add check mode to firewall module

library/mt_ip_firewall.py

@@ -83,7 +83,8 @@ def main():
         choices   = ['present', 'absent'],
         type      = 'str'
       ),
-      )
+    ),
+    supports_check_mode=True
   )
 
   hostname     = module.params['hostname']
@@ -92,6 +93,7 @@ def main():
   rule = module.params['rule']
   state        = module.params['state']
   api_path     = '/ip/firewall/' + module.params['parameter']
+  check_mode      = module.check_mode
 # ##############################################
 # Check if "place-before" is an integer
 # #############################################
@@ -153,6 +155,7 @@ def main():
     # if we don't have an existing rule to match
     # the desired we create a new one
     if not current_rule:
+      if not check_mode:
         mk.api_add(api_path, rule)
       changed = True,
     # if current_rule is true we need to ensure the changes
@@ -176,6 +179,7 @@ def main():
         if current_id is not None:
           out_params['.id'] = current_id
 
+          if not check_mode:
             mk.api_edit(
                 base_path = api_path,
                 params    = out_params
@@ -207,6 +211,7 @@ def main():
           'destination': desired_order
           }
         if params:
+          if not check_mode:
             mk.api_command(api_path, params)
           changed_msg.append({
               "moved": existing_order,
@@ -219,6 +224,7 @@ def main():
 #####################################
   elif state == "absent":
     if current_rule:
+      if not check_mode:
         mk.api_remove(api_path, current_id)
       changed = True
       changed_msg.append("removed rule: " + str(desired_order))

tests/integration/tests.yml

@@ -805,7 +805,11 @@
               comment: 'Ansible - fw filter rule5'
               place-before: '4'
           register: check_idem
-          failed_when: ( check_idem | changed )
+          failed_when: (
+              not ansible_check_mode
+            ) and (
+              ( check_idem | changed )
+            )
           tags: test-firewall
 
         - name: ALWAYS_CHANGES Test editing existing rule
@@ -823,7 +827,11 @@
               src-address: 192.168.0.0/16
               place-before: '3'
           register: edit_filter_rule
-          failed_when: not ( edit_filter_rule | changed )
+          failed_when: (
+              not ansible_check_mode
+            ) and (
+              not ( edit_filter_rule | changed )
+            )
 
         - name: NEVER_CHANGES Test editing existing rule check idempotency again
           mt_ip_firewall:
@@ -840,7 +848,11 @@
               src-address: 192.168.0.0/16
               place-before: '3'
           register: edit_filter_rule_2
-          failed_when: ( edit_filter_rule_2 | changed )
+          failed_when: (
+              not ansible_check_mode
+            ) and (
+              ( edit_filter_rule_2 | changed )
+            )
           tags: test-firewall
 
         - name: add a rule to the bottom of the chain
@@ -873,7 +885,11 @@
               src-address: 192.150.0.0/16
               place-before: '20'
           register: edit_filter_rule_3
-          failed_when: not ( edit_filter_rule_3 | changed )
+          failed_when: (
+              not ansible_check_mode
+            ) and (
+              not ( edit_filter_rule_3 | changed )
+            )
 
         - name: NEVER_CHANGES add a rule to the bottom of the chain, check_idempotency
           mt_ip_firewall:
@@ -890,7 +906,11 @@
               src-address: 192.150.0.0/16
               place-before: '20'
           register: edit_filter_rule_4
-          failed_when: ( edit_filter_rule_4 | changed )
+          failed_when: (
+              not ansible_check_mode
+            ) and (
+              ( edit_filter_rule_4 | changed )
+            )
 
         - name: ALWAYS_CHANGES Test removing existing rule
           mt_ip_firewall:
@@ -903,7 +923,11 @@
           with_items:
             - place-before: '4'
           register: rem_filter_rule
-          failed_when: not ( rem_filter_rule | changed )
+          failed_when: (
+              not ansible_check_mode
+            ) and (
+              not ( rem_filter_rule | changed )
+            )
 
         tags: firewall-filter
       ###################