VMware: Add check mode support to module vmware_host_firewall_manager (#46266)

lib/ansible/modules/cloud/vmware/vmware_host_firewall_manager.py

@@ -13,7 +13,7 @@ ANSIBLE_METADATA = {
     'supported_by': 'community'
 }
 
-DOCUMENTATION = r'''
+DOCUMENTATION = '''
 ---
 module: vmware_host_firewall_manager
 short_description: Manage firewall configurations about an ESXi host
@@ -170,10 +170,11 @@ class VmwareFirewallManager(PyVmomi):
                 current_rule_state = self.firewall_facts[host.name][rule_name]['enabled']
                 if current_rule_state != rule_enabled:
                     try:
-                        if rule_enabled:
+                        if not self.module.check_mode:
-                            firewall_system.EnableRuleset(id=rule_name)
+                            if rule_enabled:
-                        else:
+                                firewall_system.EnableRuleset(id=rule_name)
-                            firewall_system.DisableRuleset(id=rule_name)
+                            else:
+                                firewall_system.DisableRuleset(id=rule_name)
                         fw_change_list.append(True)
                     except vim.fault.NotFound as not_found:
                         self.module.fail_json(msg="Failed to enable rule set %s as"
@@ -206,7 +207,8 @@ def main():
         argument_spec=argument_spec,
         required_one_of=[
             ['cluster_name', 'esxi_hostname'],
-        ]
+        ],
+        supports_check_mode=True
     )
 
     vmware_firewall_manager = VmwareFirewallManager(module)

test/integration/targets/vmware_host_firewall_manager/tasks/main.yml

@@ -84,7 +84,6 @@
     - DC0_C0_H1
     - DC0_C0_H2
 
-
 - name: Disable vvold for {{ host1 }}
   vmware_host_firewall_manager:
     hostname: "{{ vcsim }}"
@@ -113,3 +112,65 @@
         - host_result.rule_set_state[item]['vvold']['previous_state'] == True
   with_items:
     - "{{ host1 }}"
+
+- name: Enable vvold rule set on all hosts of {{ ccr1 }} in check mode
+  vmware_host_firewall_manager:
+    hostname: "{{ vcsim }}"
+    username: "{{ vcsim_instance.json.username }}"
+    password: "{{ vcsim_instance.json.password }}"
+    validate_certs: no
+    cluster_name: "{{ ccr1 }}"
+    rules:
+      - name: vvold
+        enabled: True
+  register: all_hosts_result_check_mode
+  check_mode: yes
+
+- debug: msg="{{ all_hosts_result_check_mode }}"
+
+- name: ensure everything is changed for all hosts of {{ ccr1 }}
+  assert:
+    that:
+        - all_hosts_result_check_mode.changed
+        - all_hosts_result_check_mode.rule_set_state is defined
+
+- name: ensure facts are gathered for all hosts of {{ ccr1 }}
+  assert:
+    that:
+        - all_hosts_result_check_mode.rule_set_state[item]['vvold']['current_state'] == True
+        - all_hosts_result_check_mode.rule_set_state[item]['vvold']['desired_state'] == True
+        - all_hosts_result_check_mode.rule_set_state[item]['vvold']['previous_state'] == False
+  with_items:
+    - DC0_C0_H0
+    - DC0_C0_H1
+    - DC0_C0_H2
+
+- name: Disable vvold for {{ host1 }} in check mode
+  vmware_host_firewall_manager:
+    hostname: "{{ vcsim }}"
+    username: "{{ vcsim_instance.json.username }}"
+    password: "{{ vcsim_instance.json.password }}"
+    validate_certs: no
+    esxi_hostname: "{{ host1 }}"
+    rules:
+      - name: vvold
+        enabled: False
+  register: host_result_check_mode
+  check_mode: yes
+
+- debug: msg="{{ host_result_check_mode }}"
+
+- name: ensure vvold is disabled for {{ host1 }}
+  assert:
+    that:
+        - host_result_check_mode.changed == False
+        - host_result_check_mode.rule_set_state is defined
+
+- name: ensure facts are gathered for {{ host1 }}
+  assert:
+    that:
+        - host_result_check_mode.rule_set_state[item]['vvold']['current_state'] == False
+        - host_result_check_mode.rule_set_state[item]['vvold']['desired_state'] == False
+        - host_result_check_mode.rule_set_state[item]['vvold']['previous_state'] == False
+  with_items:
+    - "{{ host1 }}"