Fix `vyos.vyos.vyos_firewall_rules` `state: replaced` to match documentation (#203)

Fix `vyos.vyos.vyos_firewall_rules` `state: replaced` to match documentation SUMMARY vyos.vyos.vyos_firewall_rules should only try to change listed firewall rules, as documented, when the state is set to replaced. As currently implemented (prior to this PR), it better matches what overridden is meant to do. Fixes #201 ISSUE TYPE Bugfix Pull Request COMPONENT NAME vyos.vyos.vyos_firewall_rules ADDITIONAL INFORMATION Cleanup and document existing code for clarity Add a failing idempotent test Add a failing change test Fix failing tests Add change fragment Reviewed-by: GomathiselviS <None> Reviewed-by: Shawn Wilsher <None> Reviewed-by: None <None>
author: Shawn Wilsher <656602+sdwilsh@users.noreply.github.com> 2021-09-20 16:25:42 -0700
committer: GitHub <noreply@github.com> 2021-09-20 23:25:42 +0000
commit: 9e829e1b75996b6b8268ab29b105d5dfa97da441 (patch)
tree: b5aed43186cf0481928ac6afcf78c73a77b69bcc /plugins/module_utils
parent: 2c13b39aee89cf39eaad64b0775fd387a5599399 (diff)
download: vyos-ansible-collection-9e829e1b75996b6b8268ab29b105d5dfa97da441.tar.gz
vyos-ansible-collection-9e829e1b75996b6b8268ab29b105d5dfa97da441.zip
1 files changed, 19 insertions, 3 deletions
diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
index fd5a4f5..3c56626 100644
--- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
@@ -167,13 +167,29 @@ class Firewall_rules(ConfigBase):
         """
         commands = []
         if have:
+            # Iterate over the afi rule sets we already have.
             for h in have:
                 r_sets = self._get_r_sets(h)
+                # Iterate over each rule set we already have.
                 for rs in r_sets:
-                    w = self.search_r_sets_in_have(want, rs["name"], "r_list")
-                    commands.extend(
-                        self._add_r_sets(h["afi"], rs, w, opr=False)
+                    # In the desired configuration, search for the rule set we
+                    # already have (to be replaced by our desired
+                    # configuration's rule set).
+                    wanted_rule_set = self.search_r_sets_in_have(
+                        want, rs["name"], "r_list"
                     )
+                    if wanted_rule_set is not None:
+                        # Remove the rules that we already have if the wanted
+                        # rules exist under the same name.
+                        commands.extend(
+                            self._add_r_sets(
+                                h["afi"],
+                                want=rs,
+                                have=wanted_rule_set,
+                                opr=False,
+                            )
+                        )
+        # Merge the desired configuration into what we already have.
         commands.extend(self._state_merged(want, have))
         return commands
author	Shawn Wilsher <656602+sdwilsh@users.noreply.github.com>	2021-09-20 16:25:42 -0700
committer	GitHub <noreply@github.com>	2021-09-20 23:25:42 +0000
commit	9e829e1b75996b6b8268ab29b105d5dfa97da441 (patch)
tree	b5aed43186cf0481928ac6afcf78c73a77b69bcc /plugins/module_utils
parent	2c13b39aee89cf39eaad64b0775fd387a5599399 (diff)
download	vyos-ansible-collection-9e829e1b75996b6b8268ab29b105d5dfa97da441.tar.gz vyos-ansible-collection-9e829e1b75996b6b8268ab29b105d5dfa97da441.zip