diff --git a/lib/ansible/module_utils/firewalld.py b/lib/ansible/module_utils/firewalld.py new file mode 100644 index 0000000000..38453af225 --- /dev/null +++ b/lib/ansible/module_utils/firewalld.py @@ -0,0 +1,311 @@ +# -*- coding: utf-8 -*- +# +# (c) 2013-2018, Adam Miller (maxamillion@fedoraproject.org) +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +# Imports and info for sanity checking +from distutils.version import LooseVersion + +FW_VERSION = None +fw = None +fw_offline = None +import_failure = True +try: + import firewall.config + FW_VERSION = firewall.config.VERSION + + from firewall.client import FirewallClient + from firewall.client import FirewallClientZoneSettings + from firewall.errors import FirewallError + fw_offline = False + import_failure = False + + try: + fw = FirewallClient() + fw.getDefaultZone() + except (AttributeError, FirewallError): + # Firewalld is not currently running, permanent-only operations + fw_offline = True + + # Import other required parts of the firewalld API + # + # NOTE: + # online and offline operations do not share a common firewalld API + from firewall.core.fw_test import Firewall_test + fw = Firewall_test() + fw.start() + +except ImportError: + pass + + +class FirewallTransaction(object): + """ + FirewallTransaction + + This is the base class for all firewalld transactions we might want to have + """ + + def __init__(self, module, action_args=(), zone=None, desired_state=None, + permanent=False, immediate=False, enabled_values=None, disabled_values=None): + # type: (firewall.client, tuple, str, bool, bool, bool) + """ + initializer the transaction + + :module: AnsibleModule, instance of AnsibleModule + :action_args: tuple, args to pass for the action to take place + :zone: str, firewall zone + :desired_state: str, the desired state (enabled, disabled, etc) + :permanent: bool, action should be permanent + :immediate: bool, action should take place immediately + :enabled_values: str[], acceptable values for enabling something (default: enabled) + :disabled_values: str[], acceptable values for disabling something (default: disabled) + """ + + self.module = module + self.fw = fw + self.action_args = action_args + + if zone: + self.zone = zone + else: + if fw_offline: + self.zone = fw.get_default_zone() + else: + self.zone = fw.getDefaultZone() + + self.desired_state = desired_state + self.permanent = permanent + self.immediate = immediate + self.fw_offline = fw_offline + self.enabled_values = enabled_values or ["enabled"] + self.disabled_values = disabled_values or ["disabled"] + + # List of messages that we'll call module.fail_json or module.exit_json + # with. + self.msgs = [] + + # Allow for custom messages to be added for certain subclass transaction + # types + self.enabled_msg = None + self.disabled_msg = None + + ##################### + # exception handling + # + def action_handler(self, action_func, action_func_args): + """ + Function to wrap calls to make actions on firewalld in try/except + logic and emit (hopefully) useful error messages + """ + + try: + return action_func(*action_func_args) + except Exception as e: + + # If there are any commonly known errors that we should provide more + # context for to help the users diagnose what's wrong. Handle that here + if "INVALID_SERVICE" in "%s" % e: + self.msgs.append("Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)") + + if len(self.msgs) > 0: + self.module.fail_json( + msg='ERROR: Exception caught: %s %s' % (e, ', '.join(self.msgs)) + ) + else: + self.module.fail_json(msg='ERROR: Exception caught: %s' % e) + + def get_fw_zone_settings(self): + if self.fw_offline: + fw_zone = self.fw.config.get_zone(self.zone) + fw_settings = FirewallClientZoneSettings( + list(self.fw.config.get_zone_config(fw_zone)) + ) + else: + fw_zone = self.fw.config().getZoneByName(self.zone) + fw_settings = fw_zone.getSettings() + + return (fw_zone, fw_settings) + + def update_fw_settings(self, fw_zone, fw_settings): + if self.fw_offline: + self.fw.config.set_zone_config(fw_zone, fw_settings.settings) + else: + fw_zone.update(fw_settings) + + def get_enabled_immediate(self): + raise NotImplementedError + + def get_enabled_permanent(self): + raise NotImplementedError + + def set_enabled_immediate(self): + raise NotImplementedError + + def set_enabled_permanent(self): + raise NotImplementedError + + def set_disabled_immediate(self): + raise NotImplementedError + + def set_disabled_permanent(self): + raise NotImplementedError + + def run(self): + """ + run + + This function contains the "transaction logic" where as all operations + follow a similar pattern in order to perform their action but simply + call different functions to carry that action out. + """ + + self.changed = False + + if self.immediate and self.permanent: + is_enabled_permanent = self.action_handler( + self.get_enabled_permanent, + self.action_args + ) + is_enabled_immediate = self.action_handler( + self.get_enabled_immediate, + self.action_args + ) + self.msgs.append('Permanent and Non-Permanent(immediate) operation') + + if self.desired_state in self.enabled_values: + if not is_enabled_permanent or not is_enabled_immediate: + if self.module.check_mode: + self.module.exit_json(changed=True) + if not is_enabled_permanent: + self.action_handler( + self.set_enabled_permanent, + self.action_args + ) + self.changed = True + if not is_enabled_immediate: + self.action_handler( + self.set_enabled_immediate, + self.action_args + ) + self.changed = True + if self.changed and self.enabled_msg: + self.msgs.append(self.enabled_msg) + + elif self.desired_state in self.disabled_values: + if is_enabled_permanent or is_enabled_immediate: + if self.module.check_mode: + self.module.exit_json(changed=True) + if is_enabled_permanent: + self.action_handler( + self.set_disabled_permanent, + self.action_args + ) + self.changed = True + if is_enabled_immediate: + self.action_handler( + self.set_disabled_immediate, + self.action_args + ) + self.changed = True + if self.changed and self.disabled_msg: + self.msgs.append(self.disabled_msg) + + elif self.permanent and not self.immediate: + is_enabled = self.action_handler( + self.get_enabled_permanent, + self.action_args + ) + self.msgs.append('Permanent operation') + + if self.desired_state in self.enabled_values: + if not is_enabled: + if self.module.check_mode: + self.module.exit_json(changed=True) + + self.action_handler( + self.set_enabled_permanent, + self.action_args + ) + self.changed = True + if self.changed and self.enabled_msg: + self.msgs.append(self.enabled_msg) + + elif self.desired_state in self.disabled_values: + if is_enabled: + if self.module.check_mode: + self.module.exit_json(changed=True) + + self.action_handler( + self.set_disabled_permanent, + self.action_args + ) + self.changed = True + if self.changed and self.disabled_msg: + self.msgs.append(self.disabled_msg) + + elif self.immediate and not self.permanent: + is_enabled = self.action_handler( + self.get_enabled_immediate, + self.action_args + ) + self.msgs.append('Non-permanent operation') + + if self.desired_state in self.enabled_values: + if not is_enabled: + if self.module.check_mode: + self.module.exit_json(changed=True) + + self.action_handler( + self.set_enabled_immediate, + self.action_args + ) + self.changed = True + if self.changed and self.enabled_msg: + self.msgs.append(self.enabled_msg) + + elif self.desired_state in self.disabled_values: + if is_enabled: + if self.module.check_mode: + self.module.exit_json(changed=True) + + self.action_handler( + self.set_disabled_immediate, + self.action_args + ) + self.changed = True + if self.changed and self.disabled_msg: + self.msgs.append(self.disabled_msg) + + return (self.changed, self.msgs) + + @staticmethod + def sanity_check(module): + """ + Perform sanity checking, version checks, etc + + :module: AnsibleModule instance + """ + + if FW_VERSION and fw_offline: + # Pre-run version checking + if LooseVersion(FW_VERSION) < LooseVersion("0.3.9"): + module.fail_json(msg='unsupported version of firewalld, offline operations require >= 0.3.9 - found: {0}'.format(FW_VERSION)) + elif FW_VERSION and not fw_offline: + # Pre-run version checking + if LooseVersion(FW_VERSION) < LooseVersion("0.2.11"): + module.fail_json(msg='unsupported version of firewalld, requires >= 0.2.11 - found: {0}'.format(FW_VERSION)) + + # Check for firewalld running + try: + if fw.connected is False: + module.fail_json(msg='firewalld service must be running, or try with offline=true') + except AttributeError: + module.fail_json(msg="firewalld connection can't be established,\ + installed version (%s) likely too old. Requires firewalld >= 0.2.11" % FW_VERSION) + + if import_failure: + module.fail_json( + msg='Python Module not found: firewalld and its python module are required for this module, \ + version 0.2.11 or newer required (0.3.9 or newer for offline operations)' + ) diff --git a/lib/ansible/modules/system/firewalld.py b/lib/ansible/modules/system/firewalld.py index 313aff556c..9efe0956b6 100644 --- a/lib/ansible/modules/system/firewalld.py +++ b/lib/ansible/modules/system/firewalld.py @@ -136,276 +136,15 @@ EXAMPLES = ''' ''' from ansible.module_utils.basic import AnsibleModule +from ansible.module_utils.firewalld import FirewallTransaction, fw_offline -# globals -module = None - -# Imports try: - import firewall.config - FW_VERSION = firewall.config.VERSION - from firewall.client import Rich_Rule - from firewall.client import FirewallClient from firewall.client import FirewallClientZoneSettings - from firewall.errors import FirewallError - fw = None - fw_offline = False - import_failure = False - - try: - fw = FirewallClient() - fw.getDefaultZone() - except (AttributeError, FirewallError): - # Firewalld is not currently running, permanent-only operations - fw_offline = True - - # Import other required parts of the firewalld API - # - # NOTE: - # online and offline operations do not share a common firewalld API - from firewall.core.fw_test import Firewall_test - fw = Firewall_test() - fw.start() - except ImportError: - import_failure = True - - -class FirewallTransaction(object): - """ - FirewallTransaction - - This is the base class for all firewalld transactions we might want to have - """ - - global module - - def __init__(self, fw, action_args=(), zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False, - enabled_values=None, disabled_values=None): - # type: (firewall.client, tuple, str, bool, bool, bool) - """ - initializer the transaction - - :fw: firewall client instance - :action_args: tuple, args to pass for the action to take place - :zone: str, firewall zone - :desired_state: str, the desired state (enabled, disabled, etc) - :permanent: bool, action should be permanent - :immediate: bool, action should take place immediately - :fw_offline: bool, action takes place as if the firewall were offline - :enabled_values: str[], acceptable values for enabling something (default: enabled) - :disabled_values: str[], acceptable values for disabling something (default: disabled) - """ - - self.fw = fw - self.action_args = action_args - self.zone = zone - self.desired_state = desired_state - self.permanent = permanent - self.immediate = immediate - self.fw_offline = fw_offline - self.enabled_values = enabled_values or ["enabled"] - self.disabled_values = disabled_values or ["disabled"] - - # List of messages that we'll call module.fail_json or module.exit_json - # with. - self.msgs = [] - - # Allow for custom messages to be added for certain subclass transaction - # types - self.enabled_msg = None - self.disabled_msg = None - - ##################### - # exception handling - # - def action_handler(self, action_func, action_func_args): - """ - Function to wrap calls to make actions on firewalld in try/except - logic and emit (hopefully) useful error messages - """ - - try: - return action_func(*action_func_args) - except Exception as e: - - # If there are any commonly known errors that we should provide more - # context for to help the users diagnose what's wrong. Handle that here - if "INVALID_SERVICE" in "%s" % e: - self.msgs.append("Services are defined by port/tcp relationship and named as they are in /etc/services (on most systems)") - - if len(self.msgs) > 0: - module.fail_json( - msg='ERROR: Exception caught: %s %s' % (e, ', '.join(self.msgs)) - ) - else: - module.fail_json(msg='ERROR: Exception caught: %s' % e) - - def get_fw_zone_settings(self): - if self.fw_offline: - fw_zone = self.fw.config.get_zone(self.zone) - fw_settings = FirewallClientZoneSettings( - list(self.fw.config.get_zone_config(fw_zone)) - ) - else: - fw_zone = self.fw.config().getZoneByName(self.zone) - fw_settings = fw_zone.getSettings() - - return (fw_zone, fw_settings) - - def update_fw_settings(self, fw_zone, fw_settings): - if self.fw_offline: - self.fw.config.set_zone_config(fw_zone, fw_settings.settings) - else: - fw_zone.update(fw_settings) - - def get_enabled_immediate(self): - raise NotImplementedError - - def get_enabled_permanent(self): - raise NotImplementedError - - def set_enabled_immediate(self): - raise NotImplementedError - - def set_enabled_permanent(self): - raise NotImplementedError - - def set_disabled_immediate(self): - raise NotImplementedError - - def set_disabled_permanent(self): - raise NotImplementedError - - def run(self): - """ - run - - This fuction contains the "transaction logic" where as all operations - follow a similar pattern in order to perform their action but simply - call different functions to carry that action out. - """ - - self.changed = False - - if self.immediate and self.permanent: - is_enabled_permanent = self.action_handler( - self.get_enabled_permanent, - self.action_args - ) - is_enabled_immediate = self.action_handler( - self.get_enabled_immediate, - self.action_args - ) - self.msgs.append('Permanent and Non-Permanent(immediate) operation') - - if self.desired_state in self.enabled_values: - if not is_enabled_permanent or not is_enabled_immediate: - if module.check_mode: - module.exit_json(changed=True) - if not is_enabled_permanent: - self.action_handler( - self.set_enabled_permanent, - self.action_args - ) - self.changed = True - if not is_enabled_immediate: - self.action_handler( - self.set_enabled_immediate, - self.action_args - ) - self.changed = True - if self.changed and self.enabled_msg: - self.msgs.append(self.enabled_msg) - - elif self.desired_state in self.disabled_values: - if is_enabled_permanent or is_enabled_immediate: - if module.check_mode: - module.exit_json(changed=True) - if is_enabled_permanent: - self.action_handler( - self.set_disabled_permanent, - self.action_args - ) - self.changed = True - if is_enabled_immediate: - self.action_handler( - self.set_disabled_immediate, - self.action_args - ) - self.changed = True - if self.changed and self.disabled_msg: - self.msgs.append(self.disabled_msg) - - elif self.permanent and not self.immediate: - is_enabled = self.action_handler( - self.get_enabled_permanent, - self.action_args - ) - self.msgs.append('Permanent operation') - - if self.desired_state in self.enabled_values: - if not is_enabled: - if module.check_mode: - module.exit_json(changed=True) - - self.action_handler( - self.set_enabled_permanent, - self.action_args - ) - self.changed = True - if self.changed and self.enabled_msg: - self.msgs.append(self.enabled_msg) - - elif self.desired_state in self.disabled_values: - if is_enabled: - if module.check_mode: - module.exit_json(changed=True) - - self.action_handler( - self.set_disabled_permanent, - self.action_args - ) - self.changed = True - if self.changed and self.disabled_msg: - self.msgs.append(self.disabled_msg) - - elif self.immediate and not self.permanent: - is_enabled = self.action_handler( - self.get_enabled_immediate, - self.action_args - ) - self.msgs.append('Non-permanent operation') - - if self.desired_state in self.enabled_values: - if not is_enabled: - if module.check_mode: - module.exit_json(changed=True) - - self.action_handler( - self.set_enabled_immediate, - self.action_args - ) - self.changed = True - if self.changed and self.enabled_msg: - self.msgs.append(self.enabled_msg) - - elif self.desired_state in self.disabled_values: - if is_enabled: - if module.check_mode: - module.exit_json(changed=True) - - self.action_handler( - self.set_disabled_immediate, - self.action_args - ) - self.changed = True - if self.changed and self.disabled_msg: - self.msgs.append(self.disabled_msg) - - return (self.changed, self.msgs) + # The import errors are handled via FirewallTransaction, don't need to + # duplicate that here + pass class ServiceTransaction(FirewallTransaction): @@ -413,11 +152,10 @@ class ServiceTransaction(FirewallTransaction): ServiceTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False): + def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False): super(ServiceTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline) + module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate + ) def get_enabled_immediate(self, service, timeout): if service in self.fw.getServices(self.zone): @@ -455,11 +193,10 @@ class MasqueradeTransaction(FirewallTransaction): MasqueradeTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False): + def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False): super(MasqueradeTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline) + module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate + ) self.enabled_msg = "Added masquerade to zone %s" % self.zone self.disabled_msg = "Removed masquerade from zone %s" % self.zone @@ -499,11 +236,10 @@ class PortTransaction(FirewallTransaction): PortTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False): + def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False): super(PortTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline) + module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate + ) def get_enabled_immediate(self, port, protocol, timeout): port_proto = [port, protocol] @@ -549,11 +285,10 @@ class InterfaceTransaction(FirewallTransaction): InterfaceTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False): + def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False): super(InterfaceTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline) + module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate + ) self.enabled_msg = "Changed %s to zone %s" % \ (self.action_args[0], self.zone) @@ -594,7 +329,7 @@ class InterfaceTransaction(FirewallTransaction): if len(iface_zone_objs) > 1: # Even it shouldn't happen, it's actually possible that # the same interface is in several zone XML files - module.fail_json( + self.module.fail_json( msg='ERROR: interface {} is in {} zone XML file, can only be in one'.format( interface, len(iface_zone_objs) @@ -637,11 +372,10 @@ class RichRuleTransaction(FirewallTransaction): RichRuleTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False): + def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False): super(RichRuleTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline) + module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate + ) def get_enabled_immediate(self, rule, timeout): # Convert the rule string to standard format @@ -671,7 +405,7 @@ class RichRuleTransaction(FirewallTransaction): self.update_fw_settings(fw_zone, fw_settings) def set_disabled_immediate(self, rule, timeout): - fw.removeRichRule(self.zone, rule) + self.fw.removeRichRule(self.zone, rule) def set_disabled_permanent(self, rule, timeout): fw_zone, fw_settings = self.get_fw_zone_settings() @@ -684,11 +418,10 @@ class SourceTransaction(FirewallTransaction): SourceTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=False, immediate=False, fw_offline=False): + def __init__(self, module, action_args=None, zone=None, desired_state=None, permanent=False, immediate=False): super(SourceTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline) + module, action_args=action_args, desired_state=desired_state, zone=zone, permanent=permanent, immediate=immediate + ) self.enabled_msg = "Added %s to zone %s" % \ (self.action_args[0], self.zone) @@ -731,12 +464,11 @@ class ZoneTransaction(FirewallTransaction): ZoneTransaction """ - def __init__(self, fw, action_args=None, zone=None, desired_state=None, - permanent=True, immediate=False, fw_offline=False, - enabled_values=None, disabled_values=None): + def __init__(self, module, action_args=None, zone=None, desired_state=None, + permanent=True, immediate=False, enabled_values=None, disabled_values=None): super(ZoneTransaction, self).__init__( - fw, action_args=action_args, desired_state=desired_state, zone=zone, - permanent=permanent, immediate=immediate, fw_offline=fw_offline, + module, action_args=action_args, desired_state=desired_state, zone=zone, + permanent=permanent, immediate=immediate, enabled_values=enabled_values or ["present"], disabled_values=disabled_values or ["absent"]) @@ -750,22 +482,22 @@ class ZoneTransaction(FirewallTransaction): "Make sure you didn't set the 'permanent' flag to 'false' or the 'immediate' flag to 'true'." def get_enabled_immediate(self): - module.fail_json(msg=self.tx_not_permanent_error_msg) + self.module.fail_json(msg=self.tx_not_permanent_error_msg) def get_enabled_permanent(self): - if self.zone in fw.config().getZoneNames(): + if self.zone in self.fw.config().getZoneNames(): return True else: return False def set_enabled_immediate(self): - module.fail_json(msg=self.tx_not_permanent_error_msg) + self.module.fail_json(msg=self.tx_not_permanent_error_msg) def set_enabled_permanent(self): - fw.config().addZone(self.zone, FirewallClientZoneSettings()) + self.fw.config().addZone(self.zone, FirewallClientZoneSettings()) def set_disabled_immediate(self): - module.fail_json(msg=self.tx_not_permanent_error_msg) + self.module.fail_json(msg=self.tx_not_permanent_error_msg) def set_disabled_permanent(self): zone_obj = self.fw.config().getZoneByName(self.zone) @@ -774,7 +506,6 @@ class ZoneTransaction(FirewallTransaction): def main(): - global module module = AnsibleModule( argument_spec=dict( service=dict(required=False, default=None), @@ -793,28 +524,6 @@ def main(): supports_check_mode=True ) - if fw_offline: - # Pre-run version checking - if FW_VERSION < "0.3.9": - module.fail_json(msg='unsupported version of firewalld, offline operations require >= 0.3.9') - else: - # Pre-run version checking - if FW_VERSION < "0.2.11": - module.fail_json(msg='unsupported version of firewalld, requires >= 0.2.11') - - # Check for firewalld running - try: - if fw.connected is False: - module.fail_json(msg='firewalld service must be running, or try with offline=true') - except AttributeError: - module.fail_json(msg="firewalld connection can't be established,\ - installed version (%s) likely too old. Requires firewalld >= 0.2.11" % FW_VERSION) - - if import_failure: - module.fail_json( - msg='firewalld and its python module are required for this module, version 0.2.11 or newer required (0.3.9 or newer for offline operations)' - ) - permanent = module.params['permanent'] desired_state = module.params['state'] immediate = module.params['immediate'] @@ -822,6 +531,9 @@ def main(): interface = module.params['interface'] masquerade = module.params['masquerade'] + # Sanity checks + FirewallTransaction.sanity_check(module) + # If neither permanent or immediate is provided, assume immediate (as # written in the module's docs) if not permanent and not immediate: @@ -836,6 +548,7 @@ def main(): service = module.params['service'] rich_rule = module.params['rich_rule'] source = module.params['source'] + zone = module.params['zone'] if module.params['port'] is not None: port, protocol = module.params['port'].strip().split('/') @@ -844,15 +557,6 @@ def main(): else: port = None - # If we weren't provided a zone, then just use the system default - if module.params['zone'] is not None: - zone = module.params['zone'] - else: - if fw_offline: - zone = fw.get_default_zone() - else: - zone = fw.getDefaultZone() - modification_count = 0 if service is not None: modification_count += 1 @@ -877,13 +581,12 @@ def main(): if service is not None: transaction = ServiceTransaction( - fw, + module, action_args=(service, timeout), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run() @@ -894,13 +597,12 @@ def main(): if source is not None: transaction = SourceTransaction( - fw, + module, action_args=(source,), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run() @@ -909,13 +611,12 @@ def main(): if port is not None: transaction = PortTransaction( - fw, + module, action_args=(port, protocol, timeout), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run() @@ -930,13 +631,12 @@ def main(): if rich_rule is not None: transaction = RichRuleTransaction( - fw, + module, action_args=(rich_rule, timeout), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run() @@ -947,13 +647,12 @@ def main(): if interface is not None: transaction = InterfaceTransaction( - fw, + module, action_args=(interface,), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run() @@ -962,13 +661,12 @@ def main(): if masquerade is not None: transaction = MasqueradeTransaction( - fw, + module, action_args=(), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run() @@ -978,13 +676,12 @@ def main(): if modification_count == 0 and desired_state in ['absent', 'present']: transaction = ZoneTransaction( - fw, + module, action_args=(), zone=zone, desired_state=desired_state, permanent=permanent, immediate=immediate, - fw_offline=fw_offline ) changed, transaction_msgs = transaction.run()