mirror of
https://github.com/saltstack/salt.git
synced 2025-04-17 10:10:20 +00:00
Merge branch '2018.3' into 2018.3
This commit is contained in:
Giandom
GitHub
commit
9c91df3630
2 changed files with 313 additions and 306 deletions
|
|
@ -392,55 +392,63 @@ def _present(name,
|
|||
{'old': zones,
|
||||
'new': name}})
|
||||
|
||||
block_icmp = block_icmp or []
|
||||
new_icmp_types = []
|
||||
old_icmp_types = []
|
||||
try:
|
||||
_valid_icmp_types = __salt__['firewalld.get_icmp_types'](
|
||||
permanent=True)
|
||||
_current_icmp_blocks = __salt__['firewalld.list_icmp_block'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
if block_icmp or prune_block_icmp:
|
||||
block_icmp = block_icmp or []
|
||||
new_icmp_types = []
|
||||
old_icmp_types = []
|
||||
|
||||
new_icmp_types = set(block_icmp) - set(_current_icmp_blocks)
|
||||
old_icmp_types = []
|
||||
try:
|
||||
_current_icmp_blocks = __salt__['firewalld.list_icmp_block'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
for icmp_type in new_icmp_types:
|
||||
if icmp_type in _valid_icmp_types:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.block_icmp'](name, icmp_type,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
else:
|
||||
log.error('%s is an invalid ICMP type', icmp_type)
|
||||
if block_icmp:
|
||||
try:
|
||||
_valid_icmp_types = __salt__['firewalld.get_icmp_types'](
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_block_icmp:
|
||||
old_icmp_types = set(_current_icmp_blocks) - set(block_icmp)
|
||||
for icmp_type in old_icmp_types:
|
||||
# no need to check against _valid_icmp_types here, because all
|
||||
# elements in old_icmp_types are guaranteed to be in
|
||||
# _current_icmp_blocks, whose elements are inherently valid
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.allow_icmp'](name, icmp_type,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
# log errors for invalid ICMP types in block_icmp input
|
||||
for icmp_type in set(block_icmp) - set(_valid_icmp_types):
|
||||
log.error('%s is an invalid ICMP type', icmp_type)
|
||||
block_icmp.remove(icmp_type)
|
||||
|
||||
if new_icmp_types or old_icmp_types:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_block_icmp:
|
||||
block_icmp = list(new_icmp_types | set(_current_icmp_blocks))
|
||||
ret['changes'].update({'icmp_types':
|
||||
{'old': _current_icmp_blocks,
|
||||
'new': block_icmp}})
|
||||
new_icmp_types = set(block_icmp) - set(_current_icmp_blocks)
|
||||
for icmp_type in new_icmp_types:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.block_icmp'](name, icmp_type,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_block_icmp:
|
||||
old_icmp_types = set(_current_icmp_blocks) - set(block_icmp)
|
||||
for icmp_type in old_icmp_types:
|
||||
# no need to check against _valid_icmp_types here, because all
|
||||
# elements in old_icmp_types are guaranteed to be in
|
||||
# _current_icmp_blocks, whose elements are inherently valid
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.allow_icmp'](name, icmp_type,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_icmp_types or old_icmp_types:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_block_icmp:
|
||||
block_icmp = list(new_icmp_types | set(_current_icmp_blocks))
|
||||
ret['changes'].update({'icmp_types':
|
||||
{'old': _current_icmp_blocks,
|
||||
'new': block_icmp}})
|
||||
|
||||
# that's the only parameter that can't be permanent or runtime, it's
|
||||
# directly both
|
||||
|
|
@ -461,292 +469,290 @@ def _present(name,
|
|||
{'old': default_zone,
|
||||
'new': name}})
|
||||
|
||||
if masquerade:
|
||||
try:
|
||||
masquerade_ret = __salt__['firewalld.get_masquerade'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
if not masquerade_ret:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_masquerade'](name, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
ret['changes'].update({'masquerade':
|
||||
{'old': '',
|
||||
'new': 'Masquerading successfully set.'}})
|
||||
|
||||
if not masquerade:
|
||||
try:
|
||||
masquerade_ret = __salt__['firewalld.get_masquerade'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
if masquerade_ret:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_masquerade'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
ret['changes'].update({'masquerade':
|
||||
{'old': '',
|
||||
'new': 'Masquerading successfully '
|
||||
'disabled.'}})
|
||||
|
||||
ports = ports or []
|
||||
try:
|
||||
_current_ports = __salt__['firewalld.list_ports'](name, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
new_ports = set(ports) - set(_current_ports)
|
||||
old_ports = []
|
||||
|
||||
for port in new_ports:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
# TODO: force_masquerade to be removed in future release
|
||||
__salt__['firewalld.add_port'](name, port, permanent=True, force_masquerade=False)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_ports:
|
||||
old_ports = set(_current_ports) - set(ports)
|
||||
for port in old_ports:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_port'](name, port, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_ports or old_ports:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_ports:
|
||||
ports = list(new_ports | set(_current_ports))
|
||||
ret['changes'].update({'ports':
|
||||
{'old': _current_ports,
|
||||
'new': ports}})
|
||||
|
||||
port_fwd = port_fwd or []
|
||||
try:
|
||||
_current_port_fwd = __salt__['firewalld.list_port_fwd'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
port_fwd = [_parse_forward(fwd) for fwd in port_fwd]
|
||||
_current_port_fwd = [
|
||||
ForwardingMapping(
|
||||
srcport=fwd['Source port'],
|
||||
destport=fwd['Destination port'],
|
||||
protocol=fwd['Protocol'],
|
||||
destaddr=fwd['Destination address']
|
||||
) for fwd in _current_port_fwd]
|
||||
|
||||
new_port_fwd = set(port_fwd) - set(_current_port_fwd)
|
||||
old_port_fwd = []
|
||||
|
||||
for fwd in new_port_fwd:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
# TODO: force_masquerade to be removed in future release
|
||||
__salt__['firewalld.add_port_fwd'](name, fwd.srcport,
|
||||
fwd.destport, fwd.protocol, fwd.destaddr, permanent=True,
|
||||
force_masquerade=False)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_port_fwd:
|
||||
old_port_fwd = set(_current_port_fwd) - set(port_fwd)
|
||||
for fwd in old_port_fwd:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_port_fwd'](name, fwd.srcport,
|
||||
fwd.destport, fwd.protocol, fwd.destaddr, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_port_fwd or old_port_fwd:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_port_fwd:
|
||||
port_fwd = list(new_port_fwd | set(_current_port_fwd))
|
||||
ret['changes'].update({'port_fwd':
|
||||
{'old': [fwd.todict() for fwd in
|
||||
_current_port_fwd],
|
||||
'new': [fwd.todict() for fwd in port_fwd]}})
|
||||
|
||||
services = services or []
|
||||
try:
|
||||
_current_services = __salt__['firewalld.list_services'](name,
|
||||
masquerade_ret = __salt__['firewalld.get_masquerade'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
new_services = set(services) - set(_current_services)
|
||||
old_services = []
|
||||
|
||||
for new_service in new_services:
|
||||
if masquerade and not masquerade_ret:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_service'](new_service, name,
|
||||
permanent=True)
|
||||
__salt__['firewalld.add_masquerade'](name, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
ret['changes'].update({'masquerade':
|
||||
{'old': '',
|
||||
'new': 'Masquerading successfully set.'}})
|
||||
elif not masquerade and masquerade_ret:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_masquerade'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
ret['changes'].update({'masquerade':
|
||||
{'old': '',
|
||||
'new': 'Masquerading successfully '
|
||||
'disabled.'}})
|
||||
|
||||
if prune_services:
|
||||
old_services = set(_current_services) - set(services)
|
||||
for old_service in old_services:
|
||||
if ports or prune_ports:
|
||||
ports = ports or []
|
||||
try:
|
||||
_current_ports = __salt__['firewalld.list_ports'](name, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
new_ports = set(ports) - set(_current_ports)
|
||||
old_ports = []
|
||||
|
||||
for port in new_ports:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_service'](old_service, name,
|
||||
permanent=True)
|
||||
# TODO: force_masquerade to be removed in future release
|
||||
__salt__['firewalld.add_port'](name, port, permanent=True, force_masquerade=False)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_services or old_services:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_services:
|
||||
services = list(new_services | set(_current_services))
|
||||
ret['changes'].update({'services':
|
||||
{'old': _current_services,
|
||||
'new': services}})
|
||||
if prune_ports:
|
||||
old_ports = set(_current_ports) - set(ports)
|
||||
for port in old_ports:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_port'](name, port, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
interfaces = interfaces or []
|
||||
try:
|
||||
_current_interfaces = __salt__['firewalld.get_interfaces'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
if new_ports or old_ports:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_ports:
|
||||
ports = list(new_ports | set(_current_ports))
|
||||
ret['changes'].update({'ports':
|
||||
{'old': _current_ports,
|
||||
'new': ports}})
|
||||
|
||||
new_interfaces = set(interfaces) - set(_current_interfaces)
|
||||
old_interfaces = []
|
||||
if port_fwd or prune_port_fwd:
|
||||
port_fwd = port_fwd or []
|
||||
try:
|
||||
_current_port_fwd = __salt__['firewalld.list_port_fwd'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
for interface in new_interfaces:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_interface'](name, interface,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
port_fwd = [_parse_forward(fwd) for fwd in port_fwd]
|
||||
_current_port_fwd = [
|
||||
ForwardingMapping(
|
||||
srcport=fwd['Source port'],
|
||||
destport=fwd['Destination port'],
|
||||
protocol=fwd['Protocol'],
|
||||
destaddr=fwd['Destination address']
|
||||
) for fwd in _current_port_fwd]
|
||||
|
||||
if prune_interfaces:
|
||||
old_interfaces = set(_current_interfaces) - set(interfaces)
|
||||
for interface in old_interfaces:
|
||||
new_port_fwd = set(port_fwd) - set(_current_port_fwd)
|
||||
old_port_fwd = []
|
||||
|
||||
for fwd in new_port_fwd:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_interface'](name, interface,
|
||||
permanent=True)
|
||||
# TODO: force_masquerade to be removed in future release
|
||||
__salt__['firewalld.add_port_fwd'](name, fwd.srcport,
|
||||
fwd.destport, fwd.protocol, fwd.destaddr, permanent=True,
|
||||
force_masquerade=False)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_interfaces or old_interfaces:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_interfaces:
|
||||
interfaces = list(new_interfaces | set(_current_interfaces))
|
||||
ret['changes'].update({'interfaces':
|
||||
{'old': _current_interfaces,
|
||||
'new': interfaces}})
|
||||
if prune_port_fwd:
|
||||
old_port_fwd = set(_current_port_fwd) - set(port_fwd)
|
||||
for fwd in old_port_fwd:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_port_fwd'](name, fwd.srcport,
|
||||
fwd.destport, fwd.protocol, fwd.destaddr, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
sources = sources or []
|
||||
try:
|
||||
_current_sources = __salt__['firewalld.get_sources'](name,
|
||||
if new_port_fwd or old_port_fwd:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_port_fwd:
|
||||
port_fwd = list(new_port_fwd | set(_current_port_fwd))
|
||||
ret['changes'].update({'port_fwd':
|
||||
{'old': [fwd.todict() for fwd in
|
||||
_current_port_fwd],
|
||||
'new': [fwd.todict() for fwd in port_fwd]}})
|
||||
|
||||
if services or prune_services:
|
||||
services = services or []
|
||||
try:
|
||||
_current_services = __salt__['firewalld.list_services'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
new_services = set(services) - set(_current_services)
|
||||
old_services = []
|
||||
|
||||
for new_service in new_services:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_service'](new_service, name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_services:
|
||||
old_services = set(_current_services) - set(services)
|
||||
for old_service in old_services:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_service'](old_service, name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
new_sources = set(sources) - set(_current_sources)
|
||||
old_sources = []
|
||||
if new_services or old_services:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_services:
|
||||
services = list(new_services | set(_current_services))
|
||||
ret['changes'].update({'services':
|
||||
{'old': _current_services,
|
||||
'new': services}})
|
||||
|
||||
for source in new_sources:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_source'](name, source, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
if interfaces or prune_interfaces:
|
||||
interfaces = interfaces or []
|
||||
try:
|
||||
_current_interfaces = __salt__['firewalld.get_interfaces'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_sources:
|
||||
old_sources = set(_current_sources) - set(sources)
|
||||
for source in old_sources:
|
||||
new_interfaces = set(interfaces) - set(_current_interfaces)
|
||||
old_interfaces = []
|
||||
|
||||
for interface in new_interfaces:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_source'](name, source,
|
||||
__salt__['firewalld.add_interface'](name, interface,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_sources or old_sources:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_sources:
|
||||
sources = list(new_sources | set(_current_sources))
|
||||
ret['changes'].update({'sources':
|
||||
{'old': _current_sources,
|
||||
'new': sources}})
|
||||
if prune_interfaces:
|
||||
old_interfaces = set(_current_interfaces) - set(interfaces)
|
||||
for interface in old_interfaces:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_interface'](name, interface,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
rich_rules = rich_rules or []
|
||||
try:
|
||||
_current_rich_rules = __salt__['firewalld.get_rich_rules'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
if new_interfaces or old_interfaces:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_interfaces:
|
||||
interfaces = list(new_interfaces | set(_current_interfaces))
|
||||
ret['changes'].update({'interfaces':
|
||||
{'old': _current_interfaces,
|
||||
'new': interfaces}})
|
||||
|
||||
new_rich_rules = set(rich_rules) - set(_current_rich_rules)
|
||||
old_rich_rules = []
|
||||
if sources or prune_sources:
|
||||
sources = sources or []
|
||||
try:
|
||||
_current_sources = __salt__['firewalld.get_sources'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
for rich_rule in new_rich_rules:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_rich_rule'](name, rich_rule,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
new_sources = set(sources) - set(_current_sources)
|
||||
old_sources = []
|
||||
|
||||
if prune_rich_rules:
|
||||
old_rich_rules = set(_current_rich_rules) - set(rich_rules)
|
||||
for rich_rule in old_rich_rules:
|
||||
for source in new_sources:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_rich_rule'](name, rich_rule,
|
||||
permanent=True)
|
||||
__salt__['firewalld.add_source'](name, source, permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_rich_rules or old_rich_rules:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_rich_rules:
|
||||
rich_rules = list(new_rich_rules | set(_current_rich_rules))
|
||||
ret['changes'].update({'rich_rules':
|
||||
{'old': _current_rich_rules,
|
||||
'new': rich_rules}})
|
||||
if prune_sources:
|
||||
old_sources = set(_current_sources) - set(sources)
|
||||
for source in old_sources:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_source'](name, source,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_sources or old_sources:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_sources:
|
||||
sources = list(new_sources | set(_current_sources))
|
||||
ret['changes'].update({'sources':
|
||||
{'old': _current_sources,
|
||||
'new': sources}})
|
||||
|
||||
if rich_rules or prune_rich_rules:
|
||||
rich_rules = rich_rules or []
|
||||
try:
|
||||
_current_rich_rules = __salt__['firewalld.get_rich_rules'](name,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
new_rich_rules = set(rich_rules) - set(_current_rich_rules)
|
||||
old_rich_rules = []
|
||||
|
||||
for rich_rule in new_rich_rules:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.add_rich_rule'](name, rich_rule,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if prune_rich_rules:
|
||||
old_rich_rules = set(_current_rich_rules) - set(rich_rules)
|
||||
for rich_rule in old_rich_rules:
|
||||
if not __opts__['test']:
|
||||
try:
|
||||
__salt__['firewalld.remove_rich_rule'](name, rich_rule,
|
||||
permanent=True)
|
||||
except CommandExecutionError as err:
|
||||
ret['comment'] = 'Error: {0}'.format(err)
|
||||
return ret
|
||||
|
||||
if new_rich_rules or old_rich_rules:
|
||||
# If we're not pruning, include current items in new output so it's clear
|
||||
# that they're still present
|
||||
if not prune_rich_rules:
|
||||
rich_rules = list(new_rich_rules | set(_current_rich_rules))
|
||||
ret['changes'].update({'rich_rules':
|
||||
{'old': _current_rich_rules,
|
||||
'new': rich_rules}})
|
||||
|
||||
# No changes
|
||||
if ret['changes'] == {}:
|
||||
|
|
|
|||
|
|
@ -488,11 +488,7 @@ def query(url,
|
|||
data = _urlencode(data)
|
||||
|
||||
if verify_ssl:
|
||||
# tornado requires a str, cannot be unicode str in py2
|
||||
if ca_bundle is None:
|
||||
req_kwargs['ca_certs'] = ca_bundle
|
||||
else:
|
||||
req_kwargs['ca_certs'] = salt.utils.stringutils.to_str(ca_bundle)
|
||||
req_kwargs['ca_certs'] = ca_bundle
|
||||
|
||||
max_body = opts.get('http_max_body', salt.config.DEFAULT_MINION_OPTS['http_max_body'])
|
||||
timeout = opts.get('http_request_timeout', salt.config.DEFAULT_MINION_OPTS['http_request_timeout'])
|
||||
|
|
@ -530,30 +526,35 @@ def query(url,
|
|||
|
||||
supports_max_body_size = 'max_body_size' in client_argspec.args
|
||||
|
||||
req_kwargs.update({
|
||||
'method': method,
|
||||
'headers': header_dict,
|
||||
'auth_username': username,
|
||||
'auth_password': password,
|
||||
'body': data,
|
||||
'validate_cert': verify_ssl,
|
||||
'allow_nonstandard_methods': True,
|
||||
'streaming_callback': streaming_callback,
|
||||
'header_callback': header_callback,
|
||||
'request_timeout': timeout,
|
||||
'proxy_host': proxy_host,
|
||||
'proxy_port': proxy_port,
|
||||
'proxy_username': proxy_username,
|
||||
'proxy_password': proxy_password,
|
||||
'raise_error': raise_error,
|
||||
'decompress_response': False,
|
||||
})
|
||||
|
||||
# Unicode types will cause a TypeError when Tornado's curl HTTPClient
|
||||
# invokes setopt. Therefore, make sure all arguments we pass which
|
||||
# contain strings are str types.
|
||||
req_kwargs = salt.utils.data.decode(req_kwargs, to_str=True)
|
||||
|
||||
try:
|
||||
download_client = HTTPClient(max_body_size=max_body) \
|
||||
if supports_max_body_size \
|
||||
else HTTPClient()
|
||||
result = download_client.fetch(
|
||||
url_full,
|
||||
method=method,
|
||||
headers=header_dict,
|
||||
auth_username=username,
|
||||
auth_password=password,
|
||||
body=data,
|
||||
validate_cert=verify_ssl,
|
||||
allow_nonstandard_methods=True,
|
||||
streaming_callback=streaming_callback,
|
||||
header_callback=header_callback,
|
||||
request_timeout=timeout,
|
||||
proxy_host=proxy_host,
|
||||
proxy_port=proxy_port,
|
||||
proxy_username=proxy_username,
|
||||
proxy_password=proxy_password,
|
||||
raise_error=raise_error,
|
||||
decompress_response=False,
|
||||
**req_kwargs
|
||||
)
|
||||
result = download_client.fetch(url_full, **req_kwargs)
|
||||
except tornado.httpclient.HTTPError as exc:
|
||||
ret['status'] = exc.code
|
||||
ret['error'] = six.text_type(exc)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue