actors: add FirewalldIptablesModules

This actor will check if firewalld is using iptables, if so it will
cause kernel-module-extra to be installed.

Author: erig0

repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/actor.py

@@ -0,0 +1,42 @@
+from leapp.actors import Actor
+from leapp.models import (
+    FirewalldDirectConfig,
+    FirewalldGlobalConfig,
+    FirewallsFacts,
+    RpmTransactionTasks,
+)
+from leapp.tags import ChecksPhaseTag, IPUWorkflowTag
+
+
+class FirewalldIptablesModules(Actor):
+    """
+    This actor cause kernel-modules-extra to be installed if firewalld is using
+    iptables.
+    """
+
+    name = 'firewalld_iptables_modules'
+    consumes = (FirewallsFacts, FirewalldGlobalConfig, FirewalldDirectConfig)
+    produces = (RpmTransactionTasks,)
+    tags = (ChecksPhaseTag, IPUWorkflowTag)
+
+    def process(self):
+        # If firewalld is not enabled then don't bother the user about its
+        # configuration.
+        for facts in self.consume(FirewallsFacts):
+            if not facts.firewalld.enabled:
+                return
+
+        flag = False
+
+        for config in self.consume(FirewalldGlobalConfig):
+            if config.firewallbackend == "iptables":
+                flag = True
+                break
+
+        for config in self.consume(FirewalldDirectConfig):
+            if config.has_permanent_configuration:
+                flag = True
+                break
+
+        if flag:
+            self.produce(RpmTransactionTasks(to_install=['kernel-modules-extra']))

repos/system_upgrade/el9toel10/actors/firewalldiptablesmodules/tests/unit_tests.py

@@ -0,0 +1,49 @@
+from leapp.models import (
+    FirewalldDirectConfig,
+    FirewalldGlobalConfig,
+    FirewallsFacts,
+    FirewallStatus,
+    RpmTransactionTasks
+)
+
+
+def test_produce(current_actor_context):
+    status = FirewallStatus(enabled=True, active=True)
+    current_actor_context.feed(FirewallsFacts(firewalld=status,
+                                              iptables=status,
+                                              ip6tables=status))
+    current_actor_context.feed(FirewalldGlobalConfig(firewallbackend='iptables'))
+    current_actor_context.run()
+    assert current_actor_context.consume(RpmTransactionTasks)[0].to_install[0] == 'kernel-modules-extra'
+
+
+def test_produce_02(current_actor_context):
+    status = FirewallStatus(enabled=True, active=True)
+    current_actor_context.feed(FirewallsFacts(firewalld=status,
+                                              iptables=status,
+                                              ip6tables=status))
+    current_actor_context.feed(FirewalldDirectConfig(has_permanent_configuration=True))
+    current_actor_context.run()
+    assert current_actor_context.consume(RpmTransactionTasks)[0].to_install[0] == 'kernel-modules-extra'
+
+
+def test_no_produce_negative(current_actor_context):
+    current_actor_context.feed(FirewalldGlobalConfig())
+    current_actor_context.run()
+    assert not current_actor_context.consume(RpmTransactionTasks)
+
+
+def test_no_produce_negative_02(current_actor_context):
+    status = FirewallStatus(enabled=False, active=True)
+    current_actor_context.feed(FirewallsFacts(firewalld=status,
+                                              iptables=status,
+                                              ip6tables=status))
+    current_actor_context.feed(FirewalldGlobalConfig(firewallbackend='iptables'))
+    current_actor_context.run()
+    assert not current_actor_context.consume(RpmTransactionTasks)
+
+
+def test_no_produce_negative_03(current_actor_context):
+    current_actor_context.feed(FirewalldDirectConfig())
+    current_actor_context.run()
+    assert not current_actor_context.consume(RpmTransactionTasks)