ios_command: Whitelist some commands starting with configure (#35363)

* Whitelist some commands starting with `configure` * Add tests for conditional `configure` rejection
2018-01-26 10:55:50 -05:00 · 2018-01-26 10:55:50 -05:00 · 1f1e5c11a9
commit 1f1e5c11a9
parent 4fa02d581d
3 changed files with 19 additions and 1 deletions
--- a/lib/ansible/modules/network/ios/ios_command.py
+++ b/lib/ansible/modules/network/ios/ios_command.py
@ -131,6 +131,7 @@ failed_conditions:
  type: list
  sample: ['...', '...']
 """
+import re
 import time

 from ansible.module_utils.network.ios.ios import run_commands
@ -156,13 +157,14 @@ def parse_commands(module, warnings):
    ), module)
    commands = command(module.params['commands'])
    for item in list(commands):
+        configure_type = re.match(r'conf(?:\w*)(?:\s+(\w+))?', item['command'])
        if module.check_mode and not item['command'].startswith('show'):
            warnings.append(
                'only show commands are supported when using check mode, not '
                'executing `%s`' % item['command']
            )
            commands.remove(item)
-        elif item['command'].startswith('conf'):
+        elif configure_type and configure_type.group(1) not in ('confirm', 'replace', 'revert', 'network'):
            module.fail_json(
                msg='ios_command does not support running config mode '
                    'commands.  Please use ios_config instead'
--- a/test/units/modules/network/ios/fixtures/configure_revert_now
+++ b/test/units/modules/network/ios/fixtures/configure_revert_now
@ -0,0 +1,2 @@
+%No Rollback Confirmed Change pending
+
--- a/test/units/modules/network/ios/test_ios_command.py
+++ b/test/units/modules/network/ios/test_ios_command.py
@ -106,3 +106,17 @@ class TestIosCommandModule(TestIosModule):
        commands = ['show version', 'show version']
        set_module_args(dict(commands=commands, wait_for=wait_for, match='all'))
        self.execute_module(failed=True)
+
+    def test_ios_command_configure_error(self):
+        commands = ['configure terminal']
+        set_module_args(dict(commands=commands))
+        result = self.execute_module(failed=True)
+        self.assertEqual(
+            result['msg'],
+            'ios_command does not support running config mode commands.  Please use ios_config instead'
+        )
+
+    def test_ios_command_configure_not_error(self):
+        commands = ['configure revert now']
+        set_module_args(dict(commands=commands))
+        self.execute_module()