iptables: Reorder comment postition (#71496)
* Reorder comment postition * Add comment unit test * Fix unit test * Fix unit test * Add changelog * Add paramaters which would be problematic without this fix * Fix typo * Fix unit test * Fix unit test
This commit is contained in:
Amin Vakil
GitHub
parent
11b7091c84
commit
c1da427a5e
3 changed files with 45 additions and 2 deletions
|
|
@ -0,0 +1,2 @@
|
||||||
|
minor_changes:
|
||||||
|
- iptables - reorder comment postition to be at the end (https://github.com/ansible/ansible/issues/71444).
|
||||||
|
|
@ -560,8 +560,6 @@ def construct_rule(params):
|
||||||
'--set-dscp-class',
|
'--set-dscp-class',
|
||||||
False)
|
False)
|
||||||
append_match_flag(rule, params['syn'], '--syn', True)
|
append_match_flag(rule, params['syn'], '--syn', True)
|
||||||
append_match(rule, params['comment'], 'comment')
|
|
||||||
append_param(rule, params['comment'], '--comment', False)
|
|
||||||
if 'conntrack' in params['match']:
|
if 'conntrack' in params['match']:
|
||||||
append_csv(rule, params['ctstate'], '--ctstate')
|
append_csv(rule, params['ctstate'], '--ctstate')
|
||||||
elif 'state' in params['match']:
|
elif 'state' in params['match']:
|
||||||
|
|
@ -593,6 +591,8 @@ def construct_rule(params):
|
||||||
params['icmp_type'],
|
params['icmp_type'],
|
||||||
ICMP_TYPE_OPTIONS[params['ip_version']],
|
ICMP_TYPE_OPTIONS[params['ip_version']],
|
||||||
False)
|
False)
|
||||||
|
append_match(rule, params['comment'], 'comment')
|
||||||
|
append_param(rule, params['comment'], '--comment', False)
|
||||||
return rule
|
return rule
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -876,3 +876,44 @@ class TestIptables(ModuleTestCase):
|
||||||
'-j',
|
'-j',
|
||||||
'ACCEPT'
|
'ACCEPT'
|
||||||
])
|
])
|
||||||
|
|
||||||
|
def test_comment_position_at_end(self):
|
||||||
|
"""Test flush without parameters"""
|
||||||
|
set_module_args({
|
||||||
|
'chain': 'INPUT',
|
||||||
|
'jump': 'ACCEPT',
|
||||||
|
'action': 'insert',
|
||||||
|
'ctstate': ['NEW'],
|
||||||
|
'comment': 'this is a comment',
|
||||||
|
'_ansible_check_mode': True,
|
||||||
|
})
|
||||||
|
|
||||||
|
commands_results = [
|
||||||
|
(0, '', ''),
|
||||||
|
]
|
||||||
|
|
||||||
|
with patch.object(basic.AnsibleModule, 'run_command') as run_command:
|
||||||
|
run_command.side_effect = commands_results
|
||||||
|
with self.assertRaises(AnsibleExitJson) as result:
|
||||||
|
iptables.main()
|
||||||
|
self.assertTrue(result.exception.args[0]['changed'])
|
||||||
|
|
||||||
|
self.assertEqual(run_command.call_count, 1)
|
||||||
|
self.assertEqual(run_command.call_args_list[0][0][0], [
|
||||||
|
'/sbin/iptables',
|
||||||
|
'-t',
|
||||||
|
'filter',
|
||||||
|
'-C',
|
||||||
|
'INPUT',
|
||||||
|
'-j',
|
||||||
|
'ACCEPT',
|
||||||
|
'-m',
|
||||||
|
'conntrack',
|
||||||
|
'--ctstate',
|
||||||
|
'NEW',
|
||||||
|
'-m',
|
||||||
|
'comment',
|
||||||
|
'--comment',
|
||||||
|
'this is a comment'
|
||||||
|
])
|
||||||
|
self.assertEqual(run_command.call_args[0][0][14], 'this is a comment')
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue