Skip to content

Commit

Permalink
firewall_rule: ignore port if not tcp/udp but warn (#77)
Browse files Browse the repository at this point in the history
  • Loading branch information
@resmo
resmo committed Jun 26, 2023
1 parent ef17d0a commit b53b7fe
Show file tree
Hide file tree
Showing 5 changed files with 24 additions and 4 deletions.
2 changes: 2 additions & 0 deletions changelogs/fragments/firewall_rule-fix-idempotency-icmp.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
bugfixes:
- firewall_rule - Fixed an idempotency issue if parameter ``port`` is set on protocols other than TCP/UDP (https://github.com/vultr/ansible-collection-vultr/issues/76).
15 changes: 15 additions & 0 deletions plugins/modules/firewall_rule.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,21 @@ def configure(self):
if source is not None and source != "cloudflare":
self.module.params["source"] = self.get_load_balancer()["id"]

# Warn about port only affects TCP and UDP protocol
if (
self.module.params.get("protocol")
not in (
"tcp",
"udp",
)
and self.module.params.get("port") is not None
):
self.module.warn(
"Setting a port (%s) only affects protocols TCP/UDP, but protocol is: %s. Ignoring."
% (self.module.params.get("port"), self.module.params.get("protocol"))
)
self.module.params["port"] = None

def query(self):
result = dict()
for resource in self.query_list():
Expand Down
3 changes: 3 additions & 0 deletions tests/integration/targets/firewall_rule/defaults/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,9 @@ vultr_firewall_rules:
protocol: icmp
subnet: "0.0.0.0"
subnet_size: 0
# Port should be ignored, but should show a warning
port: "7"
port_assert: ""

- notes: web app
port: "8000:8080"
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/targets/firewall_rule/tasks/rule_absent.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "{{ rule.protocol | default('tcp') }}"
- result.vultr_firewall_rule.port == "{{ rule.port | default('') }}"
- result.vultr_firewall_rule.port == "{{ rule.port_assert | default(rule.port | default('')) }}"
- result.vultr_firewall_rule.subnet == "{{ rule.subnet | default('') }}"
- result.vultr_firewall_rule.subnet_size == {{ rule.subnet_size | default(0) }}
- result.vultr_firewall_rule.ip_type == "{{ rule.ip_type | default('v4') }}"
Expand All @@ -41,7 +41,7 @@
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "{{ rule.protocol | default('tcp') }}"
- result.vultr_firewall_rule.port == "{{ rule.port | default('') }}"
- result.vultr_firewall_rule.port == "{{ rule.port_assert | default(rule.port | default('')) }}"
- result.vultr_firewall_rule.subnet == "{{ rule.subnet | default('') }}"
- result.vultr_firewall_rule.subnet_size == {{ rule.subnet_size | default(0) }}
- result.vultr_firewall_rule.ip_type == "{{ rule.ip_type | default('v4') }}"
Expand Down
4 changes: 2 additions & 2 deletions tests/integration/targets/firewall_rule/tasks/rule_present.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "{{ rule.protocol | default('tcp') }}"
- result.vultr_firewall_rule.port == "{{ rule.port | default('') }}"
- result.vultr_firewall_rule.port == "{{ rule.port_assert | default(rule.port | default('')) }}"
- result.vultr_firewall_rule.subnet == "{{ rule.subnet | default('') }}"
- result.vultr_firewall_rule.subnet_size == {{ rule.subnet_size | default(0) }}
- result.vultr_firewall_rule.ip_type == "{{ rule.ip_type | default('v4') }}"
Expand All @@ -56,7 +56,7 @@
- result is not changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "{{ rule.protocol | default('tcp') }}"
- result.vultr_firewall_rule.port == "{{ rule.port | default('') }}"
- result.vultr_firewall_rule.port == "{{ rule.port_assert | default(rule.port | default('')) }}"
- result.vultr_firewall_rule.subnet == "{{ rule.subnet | default('') }}"
- result.vultr_firewall_rule.subnet_size == {{ rule.subnet_size | default(0) }}
- result.vultr_firewall_rule.ip_type == "{{ rule.ip_type | default('v4') }}"

0 comments on commit b53b7fe

Please sign in to comment.