Merge pull request #6754 from ahtik/fix-ufw-take2

Bugfix to ufw module to properly support "logging" (and docfix for choises, choices):
This commit is contained in:
Michael DeHaan 2014-03-29 11:32:45 -04:00
commit 322e7de843

View file

@ -1,6 +1,7 @@
#!/usr/bin/python #!/usr/bin/python
# -*- coding: utf-8 -*- # -*- coding: utf-8 -*-
# (c) 2014, Ahti Kitsik <ak@ahtik.com>
# (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com> # (c) 2014, Jarno Keskikangas <jarno.keskikangas@gmail.com>
# (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com> # (c) 2013, Aleksey Ovcharenko <aleksey.ovcharenko@gmail.com>
# (c) 2013, James Martin <jmartin@basho.com> # (c) 2013, James Martin <jmartin@basho.com>
@ -27,7 +28,7 @@ short_description: Manage firewall with UFW
description: description:
- Manage firewall with UFW. - Manage firewall with UFW.
version_added: 1.6 version_added: 1.6
author: Aleksey Ovcharenko, Jarno Keskikangas author: Aleksey Ovcharenko, Jarno Keskikangas, Ahti Kitsik
notes: notes:
- See C(man ufw) for more examples. - See C(man ufw) for more examples.
requirements: requirements:
@ -65,12 +66,12 @@ options:
description: description:
- Add firewall rule - Add firewall rule
required: false required: false
choises: ['allow', 'deny', 'reject', 'limit'] choices: ['allow', 'deny', 'reject', 'limit']
log: log:
description: description:
- Log new connections matched to this rule - Log new connections matched to this rule
required: false required: false
choises: ['yes', 'no'] choices: ['yes', 'no']
from_ip: from_ip:
description: description:
- Source IP address. - Source IP address.
@ -111,7 +112,10 @@ options:
EXAMPLES = ''' EXAMPLES = '''
# Allow everything and enable UFW # Allow everything and enable UFW
ufw: state=enable policy=allow logging=on ufw: state=enabled policy=allow
# Set logging
ufw: logging=on
# Sometimes it is desirable to let the sender know when traffic is # Sometimes it is desirable to let the sender know when traffic is
# being denied, rather than simply ignoring it. In these cases, use # being denied, rather than simply ignoring it. In these cases, use
@ -163,8 +167,8 @@ def main():
argument_spec = dict( argument_spec = dict(
state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']), state = dict(default=None, choices=['enabled', 'disabled', 'reloaded', 'reset']),
default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']), default = dict(default=None, aliases=['policy'], choices=['allow', 'deny', 'reject']),
logging = dict(default=None, choises=['on', 'off', 'low', 'medium', 'high', 'full']), logging = dict(default=None, choices=['on', 'off', 'low', 'medium', 'high', 'full']),
direction = dict(default=None, choises=['in', 'incoming', 'out', 'outgoing']), direction = dict(default=None, choices=['in', 'incoming', 'out', 'outgoing']),
delete = dict(default=False, type='bool'), delete = dict(default=False, type='bool'),
insert = dict(default=None), insert = dict(default=None),
rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']), rule = dict(default=None, choices=['allow', 'deny', 'reject', 'limit']),
@ -178,13 +182,14 @@ def main():
app = dict(default=None, aliases=['name']) app = dict(default=None, aliases=['name'])
), ),
supports_check_mode = True, supports_check_mode = True,
mutually_exclusive = [['app', 'proto']] mutually_exclusive = [['app', 'proto', 'logging']]
) )
cmds = [] cmds = []
def execute(cmd): def execute(cmd):
cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd))) cmd = ' '.join(map(itemgetter(-1), filter(itemgetter(0), cmd)))
cmds.append(cmd) cmds.append(cmd)
(rc, out, err) = module.run_command(cmd) (rc, out, err) = module.run_command(cmd)
@ -217,7 +222,7 @@ def main():
execute(cmd + [['-f'], [states[value]]]) execute(cmd + [['-f'], [states[value]]])
elif command == 'logging': elif command == 'logging':
execute(cmd + [[command, value]]) execute(cmd + [[command], [value]])
elif command == 'default': elif command == 'default':
execute(cmd + [[command], [value], [params['direction']]]) execute(cmd + [[command], [value], [params['direction']]])