ufw: fix default, direction is not necessary for it (#54799)

* Correct behavior so that direction isn't required for default.
* Add more tests.
* 'disabled' values cannot be changed.
* Include 'not specified' in messages.

changelogs/fragments/54799-ufw-default-direction.yml

@@ -0,0 +1,2 @@
+bugfixes:
+- "ufw - when ``default`` is specified, ``direction`` does not needs to be specified. This was accidentally introduced in Ansible 2.7.8."

lib/ansible/modules/system/ufw.py

@@ -461,8 +461,8 @@ def main():
                 execute(cmd + [[command], [value]])
 
         elif command == 'default':
-            if params['direction'] not in ['outgoing', 'incoming', 'routed']:
+            if params['direction'] not in ['outgoing', 'incoming', 'routed', None]:
-                module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed".')
+                module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed", or direction must not be specified.')
             if module.check_mode:
                 regexp = r'Default: (deny|allow|reject) \(incoming\), (deny|allow|reject) \(outgoing\), (deny|allow|reject|disabled) \(routed\)'
                 extract = re.search(regexp, pre_state)
@@ -471,7 +471,13 @@ def main():
                     current_default_values["incoming"] = extract.group(1)
                     current_default_values["outgoing"] = extract.group(2)
                     current_default_values["routed"] = extract.group(3)
-                    if current_default_values[params['direction']] != value:
+                    if params['direction'] is None:
+                        for v in current_default_values.values():
+                            if v not in (value, 'disabled'):
+                                changed = True
+                    else:
+                        v = current_default_values[params['direction']]
+                        if v not in (value, 'disabled'):
                             changed = True
                 else:
                     changed = True
@@ -480,7 +486,7 @@ def main():
 
         elif command == 'rule':
             if params['direction'] not in ['in', 'out', None]:
-                module.fail_json(msg='For rules, direction must be one of "in" and "out".')
+                module.fail_json(msg='For rules, direction must be one of "in" and "out", or direction must not be specified.')
             # Rules are constructed according to the long format
             #
             # ufw [--dry-run] [route] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \

test/integration/targets/ufw/tasks/tests/global-state.yml

@@ -103,6 +103,35 @@
   register: ufw_defaults_change
   environment:
     LC_ALL: C
+- name: Default (change again)
+  ufw:
+    default: deny
+    direction: incoming
+  register: default_change_2
+- name: Default (change all, check mode)
+  ufw:
+    default: allow
+  check_mode: yes
+  register: default_change_all_check
+- name: Default (change all)
+  ufw:
+    default: allow
+  register: default_change_all
+- name: Get defaults
+  shell: |
+    ufw status verbose | grep "^Default:"
+  register: ufw_defaults_change_all
+  environment:
+    LC_ALL: C
+- name: Default (change all, idempotent, check mode)
+  ufw:
+    default: allow
+  check_mode: yes
+  register: default_change_all_idem_check
+- name: Default (change all, idempotent)
+  ufw:
+    default: allow
+  register: default_change_all_idem
 - assert:
     that:
     - default_check is changed
@@ -113,3 +142,10 @@
     - default_change_check is changed
     - default_change is changed
     - "'allow (incoming)' in ufw_defaults_change.stdout"
+    - default_change_2 is changed
+    - default_change_all_check is changed
+    - default_change_all is changed
+    - default_change_all_idem_check is not changed
+    - default_change_all_idem is not changed
+    - "'allow (incoming)' in ufw_defaults_change_all.stdout"
+    - "'allow (outgoing)' in ufw_defaults_change_all.stdout"