From 2e7ec8ad2b281488b85c9fa15af652b7223bfe54 Mon Sep 17 00:00:00 2001
From: Kevin Carter <kevin@cloudnull.com>
Date: Fri, 23 Aug 2019 14:49:23 -0500
Subject: [PATCH] Add check for string type dport

the dport option could be a port number using a string instead of a array or int.
This change ensures our loop is able to properly handle dport options written as
list, string, or int.

Change-Id: I13dbdb2043ad216d1c89801c974508dd9b958cdc
Signed-off-by: Kevin Carter <kevin@cloudnull.com>
---
 .../molecule/firewall-add-complex/playbook.yml                | 4 ++--
 .../molecule/firewall-remove-complex/playbook.yml             | 4 ++--
 .../roles/tripleo-firewall/tasks/tripleo_firewall_add.yml     | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-add-complex/playbook.yml b/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-add-complex/playbook.yml
index 7d1b9da3b..69b03be79 100644
--- a/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-add-complex/playbook.yml
+++ b/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-add-complex/playbook.yml
@@ -22,11 +22,11 @@
       tripleo_firewall_rules:
         '003 accept ftp from all':
           proto: 'tcp'
-          dport: 21
+          dport: "21"
         '003 accept custom from all':
           proto: 'udp'
           dport:
-            - 2121
+            - "2121"
             - 2122
             - 2123
             - 2200-2210
diff --git a/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-remove-complex/playbook.yml b/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-remove-complex/playbook.yml
index d2b0e706b..d5d6e1762 100644
--- a/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-remove-complex/playbook.yml
+++ b/tripleo_ansible/roles/tripleo-firewall/molecule/firewall-remove-complex/playbook.yml
@@ -22,13 +22,13 @@
       tripleo_firewall_rules:
         '003 accept ftp from all':
           proto: 'tcp'
-          dport: 21
+          dport: "21"
           extras:
             ensure: 'absent'
         '003 accept custom from all':
           proto: 'udp'
           dport:
-            - 2121
+            - "2121"
             - 2122
             - 2123
             - 2200-2210
diff --git a/tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml b/tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml
index 0c98dd346..31e6b305e 100644
--- a/tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml
+++ b/tripleo_ansible/roles/tripleo-firewall/tasks/tripleo_firewall_add.yml
@@ -60,7 +60,7 @@
   when:
     - (item['rule']['proto'] | default('tcp')) != 'ipv6'
     - item['rule']['source'] | default('127.0.0.1') | ipv4
-  loop: "{{ (item['rule']['dport'] is iterable) | ternary(item['rule']['dport'], [item['rule']['dport']]) }}"
+  loop: "{{ ((item['rule']['dport'] is iterable) and (item['rule']['dport'] is not string)) | ternary(item['rule']['dport'], [item['rule']['dport']]) }}"
   loop_control:
     loop_var: port
   notify:
@@ -83,7 +83,7 @@
   when:
     - (item['rule']['proto'] | default('tcp')) != 'ipv4'
     - item['rule']['source'] | default('::') | ipv6
-  loop: "{{ (item['rule']['dport'] is iterable) | ternary(item['rule']['dport'], [item['rule']['dport']]) }}"
+  loop: "{{ ((item['rule']['dport'] is iterable) and (item['rule']['dport'] is not string)) | ternary(item['rule']['dport'], [item['rule']['dport']]) }}"
   loop_control:
     loop_var: port
   notify: