diff options
| author | Sam Doran <sdoran@redhat.com> | 2020-12-07 18:34:32 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-07 17:34:32 -0600 |
| commit | 7f1ee0763467917e4bf54c0a2f052515c296f3ce (patch) | |
| tree | 416e5274ac5ad0c3e18721403997ea6503afebfc | |
| parent | 2a6b411a80c8c539786165b2fa3afcae90744794 (diff) | |
| download | ansible-7f1ee0763467917e4bf54c0a2f052515c296f3ce.tar.gz | |
[stable-2.10] iptables: Reorder comment postition (#71496) (#72548)
(cherry picked from commit c1da427a5e)
Co-authored-by: Amin Vakil <info@aminvakil.com>
| -rw-r--r-- | changelogs/fragments/71496-iptables-reorder-comment-position.yml | 2 | ||||
| -rw-r--r-- | lib/ansible/modules/iptables.py | 4 | ||||
| -rw-r--r-- | test/units/modules/test_iptables.py | 41 |
3 files changed, 45 insertions, 2 deletions
diff --git a/changelogs/fragments/71496-iptables-reorder-comment-position.yml b/changelogs/fragments/71496-iptables-reorder-comment-position.yml new file mode 100644 index 0000000000..942edb22a7 --- /dev/null +++ b/changelogs/fragments/71496-iptables-reorder-comment-position.yml @@ -0,0 +1,2 @@ +minor_changes: + - iptables - reorder comment postition to be at the end (https://github.com/ansible/ansible/issues/71444). diff --git a/lib/ansible/modules/iptables.py b/lib/ansible/modules/iptables.py index 1e3aac63ed..efe31c60f9 100644 --- a/lib/ansible/modules/iptables.py +++ b/lib/ansible/modules/iptables.py @@ -557,8 +557,6 @@ def construct_rule(params): '--set-dscp-class', False) append_match_flag(rule, params['syn'], '--syn', True) - append_match(rule, params['comment'], 'comment') - append_param(rule, params['comment'], '--comment', False) if 'conntrack' in params['match']: append_csv(rule, params['ctstate'], '--ctstate') elif 'state' in params['match']: @@ -590,6 +588,8 @@ def construct_rule(params): params['icmp_type'], ICMP_TYPE_OPTIONS[params['ip_version']], False) + append_match(rule, params['comment'], 'comment') + append_param(rule, params['comment'], '--comment', False) return rule diff --git a/test/units/modules/test_iptables.py b/test/units/modules/test_iptables.py index 68a80d2013..25a157e552 100644 --- a/test/units/modules/test_iptables.py +++ b/test/units/modules/test_iptables.py @@ -876,3 +876,44 @@ class TestIptables(ModuleTestCase): '-j', 'ACCEPT' ]) + + def test_comment_position_at_end(self): + """Test flush without parameters""" + set_module_args({ + 'chain': 'INPUT', + 'jump': 'ACCEPT', + 'action': 'insert', + 'ctstate': ['NEW'], + 'comment': 'this is a comment', + '_ansible_check_mode': True, + }) + + commands_results = [ + (0, '', ''), + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertTrue(result.exception.args[0]['changed']) + + self.assertEqual(run_command.call_count, 1) + self.assertEqual(run_command.call_args_list[0][0][0], [ + '/sbin/iptables', + '-t', + 'filter', + '-C', + 'INPUT', + '-j', + 'ACCEPT', + '-m', + 'conntrack', + '--ctstate', + 'NEW', + '-m', + 'comment', + '--comment', + 'this is a comment' + ]) + self.assertEqual(run_command.call_args[0][0][14], 'this is a comment') |