Basic ability to set masquerade options from ansible, according to current code design/layout (mostly) (#2017)

* Support for masquerade settings

Ability to enable and disable masquerade settings from ansible via:
- firewalld: mapping=masquerade state=disabled permanent=true zone=dmz

Placeholder added (mapping) to support masquerade and port_forward
choices initially - port_forward not implemented yet.

* Permanent and Immediate zone handling differentiated

* Corrected naming abstraction for masquerading functionality

Removed mapping tag with port_forward choices - not applicable!

* Added version info for new masquerade option

Pull Request #2017 failing due to missing version info

lib/ansible/modules/extras/system/firewalld.py

@@ -80,6 +80,12 @@ options:
       - "The amount of time the rule should be in effect for when non-permanent."
     required: false
     default: 0
+  masquerade:
+    description:
+      - 'The masquerade setting you would like to enable/disable to/from zones within firewalld'
+    required: false
+    default: null
+    version_added: "2.1"
 notes:
   - Not tested on any Debian based system.
   - Requires the python2 bindings of firewalld, who may not be installed by default if the distribution switched to python 3 
@@ -95,6 +101,7 @@ EXAMPLES = '''
 - firewalld: rich_rule='rule service name="ftp" audit limit value="1/m" accept' permanent=true state=enabled
 - firewalld: source='192.168.1.0/24' zone=internal state=enabled
 - firewalld: zone=trusted interface=eth2 permanent=true state=enabled
+- firewalld: masquerade=yes state=enabled permanent=true zone=dmz
 '''
 
 import os
@@ -114,6 +121,36 @@ try:
 except ImportError:
     HAS_FIREWALLD = False
 
+
+#####################
+# masquerade handling
+#
+def get_masquerade_enabled(zone):
+    if fw.queryMasquerade(zone) == True:
+        return True
+    else:
+        return False
+
+def get_masquerade_enabled_permanent(zone):
+    fw_zone = fw.config().getZoneByName(zone)
+    fw_settings = fw_zone.getSettings()
+    if fw_settings.getMasquerade() == True:
+        return True
+    else:
+        return False
+    
+def set_masquerade_enabled(zone):
+    fw.addMasquerade(zone)
+
+def set_masquerade_disabled(zone):
+    fw.removeMasquerade(zone)
+
+def set_masquerade_permanent(zone, masquerade):
+    fw_zone = fw.config().getZoneByName(zone)
+    fw_settings = fw_zone.getSettings()
+    fw_settings.setMasquerade(masquerade)
+    fw_zone.update(fw_settings)
+
 ################
 # port handling
 #
@@ -286,6 +323,7 @@ def main():
             state=dict(choices=['enabled', 'disabled'], required=True),
             timeout=dict(type='int',required=False,default=0),
             interface=dict(required=False,default=None),
+            masquerade=dict(required=False,default=None),
         ),
         supports_check_mode=True
     )
@@ -325,6 +363,15 @@ def main():
     immediate = module.params['immediate']
     timeout = module.params['timeout']
     interface = module.params['interface']
+    masquerade = module.params['masquerade']
+
+    ## Check for firewalld running
+    try:
+        if fw.connected == False:
+            module.fail_json(msg='firewalld service must be running')
+    except AttributeError:
+        module.fail_json(msg="firewalld connection can't be established,\
+                version likely too old. Requires firewalld >= 2.0.11")
 
     modification_count = 0
     if service != None:
@@ -335,6 +382,8 @@ def main():
         modification_count += 1
     if interface != None:
         modification_count += 1
+    if masquerade != None:
+        modification_count += 1
 
     if modification_count > 1:
         module.fail_json(msg='can only operate on port, service, rich_rule or interface at once')
@@ -502,6 +551,49 @@ def main():
                 changed=True
                 msgs.append("Removed %s from zone %s" % (interface, zone))
 
+    if masquerade != None:
+
+        if permanent:
+            is_enabled = get_masquerade_enabled_permanent(zone)
+            msgs.append('Permanent operation')
+            
+            if desired_state == "enabled":
+                if is_enabled == False:
+                    if module.check_mode:
+                        module.exit_json(changed=True)
+
+                    set_masquerade_permanent(zone, True)
+                    changed=True
+                    msgs.append("Added masquerade to zone %s" % (zone))
+            elif desired_state == "disabled":
+                if is_enabled == True:
+                    if module.check_mode:
+                        module.exit_json(changed=True)
+
+                    set_masquerade_permanent(zone, False)
+                    changed=True
+                    msgs.append("Removed masquerade from zone %s" % (zone))
+        if immediate or not permanent:
+            is_enabled = get_masquerade_enabled(zone)
+            msgs.append('Non-permanent operation')
+            
+            if desired_state == "enabled":
+                if is_enabled == False:
+                    if module.check_mode:
+                        module.exit_json(changed=True)
+
+                    set_masquerade_enabled(zone)
+                    changed=True
+                    msgs.append("Added masquerade to zone %s" % (zone))
+            elif desired_state == "disabled":
+                if is_enabled == True:
+                    if module.check_mode:
+                        module.exit_json(changed=True)
+
+                    set_masquerade_disabled(zone)
+                    changed=True
+                    msgs.append("Removed masquerade from zone %s" % (zone))
+
     module.exit_json(changed=changed, msg=', '.join(msgs))