ufw: fix default, direction is not necessary for it (#54799)

* Correct behavior so that direction isn't required for default. * Add more tests. * 'disabled' values cannot be changed. * Include 'not specified' in messages.
2025-07-23 21:30:22 -07:00 · 2019-04-08 14:49:35 +02:00 · 2019-04-08 14:49:35 +02:00 · 7d27348356
commit 7d27348356
parent c6f12eea32
3 changed files with 49 additions and 5 deletions
--- a/lib/ansible/modules/system/ufw.py
+++ b/lib/ansible/modules/system/ufw.py
@ -461,8 +461,8 @@ def main():
                execute(cmd + [[command], [value]])

        elif command == 'default':
-            if params['direction'] not in ['outgoing', 'incoming', 'routed']:
-                module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed".')
+            if params['direction'] not in ['outgoing', 'incoming', 'routed', None]:
+                module.fail_json(msg='For default, direction must be one of "outgoing", "incoming" and "routed", or direction must not be specified.')
            if module.check_mode:
                regexp = r'Default: (deny|allow|reject) \(incoming\), (deny|allow|reject) \(outgoing\), (deny|allow|reject|disabled) \(routed\)'
                extract = re.search(regexp, pre_state)
@ -471,8 +471,14 @@ def main():
                    current_default_values["incoming"] = extract.group(1)
                    current_default_values["outgoing"] = extract.group(2)
                    current_default_values["routed"] = extract.group(3)
-                    if current_default_values[params['direction']] != value:
-                        changed = True
+                    if params['direction'] is None:
+                        for v in current_default_values.values():
+                            if v not in (value, 'disabled'):
+                                changed = True
+                    else:
+                        v = current_default_values[params['direction']]
+                        if v not in (value, 'disabled'):
+                            changed = True
                else:
                    changed = True
            else:
@ -480,7 +486,7 @@ def main():

        elif command == 'rule':
            if params['direction'] not in ['in', 'out', None]:
-                module.fail_json(msg='For rules, direction must be one of "in" and "out".')
+                module.fail_json(msg='For rules, direction must be one of "in" and "out", or direction must not be specified.')
            # Rules are constructed according to the long format
            #
            # ufw [--dry-run] [route] [delete] [insert NUM] allow|deny|reject|limit [in|out on INTERFACE] [log|log-all] \