diff options
4 files changed, 42 insertions, 0 deletions
diff --git a/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml b/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml new file mode 100644 index 0000000..aed026c --- /dev/null +++ b/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - fix issue in firewall rules facts code when IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py index 4424292..63a159e 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py @@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function __metaclass__ = type +import re from re import findall, search, M from copy import deepcopy from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( @@ -167,6 +168,7 @@ class Firewall_rulesFacts(object): "fragment", "disabled", "description", + "icmp", ] rule = self.parse_attr(conf, a_lst) r_sub = { @@ -282,6 +284,9 @@ class Firewall_rulesFacts(object): :return: generated config dictionary. """ a_lst = ["code", "type", "type_name"] + if attrib == "icmp": + attrib = "icmpv6" + conf = re.sub("icmpv6 type", "icmpv6 type-name", conf) cfg_dict = self.parse_attr(conf, a_lst, match=attrib) return cfg_dict diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg index f65b386..8726301 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg @@ -11,3 +11,5 @@ set firewall name V4-INGRESS rule 101 action 'accept' set firewall name V4-INGRESS rule 101 ipsec 'match-ipsec' set firewall name V4-EGRESS default-action 'reject' set firewall ipv6-name V6-EGRESS default-action 'reject' +set firewall ipv6-name V6-EGRESS rule 20 +set firewall ipv6-name V6-EGRESS rule 20 icmpv6 type 'echo-request'
\ No newline at end of file diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py index 682b2da..520446e 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py @@ -416,6 +416,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): ipsec="match-ipsec", protocol="icmp", disabled=True, + icmp=dict(type_name="echo-request"), ) ], ), @@ -435,6 +436,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): "set firewall ipv6-name INBOUND rule 101 disabled", "set firewall ipv6-name INBOUND rule 101 action 'accept'", "set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'", + "set firewall ipv6-name INBOUND rule 101 icmpv6 type echo-request", ] self.execute_module(changed=True, commands=commands) @@ -771,6 +773,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): name="V6-EGRESS", default_action="reject", description="This rule-set is configured by Ansible RM", + rules=[ + dict( + icmp=dict(type_name="echo-request"), + number=20, + ) + ], ), ], ), @@ -831,6 +839,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): dict( name="V6-EGRESS", default_action="reject", + rules=[ + dict( + icmp=dict(type_name="echo-request"), + number=20, + ) + ], ), ], ), @@ -884,6 +898,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): dict( name="V6-EGRESS", default_action="reject", + rules=[ + dict( + icmp=dict(type_name="echo-request"), + number=20, + ) + ], ), ], ), @@ -933,6 +953,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): dict( name="V6-EGRESS", default_action="reject", + rules=[ + dict( + icmp=dict(type_name="echo-request"), + number=20, + ) + ], ), ], ), @@ -1070,6 +1096,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): dict( name="V6-EGRESS", default_action="reject", + rules=[ + dict( + icmp=dict(type_name="echo-request"), + number=20, + ) + ], ), ], ), |