Merge branch 'main' into bugfix_masquerade_icmp_block_inversion

tests/integration/targets/firewalld/tasks/interface_test_cases.yml

@@ -0,0 +1,87 @@
+# Test playbook for the firewalld module - interface operations
+# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+- name: Validate adding interface
+  block:
+  - name: Add lo interface to trusted zone
+    ansible.posix.firewalld:
+      interface: lo
+      zone: trusted
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: assert lo was added to trusted zone
+    assert:
+      that:
+      - result is changed
+
+  - name: Add lo interface to trusted zone (verify not changed)
+    ansible.posix.firewalld:
+      interface: lo
+      zone: trusted
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: assert lo was added to trusted zone (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Validate moving interfaces
+  block:
+  - name: Move lo interface from trusted zone to internal zone
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: Assert lo was moved from trusted zone to internal zone
+    assert:
+      that:
+      - result is changed
+
+  - name: Move lo interface from trusted zone to internal zone (verify not changed)
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: enabled
+    register: result
+
+  - name: assert lo was moved from trusted zone to internal zone (verify not changed)
+    assert:
+      that:
+      - result is not changed
+
+- name: Validate removing interface
+  block:
+  - name: Remove lo interface from internal zone
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: disabled
+    register: result
+
+  - name: Assert lo interface was removed from internal zone
+    assert:
+      that:
+      - result is changed
+
+  - name: Remove lo interface from internal zone (verify not changed)
+    ansible.posix.firewalld:
+      interface: lo
+      zone: internal
+      permanent: Yes
+      state: disabled
+    register: result
+
+  - name: Assert lo interface was removed from internal zone (verify not changed)
+    assert:
+      that:
+      - result is not changed

tests/integration/targets/firewalld/tasks/port_test_cases.yml

@@ -4,7 +4,7 @@
 
 - name: firewalld port range test permanent enabled
   firewalld:
-    port: 5500-6950/tcp
+    port: 5500-6850/tcp
     permanent: true
     state: enabled
   register: result
@@ -16,7 +16,7 @@
 
 - name: firewalld port range test permanent enabled rerun (verify not changed)
   firewalld:
-    port: 5500-6950/tcp
+    port: 5500-6850/tcp
     permanent: true
     state: enabled
   register: result
@@ -57,7 +57,7 @@
     state: disabled
   loop:
     - 6900/tcp
-    - 5500-6950/tcp
+    - 5500-6850/tcp
 
 - name: firewalld port test permanent enabled
   firewalld:

tests/integration/targets/firewalld/tasks/protocol_test_cases.yml

@@ -0,0 +1,65 @@
+# Test playbook for the firewalld module - protocol operations
+# (c) 2022, Robért S. Guhr <rguhr@cronon.net>
+
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible.  If not, see <http://www.gnu.org/licenses/>.
+
+- name: firewalld protocol test permanent enabled
+  firewalld:
+    protocol: ospf
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld protocol test permanent enabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld protocol test permanent enabled rerun (verify not changed)
+  firewalld:
+    protocol: ospf
+    permanent: true
+    state: enabled
+  register: result
+
+- name: assert firewalld protocol test permanent enabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld protocol test permanent disabled
+  firewalld:
+    protocol: ospf
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld protocol test permanent disabled worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld protocol test permanent disabled rerun (verify not changed)
+  firewalld:
+    protocol: ospf
+    permanent: true
+    state: disabled
+  register: result
+
+- name: assert firewalld protocol test permanent disabled rerun worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/firewalld/tasks/run_all_tests.yml

@@ -10,12 +10,18 @@
 # firewalld service operation test cases
 - include_tasks: service_test_cases.yml
 
+# firewalld protocol operation test cases
+- include_tasks: protocol_test_cases.yml
+
 # firewalld port operation test cases
 - include_tasks: port_test_cases.yml
 
 # firewalld source operation test cases
 - include_tasks: source_test_cases.yml
 
+# firewalld zone operation test cases
+- include_tasks: zone_test_cases.yml
+
 # firewalld zone target operation test cases
 - include_tasks: zone_target_test_cases.yml
 
@@ -27,3 +33,6 @@
 
 # firewalld icmp block inversion operation test cases
 - include_tasks: icmp_block_inversion_test_cases.yml
+
+# firewalld interface operation test cases
+- include_tasks: interface_test_cases.yml

tests/integration/targets/firewalld/tasks/source_test_cases.yml

@@ -82,4 +82,4 @@
   assert:
     that:
     - result is not changed
-    - "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|port|port_forward|rich_rule|interface|masquerade|source|target'"
+    - "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"

tests/integration/targets/firewalld/tasks/zone_test_cases.yml

@@ -0,0 +1,47 @@
+- name: firewalld create zone custom
+  firewalld:
+    zone: custom
+    permanent: True
+    state: present
+  register: result
+
+- name: assert firewalld custom zone created worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld create zone custom rerun (verify not changed)
+  firewalld:
+    zone: custom
+    permanent: True
+    state: present
+  register: result
+
+- name: assert firewalld custom zone created worked (verify not changed)
+  assert:
+    that:
+    - result is not changed
+
+- name: firewalld remove zone custom
+  firewalld:
+    zone: custom
+    permanent: True
+    state: absent
+  register: result
+
+- name: assert firewalld custom zone removed worked
+  assert:
+    that:
+    - result is changed
+
+- name: firewalld remove custom zone rerun (verify not changed)
+  firewalld:
+    zone: custom
+    permanent: True
+    state: absent
+  register: result
+
+- name: assert firewalld custom zone removed worked (verify not changed)
+  assert:
+    that:
+    - result is not changed

tests/integration/targets/mount/tasks/main.yml

@@ -1,3 +1,9 @@
+- name: Install dependencies
+  ansible.builtin.package:
+    name: e2fsprogs
+    state: present
+  when: ansible_system == 'Linux'
+
 - name: Create the mount point
   file:
     state: directory
@@ -406,3 +412,270 @@
     - /tmp/myfs1
     - /tmp/test_fstab
   when: ansible_system in ('Linux')
+
+- name: Block to test ephemeral option
+  environment:
+    PATH: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+  block:
+  - name: Create empty file A
+    community.general.filesize:
+      path: /tmp/myfs_A.img
+      size: 20M
+
+  - name: Create empty file B
+    community.general.filesize:
+      path: /tmp/myfs_B.img
+      size: 20M
+
+  - name: Register facts on Linux
+    ansible.builtin.set_fact:
+      ephemeral_device_A: /tmp/myfs_A.img
+      ephemeral_device_B: /tmp/myfs_B.img
+      ephemeral_fstype: ext3
+      ephemeral_fstab: /etc/fstab
+    when: ansible_system == 'Linux'
+
+  - name: Register facts on Solaris/SunOS
+    ansible.builtin.set_fact:
+      ephemeral_device_A: /dev/lofi/1
+      ephemeral_device_B: /dev/lofi/2
+      ephemeral_create_loop_dev_cmd: >
+        lofiadm -a /tmp/myfs_A.img /dev/lofi/1 &&
+        lofiadm -a /tmp/myfs_B.img /dev/lofi/2
+      ephemeral_remove_loop_dev_cmd: >
+        lofiadm -d /dev/lofi/1 &&
+        lofiadm -d /dev/lofi/2 || true
+      ephemeral_fstype: ufs
+      ephemeral_fstab: /etc/vfstab
+    when: ansible_system == 'SunOS'
+
+  - name: Register facts on FreeBSD
+    ansible.builtin.set_fact:
+      ephemeral_device_A: /dev/md1
+      ephemeral_device_B: /dev/md2
+      ephemeral_create_loop_dev_cmd: >
+        mdconfig -a -t vnode -f /tmp/myfs_A.img -u /dev/md1 &&
+        mdconfig -a -t vnode -f /tmp/myfs_B.img -u /dev/md2
+      ephemeral_remove_loop_dev_cmd: >
+        mdconfig -d -u /dev/md1 &&
+        mdconfig -d -u /dev/md2
+      ephemeral_fstype: ufs
+      ephemeral_fstab: /etc/fstab
+    when: ansible_system == 'FreeBSD'
+
+  - name: Register facts on NetBSD
+    ansible.builtin.set_fact:
+      ephemeral_device_A: /dev/vnd1
+      ephemeral_device_B: /dev/vnd2
+      ephemeral_create_loop_dev_cmd: >
+        vnconfig /dev/vnd1 /tmp/myfs_A.img &&
+        vnconfig /dev/vnd2 /tmp/myfs_B.img
+      ephemeral_remove_loop_dev_cmd: >
+        vnconfig -u /dev/vnd1 &&
+        vnconfig -u /dev/vnd2
+      ephemeral_fstype: ufs
+      ephemeral_fstab: /etc/fstab
+    when: ansible_system == 'NetBSD'
+
+  - name: Register format fs command on Non-Linux and Non-OpenBSD
+    ansible.builtin.set_fact:
+      ephemeral_format_fs_cmd: >
+        yes | newfs {{ ephemeral_device_A }} &&
+        yes | newfs {{ ephemeral_device_B }}
+    when: ansible_system in ('SunOS', 'FreeBSD', 'NetBSD')
+
+  - name: Register facts on OpenBSD
+    ansible.builtin.set_fact:
+      ephemeral_device_A: /dev/vnd1c
+      ephemeral_device_B: /dev/vnd2c
+      ephemeral_create_loop_dev_cmd: >
+        vnconfig vnd1 /tmp/myfs_A.img &&
+        vnconfig vnd2 /tmp/myfs_B.img
+      ephemeral_remove_loop_dev_cmd: >
+        vnconfig -u vnd1 &&
+        vnconfig -u vnd2
+      ephemeral_format_fs_cmd: >
+        yes | newfs /dev/rvnd1c &&
+        yes | newfs /dev/rvnd2c
+      ephemeral_fstype: ffs
+      ephemeral_fstab: /etc/fstab
+    when: ansible_system == 'OpenBSD'
+
+##### FORMAT FS ON LINUX
+
+  - name: Block to format FS on Linux
+    block:
+    - name: Format FS A on Linux
+      community.general.filesystem:
+        fstype: ext3
+        dev: /tmp/myfs_A.img
+
+    - name: Format FS B on Linux
+      community.general.filesystem:
+        fstype: ext3
+        dev: /tmp/myfs_B.img
+    when: ansible_system == 'Linux'
+
+##### FORMAT FS ON SOLARIS AND BSD
+
+  - name: Create loop devices on Solaris and BSD
+    ansible.builtin.shell: "{{ ephemeral_create_loop_dev_cmd }}"
+    when: ephemeral_create_loop_dev_cmd is defined
+
+  - name: Format FS A and B on Solaris and BSD
+    ansible.builtin.shell: "{{ ephemeral_format_fs_cmd }}"
+    when: ephemeral_format_fs_cmd is defined
+
+##### TESTS
+
+  - name: Create fstab if it does not exist
+    ansible.builtin.file:
+      path: "{{ ephemeral_fstab }}"
+      state: touch
+
+  - name: Get checksum of /etc/fstab before mounting anything
+    stat:
+      path: '{{ ephemeral_fstab }}'
+    register: fstab_stat_before_mount
+
+  - name: Mount the FS A with ephemeral state
+    mount:
+      path: /tmp/myfs
+      src: '{{ ephemeral_device_A }}'
+      fstype: '{{ ephemeral_fstype }}'
+      opts: rw
+      state: ephemeral
+    register: ephemeral_mount_info
+
+  - name: Put something in the directory so we can do additional checks later on
+    copy:
+      content: 'Testing'
+      dest: /tmp/myfs/test_file
+
+  - name: Get checksum of /etc/fstab after an ephemeral mount
+    stat:
+      path: '{{ ephemeral_fstab }}'
+    register: fstab_stat_after_mount
+
+  - name: Get mountinfo
+    shell: mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l
+    register: check_mountinfo
+    changed_when: no
+
+  - name: Assert the mount occured and the fstab is unchanged
+    assert:
+      that:
+      - check_mountinfo.stdout|int == 1
+      - ephemeral_mount_info['changed']
+      - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
+
+  - name: Get first mount record
+    shell: mount -v | grep '/tmp/myfs'
+    register: ephemeral_mount_record_1
+    changed_when: no
+
+  - name: Try to mount FS A where FS A is already mounted (should trigger remount and changed)
+    mount:
+      path: /tmp/myfs
+      src: '{{ ephemeral_device_A }}'
+      fstype: '{{ ephemeral_fstype }}'
+      opts: ro
+      state: ephemeral
+    register: ephemeral_mount_info
+
+  - name: Get second mount record (should be different than the first)
+    shell: mount -v | grep '/tmp/myfs'
+    register: ephemeral_mount_record_2
+    changed_when: no
+
+  - name: Get mountinfo
+    shell: mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l
+    register: check_mountinfo
+    changed_when: no
+
+  - name: Assert the FS A is still mounted, the options changed and the fstab unchanged
+    assert:
+      that:
+        - check_mountinfo.stdout|int == 1
+        - ephemeral_mount_record_1.stdout != ephemeral_mount_record_2.stdout
+        - ephemeral_mount_info['changed']
+        - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_mount['stat']['checksum']
+
+  - name: Try to mount file B on file A mountpoint (should fail)
+    mount:
+      path: /tmp/myfs
+      src: '{{ ephemeral_device_B }}'
+      fstype: '{{ ephemeral_fstype }}'
+      state: ephemeral
+    register: ephemeral_mount_b_info
+    ignore_errors: true
+
+  - name: Get third mount record (should be the same than the second)
+    shell: mount -v | grep '/tmp/myfs'
+    register: ephemeral_mount_record_3
+    changed_when: no
+
+  - name: Get mountinfo
+    shell: mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l
+    register: check_mountinfo
+    changed_when: no
+
+  - name: Try to stat our test file
+    stat:
+      path: /tmp/myfs/test_file
+    register: test_file_stat
+
+  - name: Assert that mounting FS B over FS A failed
+    assert:
+      that:
+        - check_mountinfo.stdout|int == 1
+        - ephemeral_mount_record_2.stdout == ephemeral_mount_record_3.stdout
+        - test_file_stat['stat']['exists']
+        - ephemeral_mount_b_info is failed
+
+  - name: Unmount FS with state = unmounted
+    mount:
+      path: /tmp/myfs
+      state: unmounted
+
+  - name: Get fstab checksum after unmounting an ephemeral mount with state = unmounted
+    stat:
+      path: '{{ ephemeral_fstab }}'
+    register: fstab_stat_after_unmount
+
+  - name: Get mountinfo
+    shell: mount -v | awk '{print $3}' | grep '^/tmp/myfs$' | wc -l
+    register: check_mountinfo
+    changed_when: no
+
+  - name: Try to stat our test file
+    stat:
+      path: /tmp/myfs/test_file
+    register: test_file_stat
+
+  - name: Assert that fstab is unchanged after unmounting an ephemeral mount with state = unmounted
+    assert:
+      that:
+      - check_mountinfo.stdout|int == 0
+      - not test_file_stat['stat']['exists']
+      - fstab_stat_before_mount['stat']['checksum'] == fstab_stat_after_unmount['stat']['checksum']
+
+  always:
+    - name: Unmount potential failure relicas
+      mount:
+        path: /tmp/myfs
+        state: unmounted
+
+    - name: Remove loop devices on Solaris and BSD
+      ansible.builtin.shell: "{{ ephemeral_remove_loop_dev_cmd }}"
+      when: ephemeral_remove_loop_dev_cmd is defined
+
+    - name: Remove the test FS
+      file:
+        path: '{{ item }}'
+        state: absent
+      loop:
+        - /tmp/myfs_A.img
+        - /tmp/myfs_B.img
+        - /tmp/myfs
+  when: ansible_system in ('Linux', 'SunOS', 'FreeBSD', 'NetBSD', 'OpenBSD')

tests/unit/compat/builtins.py

@@ -31,3 +31,4 @@ except ImportError:
     BUILTINS = 'builtins'
 else:
     BUILTINS = '__builtin__'
+    __all__ = ['__builtin__']

tests/unit/plugins/action/test_synchronize.py

@@ -19,7 +19,6 @@ import os
 import unittest
 import yaml
 
-import ansible.plugins
 from ansible_collections.ansible.posix.tests.unit.compat.mock import patch, MagicMock
 from ansible_collections.ansible.posix.plugins.action.synchronize import ActionModule