iptables: Reorder comment postition (#71496)

* Reorder comment postition

* Add comment unit test

* Fix unit test

* Fix unit test

* Add changelog

* Add paramaters which would be problematic without this fix

* Fix typo

* Fix unit test

* Fix unit test
This commit is contained in:
Amin Vakil 2020-11-09 22:10:55 +03:30 committed by GitHub
parent 11b7091c84
commit c1da427a5e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 45 additions and 2 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- iptables - reorder comment postition to be at the end (https://github.com/ansible/ansible/issues/71444).

View file

@ -560,8 +560,6 @@ def construct_rule(params):
'--set-dscp-class', '--set-dscp-class',
False) False)
append_match_flag(rule, params['syn'], '--syn', True) append_match_flag(rule, params['syn'], '--syn', True)
append_match(rule, params['comment'], 'comment')
append_param(rule, params['comment'], '--comment', False)
if 'conntrack' in params['match']: if 'conntrack' in params['match']:
append_csv(rule, params['ctstate'], '--ctstate') append_csv(rule, params['ctstate'], '--ctstate')
elif 'state' in params['match']: elif 'state' in params['match']:
@ -593,6 +591,8 @@ def construct_rule(params):
params['icmp_type'], params['icmp_type'],
ICMP_TYPE_OPTIONS[params['ip_version']], ICMP_TYPE_OPTIONS[params['ip_version']],
False) False)
append_match(rule, params['comment'], 'comment')
append_param(rule, params['comment'], '--comment', False)
return rule return rule

View file

@ -876,3 +876,44 @@ class TestIptables(ModuleTestCase):
'-j', '-j',
'ACCEPT' 'ACCEPT'
]) ])
def test_comment_position_at_end(self):
"""Test flush without parameters"""
set_module_args({
'chain': 'INPUT',
'jump': 'ACCEPT',
'action': 'insert',
'ctstate': ['NEW'],
'comment': 'this is a comment',
'_ansible_check_mode': True,
})
commands_results = [
(0, '', ''),
]
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
run_command.side_effect = commands_results
with self.assertRaises(AnsibleExitJson) as result:
iptables.main()
self.assertTrue(result.exception.args[0]['changed'])
self.assertEqual(run_command.call_count, 1)
self.assertEqual(run_command.call_args_list[0][0][0], [
'/sbin/iptables',
'-t',
'filter',
'-C',
'INPUT',
'-j',
'ACCEPT',
'-m',
'conntrack',
'--ctstate',
'NEW',
'-m',
'comment',
'--comment',
'this is a comment'
])
self.assertEqual(run_command.call_args[0][0][14], 'this is a comment')