diff options
| author | CaptTrews <capttrews@gmail.com> | 2020-02-25 00:29:36 +0000 |
|---|---|---|
| committer | CaptTrews <capttrews@gmail.com> | 2020-02-25 00:29:36 +0000 |
| commit | 1e35316ae5a079cc5466d97e873f48ae1ec574e2 (patch) | |
| tree | be3cd3beea41c943836fcf8f6c87c6ea837eb8d5 /tests | |
| parent | cfd3472a4d2b8906a944451341f37af1fde2dd54 (diff) | |
| download | vyos-ansible-old-1e35316ae5a079cc5466d97e873f48ae1ec574e2.tar.gz vyos-ansible-old-1e35316ae5a079cc5466d97e873f48ae1ec574e2.zip | |
Updated from network content collector
Signed-off-by: CaptTrews <capttrews@gmail.com>
Diffstat (limited to 'tests')
36 files changed, 1100 insertions, 6 deletions
diff --git a/tests/integration/targets/vyos_banner/aliases b/tests/integration/targets/vyos_banner/aliases index 539d957..8071e1f 100644 --- a/tests/integration/targets/vyos_banner/aliases +++ b/tests/integration/targets/vyos_banner/aliases @@ -1 +1 @@ -shippable/network +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_command/aliases b/tests/integration/targets/vyos_command/aliases index 539d957..8071e1f 100644 --- a/tests/integration/targets/vyos_command/aliases +++ b/tests/integration/targets/vyos_command/aliases @@ -1 +1 @@ -shippable/network +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_config/aliases b/tests/integration/targets/vyos_config/aliases index 539d957..8071e1f 100644 --- a/tests/integration/targets/vyos_config/aliases +++ b/tests/integration/targets/vyos_config/aliases @@ -1 +1 @@ -shippable/network +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_facts/aliases b/tests/integration/targets/vyos_facts/aliases index 539d957..8071e1f 100644 --- a/tests/integration/targets/vyos_facts/aliases +++ b/tests/integration/targets/vyos_facts/aliases @@ -1 +1 @@ -shippable/network +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_firewall_global/defaults/main.yaml b/tests/integration/targets/vyos_firewall_global/defaults/main.yaml new file mode 100644 index 0000000..852a6be --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: '[^_].*' +test_items: [] diff --git a/tests/integration/targets/vyos_firewall_global/meta/main.yaml b/tests/integration/targets/vyos_firewall_global/meta/main.yaml new file mode 100644 index 0000000..7413320 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: + - prepare_vyos_tests diff --git a/tests/integration/targets/vyos_firewall_global/tasks/cli.yaml b/tests/integration/targets/vyos_firewall_global/tasks/cli.yaml new file mode 100644 index 0000000..93eb2fe --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + find: + paths: '{{ role_path }}/tests/cli' + patterns: '{{ testcase }}.yaml' + use_regex: true + register: test_cases + delegate_to: localhost + +- name: Set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) + include: '{{ test_case_to_run }}' + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: '{{ test_items }}' + loop_control: + loop_var: test_case_to_run diff --git a/tests/integration/targets/vyos_firewall_global/tasks/main.yaml b/tests/integration/targets/vyos_firewall_global/tasks/main.yaml new file mode 100644 index 0000000..a3db933 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- include: cli.yaml + tags: + - cli diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config.cfg new file mode 100644 index 0000000..45446bd --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config.cfg @@ -0,0 +1,19 @@ +set firewall all-ping 'enable' +set firewall broadcast-ping 'enable' +set firewall config-trap 'enable' +set firewall group address-group MGMT-HOSTS address '192.0.1.1' +set firewall group address-group MGMT-HOSTS address '192.0.1.3' +set firewall group address-group MGMT-HOSTS address '192.0.1.5' +set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' +set firewall group network-group MGMT description 'This group has the Management network addresses' +set firewall group network-group MGMT network '192.0.1.0/24' +set firewall ip-src-route 'enable' +set firewall log-martians 'enable' +set firewall receive-redirects 'disable' +set firewall send-redirects 'enable' +set firewall source-validation 'strict' +set firewall state-policy established action 'accept' +set firewall state-policy established log 'enable' +set firewall state-policy invalid action 'reject' +set firewall syn-cookies 'enable' +set firewall twa-hazards-protection 'enable' diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml new file mode 100644 index 0000000..f79bb9a --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml @@ -0,0 +1,18 @@ +--- +- name: Setup + vars: + lines: "set firewall all-ping 'enable'\nset firewall broadcast-ping 'enable'\n\ + set firewall config-trap 'enable'\nset firewall group address-group MGMT-HOSTS\ + \ address '192.0.1.1'\nset firewall group address-group MGMT-HOSTS address\ + \ '192.0.1.3'\nset firewall group address-group MGMT-HOSTS address '192.0.1.5'\n\ + set firewall group address-group MGMT-HOSTS description 'This group has the\ + \ Management hosts address list'\nset firewall group network-group MGMT description\ + \ 'This group has the Management network addresses'\nset firewall group network-group\ + \ MGMT network '192.0.1.0/24'\nset firewall ip-src-route 'enable'\nset firewall\ + \ log-martians 'enable'\nset firewall receive-redirects 'disable'\nset firewall\ + \ send-redirects 'enable'\nset firewall source-validation 'strict'\nset firewall\ + \ state-policy established action 'accept'\nset firewall state-policy established\ + \ log 'enable'\nset firewall state-policy invalid action 'reject'\nset firewall\ + \ syn-cookies 'enable'\nset firewall twa-hazards-protection 'enable'\n" + ansible.netcommon.cli_config: + config: '{{ lines }}' diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/_remove_config.yaml new file mode 100644 index 0000000..5c86924 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_remove_config.yaml @@ -0,0 +1,6 @@ +--- +- name: Remove Config + vars: + lines: "delete firewall\n" + ansible.netcommon.cli_config: + config: '{{ lines }}' diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml new file mode 100644 index 0000000..44df47c --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml @@ -0,0 +1,48 @@ +--- +- debug: + msg: Start vyos_firewall_global deleted integration tests ansible_connection={{ + ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + + - name: Delete attributes of firewall. + register: result + vyos.vyos.vyos_firewall_global: &id001 + config: + state: deleted + + - name: Assert that the before dicts were correctly generated + assert: + that: + - "{{ populate == result['before'] }}" + + - name: Assert that the correct set of commands were generated + assert: + that: + - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that the after dicts were correctly generated + assert: + that: + - "{{ deleted['after'] == result['after'] }}" + + - name: Delete attributes of given interfaces (IDEMPOTENT) + register: result + vyos.vyos.vyos_firewall_global: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result.changed == false + - result.commands|length == 0 + + - name: Assert that the before dicts were correctly generated + assert: + that: + - "{{ deleted['after'] == result['before'] }}" + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/empty_config.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/empty_config.yaml new file mode 100644 index 0000000..3910952 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/empty_config.yaml @@ -0,0 +1,49 @@ +--- +- debug: + msg: START vyos_firewall_global empty_config integration tests on connection={{ + ansible_connection }} + +- name: Merged with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_firewall_global: + config: + state: merged + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_firewall_global: + config: + state: replaced + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Parsed with empty running_config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_firewall_global: + running_config: + state: parsed + +- assert: + that: + - result.msg == 'value of running_config parameter must not be empty for state + parsed' + +- name: Rendered with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_firewall_global: + config: + state: rendered + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state rendered' diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/gathered.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/gathered.yaml new file mode 100644 index 0000000..eda24fd --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/gathered.yaml @@ -0,0 +1,33 @@ +--- +- debug: + msg: START vyos_firewall_global gathered integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + + - name: Merge the provided configuration with the exisiting running configuration + register: result + vyos.vyos.vyos_firewall_global: &id001 + config: + state: gathered + + - name: Assert that gathered dicts was correctly generated + assert: + that: + - "{{ populate == result['gathered'] }}" + + - name: Gather the existing running configuration (IDEMPOTENT) + register: result + vyos.vyos.vyos_firewall_global: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml new file mode 100644 index 0000000..4f22660 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml @@ -0,0 +1,89 @@ +--- +- debug: + msg: START vyos_firewall_global merged integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_config.yaml + +- block: + + - name: Merge the provided configuration with the exisiting running configuration + register: result + vyos.vyos.vyos_firewall_global: &id001 + config: + validation: strict + config_trap: true + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + + - connection_type: established + action: accept + log: true + + - connection_type: invalid + action: reject + route_redirects: + + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + + - name: MGMT-HOSTS + description: This group has the Management hosts address list + members: + + - address: 192.0.1.1 + + - address: 192.0.1.3 + + - address: 192.0.1.5 + network_group: + + - name: MGMT + description: This group has the Management network addresses + members: + + - address: 192.0.1.0/24 + state: merged + + - name: Assert that before dicts were correctly generated + assert: + that: "{{ merged['before'] == result['before'] }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts was correctly generated + assert: + that: + - "{{ merged['after'] == result['after'] }}" + + - name: Merge the provided configuration with the existing running configuration + (IDEMPOTENT) + register: result + vyos.vyos.vyos_firewall_global: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + + - name: Assert that before dicts were correctly generated + assert: + that: + - "{{ merged['after'] == result['before'] }}" + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml new file mode 100644 index 0000000..b94d95e --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml @@ -0,0 +1,41 @@ +--- +- debug: + msg: START vyos_firewall_global parsed integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + + - name: Gather firewall_global facts + register: firewall_global_facts + vyos.vyos.vyos_facts: + gather_subset: + - default + gather_network_resources: + - firewall_global + + - name: Provide the running configuration for parsing (config to be parsed) + register: result + vyos.vyos.vyos_firewall_global: &id001 + running_config: "{{ lookup('file', '_parsed_config.cfg') }}" + state: parsed + + - name: Assert that correct parsing done + assert: + that: "{{ ansible_facts['network_resources']['firewall_global'] == result['parsed']\ + \ }}" + + - name: Gather the existing running configuration (IDEMPOTENT) + register: result + vyos.vyos.vyos_firewall_global: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml new file mode 100644 index 0000000..528563e --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml @@ -0,0 +1,84 @@ +--- +- debug: + msg: START vyos_firewall_global rendered integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + + - name: Structure provided configuration into device specific commands + register: result + vyos.vyos.vyos_firewall_global: &id001 + config: + validation: strict + config_trap: true + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + + - connection_type: established + action: accept + log: true + + - connection_type: invalid + action: reject + route_redirects: + + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + + - name: SALES-HOSTS + description: Sales office hosts address list + members: + + - address: 192.0.2.1 + + - address: 192.0.2.2 + + - address: 192.0.2.3 + + - name: ENG-HOSTS + description: Sales office hosts address list + members: + + - address: 192.0.3.1 + + - address: 192.0.3.2 + network_group: + + - name: MGMT + description: This group has the Management network addresses + members: + + - address: 192.0.1.0/24 + state: rendered + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ rendered['commands'] | symmetric_difference(result['rendered'])\ + \ |length == 0 }}" + + - name: Structure provided configuration into device specific commands (IDEMPOTENT) + register: result + vyos.vyos.vyos_firewall_global: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml new file mode 100644 index 0000000..31a7644 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml @@ -0,0 +1,100 @@ +--- +- debug: + msg: START vyos_firewall_global replaced integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + + - name: Replace device configurations of listed firewall with provided configurations + register: result + vyos.vyos.vyos_firewall_global: &id001 + config: + validation: strict + config_trap: true + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + + - connection_type: established + action: accept + log: true + + - connection_type: invalid + action: reject + route_redirects: + + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + + - name: SALES-HOSTS + description: Sales office hosts address list + members: + + - address: 192.0.2.1 + + - address: 192.0.2.2 + + - address: 192.0.2.3 + + - name: ENG-HOSTS + description: Sales office hosts address list + members: + + - address: 192.0.3.1 + + - address: 192.0.3.2 + network_group: + + - name: MGMT + description: This group has the Management network addresses + members: + + - address: 192.0.1.0/24 + state: replaced + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ replaced['commands'] | symmetric_difference(result['commands'])\ + \ |length == 0 }}" + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ populate == result['before'] }}" + + - name: Assert that after dict is correctly generated + assert: + that: + - "{{ replaced['after'] == result['after'] }}" + + - name: Replace device configurations of listed firewall with provided configurarions + (IDEMPOTENT) + register: result + vyos.vyos.vyos_firewall_global: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + + - name: Assert that before dict is correctly generated + assert: + that: + - "{{ replaced['after'] == result['before'] }}" + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml new file mode 100644 index 0000000..00c5635 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml @@ -0,0 +1,94 @@ +--- +- debug: + msg: START vyos_firewall_global round trip integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + + - name: Apply the provided configuration (base config) + register: base_config + vyos.vyos.vyos_firewall_global: + config: + validation: strict + config_trap: true + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + + - connection_type: established + action: accept + log: true + + - connection_type: invalid + action: reject + route_redirects: + + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + + - name: MGMT-HOSTS + description: This group has the Management hosts address list + members: + + - address: 192.0.1.1 + + - address: 192.0.1.3 + + - address: 192.0.1.5 + network_group: + + - name: MGMT + description: This group has the Management network addresses + members: + + - address: 192.0.1.0/24 + state: merged + + - name: Gather firewall_global facts + vyos.vyos.vyos_facts: + gather_subset: + - default + gather_network_resources: + - firewall_global + + - name: Apply the provided configuration (config to be reverted) + register: result + vyos.vyos.vyos_firewall_global: + config: + validation: strict + config_trap: false + log_martians: false + syn_cookies: false + twa_hazards_protection: false + ping: + all: false + broadcast: false + state: merged + + - name: Assert that changes were applied + assert: + that: "{{ round_trip['after'] == result['after'] }}" + + - name: Revert back to base config using facts round trip + register: revert + vyos.vyos.vyos_firewall_global: + config: "{{ ansible_facts['network_resources']['firewall_global'] }}" + state: replaced + + - name: Assert that config was reverted + assert: + that: "{{ base_config['after'] == revert['after']}}" + always: + + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/vars/main.yaml b/tests/integration/targets/vyos_firewall_global/vars/main.yaml new file mode 100644 index 0000000..4a1e7a8 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/vars/main.yaml @@ -0,0 +1,217 @@ +--- +merged: + before: [] + commands: + - set firewall group address-group MGMT-HOSTS address 192.0.1.1 + - set firewall group address-group MGMT-HOSTS address 192.0.1.3 + - set firewall group address-group MGMT-HOSTS address 192.0.1.5 + - set firewall group address-group MGMT-HOSTS description 'This group has the + Management hosts address list' + - set firewall group address-group MGMT-HOSTS + - set firewall group network-group MGMT network 192.0.1.0/24 + - set firewall group network-group MGMT description 'This group has the Management + network addresses' + - set firewall group network-group MGMT + - set firewall ip-src-route 'enable' + - set firewall receive-redirects 'disable' + - set firewall send-redirects 'enable' + - set firewall config-trap 'enable' + - set firewall state-policy established action 'accept' + - set firewall state-policy established log 'enable' + - set firewall state-policy invalid action 'reject' + - set firewall broadcast-ping 'enable' + - set firewall all-ping 'enable' + - set firewall log-martians 'enable' + - set firewall twa-hazards-protection 'enable' + - set firewall syn-cookies 'enable' + - set firewall source-validation 'strict' + after: + config_trap: true + group: + address_group: + - members: + - address: 192.0.1.1 + - address: 192.0.1.3 + - address: 192.0.1.5 + description: This group has the Management hosts address list + name: MGMT-HOSTS + network_group: + - members: + - address: 192.0.1.0/24 + description: This group has the Management network addresses + name: MGMT + log_martians: true + ping: + all: true + broadcast: true + route_redirects: + - afi: ipv4 + icmp_redirects: + receive: false + send: true + ip_src_route: true + syn_cookies: true + state_policy: + - action: accept + connection_type: established + log: true + - action: reject + connection_type: invalid + twa_hazards_protection: true + validation: strict +populate: + validation: strict + config_trap: true + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: MGMT-HOSTS + description: This group has the Management hosts address list + members: + - address: 192.0.1.1 + - address: 192.0.1.3 + - address: 192.0.1.5 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 192.0.1.0/24 +replaced: + commands: + - delete firewall group address-group MGMT-HOSTS + - set firewall group address-group SALES-HOSTS address 192.0.2.1 + - set firewall group address-group SALES-HOSTS address 192.0.2.2 + - set firewall group address-group SALES-HOSTS address 192.0.2.3 + - set firewall group address-group SALES-HOSTS description 'Sales office hosts + address list' + - set firewall group address-group SALES-HOSTS + - set firewall group address-group ENG-HOSTS address 192.0.3.1 + - set firewall group address-group ENG-HOSTS address 192.0.3.2 + - set firewall group address-group ENG-HOSTS description 'Sales office hosts address + list' + - set firewall group address-group ENG-HOSTS + after: + config_trap: true + group: + address_group: + - members: + - address: 192.0.3.1 + - address: 192.0.3.2 + description: Sales office hosts address list + name: ENG-HOSTS + - members: + - address: 192.0.2.1 + - address: 192.0.2.2 + - address: 192.0.2.3 + description: Sales office hosts address list + name: SALES-HOSTS + network_group: + - members: + - address: 192.0.1.0/24 + description: This group has the Management network addresses + name: MGMT + log_martians: true + ping: + all: true + broadcast: true + route_redirects: + - afi: ipv4 + icmp_redirects: + receive: false + send: true + ip_src_route: true + state_policy: + - action: accept + connection_type: established + log: true + - action: reject + connection_type: invalid + syn_cookies: true + twa_hazards_protection: true + validation: strict +rendered: + commands: + - set firewall group address-group SALES-HOSTS address 192.0.2.1 + - set firewall group address-group SALES-HOSTS address 192.0.2.2 + - set firewall group address-group SALES-HOSTS address 192.0.2.3 + - set firewall group address-group SALES-HOSTS description 'Sales office hosts + address list' + - set firewall group address-group SALES-HOSTS + - set firewall group address-group ENG-HOSTS address 192.0.3.1 + - set firewall group address-group ENG-HOSTS address 192.0.3.2 + - set firewall group address-group ENG-HOSTS description 'Sales office hosts address + list' + - set firewall group address-group ENG-HOSTS + - set firewall group network-group MGMT network 192.0.1.0/24 + - set firewall group network-group MGMT description 'This group has the Management + network addresses' + - set firewall group network-group MGMT + - set firewall ip-src-route 'enable' + - set firewall receive-redirects 'disable' + - set firewall send-redirects 'enable' + - set firewall config-trap 'enable' + - set firewall state-policy established action 'accept' + - set firewall state-policy established log 'enable' + - set firewall state-policy invalid action 'reject' + - set firewall broadcast-ping 'enable' + - set firewall all-ping 'enable' + - set firewall log-martians 'enable' + - set firewall twa-hazards-protection 'enable' + - set firewall syn-cookies 'enable' + - set firewall source-validation 'strict' +deleted: + commands: + - 'delete firewall ' + after: [] +round_trip: + after: + validation: strict + config_trap: false + log_martians: false + syn_cookies: false + twa_hazards_protection: false + ping: + all: false + broadcast: false + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: MGMT-HOSTS + description: This group has the Management hosts address list + members: + - address: 192.0.1.1 + - address: 192.0.1.3 + - address: 192.0.1.5 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 192.0.1.0/24 diff --git a/tests/integration/targets/vyos_firewall_rules/aliases b/tests/integration/targets/vyos_firewall_rules/aliases new file mode 100644 index 0000000..8071e1f --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_interface/aliases b/tests/integration/targets/vyos_interface/aliases deleted file mode 100644 index e69de29..0000000 --- a/tests/integration/targets/vyos_interface/aliases +++ /dev/null diff --git a/tests/integration/targets/vyos_l3_interface/aliases b/tests/integration/targets/vyos_l3_interface/aliases deleted file mode 100644 index e69de29..0000000 --- a/tests/integration/targets/vyos_l3_interface/aliases +++ /dev/null diff --git a/tests/integration/targets/vyos_linkagg/aliases b/tests/integration/targets/vyos_linkagg/aliases deleted file mode 100644 index e69de29..0000000 --- a/tests/integration/targets/vyos_linkagg/aliases +++ /dev/null diff --git a/tests/integration/targets/vyos_lldp/aliases b/tests/integration/targets/vyos_lldp/aliases index 539d957..8071e1f 100644 --- a/tests/integration/targets/vyos_lldp/aliases +++ b/tests/integration/targets/vyos_lldp/aliases @@ -1 +1 @@ -shippable/network +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_lldp_global/aliases b/tests/integration/targets/vyos_lldp_global/aliases new file mode 100644 index 0000000..8071e1f --- /dev/null +++ b/tests/integration/targets/vyos_lldp_global/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_lldp_interface/aliases b/tests/integration/targets/vyos_lldp_interface/aliases index e69de29..8071e1f 100644 --- a/tests/integration/targets/vyos_lldp_interface/aliases +++ b/tests/integration/targets/vyos_lldp_interface/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_lldp_interfaces/aliases b/tests/integration/targets/vyos_lldp_interfaces/aliases new file mode 100644 index 0000000..8071e1f --- /dev/null +++ b/tests/integration/targets/vyos_lldp_interfaces/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_logging/aliases b/tests/integration/targets/vyos_logging/aliases index e69de29..8071e1f 100644 --- a/tests/integration/targets/vyos_logging/aliases +++ b/tests/integration/targets/vyos_logging/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_static_route/aliases b/tests/integration/targets/vyos_static_route/aliases index 539d957..8071e1f 100644 --- a/tests/integration/targets/vyos_static_route/aliases +++ b/tests/integration/targets/vyos_static_route/aliases @@ -1 +1 @@ -shippable/network +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_static_routes/aliases b/tests/integration/targets/vyos_static_routes/aliases new file mode 100644 index 0000000..8071e1f --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_system/aliases b/tests/integration/targets/vyos_system/aliases new file mode 100644 index 0000000..8071e1f --- /dev/null +++ b/tests/integration/targets/vyos_system/aliases @@ -0,0 +1 @@ +shippable/vyos/group1 diff --git a/tests/integration/targets/vyos_user/aliases b/tests/integration/targets/vyos_user/aliases deleted file mode 100644 index e69de29..0000000 --- a/tests/integration/targets/vyos_user/aliases +++ /dev/null diff --git a/tests/integration/targets/vyos_vlan/aliases b/tests/integration/targets/vyos_vlan/aliases deleted file mode 100644 index e69de29..0000000 --- a/tests/integration/targets/vyos_vlan/aliases +++ /dev/null diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg new file mode 100644 index 0000000..2a2a8e8 --- /dev/null +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg @@ -0,0 +1,6 @@ +set firewall group address-group RND-HOSTS address 192.0.2.1 +set firewall group address-group RND-HOSTS address 192.0.2.3 +set firewall group address-group RND-HOSTS address 192.0.2.5 +set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group network-group RND network 192.0.2.0/24 +set firewall group network-group RND description 'This group has the Management network addresses' diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py new file mode 100644 index 0000000..0697f6e --- /dev/null +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py @@ -0,0 +1,254 @@ +# (c) 2016 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from ansible_collections.vyos.vyos.tests.unit.compat.mock import patch +from ansible_collections.vyos.vyos.plugins.modules import vyos_firewall_global +from ansible_collections.vyos.vyos.tests.unit.modules.utils import ( + set_module_args, +) +from .vyos_module import TestVyosModule, load_fixture + + +class TestVyosFirewallRulesModule(TestVyosModule): + + module = vyos_firewall_global + + def setUp(self): + super(TestVyosFirewallRulesModule, self).setUp() + self.mock_get_config = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network.Config.get_config" + ) + self.get_config = self.mock_get_config.start() + + self.mock_load_config = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network.Config.load_config" + ) + self.load_config = self.mock_load_config.start() + + self.mock_get_resource_connection_config = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.cfg.base.get_resource_connection" + ) + self.get_resource_connection_config = ( + self.mock_get_resource_connection_config.start() + ) + + self.mock_get_resource_connection_facts = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.facts.facts.get_resource_connection" + ) + self.get_resource_connection_facts = ( + self.mock_get_resource_connection_facts.start() + ) + + self.mock_execute_show_command = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_global.firewall_global.Firewall_globalFacts.get_device_data" + ) + + self.execute_show_command = self.mock_execute_show_command.start() + + def tearDown(self): + super(TestVyosFirewallRulesModule, self).tearDown() + self.mock_get_resource_connection_config.stop() + self.mock_get_resource_connection_facts.stop() + self.mock_get_config.stop() + self.mock_load_config.stop() + self.mock_execute_show_command.stop() + + def load_fixtures(self, commands=None): + def load_from_file(*args, **kwargs): + return load_fixture("vyos_firewall_global_config.cfg") + + self.execute_show_command.side_effect = load_from_file + + def test_vyos_firewall_global_set_01_merged(self): + set_module_args( + dict( + config=dict( + validation="strict", + config_trap=True, + log_martians=True, + syn_cookies=True, + twa_hazards_protection=True, + ping=dict(all=True, broadcast=True), + state_policy=[ + dict( + connection_type="established", + action="accept", + log=True, + ), + dict(connection_type="invalid", action="reject"), + ], + route_redirects=[ + dict( + afi="ipv4", + ip_src_route=True, + icmp_redirects=dict(send=True, receive=False), + ) + ], + group=dict( + address_group=[ + dict( + name="MGMT-HOSTS", + description="This group has the Management hosts address lists", + members=[ + dict(address="192.0.1.1"), + dict(address="192.0.1.3"), + dict(address="192.0.1.5"), + ], + ) + ], + network_group=[ + dict( + name="MGMT", + description="This group has the Management network addresses", + members=[dict(address="192.0.1.0/24")], + ) + ], + ), + ), + state="merged", + ) + ) + commands = [ + "set firewall group address-group MGMT-HOSTS address 192.0.1.1", + "set firewall group address-group MGMT-HOSTS address 192.0.1.3", + "set firewall group address-group MGMT-HOSTS address 192.0.1.5", + "set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address lists'", + "set firewall group address-group MGMT-HOSTS", + "set firewall group network-group MGMT network 192.0.1.0/24", + "set firewall group network-group MGMT description 'This group has the Management network addresses'", + "set firewall group network-group MGMT", + "set firewall ip-src-route 'enable'", + "set firewall receive-redirects 'disable'", + "set firewall send-redirects 'enable'", + "set firewall config-trap 'enable'", + "set firewall state-policy established action 'accept'", + "set firewall state-policy established log 'enable'", + "set firewall state-policy invalid action 'reject'", + "set firewall broadcast-ping 'enable'", + "set firewall all-ping 'enable'", + "set firewall log-martians 'enable'", + "set firewall twa-hazards-protection 'enable'", + "set firewall syn-cookies 'enable'", + "set firewall source-validation 'strict'", + ] + self.execute_module(changed=True, commands=commands) + + def test_vyos_firewall_global_set_01_merged_idem(self): + set_module_args( + dict( + config=dict( + group=dict( + address_group=[ + dict( + name="RND-HOSTS", + description="This group has the Management hosts address lists", + members=[ + dict(address="192.0.2.1"), + dict(address="192.0.2.3"), + dict(address="192.0.2.5"), + ], + ) + ], + network_group=[ + dict( + name="RND", + description="This group has the Management network addresses", + members=[dict(address="192.0.2.0/24")], + ) + ], + ) + ), + state="merged", + ) + ) + self.execute_module(changed=False, commands=[]) + + def test_vyos_firewall_global_set_01_replaced(self): + set_module_args( + dict( + config=dict( + group=dict( + address_group=[ + dict( + name="RND-HOSTS", + description="This group has the Management hosts address lists", + members=[ + dict(address="192.0.2.1"), + dict(address="192.0.2.7"), + dict(address="192.0.2.9"), + ], + ) + ], + network_group=[ + dict( + name="RND", + description="This group has the Management network addresses", + members=[dict(address="192.0.2.0/24")], + ) + ], + ) + ), + state="replaced", + ) + ) + commands = [ + "delete firewall group address-group RND-HOSTS address 192.0.2.3", + "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "set firewall group address-group RND-HOSTS address 192.0.2.7", + "set firewall group address-group RND-HOSTS address 192.0.2.9", + ] + self.execute_module(changed=True, commands=commands) + + def test_vyos_firewall_global_set_01_replaced_idem(self): + set_module_args( + dict( + config=dict( + group=dict( + address_group=[ + dict( + name="RND-HOSTS", + description="This group has the Management hosts address lists", + members=[ + dict(address="192.0.2.1"), + dict(address="192.0.2.3"), + dict(address="192.0.2.5"), + ], + ) + ], + network_group=[ + dict( + name="RND", + description="This group has the Management network addresses", + members=[dict(address="192.0.2.0/24")], + ) + ], + ) + ), + state="replaced", + ) + ) + self.execute_module(changed=False, commands=[]) + + def test_vyos_firewall_global_set_01_deleted(self): + set_module_args(dict(config=dict(), state="deleted")) + commands = ["delete firewall "] + self.execute_module(changed=True, commands=commands) |