Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Master Port #50343 #55683

Merged
merged 2 commits into from
Dec 21, 2019
Merged

Master Port #50343 #55683

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
ca1e30d
Handle the deprecation options in the firewalld module and state for …
Nov 1, 2018
27e298f
keep force_masquerade
Ch3LL Dec 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 10 additions & 29 deletions salt/modules/firewalld.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@
# Import Salt Libs
from salt.exceptions import CommandExecutionError
import salt.utils.path
import salt.utils.versions

log = logging.getLogger(__name__)

Expand Down Expand Up @@ -618,8 +617,7 @@ def remove_masquerade(zone=None, permanent=True):
return __firewall_cmd(cmd)


# TODO: remove force_masquerade parameter in future release
def add_port(zone, port, permanent=True, force_masquerade=None):
def add_port(zone, port, permanent=True, force_masquerade=False):
'''
Allow specific ports in a zone.

Expand All @@ -630,19 +628,11 @@ def add_port(zone, port, permanent=True, force_masquerade=None):
.. code-block:: bash

salt '*' firewalld.add_port internal 443/tcp
'''

# Previously, masquerading was always enabled here
# This will be deprecated in a future release
if force_masquerade is None:
force_masquerade = True
salt.utils.versions.warn_until(
'Neon',
'add_port function will no longer force enable masquerading '
'in future releases. Use add_masquerade to enable masquerading.')

# (DEPRECATED) Force enable masquerading
# TODO: remove in future release
force_masquerade
when a zone is created ensure masquerade is also enabled
on that zone.
'''
if force_masquerade and not get_masquerade(zone):
add_masquerade(zone)

Expand Down Expand Up @@ -694,8 +684,7 @@ def list_ports(zone, permanent=True):
return __firewall_cmd(cmd).split()


# TODO: remove force_masquerade parameter in future release
def add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True, force_masquerade=None):
def add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True, force_masquerade=False):
'''
Add port forwarding.

Expand All @@ -706,19 +695,11 @@ def add_port_fwd(zone, src, dest, proto='tcp', dstaddr='', permanent=True, force
.. code-block:: bash

salt '*' firewalld.add_port_fwd public 80 443 tcp
'''

# Previously, masquerading was always enabled here
# This will be deprecated in a future release
if force_masquerade is None:
force_masquerade = True
salt.utils.versions.warn_until(
'Neon',
'add_port_fwd function will no longer force enable masquerading '
'in future releases. Use add_masquerade to enable masquerading.')

# (DEPRECATED) Force enable masquerading
# TODO: remove in future release
force_masquerade
when a zone is created ensure masquerade is also enabled
on that zone.
'''
if force_masquerade and not get_masquerade(zone):
add_masquerade(zone)

Expand Down
18 changes: 2 additions & 16 deletions salt/states/firewalld.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,6 @@
from salt.exceptions import CommandExecutionError
from salt.output import nested
import salt.utils.path
import salt.utils.versions

log = logging.getLogger(__name__)

Expand Down Expand Up @@ -163,9 +162,7 @@ def present(name,
port_fwd=None,
prune_port_fwd=False,
services=None,
# TODO: prune_services=False in future release
# prune_services=False,
prune_services=None,
prune_services=False,
interfaces=None,
prune_interfaces=False,
sources=None,
Expand Down Expand Up @@ -206,7 +203,7 @@ def present(name,
services : None
List of services to add to the zone.

prune_services : True
prune_services : False
If ``True``, remove all but the specified services from the zone.
.. note:: Currently defaults to True for compatibility, but will be changed to False in a future release.

Expand All @@ -228,15 +225,6 @@ def present(name,
prune_rich_rules : False
If ``True``, remove all but the specified rich rules from the zone.
'''

# if prune_services == None, set to True and log a deprecation warning
if prune_services is None:
prune_services = True
salt.utils.versions.warn_until(
'Neon',
'The \'prune_services\' argument default is currently True, '
'but will be changed to False in the Neon release.')

ret = _present(name, block_icmp, prune_block_icmp, default, masquerade, ports, prune_ports,
port_fwd, prune_port_fwd, services, prune_services, interfaces, prune_interfaces,
sources, prune_sources, rich_rules, prune_rich_rules)
Expand Down Expand Up @@ -513,7 +501,6 @@ def _present(name,
for port in new_ports:
if not __opts__['test']:
try:
# TODO: force_masquerade to be removed in future release
__salt__['firewalld.add_port'](name, port, permanent=True, force_masquerade=False)
except CommandExecutionError as err:
ret['comment'] = 'Error: {0}'.format(err)
Expand Down Expand Up @@ -562,7 +549,6 @@ def _present(name,
for fwd in new_port_fwd:
if not __opts__['test']:
try:
# TODO: force_masquerade to be removed in future release
__salt__['firewalld.add_port_fwd'](name, fwd.srcport,
fwd.destport, fwd.protocol, fwd.destaddr, permanent=True,
force_masquerade=False)
Expand Down