| Age | Commit message (Collapse) | Author |
|---|
|
* Add prettier and isort to pre-commit.
* Bump line-length to 100
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* Redirect ResourceModule to new location
* Add changelog
* Move NetworkTemplate too
|
|
* Remove deprecated modules and provider
* Remove tests for removed modules
* Remove references to vyos_argument_spec
|
|
* support 1.3 version output
Co-authored-by: Kate Case <this.is@katherineca.se>
|
|
Add support for icmpv6 type-name in firewall_rules
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
Fixes #257
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Sagar Paul <sagpaul@redhat.com>
|
|
vyos_facts: change default subset to min
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
Fixes #231
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nathaniel Case <this.is@nathanielca.se>
|
|
Change parameter 'disabled' to 'disable' in test_vyos_firewall_rules.py
SUMMARY
Fixes #239
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: Sagar Paul <sagpaul@redhat.com>
Reviewed-by: GomathiselviS <None>
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: None <None>
|
|
same name (#236)
firewall_rules: Fix incorrect behavior when IPv4 and IPv6 rule sets have the same name
SUMMARY
VyOS supports IPv4 and IPv6 rule sets having the same name, but there are a couple places in the Ansible module that don't handle this situation.
The fact gathering for ansible_network_resources.firewall_rules has been updated to look for name <name> or ipv6-name <name> instead of just <name>.
The vyos_firewall_rules module has been updated to take the afi into consideration when comparing the have and want states.
V4-EGRESS and V6-EGRESS have been renamed to just EGRESS in the tests. The existing tests seem to be complete enough to test this same-name situation. (V4-INGRESS and V6-INGRESS were not renamed.)
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
vyos_facts and vyos_firewall_rules
ADDITIONAL INFORMATION
An example of a configuration that was originally causing an issue:
(Click to expand):
name wan-lan {
default-action drop
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
}
ipv6-name wan-lan {
default-action drop
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 10 {
action accept
protocol icmpv6
}
}
With this configuration, ansible_network_resources.firewall_rules would show the icmpv6 rule under both ipv4 and ipv6:
(Click to expand):
[
{
"afi": "ipv4",
"rule_sets": [
{
"default_action": "drop",
"name": "wan-lan",
"rules": [
{
"action": "accept",
"number": 1,
"state": {
"established": true,
"related": true
}
},
{
"action": "drop",
"number": 2,
"state": {
"invalid": true
}
},
{
"action": "accept",
"number": 10,
"protocol": "icmpv6"
}
]
},
]
},
{
"afi": "ipv6",
"rule_sets": [
{
"default_action": "drop",
"name": "wan-lan",
"rules": [
{
"action": "accept",
"number": 1,
"state": {
"established": true,
"related": true
}
},
{
"action": "drop",
"number": 2,
"state": {
"invalid": true
}
},
{
"action": "accept",
"number": 10,
"protocol": "icmpv6"
}
]
},
]
}
]
A similar issue would happen when using vyos_firewall_rules as well, where it would attempt to change rules for the wrong afi.
Reviewed-by: GomathiselviS <None>
Reviewed-by: None <None>
|
|
vyos_firewall_rules: Add support for log enable on individual rules
SUMMARY
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: None <None>
|
|
Add Vyos hostname resource module
SUMMARY
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: None <None>
|
|
Vyos snmp_server Resource Module
SUMMARY
Added vyos_snmp_server resource module
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: Ashwini Mhatre <mashu97@gmail.com>
Reviewed-by: None <None>
|
|
Enable configuring ntp server pool in ntp_global
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
Fixes #221
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
|
|
Add vyos_ntp resource module
SUMMARY
Resource module vyos_ntp
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
vyos_ntp
ADDITIONAL INFORMATION
Reviewed-by: GomathiselviS <None>
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: None <None>
|
|
Add support for IPv6 `address_group` and `network_group`
SUMMARY
This adds support for ipv6 in network and address groups by adding an afi parameter, but defaulting it to ipv4 for backwards compatibility.
Fixes #137.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
vyos_firewall_global
Reviewed-by: GomathiselviS <None>
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
|
|
(#203)
Fix `vyos.vyos.vyos_firewall_rules` `state: replaced` to match documentation
SUMMARY
vyos.vyos.vyos_firewall_rules should only try to change listed firewall rules, as documented, when the state is set to replaced. As currently implemented (prior to this PR), it better matches what overridden is meant to do.
Fixes #201
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
vyos.vyos.vyos_firewall_rules
ADDITIONAL INFORMATION
Cleanup and document existing code for clarity
Add a failing idempotent test
Add a failing change test
Fix failing tests
Add change fragment
Reviewed-by: GomathiselviS <None>
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
|
|
IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent
SUMMARY
fix issue: #170
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: GomathiselviS <None>
Reviewed-by: None <None>
|
|
vyos logging_global resource module
SUMMARY
Logging resource module vyos_logging_global
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
vyos_logging_global
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
|
|
fix issue in route-maps facts code when route-maps facts are empty.
SUMMARY
fixes: #181
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
VyOS Prefix Lists Resource Module Added
SUMMARY
PR for vyos_prefix_lists rm
resolves: #99
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: Priyam Sahoo <None>
|
|
static route fixes
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Fix keyerror in firewall_rules when state=overridden
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Replace admin_distance with distance while generating static_routes nexthop command
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Vyos route maps
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
[firewall_global] port-groups are not added
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
VyOS: available_network_resources implemented in vyos_facts
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
VYOS: Mask sensitive key values from module result
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Add support for wireguard interface
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Add vyos_bgp_address_family resource module.
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Add vyos_bgp_global resource module
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Fix test-sanity-docker failures
Reviewed-by: Nathaniel Case <this.is@nathanielca.se>
https://github.com/Qalthos
|
|
Remove reliance on netcommon's ipaddress
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Enable configuring new interface which is not present in the config
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Add ospf_interfaces resource module
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Support openvpn vtu interface
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Reformatted files with latest version of Black (20.8b1)
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
[vyos] Fix sanity issues
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Clean up boilerplate ignores
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Remove # pylint: skip-file usage
Reviewed-by: Paul Belanger
https://github.com/pabelanger
|
|
[VyOS]: update readme and add .rst files
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Fixes needed for sanity
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
VyOS: OSPFv3 Resource Module
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
[VyOS]: Firewall rules Deleted state operation updated
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
|
|
[VyOS] LLDP global resource module updated with new states
Reviewed-by: https://github.com/apps/ansible-zuul
|
|
[VyOS] L3 interfaces resource module updated with new states
Reviewed-by: https://github.com/apps/ansible-zuul
|
