Merge 855966430a into 9171b7fcf1

* Fixes #582

Signed-off-by: Hideki Saito <saito@fgrep.org>

plugins/modules/firewalld.py

@@ -112,13 +112,11 @@ options:
     description:
       - The forward setting you would like to enable/disable to/from zones within firewalld.
       - This option only is supported by firewalld v0.9.0 or later.
-      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
     type: bool
   masquerade:
     description:
       - The masquerade setting you would like to enable/disable to/from zones within firewalld.
-      - Note that the option type is changed to bool in ansible.posix version 2.0.0 and later.
+    type: str
-    type: bool
   offline:
     description:
       - Ignores O(immediate) if O(permanent=true) and firewalld is not running.
@@ -878,7 +876,7 @@ def main():
             timeout=dict(type='int', default=0),
             interface=dict(type='str'),
             forward=dict(type='bool'),
-            masquerade=dict(type='bool'),
+            masquerade=dict(type='str'),
             offline=dict(type='bool', default=False),
             target=dict(type='str', choices=['default', 'ACCEPT', 'DROP', '%%REJECT%%']),
         ),
@@ -1130,7 +1128,6 @@ def main():
         changed, transaction_msgs = transaction.run()
         msgs = msgs + transaction_msgs
 
-    if forward is not None:
         expected_state = 'enabled' if (desired_state == 'enabled') == forward else 'disabled'
         transaction = ForwardTransaction(
             module,
@@ -1144,7 +1141,6 @@ def main():
         changed, transaction_msgs = transaction.run()
         msgs = msgs + transaction_msgs
 
-    if masquerade is not None:
         expected_state = 'enabled' if (desired_state == 'enabled') == masquerade else 'disabled'
         transaction = MasqueradeTransaction(
             module,

tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml

@@ -114,3 +114,60 @@
       ansible.builtin.assert:
         that:
           - result is not changed
+
+# Validate backwards compatible behavior until masquerade is switched from string to boolean type
+- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
+  block:
+    - name: Testing enable masquerade
+      ansible.posix.firewalld:
+        zone: trusted
+        masquerade: some string
+        permanent: true
+        state: enabled
+      register: result
+
+    - name: Assert masquerade is enabled
+      ansible.builtin.assert:
+        that:
+          - result is changed
+
+    - name: Testing enable masquerade (verify not changed)
+      ansible.posix.firewalld:
+        zone: trusted
+        masquerade: some string
+        permanent: true
+        state: enabled
+      register: result
+
+    - name: Assert masquerade is enabled (verify not changed)
+      ansible.builtin.assert:
+        that:
+          - result is not changed
+
+- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
+  block:
+    - name: Testing disable masquerade
+      ansible.posix.firewalld:
+        zone: trusted
+        masquerade: some string
+        permanent: true
+        state: disabled
+      register: result
+
+    - name: Assert masquerade is disabled
+      ansible.builtin.assert:
+        that:
+          - result is changed
+
+    - name: Testing disable masquerade (verify not changed)
+      ansible.posix.firewalld:
+        zone: trusted
+        masquerade: some string
+        permanent: true
+        state: disabled
+      register: result
+
+    - name: Assert masquerade is disabled (verify not changed)
+      ansible.builtin.assert:
+        that:
+          - result is not changed