From e0b8bc1ef9faa780f79d6576a057a0285634fbb5 Mon Sep 17 00:00:00 2001 From: Shachaf92 Date: Fri, 5 Jul 2019 01:06:34 +0300 Subject: [PATCH] win_firewall_rule: Only report changed when change is made (#57267) * Fix bug https://github.com/ansible/ansible/issues/44450 * Added tests * I will make this CI work * Update win_firewall_rule.ps1 --- ...ix-Expansion-of-vars-win_firewall_rule.yml | 2 ++ .../modules/windows/win_firewall_rule.ps1 | 2 +- .../targets/win_firewall_rule/tasks/main.yml | 27 +++++++++++++++++++ 3 files changed, 30 insertions(+), 1 deletion(-) create mode 100644 changelogs/fragments/Fix-Expansion-of-vars-win_firewall_rule.yml diff --git a/changelogs/fragments/Fix-Expansion-of-vars-win_firewall_rule.yml b/changelogs/fragments/Fix-Expansion-of-vars-win_firewall_rule.yml new file mode 100644 index 0000000000..df38eae14c --- /dev/null +++ b/changelogs/fragments/Fix-Expansion-of-vars-win_firewall_rule.yml @@ -0,0 +1,2 @@ +bugfixes: +- "win_firewall_rule - Fix program var not expanding %SystemRoot% type vars (https://github.com/ansible/ansible/issues/44450)" \ No newline at end of file diff --git a/lib/ansible/modules/windows/win_firewall_rule.ps1 b/lib/ansible/modules/windows/win_firewall_rule.ps1 index 25bfaae0cb..5cee71e998 100644 --- a/lib/ansible/modules/windows/win_firewall_rule.ps1 +++ b/lib/ansible/modules/windows/win_firewall_rule.ps1 @@ -156,7 +156,7 @@ try { # the default for enabled in module description is "true", but the actual COM object defaults to "false" when created if ($null -ne $enabled) { $new_rule.Enabled = $enabled } else { $new_rule.Enabled = $true } if ($null -ne $description) { $new_rule.Description = $description } - if ($null -ne $program -and $program -ne "any") { $new_rule.ApplicationName = $program } + if ($null -ne $program -and $program -ne "any") { $new_rule.ApplicationName = [System.Environment]::ExpandEnvironmentVariables($program) } if ($null -ne $service -and $program -ne "any") { $new_rule.ServiceName = $service } if ($null -ne $protocol -and $protocol -ne "any") { $new_rule.Protocol = Parse-ProtocolType -protocol $protocol } if ($null -ne $localport -and $localport -ne "any") { $new_rule.LocalPorts = $localport } diff --git a/test/integration/targets/win_firewall_rule/tasks/main.yml b/test/integration/targets/win_firewall_rule/tasks/main.yml index 6e76e8fd92..708810c2a8 100644 --- a/test/integration/targets/win_firewall_rule/tasks/main.yml +++ b/test/integration/targets/win_firewall_rule/tasks/main.yml @@ -411,3 +411,30 @@ assert: that: - add_firewall_rule_with_list_profiles.changed == true + +# Test for variable expansion in the path +- name: Add rule with path that needs to be expanded + win_firewall_rule: + name: VarExpansionTest + enabled: yes + state: present + action: allow + direction: in + protocol: tcp + program: '%SystemRoot%\system32\svchost.exe' + +- name: Add same rule with path that needs to be expanded + win_firewall_rule: + name: VarExpansionTest + enabled: yes + state: present + action: allow + direction: in + protocol: tcp + program: '%SystemRoot%\system32\svchost.exe' + register: add_firewall_rule_with_var_expand_path + +- name: Check that creating same firewall rule with expanded vars identified + assert: + that: + - add_firewall_rule_with_var_expand_path.changed == false \ No newline at end of file