diff options
| author | Amin Vakil <info@aminvakil.com> | 2020-12-07 20:45:31 +0330 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-07 11:15:31 -0600 |
| commit | 67108d86791af6b1d02d046a3335197a9062177e (patch) | |
| tree | 610db808c8f384e355f255e48e263e4493a294fe | |
| parent | 23e6e7db8501f628b2d7161c86d4cb578966a790 (diff) | |
| download | ansible-67108d86791af6b1d02d046a3335197a9062177e.tar.gz | |
[stable-2.9] iptables: Reorder comment postition (#71496) (#72551)
| -rw-r--r-- | changelogs/fragments/71496-iptables-reorder-comment-position.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/modules/system/iptables.py | 4 | ||||
| -rw-r--r-- | test/units/modules/system/test_iptables.py | 41 |
3 files changed, 45 insertions, 2 deletions
diff --git a/changelogs/fragments/71496-iptables-reorder-comment-position.yml b/changelogs/fragments/71496-iptables-reorder-comment-position.yml new file mode 100644 index 0000000000..942edb22a7 --- /dev/null +++ b/changelogs/fragments/71496-iptables-reorder-comment-position.yml @@ -0,0 +1,2 @@ +minor_changes: + - iptables - reorder comment postition to be at the end (https://github.com/ansible/ansible/issues/71444). diff --git a/lib/ansible/modules/system/iptables.py b/lib/ansible/modules/system/iptables.py index 610b4cd11c..9f2299eb59 100644 --- a/lib/ansible/modules/system/iptables.py +++ b/lib/ansible/modules/system/iptables.py @@ -541,8 +541,6 @@ def construct_rule(params): '--set-dscp-class', False) append_match_flag(rule, params['syn'], '--syn', True) - append_match(rule, params['comment'], 'comment') - append_param(rule, params['comment'], '--comment', False) if 'conntrack' in params['match']: append_csv(rule, params['ctstate'], '--ctstate') elif 'state' in params['match']: @@ -574,6 +572,8 @@ def construct_rule(params): params['icmp_type'], ICMP_TYPE_OPTIONS[params['ip_version']], False) + append_match(rule, params['comment'], 'comment') + append_param(rule, params['comment'], '--comment', False) return rule diff --git a/test/units/modules/system/test_iptables.py b/test/units/modules/system/test_iptables.py index a281864d7a..2919a12bb2 100644 --- a/test/units/modules/system/test_iptables.py +++ b/test/units/modules/system/test_iptables.py @@ -828,3 +828,44 @@ class TestIptables(ModuleTestCase): '--dst-range', '10.0.0.50-10.0.0.100' ]) + + def test_comment_position_at_end(self): + """Test flush without parameters""" + set_module_args({ + 'chain': 'INPUT', + 'jump': 'ACCEPT', + 'action': 'insert', + 'ctstate': ['NEW'], + 'comment': 'this is a comment', + '_ansible_check_mode': True, + }) + + commands_results = [ + (0, '', ''), + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertTrue(result.exception.args[0]['changed']) + + self.assertEqual(run_command.call_count, 1) + self.assertEqual(run_command.call_args_list[0][0][0], [ + '/sbin/iptables', + '-t', + 'filter', + '-C', + 'INPUT', + '-j', + 'ACCEPT', + '-m', + 'conntrack', + '--ctstate', + 'NEW', + '-m', + 'comment', + '--comment', + 'this is a comment' + ]) + self.assertEqual(run_command.call_args[0][0][14], 'this is a comment') |