summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGomathiselviS <gomathiselvi@gmail.com>2022-02-22 16:30:07 -0500
committerGitHub <noreply@github.com>2022-02-22 21:30:07 +0000
commitd3c91d0ee00c187a5623a6b66f9fedad800ff3d0 (patch)
tree2aaa943628f94b4133abc23f574931a9db0a8127
parent4662d6d03742ecc2fd09c530cf4b70217975e5bb (diff)
downloadvyos-ansible-collection-d3c91d0ee00c187a5623a6b66f9fedad800ff3d0.tar.gz
vyos-ansible-collection-d3c91d0ee00c187a5623a6b66f9fedad800ff3d0.zip
vyos_firewall_rules: Add support for log enable on individual rules (#238)
vyos_firewall_rules: Add support for log enable on individual rules SUMMARY ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com> Reviewed-by: None <None>
Diffstat
-rw-r--r--changelogs/fragments/vyos_firewall_rules_add_log.yaml3
-rw-r--r--plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py4
-rw-r--r--plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py2
-rw-r--r--plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py1
-rw-r--r--plugins/modules/vyos_firewall_rules.py7
-rw-r--r--tests/unit/modules/network/vyos/test_vyos_firewall_rules.py4
6 files changed, 21 insertions, 0 deletions
diff --git a/changelogs/fragments/vyos_firewall_rules_add_log.yaml b/changelogs/fragments/vyos_firewall_rules_add_log.yaml
new file mode 100644
index 0000000..0ffc76c
--- /dev/null
+++ b/changelogs/fragments/vyos_firewall_rules_add_log.yaml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+ - vyos_firewall_rules - Add support for log enable on individual rules
diff --git a/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py
index 2df7758..22dc8f7 100644
--- a/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py
@@ -164,6 +164,10 @@ class Firewall_rulesArgs(object): # pylint: disable=R0903
},
"type": "dict",
},
+ "log": {
+ "type": "str",
+ "choices": ["enable", "disable"],
+ },
"number": {"required": True, "type": "int"},
"p2p": {
"elements": "dict",
diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
index 3c56626..1f1536c 100644
--- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
@@ -356,6 +356,7 @@ class Firewall_rules(ConfigBase):
"fragment",
"disabled",
"description",
+ "log",
)
if w_rules:
for w in w_rules:
@@ -1022,6 +1023,7 @@ class Firewall_rules(ConfigBase):
r_set = (
"p2p",
"ipsec",
+ "log",
"action",
"fragment",
"protocol",
diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
index 63a159e..8e29dbd 100644
--- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
@@ -163,6 +163,7 @@ class Firewall_rulesFacts(object):
"""
a_lst = [
"ipsec",
+ "log",
"action",
"protocol",
"fragment",
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
index b6ed81b..6df6892 100644
--- a/plugins/modules/vyos_firewall_rules.py
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -220,6 +220,13 @@ options:
choices:
- match-ipsec
- match-none
+ log:
+ description:
+ - Option to log packets matching rule
+ type: str
+ choices:
+ - disable
+ - enable
limit:
description:
- Rate limit using a token bucket filter.
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
index dd3dbce..f80157c 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
@@ -218,6 +218,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
action="accept",
description="Rule 101 is configured by Ansible",
ipsec="match-ipsec",
+ log="disable",
protocol="icmp",
fragment="match-frag",
disabled=True,
@@ -241,6 +242,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
"set firewall name INBOUND rule 101 disabled",
"set firewall name INBOUND rule 101 action 'accept'",
"set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
+ "set firewall name INBOUND rule 101 log 'disable'",
]
self.execute_module(changed=True, commands=commands)
@@ -1016,6 +1018,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
action="reject",
description="Rule 1 is configured by Ansible RM",
ipsec="match-ipsec",
+ log="enable",
protocol="tcp",
fragment="match-frag",
disabled=False,
@@ -1066,6 +1069,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
"set firewall name V4-IN description 'This is IPv4 INGRESS rule set'",
"set firewall name V4-IN enable-default-log",
"set firewall name V4-IN rule 1 protocol 'tcp'",
+ "set firewall name V4-IN rule 1 log 'enable'",
"set firewall name V4-IN rule 1 description 'Rule 1 is configured by Ansible RM'",
"set firewall name V4-IN rule 1 fragment 'match-frag'",
"set firewall name V4-IN rule 1 source group address-group IN-ADDR-GROUP",
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-20 07:38:47 +0000