archive
/
ansible
mirror of https://github.com/ansible/ansible.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

ufw: fix default, direction is not necessary for it (#54799)

Browse Source 
* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.
pull/54990/head
Felix Fontein 5 years ago committed by Brian Coca
parent c6f12eea32
commit 7d27348356
3 changed files with 49 additions and 5 deletions
Show Stats Download Patch File Download Diff File

2
changelogs/fragments/54799-ufw-default-direction.yml
Unescape Escape View File

@ -0,0 +1,2 @@
bugfixes:
- "ufw - when ``default`` is specified, ``direction`` does not needs to be specified. This was accidentally introduced in Ansible 2.7.8."

16
lib/ansible/modules/system/ufw.py
Unescape Escape View File

@ -461,8 +461,8 @@ def main():
execute(cmd + [[command], [value]])
elif command == 'default':
if params['direction'] not in ['outgoing', 'incoming', 'routed']:
module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed".')
if params['direction'] not in ['outgoing', 'incoming', 'routed', None]:
module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed", or direction must not be specified.')
if module.check_mode:
regexp = r'Default: (deny|allow|reject) \(incoming\), (deny|allow|reject) \(outgoing\), (deny|allow|reject|disabled) \(routed\)'
extract = re.search(regexp, pre_state)
@ -471,8 +471,14 @@ def main():
current_default_values["incoming"] = extract.group(1)
current_default_values["outgoing"] = extract.group(2)
current_default_values["routed"] = extract.group(3)
if current_default_values[params['direction']] != value:
changed = True
if params['direction'] is None:
for v in current_default_values.values():
if v not in (value, 'disabled'):
changed = True
else:
v = current_default_values[params['direction']]
if v not in (value, 'disabled'):
changed = True
else:
changed = True
else:
@ -480,7 +486,7 @@ def main():
elif command == 'rule':
if params['direction'] not in ['in', 'out', None]:
module.fail_json(msg='For rules, direction must be one of "in" and "out".')
module.fail_json(msg='For rules, direction must be one of "in" and "out", or direction must not be specified.')
# Rules are constructed according to the long format
#
# ufw [--dry-run] [route] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \

36
test/integration/targets/ufw/tasks/tests/global-state.yml
Unescape Escape View File

@ -103,6 +103,35 @@
register: ufw_defaults_change
environment:
LC_ALL: C
- name: Default (change again)
ufw:
default: deny
direction: incoming
register: default_change_2
- name: Default (change all, check mode)
ufw:
default: allow
check_mode: yes
register: default_change_all_check
- name: Default (change all)
ufw:
default: allow
register: default_change_all
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults_change_all
environment:
LC_ALL: C
- name: Default (change all, idempotent, check mode)
ufw:
default: allow
check_mode: yes
register: default_change_all_idem_check
- name: Default (change all, idempotent)
ufw:
default: allow
register: default_change_all_idem
- assert:
that:
- default_check is changed
@ -113,3 +142,10 @@
- default_change_check is changed
- default_change is changed
- "'allow (incoming)' in ufw_defaults_change.stdout"
- default_change_2 is changed
- default_change_all_check is changed
- default_change_all is changed
- default_change_all_idem_check is not changed
- default_change_all_idem is not changed
- "'allow (incoming)' in ufw_defaults_change_all.stdout"
- "'allow (outgoing)' in ufw_defaults_change_all.stdout"

Write Preview
Loading…
Cancel
Save