Fix iptables target options with no arguments

For example: - name: test jump: CT notrack: '' ...
2024-11-07 08:58:59 +00:00 · 2016-08-14 18:41:24 +08:00 · 2016-08-14 18:41:24 +08:00 · 914eb60d51
commit 914eb60d51
parent 607169a01b
2 changed files with 9 additions and 2 deletions
--- a/salt/modules/iptables.py
+++ b/salt/modules/iptables.py
@ -405,7 +405,9 @@ def build_rule(table='filter', chain=None, command=None, position='', full=None,
    for after_jump_argument in after_jump_arguments:
        if after_jump_argument in kwargs:
            value = kwargs[after_jump_argument]
-            if any(ws_char in str(value) for ws_char in string.whitespace):
+            if value in (None, ''):  # options without arguments
+                after_jump.append('--{0}'.format(after_jump_argument))
+            elif any(ws_char in str(value) for ws_char in string.whitespace):
                after_jump.append('--{0} "{1}"'.format(after_jump_argument, value))
            else:
                after_jump.append('--{0} {1}'.format(after_jump_argument, value))
--- a/tests/unit/modules/iptables_test.py
+++ b/tests/unit/modules/iptables_test.py
@ -128,7 +128,12 @@ class IptablesTestCase(TestCase):
        # Should allow no-arg jump options
        self.assertEqual(iptables.build_rule(jump='CLUSTERIP',
                                             **{'new': ''}),
-                         '--jump CLUSTERIP --new ')
+                         '--jump CLUSTERIP --new')
+
+        # Should allow no-arg jump options as None
+        self.assertEqual(iptables.build_rule(jump='CT',
+                                             **{'notrack': None}),
+                         '--jump CT --notrack')

        # should build match-sets with single string
        self.assertEqual(iptables.build_rule(**{'match-set': 'src flag1,flag2'}),