mirror of
https://github.com/zahodi/ansible-mikrotik.git
synced 2025-07-09 09:44:24 +02:00
add check mode to firewall module
This commit is contained in:
Valentin Gurmeza
parent
48f593bae2
commit
caa99b3e5d
2 changed files with 60 additions and 30 deletions
|
|
@ -71,19 +71,20 @@ from copy import copy
|
||||||
def main():
|
def main():
|
||||||
|
|
||||||
module = AnsibleModule(
|
module = AnsibleModule(
|
||||||
argument_spec=dict(
|
argument_spec=dict(
|
||||||
hostname = dict(required=True),
|
hostname = dict(required=True),
|
||||||
username = dict(required=True),
|
username = dict(required=True),
|
||||||
password = dict(required=True),
|
password = dict(required=True),
|
||||||
rule = dict(required=False, type='dict'),
|
rule = dict(required=False, type='dict'),
|
||||||
parameter = dict(required=True, type='str'),
|
parameter = dict(required=True, type='str'),
|
||||||
state = dict(
|
state = dict(
|
||||||
required = False,
|
required = False,
|
||||||
default = "present",
|
default = "present",
|
||||||
choices = ['present', 'absent'],
|
choices = ['present', 'absent'],
|
||||||
type = 'str'
|
type = 'str'
|
||||||
),
|
),
|
||||||
)
|
),
|
||||||
|
supports_check_mode=True
|
||||||
)
|
)
|
||||||
|
|
||||||
hostname = module.params['hostname']
|
hostname = module.params['hostname']
|
||||||
|
|
@ -92,6 +93,7 @@ def main():
|
||||||
rule = module.params['rule']
|
rule = module.params['rule']
|
||||||
state = module.params['state']
|
state = module.params['state']
|
||||||
api_path = '/ip/firewall/' + module.params['parameter']
|
api_path = '/ip/firewall/' + module.params['parameter']
|
||||||
|
check_mode = module.check_mode
|
||||||
# ##############################################
|
# ##############################################
|
||||||
# Check if "place-before" is an integer
|
# Check if "place-before" is an integer
|
||||||
# #############################################
|
# #############################################
|
||||||
|
|
@ -99,10 +101,10 @@ def main():
|
||||||
desired_order = int(rule['place-before'])
|
desired_order = int(rule['place-before'])
|
||||||
except:
|
except:
|
||||||
module.exit_json(
|
module.exit_json(
|
||||||
failed=True,
|
failed=True,
|
||||||
changed=False,
|
changed=False,
|
||||||
msg="place-before is not set or is not set to an integer",
|
msg="place-before is not set or is not set to an integer",
|
||||||
)
|
)
|
||||||
changed = False
|
changed = False
|
||||||
msg = ""
|
msg = ""
|
||||||
|
|
||||||
|
|
@ -153,7 +155,8 @@ def main():
|
||||||
# if we don't have an existing rule to match
|
# if we don't have an existing rule to match
|
||||||
# the desired we create a new one
|
# the desired we create a new one
|
||||||
if not current_rule:
|
if not current_rule:
|
||||||
mk.api_add(api_path, rule)
|
if not check_mode:
|
||||||
|
mk.api_add(api_path, rule)
|
||||||
changed = True,
|
changed = True,
|
||||||
# if current_rule is true we need to ensure the changes
|
# if current_rule is true we need to ensure the changes
|
||||||
else:
|
else:
|
||||||
|
|
@ -176,10 +179,11 @@ def main():
|
||||||
if current_id is not None:
|
if current_id is not None:
|
||||||
out_params['.id'] = current_id
|
out_params['.id'] = current_id
|
||||||
|
|
||||||
mk.api_edit(
|
if not check_mode:
|
||||||
base_path = api_path,
|
mk.api_edit(
|
||||||
params = out_params
|
base_path = api_path,
|
||||||
)
|
params = out_params
|
||||||
|
)
|
||||||
|
|
||||||
# we don't need to show the .id in the changed message
|
# we don't need to show the .id in the changed message
|
||||||
if '.id' in out_params:
|
if '.id' in out_params:
|
||||||
|
|
@ -207,7 +211,8 @@ def main():
|
||||||
'destination': desired_order
|
'destination': desired_order
|
||||||
}
|
}
|
||||||
if params:
|
if params:
|
||||||
mk.api_command(api_path, params)
|
if not check_mode:
|
||||||
|
mk.api_command(api_path, params)
|
||||||
changed_msg.append({
|
changed_msg.append({
|
||||||
"moved": existing_order,
|
"moved": existing_order,
|
||||||
"to": old_params,
|
"to": old_params,
|
||||||
|
|
@ -219,7 +224,8 @@ def main():
|
||||||
#####################################
|
#####################################
|
||||||
elif state == "absent":
|
elif state == "absent":
|
||||||
if current_rule:
|
if current_rule:
|
||||||
mk.api_remove(api_path, current_id)
|
if not check_mode:
|
||||||
|
mk.api_remove(api_path, current_id)
|
||||||
changed = True
|
changed = True
|
||||||
changed_msg.append("removed rule: " + str(desired_order))
|
changed_msg.append("removed rule: " + str(desired_order))
|
||||||
else:
|
else:
|
||||||
|
|
|
||||||
|
|
@ -805,7 +805,11 @@
|
||||||
comment: 'Ansible - fw filter rule5'
|
comment: 'Ansible - fw filter rule5'
|
||||||
place-before: '4'
|
place-before: '4'
|
||||||
register: check_idem
|
register: check_idem
|
||||||
failed_when: ( check_idem | changed )
|
failed_when: (
|
||||||
|
not ansible_check_mode
|
||||||
|
) and (
|
||||||
|
( check_idem | changed )
|
||||||
|
)
|
||||||
tags: test-firewall
|
tags: test-firewall
|
||||||
|
|
||||||
- name: ALWAYS_CHANGES Test editing existing rule
|
- name: ALWAYS_CHANGES Test editing existing rule
|
||||||
|
|
@ -823,7 +827,11 @@
|
||||||
src-address: 192.168.0.0/16
|
src-address: 192.168.0.0/16
|
||||||
place-before: '3'
|
place-before: '3'
|
||||||
register: edit_filter_rule
|
register: edit_filter_rule
|
||||||
failed_when: not ( edit_filter_rule | changed )
|
failed_when: (
|
||||||
|
not ansible_check_mode
|
||||||
|
) and (
|
||||||
|
not ( edit_filter_rule | changed )
|
||||||
|
)
|
||||||
|
|
||||||
- name: NEVER_CHANGES Test editing existing rule check idempotency again
|
- name: NEVER_CHANGES Test editing existing rule check idempotency again
|
||||||
mt_ip_firewall:
|
mt_ip_firewall:
|
||||||
|
|
@ -840,7 +848,11 @@
|
||||||
src-address: 192.168.0.0/16
|
src-address: 192.168.0.0/16
|
||||||
place-before: '3'
|
place-before: '3'
|
||||||
register: edit_filter_rule_2
|
register: edit_filter_rule_2
|
||||||
failed_when: ( edit_filter_rule_2 | changed )
|
failed_when: (
|
||||||
|
not ansible_check_mode
|
||||||
|
) and (
|
||||||
|
( edit_filter_rule_2 | changed )
|
||||||
|
)
|
||||||
tags: test-firewall
|
tags: test-firewall
|
||||||
|
|
||||||
- name: add a rule to the bottom of the chain
|
- name: add a rule to the bottom of the chain
|
||||||
|
|
@ -873,7 +885,11 @@
|
||||||
src-address: 192.150.0.0/16
|
src-address: 192.150.0.0/16
|
||||||
place-before: '20'
|
place-before: '20'
|
||||||
register: edit_filter_rule_3
|
register: edit_filter_rule_3
|
||||||
failed_when: not ( edit_filter_rule_3 | changed )
|
failed_when: (
|
||||||
|
not ansible_check_mode
|
||||||
|
) and (
|
||||||
|
not ( edit_filter_rule_3 | changed )
|
||||||
|
)
|
||||||
|
|
||||||
- name: NEVER_CHANGES add a rule to the bottom of the chain, check_idempotency
|
- name: NEVER_CHANGES add a rule to the bottom of the chain, check_idempotency
|
||||||
mt_ip_firewall:
|
mt_ip_firewall:
|
||||||
|
|
@ -890,7 +906,11 @@
|
||||||
src-address: 192.150.0.0/16
|
src-address: 192.150.0.0/16
|
||||||
place-before: '20'
|
place-before: '20'
|
||||||
register: edit_filter_rule_4
|
register: edit_filter_rule_4
|
||||||
failed_when: ( edit_filter_rule_4 | changed )
|
failed_when: (
|
||||||
|
not ansible_check_mode
|
||||||
|
) and (
|
||||||
|
( edit_filter_rule_4 | changed )
|
||||||
|
)
|
||||||
|
|
||||||
- name: ALWAYS_CHANGES Test removing existing rule
|
- name: ALWAYS_CHANGES Test removing existing rule
|
||||||
mt_ip_firewall:
|
mt_ip_firewall:
|
||||||
|
|
@ -903,7 +923,11 @@
|
||||||
with_items:
|
with_items:
|
||||||
- place-before: '4'
|
- place-before: '4'
|
||||||
register: rem_filter_rule
|
register: rem_filter_rule
|
||||||
failed_when: not ( rem_filter_rule | changed )
|
failed_when: (
|
||||||
|
not ansible_check_mode
|
||||||
|
) and (
|
||||||
|
not ( rem_filter_rule | changed )
|
||||||
|
)
|
||||||
|
|
||||||
tags: firewall-filter
|
tags: firewall-filter
|
||||||
###################
|
###################
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue