Merge pull request #23 from rohitthakur2590/firewall_rules_del_changes

[VyOS]: Firewall rules Deleted state operation updated

Reviewed-by: https://github.com/apps/ansible-zuul

6 files changed, 54 insertions, 158 deletions

diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml
index 7acfe65..67bfd3c 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml
@@ -11,15 +11,11 @@
       register: result
       vyos.vyos.vyos_firewall_rules: &id001
         config:
-
           - afi: ipv6
             rule_sets:
-
               - name: UPLINK
-
           - afi: ipv4
             rule_sets:
-
               - name: INBOUND
         state: deleted
 
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml
deleted file mode 100644
index d77e2a9..0000000
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
----
-- debug:
-    msg: Start vyos_firewall_rules deleted integration tests ansible_connection={{
-      ansible_connection }}
-
-- include_tasks: _populate.yaml
-
-- block:
-
-    - name: Delete firewall rule.
-      register: result
-      vyos.vyos.vyos_firewall_rules: &id001
-        config:
-
-          - afi: ipv6
-            rule_sets:
-
-              - name: UPLINK
-                rules:
-
-                  - number: 1
-        state: deleted
-
-    - name: Assert that the before dicts were correctly generated
-      assert:
-        that:
-          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}"
-
-    - name: Assert that the correct set of commands were generated
-      assert:
-        that:
-          - "{{ deleted_r['commands'] | symmetric_difference(result['commands'])\
-            \ |length == 0 }}"
-
-    - name: Assert that the after dicts were correctly generated
-      assert:
-        that:
-          - "{{ deleted_r['after'] | symmetric_difference(result['after']) |length\
-            \ == 0 }}"
-
-    - name: Delete attributes of given interfaces (IDEMPOTENT)
-      register: result
-      vyos.vyos.vyos_firewall_rules: *id001
-
-    - name: Assert that the previous task was idempotent
-      assert:
-        that:
-          - result.changed == false
-          - result.commands|length == 0
-
-    - name: Assert that the before dicts were correctly generated
-      assert:
-        that:
-          - "{{ deleted_r['after'] | symmetric_difference(result['before']) |length\
-            \ == 0 }}"
-  always:
-
-    - include_tasks: _remove_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml
index cdc8e51..59c81aa 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml
@@ -9,9 +9,9 @@
 
 - block:
 
-    - name: Merge the provided configuration with the exisiting running configuration
+    - name: Gather the provided configuration with the exisiting running configuration
       register: result
-      vyos.vyos.vyos_firewall_rules: &id001
+      vyos.vyos.vyos_firewall_rules:
         config:
         state: gathered
 
@@ -21,14 +21,6 @@
           - "{{ populate | symmetric_difference(result['gathered']) |length == 0\
             \ }}"
 
-    - name: Gather the existing running configuration (IDEMPOTENT)
-      register: result
-      vyos.vyos.vyos_firewall_rules: *id001
-
-    - name: Assert that the previous task was idempotent
-      assert:
-        that:
-          - result['changed'] == false
   always:
 
     - include_tasks: _remove_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml
index a793ac5..bc95524 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml
@@ -3,39 +3,14 @@
     msg: START vyos_firewall_rules parsed integration tests on connection={{ ansible_connection
       }}
 
-- include_tasks: _remove_config.yaml
-
-- include_tasks: _populate.yaml
-
-- block:
-
-    - name: Gather firewall_rules facts
-      register: firewall_rules_facts
-      vyos.vyos.vyos_facts:
-        gather_subset:
-          - default
-        gather_network_resources:
-          - firewall_rules
-
-    - name: Provide the running configuration for parsing (config to be parsed)
-      register: result
-      vyos.vyos.vyos_firewall_rules: &id001
-        running_config: "{{ lookup('file', '_parsed_config.cfg') }}"
-        state: parsed
-
-    - name: Assert that correct parsing done
-      assert:
-        that: "{{ ansible_facts['network_resources']['firewall_rules'] | symmetric_difference(result['parsed'])\
-          \ |length == 0 }}"
-
-    - name: Gather the existing running configuration (IDEMPOTENT)
-      register: result
-      vyos.vyos.vyos_firewall_rules: *id001
-
-    - name: Assert that the previous task was idempotent
-      assert:
-        that:
-          - result['changed'] == false
-  always:
-
-    - include_tasks: _remove_config.yaml
+- name: Parse externally provided Firewall rules config to agnostic model
+  register: result
+  vyos.vyos.vyos_firewall_rules:
+    running_config: "{{ lookup('file', '_parsed_config.cfg') }}"
+    state: parsed
+
+- name: Assert that config was correctly parsed
+  assert:
+    that:
+      - "{{ parsed['after'] | symmetric_difference(result['parsed']) |length ==\
+        \ 0 }}"
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml
index f000998..6670fd7 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml
@@ -5,13 +5,11 @@
 
 - include_tasks: _remove_config.yaml
 
-- include_tasks: _populate.yaml
-
 - block:
 
     - name: Structure provided configuration into device specific commands
       register: result
-      vyos.vyos.vyos_firewall_rules: &id001
+      vyos.vyos.vyos_firewall_rules:
         config:
 
           - afi: ipv6
@@ -60,14 +58,5 @@
           - "{{ rendered['commands'] | symmetric_difference(result['rendered'])\
             \ |length == 0 }}"
 
-    - name: Structure provided configuration into device specific commands (IDEMPOTENT)
-      register: result
-      vyos.vyos.vyos_firewall_rules: *id001
-
-    - name: Assert that the previous task was idempotent
-      assert:
-        that:
-          - result['changed'] == false
-  always:
-
-    - include_tasks: _remove_config.yaml
+- debug:
+    msg: END vyos_firewall_rules rendered integration tests on connection={{ ansible_connection }}
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml
index c15a101..88323ba 100644
--- a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml
@@ -196,42 +196,7 @@ overridden:
               action: reject
               description: Rule 502 is configured by Ansible
               ipsec: match-ipsec
-rendered:
-  commands:
-    - set firewall ipv6-name UPLINK default-action 'accept'
-    - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
-    - set firewall name INBOUND default-action 'accept'
-    - set firewall name INBOUND description 'IPv4 INBOUND rule set'
-    - set firewall name INBOUND rule 101 action 'accept'
-    - set firewall name INBOUND rule 101
-    - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-    - set firewall name INBOUND rule 101 ipsec 'match-ipsec'
-    - set firewall name INBOUND rule 102 action 'reject'
-    - set firewall name INBOUND rule 102
-    - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
-    - set firewall name INBOUND rule 102 ipsec 'match-ipsec'
-    - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
-    - set firewall name INBOUND rule 103 destination group address-group inbound
-    - set firewall name INBOUND rule 103
-    - set firewall name INBOUND rule 103 source address 192.0.2.0
-    - set firewall name INBOUND rule 103 state established enable
-    - set firewall name INBOUND rule 103 state related enable
-    - set firewall name INBOUND rule 103 state invalid disable
-    - set firewall name INBOUND rule 103 state new disable
-    - set firewall name INBOUND rule 103 action 'accept'
-deleted_rs:
-  commands:
-    - delete firewall ipv6-name UPLINK
-    - delete firewall name INBOUND
-  after: []
-deleted_afi_all:
-  commands:
-    - delete firewall ipv6-name
-    - delete firewall name
-  after: []
-deleted_r:
-  commands:
-    - delete firewall ipv6-name UPLINK rule 1
+parsed:
   after:
     - afi: ipv6
       rule_sets:
@@ -239,6 +204,10 @@ deleted_r:
           description: This is ipv6 specific rule-set
           default_action: accept
           rules:
+            - number: 1
+              action: accept
+              description: Fwipv6-Rule 1 is configured by Ansible
+              ipsec: match-ipsec
             - number: 2
               action: accept
               description: Fwipv6-Rule 2 is configured by Ansible
@@ -270,6 +239,39 @@ deleted_r:
                 new: false
                 invalid: false
                 related: true
+rendered:
+  commands:
+    - set firewall ipv6-name UPLINK default-action 'accept'
+    - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+    - set firewall name INBOUND default-action 'accept'
+    - set firewall name INBOUND description 'IPv4 INBOUND rule set'
+    - set firewall name INBOUND rule 101 action 'accept'
+    - set firewall name INBOUND rule 101
+    - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+    - set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+    - set firewall name INBOUND rule 102 action 'reject'
+    - set firewall name INBOUND rule 102
+    - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+    - set firewall name INBOUND rule 102 ipsec 'match-ipsec'
+    - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+    - set firewall name INBOUND rule 103 destination group address-group inbound
+    - set firewall name INBOUND rule 103
+    - set firewall name INBOUND rule 103 source address 192.0.2.0
+    - set firewall name INBOUND rule 103 state established enable
+    - set firewall name INBOUND rule 103 state related enable
+    - set firewall name INBOUND rule 103 state invalid disable
+    - set firewall name INBOUND rule 103 state new disable
+    - set firewall name INBOUND rule 103 action 'accept'
+deleted_rs:
+  commands:
+    - delete firewall ipv6-name UPLINK
+    - delete firewall name INBOUND
+  after: []
+deleted_afi_all:
+  commands:
+    - delete firewall ipv6-name
+    - delete firewall name
+  after: []
 round_trip:
   after:
     - afi: ipv6