firewall_rules: Fix incorrect behavior when IPv4 and IPv6 rule sets have the same name (#236)

firewall_rules: Fix incorrect behavior when IPv4 and IPv6 rule sets have the same name

SUMMARY
VyOS supports IPv4 and IPv6 rule sets having the same name, but there are a couple places in the Ansible module that don't handle this situation.

The fact gathering for ansible_network_resources.firewall_rules has been updated to look for name <name> or ipv6-name <name> instead of just <name>.
The vyos_firewall_rules module has been updated to take the afi into consideration when comparing the have and want states.
V4-EGRESS and V6-EGRESS have been renamed to just EGRESS in the tests. The existing tests seem to be complete enough to test this same-name situation. (V4-INGRESS and V6-INGRESS were not renamed.)

ISSUE TYPE

Bugfix Pull Request

COMPONENT NAME
vyos_facts and vyos_firewall_rules
ADDITIONAL INFORMATION
An example of a configuration that was originally causing an issue:

(Click to expand):
name wan-lan {
    default-action drop
    rule 1 {
        action accept
        state {
            established enable
            related enable
        }
    }
    rule 2 {
        action drop
        log enable
        state {
            invalid enable
        }
    }
}

ipv6-name wan-lan {
    default-action drop
    rule 1 {
        action accept
        state {
            established enable
            related enable
        }
    }
    rule 2 {
        action drop
        log enable
        state {
            invalid enable
        }
    }
    rule 10 {
        action accept
        protocol icmpv6
    }
}


With this configuration, ansible_network_resources.firewall_rules would show the icmpv6 rule under both ipv4 and ipv6:

(Click to expand):
[
    {
        "afi": "ipv4",
        "rule_sets": [
            {
                "default_action": "drop",
                "name": "wan-lan",
                "rules": [
                    {
                        "action": "accept",
                        "number": 1,
                        "state": {
                            "established": true,
                            "related": true
                        }
                    },
                    {
                        "action": "drop",
                        "number": 2,
                        "state": {
                            "invalid": true
                        }
                    },
                    {
                        "action": "accept",
                        "number": 10,
                        "protocol": "icmpv6"
                    }
                ]
            },
        ]
    },
    {
        "afi": "ipv6",
        "rule_sets": [
            {
                "default_action": "drop",
                "name": "wan-lan",
                "rules": [
                    {
                        "action": "accept",
                        "number": 1,
                        "state": {
                            "established": true,
                            "related": true
                        }
                    },
                    {
                        "action": "drop",
                        "number": 2,
                        "state": {
                            "invalid": true
                        }
                    },
                    {
                        "action": "accept",
                        "number": 10,
                        "protocol": "icmpv6"
                    }
                ]
            },
        ]
    }
]

A similar issue would happen when using vyos_firewall_rules as well, where it would attempt to change rules for the wrong afi.

Reviewed-by: GomathiselviS <None>
Reviewed-by: None <None>

0 files changed, 0 insertions, 0 deletions