2026-01-11 23:25:28 +01:00
4 changed files with 7 additions and 100 deletions
--- a/changelogs/fragments/402_firewall_fix_offline_interface_add.yml
+++ b/changelogs/fragments/402_firewall_fix_offline_interface_add.yml
@ -1,3 +0,0 @@
---
-bugfixes:
-  - firewall - Fix issue where adding an interface to a zone would fail when the daemon is offline
--- a/plugins/modules/firewalld.py
+++ b/plugins/modules/firewalld.py
@ -520,7 +520,6 @@ class InterfaceTransaction(FirewallTransaction):
                old_zone_obj = self.fw.config.get_zone(zone)
                if interface in old_zone_obj.interfaces:
                    iface_zone_objs.append(old_zone_obj)
-
            if len(iface_zone_objs) > 1:
                # Even it shouldn't happen, it's actually possible that
                # the same interface is in several zone XML files
@ -530,10 +529,11 @@ class InterfaceTransaction(FirewallTransaction):
                        len(iface_zone_objs)
                    )
                )
-            elif len(iface_zone_objs) == 1 and iface_zone_objs[0].name != self.zone:
            old_zone_obj = iface_zone_objs[0]
-                old_zone_config = self.fw.config.get_zone_config(old_zone_obj)
-                old_zone_settings = FirewallClientZoneSettings(list(old_zone_config))
+            if old_zone_obj.name != self.zone:
+                old_zone_settings = FirewallClientZoneSettings(
+                    self.fw.config.get_zone_config(old_zone_obj)
+                )
                old_zone_settings.removeInterface(interface)    # remove from old
                self.fw.config.set_zone_config(
                    old_zone_obj,
--- a/tests/integration/targets/firewalld/tasks/interface_test_cases.yml
+++ b/tests/integration/targets/firewalld/tasks/interface_test_cases.yml
@ -1,87 +0,0 @@
-# Test playbook for the firewalld module - interface operations
-# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
-# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
-
- name: Validate adding interface
-  block:
-  - name: Add lo interface to trusted zone
-    ansible.posix.firewalld:
-      interface: lo
-      zone: trusted
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: assert lo was added to trusted zone
-    assert:
-      that:
-      - result is changed
-
-  - name: Add lo interface to trusted zone (verify not changed)
-    ansible.posix.firewalld:
-      interface: lo
-      zone: trusted
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: assert lo was added to trusted zone (verify not changed)
-    assert:
-      that:
-      - result is not changed
-
- name: Validate moving interfaces
-  block:
-  - name: Move lo interface from trusted zone to internal zone
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: Assert lo was moved from trusted zone to internal zone
-    assert:
-      that:
-      - result is changed
-
-  - name: Move lo interface from trusted zone to internal zone (verify not changed)
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: enabled
-    register: result
-
-  - name: assert lo was moved from trusted zone to internal zone (verify not changed)
-    assert:
-      that:
-      - result is not changed
-
- name: Validate removing interface
-  block:
-  - name: Remove lo interface from internal zone
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: disabled
-    register: result
-
-  - name: Assert lo interface was removed from internal zone
-    assert:
-      that:
-      - result is changed
-
-  - name: Remove lo interface from internal zone (verify not changed)
-    ansible.posix.firewalld:
-      interface: lo
-      zone: internal
-      permanent: Yes
-      state: disabled
-    register: result
-
-  - name: Assert lo interface was removed from internal zone (verify not changed)
-    assert:
-      that:
-      - result is not changed
--- a/tests/integration/targets/firewalld/tasks/run_all_tests.yml
+++ b/tests/integration/targets/firewalld/tasks/run_all_tests.yml
@ -27,6 +27,3 @@

 # firewalld port forwarding operation test cases
 - include_tasks: port_forward_test_cases.yml
-
-# firewalld interface operation test cases
- include_tasks: interface_test_cases.yml