From d10d95f949b931c954e587e6c5923cf65181d94a Mon Sep 17 00:00:00 2001
From: Bartosz Bezak <bartosz@stackhpc.com>
Date: Wed, 18 Nov 2020 14:30:32 +0100
Subject: [PATCH] Support for firewalld ZONE option in network interfaces
 configuration

Change-Id: Id21616b5c03922002cd7c99d6df7976a502b4e3c
Story: 2008369
Task: 41279
---
 ansible/filter_plugins/networks.py                        | 8 ++++++++
 doc/source/configuration/reference/network.rst            | 2 ++
 .../notes/firewalld-zone-option-15cb747feb90446b.yaml     | 6 ++++++
 requirements.yml                                          | 2 +-
 4 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 releasenotes/notes/firewalld-zone-option-15cb747feb90446b.yaml

diff --git a/ansible/filter_plugins/networks.py b/ansible/filter_plugins/networks.py
index f32ad0d04..b644d98f1 100644
--- a/ansible/filter_plugins/networks.py
+++ b/ansible/filter_plugins/networks.py
@@ -137,6 +137,7 @@ net_physical_network = _make_attr_filter('physical_network')
 net_bootproto = _make_attr_filter('bootproto')
 net_defroute = _make_attr_filter('defroute')
 net_ethtool_opts = _make_attr_filter('ethtool_opts')
+net_zone = _make_attr_filter('zone')
 
 
 @jinja2.contextfilter
@@ -216,6 +217,7 @@ def net_interface_obj(context, name, inventory_hostname=None):
     bootproto = net_bootproto(context, name, inventory_hostname)
     defroute = net_defroute(context, name, inventory_hostname)
     ethtool_opts = net_ethtool_opts(context, name, inventory_hostname)
+    zone = net_zone(context, name, inventory_hostname)
     vip_address = net_vip_address(context, name, inventory_hostname)
     allowed_addresses = [vip_address] if vip_address else None
     interface = {
@@ -230,6 +232,7 @@ def net_interface_obj(context, name, inventory_hostname=None):
         'bootproto': bootproto or 'static',
         'defroute': defroute,
         'ethtool_opts': ethtool_opts,
+        'zone': zone,
         'allowed_addresses': allowed_addresses,
         'onboot': 'yes',
     }
@@ -267,6 +270,7 @@ def net_bridge_obj(context, name, inventory_hostname=None):
     bootproto = net_bootproto(context, name, inventory_hostname)
     defroute = net_defroute(context, name, inventory_hostname)
     ethtool_opts = net_ethtool_opts(context, name, inventory_hostname)
+    zone = net_zone(context, name, inventory_hostname)
     vip_address = net_vip_address(context, name, inventory_hostname)
     allowed_addresses = [vip_address] if vip_address else None
     interface = {
@@ -282,6 +286,7 @@ def net_bridge_obj(context, name, inventory_hostname=None):
         'bootproto': bootproto or 'static',
         'defroute': defroute,
         'ethtool_opts': ethtool_opts,
+        'zone': zone,
         'allowed_addresses': allowed_addresses,
         'onboot': 'yes',
     }
@@ -325,6 +330,7 @@ def net_bond_obj(context, name, inventory_hostname=None):
     bootproto = net_bootproto(context, name, inventory_hostname)
     defroute = net_defroute(context, name, inventory_hostname)
     ethtool_opts = net_ethtool_opts(context, name, inventory_hostname)
+    zone = net_zone(context, name, inventory_hostname)
     vip_address = net_vip_address(context, name, inventory_hostname)
     allowed_addresses = [vip_address] if vip_address else None
     interface = {
@@ -346,6 +352,7 @@ def net_bond_obj(context, name, inventory_hostname=None):
         'bootproto': bootproto or 'static',
         'defroute': defroute,
         'ethtool_opts': ethtool_opts,
+        'zone': zone,
         'allowed_addresses': allowed_addresses,
         'onboot': 'yes',
     }
@@ -503,6 +510,7 @@ class FilterModule(object):
             'net_bootproto': net_bootproto,
             'net_defroute': net_defroute,
             'net_ethtool_opts': net_ethtool_opts,
+            'net_zone': net_zone,
             'net_interface_obj': net_interface_obj,
             'net_bridge_obj': net_bridge_obj,
             'net_bond_obj': net_bond_obj,
diff --git a/doc/source/configuration/reference/network.rst b/doc/source/configuration/reference/network.rst
index f99242f54..426690d1b 100644
--- a/doc/source/configuration/reference/network.rst
+++ b/doc/source/configuration/reference/network.rst
@@ -326,6 +326,8 @@ The following attributes are supported:
     bond and bridge interfaces, settings apply to underlying interfaces. This
     should be a string of arguments passed to the ``ethtool`` utility, for
     example ``"-G ${DEVICE} rx 8192 tx 8192"``.
+``zone``
+    The name of ``firewalld`` zone to be attached to network interface.
 
 IP Addresses
 ------------
diff --git a/releasenotes/notes/firewalld-zone-option-15cb747feb90446b.yaml b/releasenotes/notes/firewalld-zone-option-15cb747feb90446b.yaml
new file mode 100644
index 000000000..3ff7fc878
--- /dev/null
+++ b/releasenotes/notes/firewalld-zone-option-15cb747feb90446b.yaml
@@ -0,0 +1,6 @@
+---
+features:
+  - |
+    Adds support for configuring firewalld ``zone`` option on network interfaces. 
+    See `story 2008369
+    <https://storyboard.openstack.org/#!/story/2008369>`__ for details.
diff --git a/requirements.yml b/requirements.yml
index 44f127d2f..5dccf5746 100644
--- a/requirements.yml
+++ b/requirements.yml
@@ -5,7 +5,7 @@
   # There are no versioned releases of this role.
   version: 8438592c84585c86e62ae07e526d3da53629b377
 - src: MichaelRigart.interfaces
-  version: v1.8.1
+  version: v1.9.0
 - src: mrlesmithjr.manage-lvm
   version: v0.1.4
 - src: mrlesmithjr.mdadm