proxmox_firewall & proxmox_firewall_info - Added tests and fixed sanity issues

JanaHoch · JanaHoch · commit 74b3d4480104 · 2025-09-21T12:04:23.000+05:30
diff --git a/meta/runtime.yml b/meta/runtime.yml
@@ -20,6 +20,7 @@ action_groups:
     - proxmox_disk
     - proxmox_domain_info
     - proxmox_firewall
+    - proxmox_firewall_info
     - proxmox_group
     - proxmox_group_info
     - proxmox_kvm
diff --git a/plugins/module_utils/proxmox_sdn.py b/plugins/module_utils/proxmox_sdn.py
@@ -8,17 +8,6 @@
 
 __metaclass__ = type
 
-import traceback
-
-PROXMOXER_IMP_ERR = None
-try:
-    from proxmoxer import ProxmoxResource
-    from proxmoxer import __version__ as proxmoxer_version
-    HAS_PROXMOXER = True
-except ImportError:
-    HAS_PROXMOXER = False
-    PROXMOXER_IMP_ERR = traceback.format_exc()
-
 from typing import List, Dict
 
 from ansible_collections.community.proxmox.plugins.module_utils.proxmox import (
@@ -111,7 +100,7 @@ def get_zones(self, zone_type: str = None) -> List[Dict]:
                 msg=f'Failed to retrieve zone information from cluster: {e}'
             )
 
-    def get_aliases(self, firewall_obj: ProxmoxResource | None) -> List[Dict]:
+    def get_aliases(self, firewall_obj):
         """Get aliases for IP/CIDR at given firewall endpoint level
 
         :param firewall_obj: Firewall endpoint as a ProxmoxResource e.g. self.proxmox_api.cluster().firewall
@@ -127,7 +116,7 @@ def get_aliases(self, firewall_obj: ProxmoxResource | None) -> List[Dict]:
                 msg='Failed to retrieve aliases'
             )
 
-    def get_fw_rules(self, rules_obj: ProxmoxResource, pos: int = None) -> List[Dict]:
+    def get_fw_rules(self, rules_obj, pos=None):
         """Get firewall rules at given rules endpoint level
 
         :param rules_obj: Firewall Rules endpoint as a ProxmoxResource e.g. self.proxmox_api.cluster().firewall().rules
@@ -143,7 +132,7 @@ def get_fw_rules(self, rules_obj: ProxmoxResource, pos: int = None) -> List[Dict
                 msg=f'Failed to retrieve firewall rules: {e}'
             )
 
-    def get_groups(self) -> List:
+    def get_groups(self):
         """Get firewall security groups
 
         :return: list of groups
diff --git a/plugins/modules/proxmox_firewall.py b/plugins/modules/proxmox_firewall.py
@@ -12,6 +12,7 @@
 DOCUMENTATION = r"""
 module: proxmox_firewall
 short_description: Manage firewall rules in Proxmox
+version_added: "1.4.0"
 description:
     - create/update/delete FW rules at cluster/group/vnet/node/vm level
     - Create/delete firewall security groups
@@ -36,7 +37,7 @@
     description:
       - If O(state=present) and if 1 or more rule/alias already exists it will update them
     type: bool
-    default: truw
+    default: true
   level:
     description:
       - Level at which the firewall rule applies.
@@ -348,7 +349,7 @@
 
 def get_proxmox_args():
     return dict(
-        state=dict(type="str", choices=["present", "absent"],  default="present"),
+        state=dict(type="str", choices=["present", "absent"], default="present"),
         update=dict(type="bool", default=True),
         level=dict(type="str", choices=["cluster", "node", "vm", "vnet", "group"], default="cluster", required=False),
         node=dict(type="str", required=False),
@@ -490,7 +491,6 @@ def run(self):
             if aliases is not None:
                 self.aliases_absent(firewall_obj=firewall_obj, aliases=aliases)
 
-
     def aliases_present(self, firewall_obj, level, aliases, update):
         if firewall_obj is None or level not in ['cluster', 'vm']:
             self.module.fail_json(
diff --git a/plugins/modules/proxmox_firewall_info.py b/plugins/modules/proxmox_firewall_info.py
@@ -10,8 +10,9 @@
 __metaclass__ = type
 
 DOCUMENTATION = r"""
-module: proxmox_firewall
+module: proxmox_firewall_info
 short_description: Manage firewall rules in Proxmox
+version_added: "1.4.0"
 description:
     - create/update/delete FW rules at cluster/group/vnet/node/vm level
     - Create/delete firewall security groups
@@ -58,6 +59,7 @@
   - community.proxmox.proxmox.actiongroup_proxmox
   - community.proxmox.proxmox.documentation
   - community.proxmox.attributes
+  - community.proxmox.attributes.info_module
 """
 
 EXAMPLES = r"""
@@ -73,7 +75,7 @@
 
 RETURN = r"""
 groups:
-    description: 
+    description:
       - List of firewall security groups.
       - This will always be given for cluster level regardless of the level passed.
       - Because only at cluster level we can have firewall security groups
@@ -238,6 +240,7 @@ def get_ansible_module():
 
     return AnsibleModule(
         argument_spec=module_args,
+        supports_check_mode=True,
         required_if=[
             ('level', 'vm', ['vmid']),
             ('level', 'node', ['node']),
@@ -257,7 +260,7 @@ def run(self):
 
         if level == "vm":
             vm = self.get_vm(vmid=self.params.get('vmid'))
-            node = self.proxmox_api.nodes( vm['node'])
+            node = self.proxmox_api.nodes(vm['node'])
             virt = node(vm['type'])
             firewall_obj = virt(str(vm['vmid'])).firewall
             rules_obj = firewall_obj().rules
diff --git a/tests/unit/plugins/modules/test_proxmox_firewall.py b/tests/unit/plugins/modules/test_proxmox_firewall.py
@@ -69,19 +69,6 @@ def fail_json(*args, **kwargs):
     raise SystemExit(kwargs)
 
 
-def get_module_args_state_none(level="cluster", vmid=None, node=None, vnet=None, group=None):
-    return {
-        "api_host": "host",
-        "api_user": "user",
-        "api_password": "password",
-        "level": level,
-        "vmid": vmid,
-        "node": node,
-        "vnet": vnet,
-        "group": group
-    }
-
-
 def get_module_args_group_conf(group, level="cluster", state="present"):
     return {
         "api_host": "host",
@@ -144,16 +131,6 @@ def tearDown(self):
         self.mock_module_helper.stop()
         super(TestProxmoxFirewallModule, self).tearDown()
 
-    def test_get_fw_state_none(self):
-        with pytest.raises(SystemExit) as exc_info:
-            with set_module_args(get_module_args_state_none()):
-                self.module.main()
-        result = exc_info.value.args[0]
-        assert result["changed"] is False
-        assert result["msg"] == "successfully retrieved firewall rules and groups"
-        assert result["firewall_rules"] == RAW_FIREWALL_RULES
-        assert result["groups"] == ['test1', 'test2']
-
     def test_create_group(self):
         with pytest.raises(SystemExit) as exc_info:
             with set_module_args(get_module_args_group_conf(group='test')):
@@ -172,21 +149,13 @@ def test_delete_group(self):
         assert result["msg"] == 'successfully deleted security group test1'
         assert result['group'] == 'test1'
 
-    def test_update_fw_rules(self):
-        with pytest.raises(SystemExit) as exc_info:
-            with set_module_args(get_module_args_rules(state='update')):
-                self.module.main()
-        result = exc_info.value.args[0]
-        assert result['changed'] is True
-        assert result["msg"] == 'successfully updated firewall rules'
-
     def test_create_fw_rules(self):
         with pytest.raises(SystemExit) as exc_info:
             with set_module_args(get_module_args_rules(state='present', pos=2)):
                 self.module.main()
         result = exc_info.value.args[0]
         assert result['changed'] is True
-        assert result["msg"] == 'successfully created firewall rules'
+        assert result["msg"] == 'successfully created/updated firewall rules'
 
     def test_delete_fw_rule(self):
         with pytest.raises(SystemExit) as exc_info:
diff --git a/tests/unit/plugins/modules/test_proxmox_firewall_info.py b/tests/unit/plugins/modules/test_proxmox_firewall_info.py
@@ -0,0 +1,182 @@
+# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2025, Jana Hoch <janahoch91@proton.me>
+# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
+# SPDX-License-Identifier: GPL-3.0-or-later
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from unittest.mock import patch
+
+import pytest
+
+proxmoxer = pytest.importorskip("proxmoxer")
+
+from ansible.module_utils import basic
+from ansible_collections.community.proxmox.plugins.modules import proxmox_firewall_info
+from ansible_collections.community.internal_test_tools.tests.unit.plugins.modules.utils import (
+    ModuleTestCase,
+    set_module_args,
+)
+import ansible_collections.community.proxmox.plugins.module_utils.proxmox as proxmox_utils
+
+RAW_FIREWALL_RULES = [
+    {
+        "ipversion": 4,
+        "digest": "245f9fb31d5f59543dedc5a84ba7cd6afa4dbcc0",
+        "log": "nolog",
+        "action": "ACCEPT",
+        "enable": 1,
+        "type": "out",
+        "source": "1.1.1.1",
+        "pos": 0
+    },
+    {
+        "enable": 1,
+        "pos": 1,
+        "source": "1.0.0.1",
+        "type": "out",
+        "action": "ACCEPT",
+        "digest": "245f9fb31d5f59543dedc5a84ba7cd6afa4dbcc0",
+        "ipversion": 4
+    }
+]
+
+RAW_GROUPS = [
+    {
+        "digest": "fdb62dec01018d4f35c83ecc2ae3f110a8b3bd62",
+        "group": "test1"
+    },
+    {
+        "group": "test2",
+        "digest": "fdb62dec01018d4f35c83ecc2ae3f110a8b3bd62"
+    }
+]
+
+RAW_ALIASES = [
+    {
+        "name": "test1",
+        "cidr": "10.10.1.0/24",
+        "digest": "978391f460484e8d4fb3ca785cfe5a9d16fe8b1f",
+        "ipversion": 4
+    },
+    {
+        "name": "test2",
+        "cidr": "10.10.2.0/24",
+        "digest": "978391f460484e8d4fb3ca785cfe5a9d16fe8b1f",
+        "ipversion": 4
+    },
+    {
+        "name": "test3",
+        "cidr": "10.10.3.0/24",
+        "digest": "978391f460484e8d4fb3ca785cfe5a9d16fe8b1f",
+        "ipversion": 4
+    }
+]
+
+RAW_CLUSTER_RESOURCES = [
+    {
+        "vmid": 100,
+        "maxcpu": 8,
+        "memhost": 860138496,
+        "type": "qemu",
+        "id": "qemu/100",
+        "diskread": 127452302,
+        "netin": 42,
+        "netout": 0,
+        "cpu": 0.0046731498237984,
+        "uptime": 119787,
+        "template": 0,
+        "disk": 0,
+        "name": "nextcloud",
+        "maxdisk": 644245094400,
+        "mem": 445415424,
+        "status": "running",
+        "diskwrite": 1024,
+        "maxmem": 8589934592,
+        "node": "pve"
+    }
+]
+
+
+def exit_json(*args, **kwargs):
+    """function to patch over exit_json; package return data into an exception"""
+    if 'changed' not in kwargs:
+        kwargs['changed'] = False
+    raise SystemExit(kwargs)
+
+
+def fail_json(*args, **kwargs):
+    """function to patch over fail_json; package return data into an exception"""
+    kwargs['failed'] = True
+    raise SystemExit(kwargs)
+
+
+def get_module_args(level="cluster", vmid=None, node=None, vnet=None, group=None):
+    return {
+        "api_host": "host",
+        "api_user": "user",
+        "api_password": "password",
+        "level": level,
+        "vmid": vmid,
+        "node": node,
+        "vnet": vnet,
+        "group": group
+    }
+
+
+class TestProxmoxFirewallModule(ModuleTestCase):
+    def setUp(self):
+        super(TestProxmoxFirewallModule, self).setUp()
+        proxmox_utils.HAS_PROXMOXER = True
+        self.module = proxmox_firewall_info
+        self.mock_module_helper = patch.multiple(basic.AnsibleModule,
+                                                 exit_json=exit_json,
+                                                 fail_json=fail_json)
+        self.mock_module_helper.start()
+        self.connect_mock = patch(
+            "ansible_collections.community.proxmox.plugins.module_utils.proxmox.ProxmoxAnsible._connect",
+        ).start()
+
+        self.connect_mock.return_value.cluster.resources.get.return_value = (
+            RAW_CLUSTER_RESOURCES
+        )
+
+        mock_cluster_fw = self.connect_mock.return_value.cluster.return_value.firewall.return_value
+        mock_vm100_fw = self.connect_mock.return_value.nodes.return_value.return_value.return_value.firewall.return_value
+
+        mock_cluster_fw.rules.get.return_value = RAW_FIREWALL_RULES
+        mock_cluster_fw.groups.return_value.get.return_value = RAW_GROUPS
+        mock_cluster_fw.aliases.return_value.get.return_value = RAW_ALIASES
+
+        mock_vm100_fw.rules.get.return_value = RAW_FIREWALL_RULES
+        mock_vm100_fw.aliases.return_value.get.return_value = RAW_ALIASES
+
+    def tearDown(self):
+        self.connect_mock.stop()
+        self.mock_module_helper.stop()
+        super(TestProxmoxFirewallModule, self).tearDown()
+
+    def test_cluster_level_info(self):
+        with pytest.raises(SystemExit) as exc_info:
+            with set_module_args(get_module_args()):
+                self.module.main()
+        result = exc_info.value.args[0]
+        assert result["changed"] is False
+        assert result["msg"] == "successfully retrieved firewall rules and groups"
+        assert result["firewall_rules"] == RAW_FIREWALL_RULES
+        assert result["groups"] == ['test1', 'test2']
+        assert result["aliases"] == RAW_ALIASES
+
+    def test_vm_level_info(self):
+        with pytest.raises(SystemExit) as exc_info:
+            with set_module_args(get_module_args(level='vm', vmid=100)):
+                self.module.main()
+        result = exc_info.value.args[0]
+        assert result["changed"] is False
+        assert result["msg"] == "successfully retrieved firewall rules and groups"
+        assert result["firewall_rules"] == RAW_FIREWALL_RULES
+        assert result["groups"] == ['test1', 'test2']
+        assert result["aliases"] == RAW_ALIASES
