned versions of
 # Automation Hub tests.
 name: Run collection certification checks
 on:
  pull_request:
    branches: [main]
  workflow_dispatch:
  schedule:
    - cron: '0 6 * * *'
 concurrency:
  group: cert-ver-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true
 # Files that are not related to the core functionality
 # of your collection can cause Ansible Lint to fail.
 # If this happens, add an .ansible-lint file that includes
 # those files and directories to the root of your
 # repository; for example:
 # https://github.com/ansible-collections/partner-certification-checker/blob/main/.ansible-lint
 # https://github.com/ansible-collections/partner-certification-checker/blob/main/.ansible-lint
 # If there are sanity test failures that cannot be fixed and are allowed to ignore
 # https://docs.ansible.com/projects/lint/rules/sanity/, create a sanity ignore file
 # https://docs.ansible.com/projects/ansible/devel/dev_guide/testing/sanity/ignores.html#ignore-file-location
 # for each affected version of ansible-core (for example, `tests/sanity/ignore-2.18.txt`) and add corresponding entries.
 jobs:
  call:
    uses: ansible-collections/partner-certification-checker/.github/workflows/certification-reusable.yml@v0.1
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@ -28,6 +28,11 @@ options:
      - Name of a port or port range to add/remove to/from firewalld.
      - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
    type: str
  source_port:
    description:
      - Name of a source port or port range to add/remove to/from firewalld.
      - Must be in the form PORT/PROTOCOL or PORT-PORT/PROTOCOL for port ranges.
    type: str
  port_forward:
    description:
      - Port and protocol to forward using firewalld.
@ -185,6 +190,13 @@ EXAMPLES = r'''
    permanent: true
    state: enabled
 - name: Permit traffic in home zone from port 20561/udp
  ansible.posix.firewalld:
    source_port: 20561/udp
    zone: home
    permanent: true
    state: enabled
 - name: Permit traffic in dmz zone on http service
  ansible.posix.firewalld:
    zone: dmz
@ -552,6 +564,43 @@ class PortTransaction(FirewallTransaction):
        self.update_fw_settings(fw_zone, fw_settings)
 class SourcePortTransaction(FirewallTransaction):
    """
    SourcePortTransaction
    """
    def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False):
        super(SourcePortTransaction, self).__init__(
            module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate
        )
    def get_enabled_immediate(self, port, protocol, timeout):
        if self.fw_offline:
            dummy, fw_settings = self.get_fw_zone_settings()
            return fw_settings.querySourcePort(port=port, protocol=protocol)
        return self.fw.querySourcePort(zone=self.zone, port=port, protocol=protocol)
    def get_enabled_permanent(self, port, protocol, timeout):
        dummy, fw_settings = self.get_fw_zone_settings()
        return fw_settings.querySourcePort(port=port, protocol=protocol)
    def set_enabled_immediate(self, port, protocol, timeout):
        self.fw.addSourcePort(zone=self.zone, port=port, protocol=protocol, timeout=timeout)
    def set_enabled_permanent(self, port, protocol, timeout):
        fw_zone, fw_settings = self.get_fw_zone_settings()
        fw_settings.addSourcePort(port=port, protocol=protocol)
        self.update_fw_settings(fw_zone, fw_settings)
    def set_disabled_immediate(self, port, protocol, timeout):
        self.fw.removeSourcePort(zone=self.zone, port=port, protocol=protocol)
    def set_disabled_permanent(self, port, protocol, timeout):
        fw_zone, fw_settings = self.get_fw_zone_settings()
        fw_settings.removeSourcePort(port=port, protocol=protocol)
        self.update_fw_settings(fw_zone, fw_settings)
 class InterfaceTransaction(FirewallTransaction):
    """
    InterfaceTransaction
@ -879,6 +928,7 @@ def main():
            service=dict(type='str'),
            protocol=dict(type='str'),
            port=dict(type='str'),
            source_port=dict(type='str'),
            port_forward=dict(type='list', elements='dict'),
            rich_rule=dict(type='str'),
            zone=dict(type='str'),
@ -900,8 +950,8 @@ def main():
            source=('permanent',),
        ),
        mutually_exclusive=[
-            ['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'port_forward', 'rich_rule',
+            ['icmp_block', 'icmp_block_inversion', 'service', 'protocol', 'port', 'source_port', 'port_forward',
-             'interface', 'forward', 'masquerade', 'source', 'target']
+             'rich_rule', 'interface', 'forward', 'masquerade', 'source', 'target']
        ],
    )
@ -957,6 +1007,17 @@ def main():
    else:
        port_protocol = None
    source_port = None
    if module.params['source_port'] is not None:
        if '/' in module.params['source_port']:
            source_port, source_port_protocol = module.params['source_port'].strip().split('/')
        else:
            source_port_protocol = None
        if not source_port_protocol:
            module.fail_json(msg='improper source_port format (missing protocol?)')
    else:
        source_port_protocol = None
    port_forward_toaddr = ''
    port_forward = None
    if module.params['port_forward'] is not None:
@ -973,7 +1034,7 @@ def main():
            port_forward_toaddr = port_forward['toaddr']
    modification = False
-    if any([icmp_block, icmp_block_inversion, service, protocol, port, port_forward, rich_rule,
+    if any([icmp_block, icmp_block_inversion, service, protocol, port, source_port, port_forward, rich_rule,
            interface, forward, masquerade, source, target]):
        modification = True
    if modification and desired_state in ['absent', 'present'] and target is None:
@ -1079,6 +1140,26 @@ def main():
                )
            )
    if source_port is not None:
        transaction = SourcePortTransaction(
            module,
            action_args=(source_port, source_port_protocol, timeout),
            zone=zone,
            desired_state=desired_state,
            permanent=permanent,
            immediate=immediate,
        )
        changed, transaction_msgs = transaction.run()
        msgs = msgs + transaction_msgs
        if changed is True:
            msgs.append(
                "Changed source_port %s to %s" % (
                    "%s/%s" % (source_port, source_port_protocol), desired_state
                )
            )
    if port_forward is not None:
        transaction = ForwardPortTransaction(
            module,
--- a/tests/integration/targets/firewalld/tasks/run_all_tests.yml
+++ b/tests/integration/targets/firewalld/tasks/run_all_tests.yml
@ -21,6 +21,10 @@
 - name: Include port test cases for firewalld module
  ansible.builtin.include_tasks: port_test_cases.yml
 # firewalld source_port operation test cases
 - name: Include source_port test cases for firewalld module
  ansible.builtin.include_tasks: source_port_test_cases.yml
 # firewalld source operation test cases
 - name: Include source test cases for firewalld module
  ansible.builtin.include_tasks: source_test_cases.yml
--- a/tests/integration/targets/firewalld/tasks/source_port_test_cases.yml
+++ b/tests/integration/targets/firewalld/tasks/source_port_test_cases.yml
@ -0,0 +1,107 @@
 ---
 # Test playbook for the firewalld module - source_port operations
 - name: Firewalld source_port range test permanent enabled
  ansible.posix.firewalld:
    source_port: 5500-6850/tcp
    permanent: true
    state: enabled
  register: result
 - name: Assert firewalld source_port range test permanent enabled worked
  ansible.builtin.assert:
    that:
      - result is changed
 - name: Firewalld source_port range test permanent enabled rerun (verify not changed)
  ansible.posix.firewalld:
    source_port: 5500-6850/tcp
    permanent: true
    state: enabled
  register: result
 - name: Assert firewalld source_port range test permanent enabled rerun worked (verify not changed)
  ansible.builtin.assert:
    that:
      - result is not changed
 - name: Firewalld source_port test permanent enabled
  ansible.posix.firewalld:
    source_port: 6900/tcp
    permanent: true
    state: enabled
  register: result
 - name: Assert firewalld source_port test permanent enabled worked
  ansible.builtin.assert:
    that:
      - result is changed
 - name: Firewalld source_port test permanent enabled
  ansible.posix.firewalld:
    source_port: 6900/tcp
    permanent: true
    state: enabled
  register: result
 - name: Assert firewalld source_port test permanent enabled worked
  ansible.builtin.assert:
    that:
      - result is not changed
 - name: Firewalld source_port test disabled
  ansible.posix.firewalld:
    source_port: "{{ item }}"
    permanent: true
    state: disabled
  loop:
    - 6900/tcp
    - 5500-6850/tcp
 - name: Firewalld source_port test permanent enabled
  ansible.posix.firewalld:
    source_port: 8081/tcp
    permanent: true
    state: enabled
  register: result
 - name: Assert firewalld source_port test permanent enabled worked
  ansible.builtin.assert:
    that:
      - result is changed
 - name: Firewalld source_port test permanent enabled rerun (verify not changed)
  ansible.posix.firewalld:
    source_port: 8081/tcp
    permanent: true
    state: enabled
  register: result
 - name: Assert firewalld source_port test permanent enabled rerun worked (verify not changed)
  ansible.builtin.assert:
    that:
      - result is not changed
 - name: Firewalld source_port test permanent disabled
  ansible.posix.firewalld:
    source_port: 8081/tcp
    permanent: true
    state: disabled
  register: result
 - name: Assert firewalld source_port test permanent disabled worked
  ansible.builtin.assert:
    that:
      - result is changed
 - name: Firewalld source_port test permanent disabled rerun (verify not changed)
  ansible.posix.firewalld:
    source_port: 8081/tcp
    permanent: true
    state: disabled
  register: result
 - name: Assert firewalld source_port test permanent disabled rerun worked (verify not changed)
  ansible.builtin.assert:
    that:
      - result is not changed
--- a/tests/integration/targets/firewalld/tasks/source_test_cases.yml
+++ b/tests/integration/targets/firewalld/tasks/source_test_cases.yml
@ -85,4 +85,4 @@
      - result is not changed
      - >
        result.msg == 'parameters are mutually exclusive:
-        icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|forward|masquerade|source|target'
+        icmp_block|icmp_block_inversion|service|protocol|port|source_port|port_forward|rich_rule|interface|forward|masquerade|source|target'
Author	SHA1	Message	Date
Zhanibek Adilbekov	138ac0af14	Merge `c4ff0545f1` into `692b906b82`	2026-02-27 12:39:59 -05:00
Andrew Klychkov	692b906b82	chore: remove .github/BOTMETA.yml (#706 )	2026-02-25 09:38:38 +01:00
Andrew Klychkov	aece4a9632	ci: add certification.yml GitHub workflow (#705 )	2026-02-25 09:38:02 +01:00
softwarefactory-project-zuul[bot]	2cd1a6e4ab	Merge pull request #704 from Andersson007/update_ci0 ci: .azure-pipelines/azure-pipelines.yml update distros SUMMARY ci: .azure-pipelines/azure-pipelines.yml update distros As were reported in https://forum.ansible.com/t/ansible-test-images-and-vms-update-devel-2-20-2-19-2-18/45080 ISSUE TYPE CI Reviewed-by: Hideki Saito <saito@fgrep.org>	2026-02-25 08:19:39 +00:00
Andrew Klychkov	8af0b227cc	ci: .azure-pipelines/azure-pipelines.yml update distros	2026-02-25 08:47:31 +01:00
Zhanibek Adilbekov	c4ff0545f1	Firewalld: Add functionality to set source_port	2025-08-01 14:21:01 +05:00