Merge pull request #68 from maxamillion/firewalld-migration

migrate firewalld from community.general

Reviewed-by: https://github.com/apps/ansible-zuul

tests/integration/targets/firewalld/aliases

@@ -0,0 +1,6 @@
+destructive
+shippable/posix/group3
+skip/aix
+skip/freebsd
+skip/osx
+disabled  # fixme

tests/integration/targets/firewalld/meta/main.yml

@@ -0,0 +1,2 @@
+dependencies:
+  - setup_pkg_mgr

tests/integration/targets/firewalld/tasks/main.yml

@@ -0,0 +1,56 @@
+# Test playbook for the firewalld module
+# (c) 2017, Adam Miller <admiller@redhat.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: Run firewalld tests
+  block:
+    - name: Ensure firewalld is installed
+      package:
+        name: firewalld
+        state: present
+      # This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
+
+    - name: Check to make sure the firewalld python module is available.
+      shell: "{{ansible_python.executable}} -c 'import firewall'"
+      register: check_output
+      ignore_errors: true
+
+    - name: Test Online Operations
+      block:
+        - name: start firewalld
+          service:
+            name: firewalld
+            state: started
+
+        - import_tasks: run_all_tests.yml
+      when: check_output.rc == 0
+
+    - name: Test Offline Operations
+      block:
+        - name: stop firewalld
+          service:
+            name: firewalld
+            state: stopped
+
+        - import_tasks: run_all_tests.yml
+      when: check_output.rc == 0
+
+  when:
+  - ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
+  - not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
+  # Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
+  - not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)

tests/integration/targets/firewalld/tasks/port_test_cases.yml

@@ -0,0 +1,65 @@
+# Test playbook for the firewalld module - port operations
+# (c) 2017, Adam Miller <admiller@redhat.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld port test permanent enabled
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent enabled rerun (verify not changed)
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld port test permanent disabled
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld port test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld port test permanent disabled rerun (verify not changed)
+  firewalld:
+    port: 8081/tcp
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld/tasks/run_all_tests.yml

@@ -0,0 +1,35 @@
+# Test playbook for the firewalld module
+# (c) 2017, Adam Miller <admiller@redhat.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: Ensure /run/firewalld exists
+  file:
+    path: /run/firewalld
+    state: directory
+
+# firewalld service operation test cases
+- include_tasks: service_test_cases.yml
+  # Skipping on CentOS 8 due to https://github.com/ansible/ansible/issues/64750
+  when: not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('8', '=='))
+
+# firewalld port operation test cases
+- include_tasks: port_test_cases.yml
+  # Skipping on CentOS 8 due to https://github.com/ansible/ansible/issues/64750
+  when: not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('8', '=='))
+
+# firewalld source operation test cases
+- import_tasks: source_test_cases.yml

tests/integration/targets/firewalld/tasks/service_test_cases.yml

@@ -0,0 +1,65 @@
+# Test playbook for the firewalld module - service operations
+# (c) 2017, Adam Miller <admiller@redhat.com>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld service test permanent enabled
+  firewalld:
+    service: https
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld service test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld service test permanent enabled rerun (verify not changed)
+  firewalld:
+    service: https
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld service test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld service test permanent disabled
+  firewalld:
+    service: https
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld service test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld service test permanent disabled rerun (verify not changed)
+  firewalld:
+    service: https
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld service test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld/tasks/source_test_cases.yml

@@ -0,0 +1,85 @@
+# Test playbook for the firewalld module - source operations
+# (c) 2019, Hideki Saito <saito@fgrep.org>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld source test permanent enabled
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: enabled
+  register: result
+
+- name: assert firewalld source test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld source test permanent enabled rerun (verify not changed)
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: enabled
+  register: result
+
+- name: assert firewalld source test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld source test permanent disabled
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: disabled
+  register: result
+
+- name: assert firewalld source test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld source test permanent disabled rerun (verify not changed)
+  firewalld:
+    source: 192.0.2.0/24
+    zone: internal
+    permanent: True
+    state: disabled
+  register: result
+
+- name: assert firewalld source test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld source test permanent enabled is exclusive (verify exclusive error)
+  firewalld:
+    source: 192.0.2.0/24
+    port: 8081/tcp
+    zone: internal
+    permanent: True
+    state: enabled
+  register: result
+  ignore_errors: true
+
+- name: assert firewalld source test permanent enabled is exclusive (verify exclusive error)
+  assert:
+    that:
+    - result is not changed
+    - "result.msg == 'can only operate on port, service, rich_rule, masquerade, icmp_block, icmp_block_inversion, interface or source at once'"

tests/sanity/ignore-2.10.txt

@@ -1,3 +1,5 @@
+plugins/module_utils/firewalld.py future-import-boilerplate
+plugins/module_utils/firewalld.py metaclass-boilerplate
 plugins/module_utils/mount.py future-import-boilerplate
 plugins/module_utils/mount.py metaclass-boilerplate
 plugins/modules/acl.py validate-modules:parameter-type-not-in-doc

tests/sanity/ignore-2.9.txt

@@ -1,3 +1,5 @@
+plugins/module_utils/firewalld.py future-import-boilerplate
+plugins/module_utils/firewalld.py metaclass-boilerplate
 plugins/module_utils/mount.py future-import-boilerplate
 plugins/module_utils/mount.py metaclass-boilerplate
 plugins/modules/acl.py validate-modules:parameter-type-not-in-doc