1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

[ufw] Insert or delete biased when deletion enabled - as for append or delete. (#3514)

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.

* [ufw] Insert or delete biased when deletion enabled - as for append or delete.
This commit is contained in:
Greg 2021-10-07 14:31:38 +01:00 committed by GitHub
parent 3a460751a4
commit 80bb42325b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 46 additions and 2 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- "ufw - if ``delete=true`` and ``insert`` option is present, then ``insert`` is now ignored rather than failing with a syntax error (https://github.com/ansible-collections/community.general/pull/3514)."

View file

@ -54,6 +54,8 @@ options:
description: description:
- Insert the corresponding rule as rule number NUM. - Insert the corresponding rule as rule number NUM.
- Note that ufw numbers rules starting with 1. - Note that ufw numbers rules starting with 1.
- If I(delete=true) and a value is provided for I(insert),
then I(insert) is ignored.
type: int type: int
insert_relative_to: insert_relative_to:
description: description:
@ -120,6 +122,8 @@ options:
delete: delete:
description: description:
- Delete rule. - Delete rule.
- If I(delete=true) and a value is provided for I(insert),
then I(insert) is ignored.
type: bool type: bool
default: false default: false
interface: interface:
@ -511,12 +515,12 @@ def main():
'interface_in and interface_out') 'interface_in and interface_out')
# Rules are constructed according to the long format # Rules are constructed according to the long format
# #
# ufw [--dry-run] [route] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \ # ufw [--dry-run] [route] [delete | insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \
# [from ADDRESS [port PORT]] [to ADDRESS [port PORT]] \ # [from ADDRESS [port PORT]] [to ADDRESS [port PORT]] \
# [proto protocol] [app application] [comment COMMENT] # [proto protocol] [app application] [comment COMMENT]
cmd.append([module.boolean(params['route']), 'route']) cmd.append([module.boolean(params['route']), 'route'])
cmd.append([module.boolean(params['delete']), 'delete']) cmd.append([module.boolean(params['delete']), 'delete'])
if params['insert'] is not None: if params['insert'] is not None and not params['delete']:
relative_to_cmd = params['insert_relative_to'] relative_to_cmd = params['insert_relative_to']
if relative_to_cmd == 'zero': if relative_to_cmd == 'zero':
insert_to = params['insert'] insert_to = params['insert']

View file

@ -54,6 +54,7 @@ dry_mode_cmd_with_port_700 = {
"ufw status verbose": ufw_status_verbose_with_port_7000, "ufw status verbose": ufw_status_verbose_with_port_7000,
"ufw --version": ufw_version_35, "ufw --version": ufw_version_35,
"ufw --dry-run allow from any to any port 7000 proto tcp": skippg_adding_existing_rules, "ufw --dry-run allow from any to any port 7000 proto tcp": skippg_adding_existing_rules,
"ufw --dry-run insert 1 allow from any to any port 7000 proto tcp": skippg_adding_existing_rules,
"ufw --dry-run delete allow from any to any port 7000 proto tcp": "", "ufw --dry-run delete allow from any to any port 7000 proto tcp": "",
"ufw --dry-run delete allow from any to any port 7001 proto tcp": user_rules_with_port_7000, "ufw --dry-run delete allow from any to any port 7001 proto tcp": user_rules_with_port_7000,
"ufw --dry-run route allow in on foo out on bar from 1.1.1.1 port 7000 to 8.8.8.8 port 7001 proto tcp": "", "ufw --dry-run route allow in on foo out on bar from 1.1.1.1 port 7000 to 8.8.8.8 port 7001 proto tcp": "",
@ -178,6 +179,17 @@ class TestUFW(unittest.TestCase):
result = self.__getResult(do_nothing_func_port_7000) result = self.__getResult(do_nothing_func_port_7000)
self.assertFalse(result.exception.args[0]['changed']) self.assertFalse(result.exception.args[0]['changed'])
def test_check_mode_add_insert_rules(self):
set_module_args({
'insert': '1',
'rule': 'allow',
'proto': 'tcp',
'port': '7000',
'_ansible_check_mode': True
})
result = self.__getResult(do_nothing_func_port_7000)
self.assertFalse(result.exception.args[0]['changed'])
def test_check_mode_add_detailed_route(self): def test_check_mode_add_detailed_route(self):
set_module_args({ set_module_args({
'rule': 'allow', 'rule': 'allow',
@ -318,6 +330,19 @@ class TestUFW(unittest.TestCase):
self.assertTrue(self.__getResult(do_nothing_func_port_7000).exception.args[0]['changed']) self.assertTrue(self.__getResult(do_nothing_func_port_7000).exception.args[0]['changed'])
def test_check_mode_delete_existing_insert_rules(self):
set_module_args({
'insert': '1',
'rule': 'allow',
'proto': 'tcp',
'port': '7000',
'delete': 'yes',
'_ansible_check_mode': True,
})
self.assertTrue(self.__getResult(do_nothing_func_port_7000).exception.args[0]['changed'])
def test_check_mode_delete_not_existing_rules(self): def test_check_mode_delete_not_existing_rules(self):
set_module_args({ set_module_args({
@ -330,6 +355,19 @@ class TestUFW(unittest.TestCase):
self.assertFalse(self.__getResult(do_nothing_func_port_7000).exception.args[0]['changed']) self.assertFalse(self.__getResult(do_nothing_func_port_7000).exception.args[0]['changed'])
def test_check_mode_delete_not_existing_insert_rules(self):
set_module_args({
'insert': '1',
'rule': 'allow',
'proto': 'tcp',
'port': '7001',
'delete': 'yes',
'_ansible_check_mode': True,
})
self.assertFalse(self.__getResult(do_nothing_func_port_7000).exception.args[0]['changed'])
def test_enable_mode(self): def test_enable_mode(self):
set_module_args({ set_module_args({
'state': 'enabled', 'state': 'enabled',