* Introduce new "required_by' argument_spec option
This PR introduces a new **required_by** argument_spec option which allows you to say *"if parameter A is set, parameter B and C are required as well"*.
- The difference with **required_if** is that it can only add dependencies if a parameter is set to a specific value, not when it is just defined.
- The difference with **required_together** is that it has a commutative property, so: *"Parameter A and B are required together, if one of them has been defined"*.
As an example, we need this for the complex options that the xml module provides. One of the issues we often see is that users are not using the correct combination of options, and then are surprised that the module does not perform the requested action(s).
This would be solved by adding the correct dependencies, and mutual exclusives. For us this is important to get this shipped together with the new xml module in Ansible v2.4. (This is related to bugfix https://github.com/ansible/ansible/pull/28657)
```python
module = AnsibleModule(
argument_spec=dict(
path=dict(type='path', aliases=['dest', 'file']),
xmlstring=dict(type='str'),
xpath=dict(type='str'),
namespaces=dict(type='dict', default={}),
state=dict(type='str', default='present', choices=['absent',
'present'], aliases=['ensure']),
value=dict(type='raw'),
attribute=dict(type='raw'),
add_children=dict(type='list'),
set_children=dict(type='list'),
count=dict(type='bool', default=False),
print_match=dict(type='bool', default=False),
pretty_print=dict(type='bool', default=False),
content=dict(type='str', choices=['attribute', 'text']),
input_type=dict(type='str', default='yaml', choices=['xml',
'yaml']),
backup=dict(type='bool', default=False),
),
supports_check_mode=True,
required_by=dict(
add_children=['xpath'],
attribute=['value', 'xpath'],
content=['xpath'],
set_children=['xpath'],
value=['xpath'],
),
required_if=[
['count', True, ['xpath']],
['print_match', True, ['xpath']],
],
required_one_of=[
['path', 'xmlstring'],
['add_children', 'content', 'count', 'pretty_print', 'print_match', 'set_children', 'value'],
],
mutually_exclusive=[
['add_children', 'content', 'count', 'print_match','set_children', 'value'],
['path', 'xmlstring'],
],
)
```
* Rebase and fix conflict
* Add modules that use required_by functionality
* Update required_by schema
* Fix rebase issue
Under Python 3.7 at least, the split of the port field fails
ungracefully if there is no slash. The fix also addresses the
case of an empty protocol after the slash.
Fixes#42310
Previously, the firewalld module was making a call to
FirewallClientConfig.getZoneNames() which doesn't exist in versions
of firwalld older than 0.4.2, this patch implements the same logic
with older API calls to not require a newer version of firewalld.
Signed-off-by: Adam Miller <admiller@redhat.com>
* refactor firewalld module, add firewalld module_util
This change is meant to enable the addition of advanced feature
specific firewalld modules that will have different module option
patterns than what fits in the current firewalld module, while
keeping as much common code as possible in the module_util
Signed-off-by: Adam Miller <admiller@redhat.com>
Error was:
File "/tmp/ansible_qY_BMb/ansible_module_firewalld.py", line 703, in <module>
main()
File "/tmp/ansible_qY_BMb/ansible_module_firewalld.py", line 548, in main
module.fail(msg='firewall is not currently running, unable to perform immediate actions without a running firewall daemon')
AttributeError: 'AnsibleModule' object has no attribute 'fail'
* firewalld: Implement zone operations
Zones are removed or added when no other operations are used in
conjunction with the keywords 'present' or 'absent'.
This leads to a logical and natural syntax of:
- firewalld:
zone: foo
state: present
for adding or removing zones.
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
* firewalld: zone ops: addressed review concerns
- Added more documentation on the peculiarities of the zone operations
- Output meaningful error messages when trying to use zones incorrectly
Signed-off-by: Felix Kaechele <felix@kaechele.ca>
This fixes an issue where the check for an import error would occur
before checking to see if firewalld is in "offline mode" and if it
is, then checking to ensure the version of the firewall python
library was new enough to support offline operations. This patch
will now fail with a correct error message in the scenario that
someone attempts to perform an offline operation but has a version
of the firewall python library that is too old.
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
Currently it's reporting an inverted version number about the
python library and it shouldn't be. Also it's currently claiming
python2 as a requirement, which it is not.
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* firewalld: don't reference undefined variable in error case
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* firewalld: don't set exception as var and not use it
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* refactor firewalld module with object abstraction
This change creates a FirewallTransaction object that each
individual transaction type is a sub-class of as they all follow the
same pattern to enable or disable something in the firewall.
Also, there's a few bugfixes here:
- Fix the "source" type to handle permanent operations
- Remove ambiguity of required parameters for only specific use
cases that can lead to transactions effectively being a no-op.
Instead, pick sane defaults and document them.
- Change how imports are done so globals are no longer needed
This is based on the original feedback by Toshio from the last
refactor attempt:
https://github.com/ansible/ansible-modules-extras/pull/3383
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* fix line too long for pep8 for shippable tests
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
* remove firewalld from pep8/legacy-files
Signed-off-by: Adam Miller <maxamillion@fedoraproject.org>
Made the following changes:
* Removed wildcard imports
* Replaced long form of GPL header with short form
* Removed get_exception usage
* Added from __future__ boilerplate
* Adjust division operator to // where necessary
For the following files:
* web_infrastructure modules
* system modules
* linode, lxc, lxd, atomic, cloudscale, dimensiondata, ovh, packet,
profitbricks, pubnub, smartos, softlayer, univention modules
* compat dirs (disabled as its used intentionally)
The following snippet:
- name: Let the DMZ connect to internet
firewalld:
zone: dmz
masquerade: True
permanent: True
immediate: True
state: enabled
will fail with this error message:
Exception caught: set_masquerade_enabled() takes 1 positional argument but 3 were given
It turn out that it treat 'zone' as a array of string instead of 1 string.
I only tested on Python 3 with a Fedora 25.
Changes to the metadata format were approved here:
https://github.com/ansible/proposals/issues/54
* Update documentation to the new metadata format
* Changes to metadata-tool to account for new metadata
* Add GPL license header
* Add upgrade subcommand to upgrade metadata version
* Change default metadata to the new format
* Fix exclusion of non-modules from the metadata report
* Fix ansible-doc for new module metadata
* Exclude metadata version from ansible-doc output
* Fix website docs generation for the new metadata
* Update metadata schema in valiate-modules test
* Update the metadata in all modules to the new version
get_masquerade_* functions only take one arg. The action_handler
wrapper function expected a tuple, but was being passed (zone)
instead of (zone,) making for an ambiquous tuple. The
(zone) arg was being treated as a tuple/list of six chars
(the zone name) instead of a tuple of one string.
This would cause errors like:
get_masquerade_enabled_permanent() takes exactly 1 argument (6 given)
Fixes#21632
Richlv
Matt Martz
Dag Wieers
Eric L
Adam Furbee
Baptiste Mille-Mathias
Alex Mayer
Adam Miller
Chris Brown
Felix Kaechele
Ikrom
Pilou
John Smith
Adam Miller
Toshio Kuratomi
Michael Scherer
Abhijeet Kasurde
Dylan Silva
Adrian Likins
Matt Clay
James Cammarata