summaryrefslogtreecommitdiff
path: root/tests
diff options
context:
space:
mode:
authorCaptTrews <capttrews@gmail.com>2020-03-02 00:11:37 +0000
committerCaptTrews <capttrews@gmail.com>2020-03-02 00:11:37 +0000
commita38aeadb72d2a6aef8510ca535060add98fccc3b (patch)
tree2cd790e3470c8cd13502e5dbff47c9b3dfb2cf8c /tests
parent4313b070205766e68d30cea4f49a6bad83007bb0 (diff)
downloadvyos-ansible-collection-a38aeadb72d2a6aef8510ca535060add98fccc3b.tar.gz
vyos-ansible-collection-a38aeadb72d2a6aef8510ca535060add98fccc3b.zip
Updated from network content collector
Signed-off-by: CaptTrews <capttrews@gmail.com>
Diffstat (limited to 'tests')
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/1120
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/defaults/main.yaml3
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/meta/main.yaml3
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml19
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tasks/main.yaml4
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg10
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml12
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml7
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml7
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml7
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted.yaml58
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml68
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_all.yaml54
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_single.yaml63
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/empty_config.yaml60
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/gathered.yaml40
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged.yaml96
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged_edit.yaml70
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/overridden.yaml66
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml47
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/rendered.yaml72
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/replaced.yaml83
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/tests/cli/rtt.yaml94
-rw-r--r--tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml279
-rw-r--r--tests/unit/modules/network/vyos/fixtures/vyos_firewall_interfaces_config.cfg8
-rw-r--r--tests/unit/modules/network/vyos/test_vyos_firewall_interfaces.py432
26 files changed, 1782 insertions, 0 deletions
diff --git a/tests/integration/targets/vyos_firewall_interfaces/1 b/tests/integration/targets/vyos_firewall_interfaces/1
new file mode 100644
index 0000000..70ae90f
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/1
@@ -0,0 +1,120 @@
+---
+merged:
+ before: []
+
+
+ commands:
+ - "set interfaces ethernet eth1 firewall in name 'INBOUND'"
+ - "set interfaces ethernet eth1 firewall out name 'OUTBOUND'"
+ - "set interfaces ethernet eth1 firewall local name 'LOCAL'"
+ - "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'"
+ - "set interfaces ethernet eth3 firewall in name 'INBOUND'"
+ - "set interfaces ethernet eth3 firewall out name 'OUTBOUND'"
+ - "set interfaces ethernet eth3 firewall local name 'LOCAL'"
+ - "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'"
+
+ after:
+ - name: 'eth1'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ - name: 'OUBOUND'
+ direction: 'out'
+ - afi: 'ipv6'
+ rules:
+ - name: 'V6-LOCAL'
+ direction: 'local'
+
+populate:
+ - name: 'eth1'
+ access_rules:
+ - afi: 'ipv4'
+ rules:
+ - name: 'INBOUND'
+ direction: 'in'
+ - name: 'OUBOUND'
+ direction: 'out'
+ - afi: 'ipv6'
+ rules:
+ - name: 'LOCAL'
+ direction: 'local'
+
+replaced:
+ commands:
+ - "delete service lldp interface eth2 location"
+ - "set service lldp interface eth2 'disable'"
+ - "set service lldp interface eth2 location civic-based country-code 'US'"
+ - "set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'"
+ - "delete service lldp interface eth1 location"
+ - "set service lldp interface eth1 'disable'"
+ - "set service lldp interface eth1 location coordinate-based latitude '33.524449N'"
+ - "set service lldp interface eth1 location coordinate-based altitude '2200'"
+ - "set service lldp interface eth1 location coordinate-based datum 'WGS84'"
+ - "set service lldp interface eth1 location coordinate-based longitude '222.267255W'"
+
+ after:
+ - name: 'eth2'
+ enable: false
+ location:
+ civic_based:
+ country_code: 'US'
+ ca_info:
+ - ca_type: 0
+ ca_value: 'ENGLISH'
+
+ - name: 'eth1'
+ enable: false
+ location:
+ coordinate_based:
+ altitude: 2200
+ datum: 'WGS84'
+ longitude: '222.267255W'
+ latitude: '33.524449N'
+
+populate_intf:
+ - name: 'eth2'
+ enable: false
+ location:
+ civic_based:
+ country_code: 'US'
+ ca_info:
+ - ca_type: 0
+ ca_value: 'ENGLISH'
+
+overridden:
+ commands:
+ - "delete service lldp interface eth2 location"
+ - "delete service lldp interface eth2 'disable'"
+ - "set service lldp interface eth2 location elin '0000000911'"
+
+ after:
+ - name: 'eth2'
+ location:
+ elin: 0000000911
+
+deleted:
+ commands:
+ - "delete service lldp interface eth1"
+ - "delete service lldp interface eth2"
+
+ after: []
+
+round_trip:
+ after:
+ - name: 'eth1'
+ location:
+ civic_based:
+ country_code: 'US'
+ ca_info:
+ - ca_type: 0
+ ca_value: 'ENGLISH'
+
+ - name: 'eth2'
+ location:
+ coordinate_based:
+ altitude: 2200
+ datum: 'WGS84'
+ longitude: '222.267255W'
+ latitude: '33.524449N'
diff --git a/tests/integration/targets/vyos_firewall_interfaces/defaults/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/defaults/main.yaml
new file mode 100644
index 0000000..852a6be
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/defaults/main.yaml
@@ -0,0 +1,3 @@
+---
+testcase: '[^_].*'
+test_items: []
diff --git a/tests/integration/targets/vyos_firewall_interfaces/meta/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/meta/main.yaml
new file mode 100644
index 0000000..7413320
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/meta/main.yaml
@@ -0,0 +1,3 @@
+---
+dependencies:
+ - prepare_vyos_tests
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml b/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml
new file mode 100644
index 0000000..93eb2fe
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml
@@ -0,0 +1,19 @@
+---
+- name: Collect all cli test cases
+ find:
+ paths: '{{ role_path }}/tests/cli'
+ patterns: '{{ testcase }}.yaml'
+ use_regex: true
+ register: test_cases
+ delegate_to: localhost
+
+- name: Set test_items
+ set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}"
+
+- name: Run test case (connection=ansible.netcommon.network_cli)
+ include: '{{ test_case_to_run }}'
+ vars:
+ ansible_connection: ansible.netcommon.network_cli
+ with_items: '{{ test_items }}'
+ loop_control:
+ loop_var: test_case_to_run
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tasks/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/tasks/main.yaml
new file mode 100644
index 0000000..a3db933
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tasks/main.yaml
@@ -0,0 +1,4 @@
+---
+- include: cli.yaml
+ tags:
+ - cli
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg
new file mode 100644
index 0000000..54696e8
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg
@@ -0,0 +1,10 @@
+set interfaces ethernet eth1 firewall in name 'INBOUND'
+set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+set interfaces ethernet eth1 firewall local name 'LOCAL'
+set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+set interfaces ethernet eth2 firewall in name 'INBOUND'
+set interfaces ethernet eth2 firewall out name 'OUTBOUND'
+set interfaces ethernet eth2 firewall local name 'LOCAL'
+set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'
+set interfaces ethernet eth0
+
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml
new file mode 100644
index 0000000..3e60c41
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml
@@ -0,0 +1,12 @@
+---
+- name: Setup
+ vars:
+ lines: "set interfaces ethernet eth1 firewall in name 'INBOUND' \nset interfaces\
+ \ ethernet eth1 firewall out name 'OUTBOUND' \nset interfaces ethernet eth1\
+ \ firewall local name 'LOCAL' \nset interfaces ethernet eth1 firewall local\
+ \ ipv6-name 'V6-LOCAL'\nset interfaces ethernet eth2 firewall in name 'INBOUND'\n\
+ set interfaces ethernet eth2 firewall out name 'OUTBOUND'\nset interfaces\
+ \ ethernet eth2 firewall local name 'LOCAL' \nset interfaces ethernet eth2\
+ \ firewall local ipv6-name 'V6-LOCAL'\n"
+ ansible.netcommon.cli_config:
+ config: '{{ lines }}'
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml
new file mode 100644
index 0000000..40a7f4a
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml
@@ -0,0 +1,7 @@
+---
+- name: Setup
+ vars:
+ lines: "set firewall name 'INBOUND'\nset firewall name 'OUTBOUND'\nset firewall\
+ \ name 'LOCAL'\nset firewall ipv6-name 'V6-LOCAL'\n"
+ ansible.netcommon.cli_config:
+ config: '{{ lines }}'
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml
new file mode 100644
index 0000000..38a1800
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml
@@ -0,0 +1,7 @@
+---
+- name: Remove Config
+ vars:
+ lines: "delete interfaces ethernet eth1 firewall\ndelete interfaces ethernet\
+ \ eth2 firewall\n"
+ ansible.netcommon.cli_config:
+ config: '{{ lines }}'
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml
new file mode 100644
index 0000000..0844749
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml
@@ -0,0 +1,7 @@
+---
+- name: Remove Config
+ vars:
+ lines: "delete firewall name INBOUND\ndelete firewall name OUTBOUND\ndelete\
+ \ firewall name LOCAL\ndelete firewall ipv6-name V6-LOCAL\n"
+ ansible.netcommon.cli_config:
+ config: '{{ lines }}'
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted.yaml
new file mode 100644
index 0000000..078dd89
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted.yaml
@@ -0,0 +1,58 @@
+---
+- debug:
+ msg: Start vyos_firewall_interfaces deleted integration tests ansible_connection={{
+ ansible_connection }}
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Delete attributes of given firewall rules.
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+
+ - name: eth2
+ state: deleted
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
+
+ - name: Assert that the correct set of commands were generated
+ assert:
+ that:
+ - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length\
+ \ == 0 }}"
+
+ - name: Assert that the after dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Delete attributes of given interfaces (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result.changed == false
+ - result.commands|length == 0
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml
new file mode 100644
index 0000000..f7db06b
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml
@@ -0,0 +1,68 @@
+---
+- debug:
+ msg: Start vyos_firewall_interfaces deleted integration tests ansible_connection={{
+ ansible_connection }}
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Delete firewall interfaces based on IP address type provided.
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+
+ - afi: ipv6
+
+ - name: eth2
+ access_rules:
+
+ - afi: ipv4
+
+ - afi: ipv6
+ state: deleted
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
+
+ - name: Assert that the correct set of commands were generated
+ assert:
+ that:
+ - "{{ deleted_afi['commands'] | symmetric_difference(result['commands'])\
+ \ |length == 0 }}"
+
+ - name: Assert that the after dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted_afi['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Delete attributes of given interfaces (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result.changed == false
+ - result.commands|length == 0
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted_afi['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_all.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_all.yaml
new file mode 100644
index 0000000..d85654c
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_all.yaml
@@ -0,0 +1,54 @@
+---
+- debug:
+ msg: Start vyos_firewall_interfaces deleted integration tests ansible_connection={{
+ ansible_connection }}
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Delete all the firewall interfaces.
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+ state: deleted
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
+
+ - name: Assert that the correct set of commands were generated
+ assert:
+ that:
+ - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length\
+ \ == 0 }}"
+
+ - name: Assert that the after dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Delete attributes of given interfaces (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result.changed == false
+ - result.commands|length == 0
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_single.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_single.yaml
new file mode 100644
index 0000000..f7e91f8
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_single.yaml
@@ -0,0 +1,63 @@
+---
+- debug:
+ msg: Start vyos_firewall_interfaces deleted integration tests ansible_connection={{
+ ansible_connection }}
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Delete firewall interface.
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - direction: in
+ name: INBOUND
+ state: deleted
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
+
+ - name: Assert that the correct set of commands were generated
+ assert:
+ that:
+ - "{{ deleted_single['commands'] | symmetric_difference(result['commands'])\
+ \ |length == 0 }}"
+
+ - name: Assert that the after dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted_single['after'] | symmetric_difference(result['after'])\
+ \ |length == 0 }}"
+
+ - name: Delete attributes of given interfaces (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result.changed == false
+ - result.commands|length == 0
+
+ - name: Assert that the before dicts were correctly generated
+ assert:
+ that:
+ - "{{ deleted_single['after'] | symmetric_difference(result['before'])\
+ \ |length == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/empty_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/empty_config.yaml
new file mode 100644
index 0000000..66c49bf
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/empty_config.yaml
@@ -0,0 +1,60 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces empty_config integration tests on connection={{
+ ansible_connection }}
+
+- name: Merged with empty config should give appropriate error message
+ register: result
+ ignore_errors: true
+ vyos.vyos.vyos_firewall_interfaces:
+ config:
+ state: merged
+
+- assert:
+ that:
+ - result.msg == 'value of config parameter must not be empty for state merged'
+
+- name: Replaced with empty config should give appropriate error message
+ register: result
+ ignore_errors: true
+ vyos.vyos.vyos_firewall_interfaces:
+ config:
+ state: replaced
+
+- assert:
+ that:
+ - result.msg == 'value of config parameter must not be empty for state replaced'
+
+- name: Overridden with empty config should give appropriate error message
+ register: result
+ ignore_errors: true
+ vyos.vyos.vyos_firewall_interfaces:
+ config:
+ state: overridden
+
+- assert:
+ that:
+ - result.msg == 'value of config parameter must not be empty for state overridden'
+
+- name: Parsed with empty running_config should give appropriate error message
+ register: result
+ ignore_errors: true
+ vyos.vyos.vyos_firewall_interfaces:
+ running_config:
+ state: parsed
+
+- assert:
+ that:
+ - result.msg == 'value of running_config parameter must not be empty for state
+ parsed'
+
+- name: Rendered with empty config should give appropriate error message
+ register: result
+ ignore_errors: true
+ vyos.vyos.vyos_firewall_interfaces:
+ config:
+ state: rendered
+
+- assert:
+ that:
+ - result.msg == 'value of config parameter must not be empty for state rendered'
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/gathered.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/gathered.yaml
new file mode 100644
index 0000000..fd8dd74
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/gathered.yaml
@@ -0,0 +1,40 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces gathered integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _remove_firewall_config.yaml
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Merge the provided configuration with the exisiting running configuration
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+ state: gathered
+
+ - name: Assert that gathered dicts was correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['gathered']) |length == 0\
+ \ }}"
+
+ - name: Gather the existing running configuration (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged.yaml
new file mode 100644
index 0000000..0c28eab
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged.yaml
@@ -0,0 +1,96 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces merged integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _remove_config.yaml
+
+- block:
+
+ - name: Merge the provided configuration with the exisiting running configuration
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - direction: in
+ name: INBOUND
+
+ - direction: local
+ name: LOCAL
+
+ - direction: out
+ name: OUTBOUND
+
+ - afi: ipv6
+ rules:
+
+ - direction: local
+ name: V6-LOCAL
+
+ - name: eth2
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - direction: in
+ name: INBOUND
+
+ - direction: local
+ name: LOCAL
+
+ - direction: out
+ name: OUTBOUND
+
+ - afi: ipv6
+ rules:
+
+ - direction: local
+ name: V6-LOCAL
+ state: merged
+
+ - name: Assert that before dicts were correctly generated
+ assert:
+ that: "{{ merged['before'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+
+ - name: Assert that correct set of commands were generated
+ assert:
+ that:
+ - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\
+ \ == 0 }}"
+
+ - name: Assert that after dicts was correctly generated
+ assert:
+ that:
+ - "{{ merged['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Merge the provided configuration with the existing running configuration
+ (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ - name: Assert that before dicts were correctly generated
+ assert:
+ that:
+ - "{{ merged['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged_edit.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged_edit.yaml
new file mode 100644
index 0000000..873f4c4
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/merged_edit.yaml
@@ -0,0 +1,70 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces merged integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _remove_firewall_config.yaml
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Merge the provided configuration with the exisiting running configuration
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - direction: in
+ name: OUTBOUND
+
+ - direction: out
+ name: INBOUND
+ state: merged
+
+ - name: Assert that before dicts were correctly generated
+ assert:
+ that: "{{ populate | symmetric_difference(result['before']) |length == 0\
+ \ }}"
+
+ - name: Assert that correct set of commands were generated
+ assert:
+ that:
+ - "{{ merged_edit['commands'] | symmetric_difference(result['commands'])\
+ \ |length == 0 }}"
+
+ - name: Assert that after dicts was correctly generated
+ assert:
+ that:
+ - "{{ merged_edit['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Merge the provided configuration with the existing running configuration
+ (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ - name: Assert that before dicts were correctly generated
+ assert:
+ that:
+ - "{{ merged_edit['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/overridden.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/overridden.yaml
new file mode 100644
index 0000000..01d30b6
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/overridden.yaml
@@ -0,0 +1,66 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces overridden integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _remove_firewall_config.yaml
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Overrides all device configuration with provided configuration
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth2
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: INBOUND
+ direction: out
+ state: overridden
+
+ - name: Assert that before dicts were correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
+
+ - name: Assert that correct commands were generated
+ assert:
+ that:
+ - "{{ overridden['commands'] | symmetric_difference(result['commands'])\
+ \ |length == 0 }}"
+
+ - name: Assert that after dicts were correctly generated
+ assert:
+ that:
+ - "{{ overridden['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Overrides all device configuration with provided configurations (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ - name: Assert that before dicts were correctly generated
+ assert:
+ that:
+ - "{{ overridden['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml
new file mode 100644
index 0000000..c7032e1
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml
@@ -0,0 +1,47 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces parsed integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _remove_firewall_config.yaml
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Gather firewall_interfaces facts
+ register: firewall_interfaces_facts
+ vyos.vyos.vyos_facts:
+ gather_subset:
+ - default
+ gather_network_resources:
+ - firewall_interfaces
+
+ - name: Provide the running configuration for parsing (config to be parsed)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ running_config: "{{ lookup('file', '_parsed_config.cfg') }}"
+ state: parsed
+
+ - name: Assert that correct parsing done
+ assert:
+ that: "{{ ansible_facts['network_resources']['firewall_interfaces'] | symmetric_difference(result['parsed'])\
+ \ |length == 0 }}"
+
+ - name: Gather the existing running configuration (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/rendered.yaml
new file mode 100644
index 0000000..022dd50
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/rendered.yaml
@@ -0,0 +1,72 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces rendered integration tests on connection={{
+ ansible_connection }}
+
+- block:
+
+ - name: Structure provided configuration into device specific commands
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: INBOUND
+ direction: in
+
+ - name: OUTBOUND
+ direction: out
+
+ - name: LOCAL
+ direction: local
+
+ - afi: ipv6
+ rules:
+
+ - name: V6-LOCAL
+ direction: local
+
+ - name: eth2
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: INBOUND
+ direction: in
+
+ - name: OUTBOUND
+ direction: out
+
+ - name: LOCAL
+ direction: local
+
+ - afi: ipv6
+ rules:
+
+ - name: V6-LOCAL
+ direction: local
+ state: rendered
+
+ - name: Assert that correct set of commands were generated
+ assert:
+ that:
+ - "{{ rendered['commands'] | symmetric_difference(result['rendered'])\
+ \ |length == 0 }}"
+
+ - name: Structure provided configuration into device specific commands (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+ always:
+
+ - include_tasks: _remove_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/replaced.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/replaced.yaml
new file mode 100644
index 0000000..b2b0067
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/replaced.yaml
@@ -0,0 +1,83 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces replaced integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _remove_firewall_config.yaml
+
+- include_tasks: _populate_rule_sets.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+
+ - name: Replace device configurations of listed firewall rules with provided
+ configurations
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: &id001
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: OUTBOUND
+ direction: out
+
+ - afi: ipv6
+ rules:
+
+ - name: V6-LOCAL
+ direction: local
+
+ - name: eth2
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: INBOUND
+ direction: in
+ state: replaced
+
+ - name: Assert that correct set of commands were generated
+ assert:
+ that:
+ - "{{ replaced['commands'] | symmetric_difference(result['commands'])\
+ \ |length == 0 }}"
+
+ - name: Assert that before dicts are correctly generated
+ assert:
+ that:
+ - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
+
+ - name: Assert that after dict is correctly generated
+ assert:
+ that:
+ - "{{ replaced['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Replace device configurations of listed firewall rules with provided
+ configurarions (IDEMPOTENT)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces: *id001
+
+ - name: Assert that task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ - name: Assert that before dict is correctly generated
+ assert:
+ that:
+ - "{{ replaced['after'] | symmetric_difference(result['before']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/rtt.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/rtt.yaml
new file mode 100644
index 0000000..9155b7c
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/rtt.yaml
@@ -0,0 +1,94 @@
+---
+- debug:
+ msg: START vyos_firewall_interfaces round trip integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _remove_firewall_config.yaml
+
+- include_tasks: _populate_rule_sets.yaml
+
+- block:
+
+ - name: Apply the provided configuration (base config)
+ register: base_config
+ vyos.vyos.vyos_firewall_interfaces:
+ config:
+
+ - name: eth1
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: INBOUND
+ direction: in
+
+ - name: OUTBOUND
+ direction: out
+
+ - name: LOCAL
+ direction: local
+
+ - afi: ipv6
+ rules:
+
+ - name: V6-LOCAL
+ direction: local
+ state: merged
+
+ - name: Gather firewall_interfaces facts
+ vyos.vyos.vyos_facts:
+ gather_subset:
+ - default
+ gather_network_resources:
+ - firewall_interfaces
+
+ - name: Apply the provided configuration (config to be reverted)
+ register: result
+ vyos.vyos.vyos_firewall_interfaces:
+ config:
+
+ - name: eth2
+ access_rules:
+
+ - afi: ipv4
+ rules:
+
+ - name: INBOUND
+ direction: in
+
+ - name: OUTBOUND
+ direction: out
+
+ - name: LOCAL
+ direction: local
+
+ - afi: ipv6
+ rules:
+
+ - name: V6-LOCAL
+ direction: local
+ state: merged
+
+ - name: Assert that changes were applied
+ assert:
+ that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length\
+ \ == 0 }}"
+
+ - name: Revert back to base config using facts round trip
+ register: revert
+ vyos.vyos.vyos_firewall_interfaces:
+ config: "{{ ansible_facts['network_resources']['firewall_interfaces'] }}"
+ state: overridden
+
+ - name: Assert that config was reverted
+ assert:
+ that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length\
+ \ == 0 }}"
+ always:
+
+ - include_tasks: _remove_config.yaml
+
+ - include_tasks: _remove_firewall_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml
new file mode 100644
index 0000000..45be6db
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml
@@ -0,0 +1,279 @@
+---
+merged:
+ before:
+ - name: eth0
+ - name: eth1
+ - name: eth2
+ commands:
+ - set interfaces ethernet eth1 firewall in name 'INBOUND'
+ - set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+ - set interfaces ethernet eth1 firewall local name 'LOCAL'
+ - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+ - set interfaces ethernet eth2 firewall in name 'INBOUND'
+ - set interfaces ethernet eth2 firewall out name 'OUTBOUND'
+ - set interfaces ethernet eth2 firewall local name 'LOCAL'
+ - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'
+ after:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth2
+populate:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth2
+merged_edit:
+ commands:
+ - set interfaces ethernet eth1 firewall in name 'OUTBOUND'
+ - set interfaces ethernet eth1 firewall out name 'INBOUND'
+ after:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: OUTBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: INBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth2
+replaced:
+ commands:
+ - delete interfaces ethernet eth2 firewall out name
+ - delete interfaces ethernet eth2 firewall local name
+ - delete interfaces ethernet eth2 firewall local ipv6-name
+ - delete interfaces ethernet eth1 firewall local name
+ - delete interfaces ethernet eth1 firewall in name
+ after:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ name: eth2
+overridden:
+ before:
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - name: INBOUND
+ direction: in
+ - name: LOCAL
+ direction: local
+ - name: OUTBOUND
+ direction: out
+ - afi: ipv6
+ rules:
+ - name: V6-LOCAL
+ direction: local
+ name: eth2
+ commands:
+ - delete interfaces ethernet eth1 firewall
+ - delete interfaces ethernet eth2 firewall in name
+ - delete interfaces ethernet eth2 firewall local name
+ - delete interfaces ethernet eth2 firewall local ipv6-name
+ - set interfaces ethernet eth2 firewall out name 'INBOUND'
+ after:
+ - name: eth0
+ - name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - name: INBOUND
+ direction: out
+ name: eth2
+deleted:
+ commands:
+ - delete interfaces ethernet eth1 firewall
+ - delete interfaces ethernet eth2 firewall
+ after:
+ - name: eth0
+ - name: eth1
+ - name: eth2
+deleted_afi:
+ commands:
+ - delete interfaces ethernet eth1 firewall in name
+ - delete interfaces ethernet eth1 firewall local name
+ - delete interfaces ethernet eth1 firewall out name
+ - delete interfaces ethernet eth1 firewall local ipv6-name
+ - delete interfaces ethernet eth2 firewall in name
+ - delete interfaces ethernet eth2 firewall local name
+ - delete interfaces ethernet eth2 firewall out name
+ - delete interfaces ethernet eth2 firewall local ipv6-name
+ after:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ - afi: ipv6
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ - afi: ipv6
+ name: eth2
+deleted_single:
+ commands:
+ - delete interfaces ethernet eth1 firewall in name 'INBOUND'
+ after:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth2
+rendered:
+ commands:
+ - set interfaces ethernet eth1 firewall in name 'INBOUND'
+ - set interfaces ethernet eth1 firewall out name 'OUTBOUND'
+ - set interfaces ethernet eth1 firewall local name 'LOCAL'
+ - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'
+ - set interfaces ethernet eth2 firewall in name 'INBOUND'
+ - set interfaces ethernet eth2 firewall out name 'OUTBOUND'
+ - set interfaces ethernet eth2 firewall local name 'LOCAL'
+ - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'
+round_trip:
+ after:
+ - name: eth0
+ - access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
+ name: eth1
+ - name: eth2
+ access_rules:
+ - afi: ipv4
+ rules:
+ - direction: in
+ name: INBOUND
+ - direction: local
+ name: LOCAL
+ - direction: out
+ name: OUTBOUND
+ - afi: ipv6
+ rules:
+ - direction: local
+ name: V6-LOCAL
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_interfaces_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_interfaces_config.cfg
new file mode 100644
index 0000000..24704d2
--- /dev/null
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_interfaces_config.cfg
@@ -0,0 +1,8 @@
+set interfaces ethernet eth0 firewall in name 'INBOUND'
+set interfaces ethernet eth0 firewall local ipv6-name 'V6-LOCAL'
+set interfaces ethernet eth0 firewall local name 'LOCAL'
+set interfaces ethernet eth0 firewall out name 'OUTBOUND'
+set interfaces ethernet eth2 firewall in name 'INBOUND'
+set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'
+set interfaces ethernet eth2 firewall local name 'LOCAL'
+set interfaces ethernet eth2 firewall out name 'OUTBOUND'
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_interfaces.py b/tests/unit/modules/network/vyos/test_vyos_firewall_interfaces.py
new file mode 100644
index 0000000..1ffeae4
--- /dev/null
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_interfaces.py
@@ -0,0 +1,432 @@
+# (c) 2016 Red Hat Inc.
+#
+# This file is part of Ansible
+#
+# Ansible is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# Ansible is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
+
+# Make coding more python3-ish
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+from ansible_collections.vyos.vyos.tests.unit.compat.mock import (
+ patch,
+ MagicMock,
+)
+from ansible_collections.vyos.vyos.plugins.modules import (
+ vyos_firewall_interfaces,
+)
+from ansible_collections.vyos.vyos.tests.unit.modules.utils import (
+ set_module_args,
+)
+from .vyos_module import TestVyosModule, load_fixture
+
+
+class TestVyosFirewallInterfacesModule(TestVyosModule):
+
+ module = vyos_firewall_interfaces
+
+ def setUp(self):
+ super(TestVyosFirewallInterfacesModule, self).setUp()
+ self.mock_get_config = patch(
+ "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network.Config.get_config"
+ )
+ self.get_config = self.mock_get_config.start()
+
+ self.mock_load_config = patch(
+ "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network.Config.load_config"
+ )
+ self.load_config = self.mock_load_config.start()
+
+ self.mock_get_resource_connection_config = patch(
+ "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.cfg.base.get_resource_connection"
+ )
+ self.get_resource_connection_config = (
+ self.mock_get_resource_connection_config.start()
+ )
+
+ self.mock_get_resource_connection_facts = patch(
+ "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.facts.facts.get_resource_connection"
+ )
+ self.get_resource_connection_facts = (
+ self.mock_get_resource_connection_facts.start()
+ )
+
+ self.mock_execute_show_command = patch(
+ "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_interfaces.firewall_interfaces.Firewall_interfacesFacts.get_device_data"
+ )
+ self.execute_show_command = self.mock_execute_show_command.start()
+
+ def tearDown(self):
+ super(TestVyosFirewallInterfacesModule, self).tearDown()
+ self.mock_get_resource_connection_config.stop()
+ self.mock_get_resource_connection_facts.stop()
+ self.mock_get_config.stop()
+ self.mock_load_config.stop()
+ self.mock_execute_show_command.stop()
+
+ def load_fixtures(self, commands=None):
+ def load_from_file(*args, **kwargs):
+ return load_fixture("vyos_firewall_interfaces_config.cfg")
+
+ self.execute_show_command.side_effect = load_from_file
+
+ def test_vyos_firewall_rule_set_01_merged(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth1",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ dict(
+ name="eth3",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ ],
+ state="merged",
+ )
+ )
+ commands = [
+ "set interfaces ethernet eth1 firewall in name 'INBOUND'",
+ "set interfaces ethernet eth1 firewall out name 'OUTBOUND'",
+ "set interfaces ethernet eth1 firewall local name 'LOCAL'",
+ "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'",
+ "set interfaces ethernet eth3 firewall in name 'INBOUND'",
+ "set interfaces ethernet eth3 firewall out name 'OUTBOUND'",
+ "set interfaces ethernet eth3 firewall local name 'LOCAL'",
+ "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_02_merged_idem(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth0",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ dict(
+ name="eth2",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ ],
+ state="merged",
+ )
+ )
+ self.execute_module(changed=False, commands=[])
+
+ def test_vyos_firewall_rule_set_01_deleted_per_afi(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth0",
+ access_rules=[dict(afi="ipv4"), dict(afi="ipv6")],
+ )
+ ],
+ state="deleted",
+ )
+ )
+ commands = [
+ "delete interfaces ethernet eth0 firewall in name",
+ "delete interfaces ethernet eth0 firewall local name",
+ "delete interfaces ethernet eth0 firewall out name",
+ "delete interfaces ethernet eth0 firewall local ipv6-name",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_03_deleted_per_interface(self):
+ set_module_args(
+ dict(
+ config=[dict(name="eth0"), dict(name="eth2")], state="deleted"
+ )
+ )
+ commands = [
+ "delete interfaces ethernet eth0 firewall",
+ "delete interfaces ethernet eth2 firewall",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_03_deleted_all(self):
+ set_module_args(dict(config=[], state="deleted"))
+ commands = [
+ "delete interfaces ethernet eth0 firewall",
+ "delete interfaces ethernet eth2 firewall",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_03_deleted(self):
+ set_module_args(
+ dict(
+ config=[dict(name="eth0"), dict(name="eth2")], state="deleted"
+ )
+ )
+ commands = [
+ "delete interfaces ethernet eth0 firewall",
+ "delete interfaces ethernet eth2 firewall",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_04_deleted_interface_idem(self):
+ set_module_args(
+ dict(
+ config=[dict(name="eth1"), dict(name="eth3")], state="deleted"
+ )
+ )
+ self.execute_module(changed=False, commands=[])
+
+ def test_vyos_firewall_rule_set_02_replaced_idem(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth0",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ dict(
+ name="eth2",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ ],
+ state="replaced",
+ )
+ )
+ self.execute_module(changed=False, commands=[])
+
+ def test_vyos_firewall_rule_set_01_replaced(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth0",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[dict(name="INBOUND", direction="in"),],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ dict(
+ name="eth2",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[dict(name="LOCAL", direction="local")],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ dict(
+ name="eth3",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[dict(name="LOCAL", direction="local")],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ ],
+ state="replaced",
+ )
+ )
+ commands = [
+ "delete interfaces ethernet eth0 firewall out name",
+ "delete interfaces ethernet eth0 firewall local name",
+ "delete interfaces ethernet eth2 firewall in name",
+ "delete interfaces ethernet eth2 firewall out name",
+ "set interfaces ethernet eth3 firewall local name 'LOCAL'",
+ "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_01_overridden(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth1",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[dict(name="INBOUND", direction="in")],
+ )
+ ],
+ )
+ ],
+ state="overridden",
+ )
+ )
+ commands = [
+ "delete interfaces ethernet eth0 firewall",
+ "delete interfaces ethernet eth2 firewall",
+ "set interfaces ethernet eth1 firewall in name 'INBOUND'",
+ ]
+ self.execute_module(changed=True, commands=commands)
+
+ def test_vyos_firewall_rule_set_02_overridden_idem(self):
+ set_module_args(
+ dict(
+ config=[
+ dict(
+ name="eth0",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ dict(
+ name="eth2",
+ access_rules=[
+ dict(
+ afi="ipv4",
+ rules=[
+ dict(name="INBOUND", direction="in"),
+ dict(name="OUTBOUND", direction="out"),
+ dict(name="LOCAL", direction="local"),
+ ],
+ ),
+ dict(
+ afi="ipv6",
+ rules=[
+ dict(name="V6-LOCAL", direction="local")
+ ],
+ ),
+ ],
+ ),
+ ],
+ state="overridden",
+ )
+ )
+ self.execute_module(changed=False, commands=[])
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-10 05:49:38 +0000