changelogs/fragments/402_firewall_fix_offline_interface_add.yml

@@ -1,3 +0,0 @@
----
-bugfixes:
-  - firewall - Fix issue where adding an interface to a zone would fail when the daemon is offline

plugins/modules/firewalld.py

@@ -520,7 +520,6 @@ class InterfaceTransaction(FirewallTransaction):
                 old_zone_obj = self.fw.config.get_zone(zone)
                 if interface in old_zone_obj.interfaces:
                     iface_zone_objs.append(old_zone_obj)
-
             if len(iface_zone_objs) > 1:
                 # Even it shouldn't happen, it's actually possible that
                 # the same interface is in several zone XML files
@@ -530,17 +529,18 @@ class InterfaceTransaction(FirewallTransaction):
                         len(iface_zone_objs)
                     )
                 )
-            elif len(iface_zone_objs) == 1 and iface_zone_objs[0].name != self.zone:
+            old_zone_obj = iface_zone_objs[0]
-                old_zone_obj = iface_zone_objs[0]
+            if old_zone_obj.name != self.zone:
-                old_zone_config = self.fw.config.get_zone_config(old_zone_obj)
+                old_zone_settings = FirewallClientZoneSettings(
-                old_zone_settings = FirewallClientZoneSettings(list(old_zone_config))
+                    self.fw.config.get_zone_config(old_zone_obj)
+                )
                 old_zone_settings.removeInterface(interface)    # remove from old
                 self.fw.config.set_zone_config(
                     old_zone_obj,
                     old_zone_settings.settings
                 )
-            fw_settings.addInterface(interface)             # add to new
+                fw_settings.addInterface(interface)             # add to new
-            self.fw.config.set_zone_config(fw_zone, fw_settings.settings)
+                self.fw.config.set_zone_config(fw_zone, fw_settings.settings)
         else:
             old_zone_name = self.fw.config().getZoneOfInterface(interface)
             if old_zone_name != self.zone:

tests/integration/targets/firewalld/tasks/interface_test_cases.yml

@@ -1,87 +0,0 @@
-# Test playbook for the firewalld module - interface operations
-# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
-- name: Validate adding interface
-  block:
-  - name: Add lo interface to trusted zone
-    ansible.posix.firewalld:
-      interface: lo
-      zone: trusted
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: assert lo was added to trusted zone
-    assert:
-      that:
-      - result is changed
-
-  - name: Add lo interface to trusted zone (verify not changed)
-    ansible.posix.firewalld:
-      interface: lo
-      zone: trusted
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: assert lo was added to trusted zone (verify not changed)
-    assert:
-      that:
-      - result is not changed
-
-- name: Validate moving interfaces
-  block:
-  - name: Move lo interface from trusted zone to internal zone
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: Assert lo was moved from trusted zone to internal zone
-    assert:
-      that:
-      - result is changed
-
-  - name: Move lo interface from trusted zone to internal zone (verify not changed)
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: assert lo was moved from trusted zone to internal zone (verify not changed)
-    assert:
-      that:
-      - result is not changed
-
-- name: Validate removing interface
-  block:
-  - name: Remove lo interface from internal zone
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: disabled
-    register: result
-
-  - name: Assert lo interface was removed from internal zone
-    assert:
-      that:
-      - result is changed
-
-  - name: Remove lo interface from internal zone (verify not changed)
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: disabled
-    register: result
-
-  - name: Assert lo interface was removed from internal zone (verify not changed)
-    assert:
-      that:
-      - result is not changed

tests/integration/targets/firewalld/tasks/run_all_tests.yml

@@ -27,6 +27,3 @@
 
 # firewalld port forwarding operation test cases
 - include_tasks: port_forward_test_cases.yml
-
-# firewalld interface operation test cases
-- include_tasks: interface_test_cases.yml