From 084479d21d5bdf751a94c787b6644d4f330c5f8a Mon Sep 17 00:00:00 2001 From: Alexey Solodkiy Date: Sun, 18 Dec 2016 12:07:05 +0300 Subject: [PATCH] fix #19476 --- lib/ansible/modules/system/iptables.py | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/lib/ansible/modules/system/iptables.py b/lib/ansible/modules/system/iptables.py index 521ad6b043a..8bcf7648adc 100644 --- a/lib/ansible/modules/system/iptables.py +++ b/lib/ansible/modules/system/iptables.py @@ -444,6 +444,17 @@ def set_chain_policy(iptables_path, module, params): cmd.append(params['policy']) module.run_command(cmd, check_rc=True) +def get_chain_policy(iptables_path, module, params): + cmd = push_arguments(iptables_path, '-L', params) + rc, out, _ = module.run_command(cmd, check_rc=True) + chain_header = out.split("\n")[0] + result = re.search(r'\(policy ([A-Z]+)\)', chain_header) + if result: + return result.group(1) + return None + + + def main(): module = AnsibleModule( @@ -524,14 +535,26 @@ def main(): # Flush the table if args['flush'] is True: + if module.check_mode: + module.exit_json(skipped=True) flush_table(iptables_path, module, module.params) module.exit_json(**args) # Set the policy if module.params['policy']: - set_chain_policy(iptables_path, module, module.params) + current_policy = get_chain_policy(iptables_path, module, module.params) + if not current_policy: + module.fail_json(msg='Can\'t detect current policy') + + changed = current_policy != module.params['policy'] + if module.check_mode: + module.exit_json(changed=changed) + if changed: + set_chain_policy(iptables_path, module, module.params) + args['changed'] = changed module.exit_json(**args) + insert = (module.params['action'] == 'insert') rule_is_present = check_present(iptables_path, module, module.params) should_be_present = (args['state'] == 'present') @@ -559,6 +582,7 @@ def main(): # import module snippets from ansible.module_utils.basic import * +import re if __name__ == '__main__': main()