carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-11 23:25:28 +01:00
Code Issues Projects Releases Packages Wiki Activity

Compare commits

base: carroarmato0:daf0b89fcb786800e10f5ae32f96d5a54369c020
Branches Tags
carroarmato0:main
carroarmato0:stable-2
carroarmato0:stable-1
carroarmato0:2.1.0
carroarmato0:2.0.0
carroarmato0:1.6.2
carroarmato0:1.6.1
carroarmato0:1.6.0
carroarmato0:1.5.4
carroarmato0:1.5.2
carroarmato0:1.5.1
carroarmato0:1.5.0
carroarmato0:1.4.0
carroarmato0:1.3.0
carroarmato0:1.2.0
carroarmato0:1.1.1
carroarmato0:1.1.0
carroarmato0:1.0.0
carroarmato0:0.1.3
carroarmato0:0.1.2
carroarmato0:0.1.1
..
compare: carroarmato0:cddfa80d84955f3aec9d4d87889695024303c8a0
Branches Tags
carroarmato0:stable-2
carroarmato0:main
carroarmato0:stable-1
carroarmato0:2.1.0
carroarmato0:2.0.0
carroarmato0:1.6.2
carroarmato0:1.6.1
carroarmato0:1.6.0
carroarmato0:1.5.4
carroarmato0:1.5.2
carroarmato0:1.5.1
carroarmato0:1.5.0
carroarmato0:1.4.0
carroarmato0:1.3.0
carroarmato0:1.2.0
carroarmato0:1.1.1
carroarmato0:1.1.0
carroarmato0:1.0.0
carroarmato0:0.1.3
carroarmato0:0.1.2
carroarmato0:0.1.1

No commits in common. "daf0b89fcb786800e10f5ae32f96d5a54369c020" and "cddfa80d84955f3aec9d4d87889695024303c8a0" have entirely different histories.
daf0b89fcb ... cddfa80d84

8 changed files with 20 additions and 418 deletions
Show stats Expand all files Collapse all files

40
.azure-pipelines/azure-pipelines.yml
View file

@ -61,24 +61,6 @@ stages:
test: ubuntu2004
- name: Ubuntu 22.04
test: ubuntu2204
- stage: Docker_2_15
displayName: Docker 2.15
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.15/linux/{0}/1
targets:
- name: CentOS 7
test: centos7
- name: Fedora 37
test: fedora37
- name: openSUSE 15 py3
test: opensuse15
- name: Ubuntu 20.04
test: ubuntu2004
- name: Ubuntu 22.04
test: ubuntu2204
- stage: Docker_2_14
displayName: Docker 2.14
dependsOn: []
@ -221,26 +203,6 @@ stages:
test: freebsd/12.4
- name: FreeBSD 13.1
test: freebsd/13.1
- stage: Remote_2_15
displayName: Remote 2.15
dependsOn: []
jobs:
- template: templates/matrix.yml
parameters:
testFormat: 2.15/{0}/1
targets:
- name: MacOS 13.2
test: macos/13.2
- name: RHEL 7.9
test: rhel/7.9
- name: RHEL 8.7
test: rhel/8.7
- name: RHEL 9.1
test: rhel/9.1
- name: FreeBSD 12.4
test: freebsd/12.4
- name: FreeBSD 13.1
test: freebsd/13.1
- stage: Remote_2_14
displayName: Remote 2.14
dependsOn: []
@ -359,8 +321,6 @@ stages:
- Docker_2_13
- Remote_2_14
- Docker_2_14
- Remote_2_15
- Docker_2_15
- Remote_devel
- Docker_devel
jobs:

3
changelogs/fragments/404_firewalld_masquerade_icmp_block_inversion_bugfixes.yml
View file

@ -1,3 +0,0 @@
---
bugfixes:
- firewalld - Consider value of masquerade and icmp_block_inversion parameters when a boolean like value is passed

3
changelogs/fragments/445_ci_support_stable-215.yml
View file

@ -1,3 +0,0 @@
---
trivial:
- CI - update AZP to support stable-2.15 branch (https://github.com/ansible-collections/ansible.posix/issues/444).

38
plugins/modules/firewalld.py
View file

@ -907,21 +907,12 @@ def main():
msgs.append("Changed icmp-block %s to %s" % (icmp_block, desired_state))
if icmp_block_inversion is not None:
# Type of icmp_block_inversion will be changed to boolean in a future release.
icmp_block_inversion_status = True
try:
icmp_block_inversion_status = boolean(icmp_block_inversion, True)
except TypeError:
module.warn('The value of the icmp_block_inversion option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
expected_state = 'enabled' if (desired_state == 'enabled') == icmp_block_inversion_status else 'disabled'
transaction = IcmpBlockInversionTransaction(
module,
action_args=(),
zone=zone,
desired_state=expected_state,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
@ -931,6 +922,14 @@ def main():
if changed is True:
msgs.append("Changed icmp-block-inversion %s to %s" % (icmp_block_inversion, desired_state))
# Type of icmp_block_inversion will be changed to boolean in a future release.
try:
boolean(icmp_block_inversion, True)
except TypeError:
module.warn('The value of the icmp_block_inversion option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % icmp_block_inversion)
if service is not None:
transaction = ServiceTransaction(
@ -1051,21 +1050,12 @@ def main():
msgs = msgs + transaction_msgs
if masquerade is not None:
# Type of masquerade will be changed to boolean in a future release.
masquerade_status = True
try:
masquerade_status = boolean(masquerade, True)
except TypeError:
module.warn('The value of the masquerade option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
expected_state = 'enabled' if (desired_state == 'enabled') == masquerade_status else 'disabled'
transaction = MasqueradeTransaction(
module,
action_args=(),
zone=zone,
desired_state=expected_state,
desired_state=desired_state,
permanent=permanent,
immediate=immediate,
)
@ -1073,6 +1063,14 @@ def main():
changed, transaction_msgs = transaction.run()
msgs = msgs + transaction_msgs
# Type of masquerade will be changed to boolean in a future release.
try:
boolean(masquerade, True)
except TypeError:
module.warn('The value of the masquerade option is "%s". '
'The type of the option will be changed from string to boolean in a future release. '
'To avoid unexpected behavior, please change the value to boolean.' % masquerade)
if target is not None:
transaction = ZoneTargetTransaction(

172
tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml
View file

@ -1,172 +0,0 @@
# Test playbook for the firewalld module - icmp block inversion operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Icmp block inversion enabled when icmp block inversion is truthy and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: enabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: enabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is falsy and state is enabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Icmp block inversion enabled when icmp block inversion is falsy and state is disabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: disabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: disabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is truthy and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: disabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: disabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: enabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: enabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: disabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: disabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed

172
tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml
View file

@ -1,172 +0,0 @@
# Test playbook for the firewalld module - masquerade operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Masquerade enabled when masquerade is truthy and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: enabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: enabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is falsy and state is enabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: enabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: enabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Masquerade enabled when masquerade is falsy and state is disabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: disabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: disabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is truthy and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: disabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: disabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
# Validate backwards compatible behavior until masquerade is switched from string to boolean type
- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: enabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: enabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: disabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: disabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed

6
tests/integration/targets/firewalld/tasks/run_all_tests.yml
View file

@ -28,11 +28,5 @@
# firewalld port forwarding operation test cases
- include_tasks: port_forward_test_cases.yml
# firewalld masquerade operation test cases
- include_tasks: masquerade_test_cases.yml
# firewalld icmp block inversion operation test cases
- include_tasks: icmp_block_inversion_test_cases.yml
# firewalld interface operation test cases
- include_tasks: interface_test_cases.yml

4
tests/utils/shippable/shippable.sh
View file

@ -145,9 +145,9 @@ function cleanup
fi
if [ "${process_coverage}" ]; then
# use python 3.9 for coverage to avoid running out of memory during coverage xml processing
# use python 3.7 for coverage to avoid running out of memory during coverage xml processing
# only use it for coverage to avoid the additional overhead of setting up a virtual environment for a potential no-op job
virtualenv --python /usr/bin/python3.9 ~/ansible-venv
virtualenv --python /usr/bin/python3.7 ~/ansible-venv
set +ux
. ~/ansible-venv/bin/activate
set -ux