Ansible Network Collection for VyOS (mirror of https://github.com/vyos/vyos.vyos.git) https://git.amelek.net/vyos/vyos.vyos.git/atom?h=4.0.1 2023-02-08T13:16:23+00:00 2023-02-08T13:16:23+00:00 pre-commit-ci[bot] 66853113+pre-commit-ci[bot]@users.noreply.github.com 2023-02-08T13:16:23+00:00 urn:sha1:5dc5a62c8479222b9fd3c09cd482177f863fa837 * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/psf/black: 22.12.0 → 23.1.0](https://github.com/psf/black/compare/22.12.0...23.1.0) * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2023-01-25T13:37:58+00:00 Kate Case kcase@redhat.com 2023-01-25T13:37:58+00:00 urn:sha1:e9911888f6dcdf9031f3fdb2e32c52e45815fdbe * Add prettier and isort to pre-commit. * Bump line-length to 100 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> 2023-01-10T15:56:30+00:00 Kate Case kcase@redhat.com 2023-01-10T15:56:30+00:00 urn:sha1:bcfe61a3b6ff69f08450f3dbd8f0f1827fb18ab3 * Redirect ResourceModule to new location * Add changelog * Move NetworkTemplate too 2022-10-13T17:11:19+00:00 Kate Case kcase@redhat.com 2022-10-13T17:11:19+00:00 urn:sha1:5c6a97ae5052684aed513427f81dc1da96c094e3 * Remove deprecated modules and provider * Remove tests for removed modules * Remove references to vyos_argument_spec 2022-09-07T23:31:57+00:00 bk2zsto bk2zsto@users.noreply.github.com 2022-09-07T23:31:57+00:00 urn:sha1:f2541b3b4e176a7d0d9cca05e8e5dc9e5ff27ddb * support 1.3 version output Co-authored-by: Kate Case <this.is@katherineca.se> 2022-05-23T16:03:58+00:00 GomathiselviS gomathiselvi@gmail.com 2022-05-23T16:03:58+00:00 urn:sha1:ac9a0c2fd95edc93753b5f4c236991fb3634750a Add support for icmpv6 type-name in firewall_rules Signed-off-by: GomathiselviS gomathiselvi@gmail.com SUMMARY Fixes #257 ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Sagar Paul <sagpaul@redhat.com> 2022-04-21T03:56:19+00:00 GomathiselviS gomathiselvi@gmail.com 2022-04-21T03:56:19+00:00 urn:sha1:3677b7834a8cb735db9b7004563e74bc1ca74961 vyos_facts: change default subset to min Signed-off-by: GomathiselviS gomathiselvi@gmail.com SUMMARY Fixes #231 ISSUE TYPE Bugfix Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Nathaniel Case <this.is@nathanielca.se> 2022-03-01T16:01:04+00:00 GomathiselviS gomathiselvi@gmail.com 2022-03-01T16:01:04+00:00 urn:sha1:2299c492ca285f227cdb2043c9602e58ba55bf72 Change parameter 'disabled' to 'disable' in test_vyos_firewall_rules.py SUMMARY Fixes #239 ISSUE TYPE Bugfix Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com> Reviewed-by: Sagar Paul <sagpaul@redhat.com> Reviewed-by: GomathiselviS <None> Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com> Reviewed-by: None <None> 2022-02-25T18:28:54+00:00 Andrew Gunnerson accounts+github@chiller3.com 2022-02-25T18:28:54+00:00 urn:sha1:b28632c3e581371f3b0d670d376ab409a4b8fa0e firewall_rules: Fix incorrect behavior when IPv4 and IPv6 rule sets have the same name SUMMARY VyOS supports IPv4 and IPv6 rule sets having the same name, but there are a couple places in the Ansible module that don't handle this situation. The fact gathering for ansible_network_resources.firewall_rules has been updated to look for name <name> or ipv6-name <name> instead of just <name>. The vyos_firewall_rules module has been updated to take the afi into consideration when comparing the have and want states. V4-EGRESS and V6-EGRESS have been renamed to just EGRESS in the tests. The existing tests seem to be complete enough to test this same-name situation. (V4-INGRESS and V6-INGRESS were not renamed.) ISSUE TYPE Bugfix Pull Request COMPONENT NAME vyos_facts and vyos_firewall_rules ADDITIONAL INFORMATION An example of a configuration that was originally causing an issue: (Click to expand): name wan-lan { default-action drop rule 1 { action accept state { established enable related enable } } rule 2 { action drop log enable state { invalid enable } } } ipv6-name wan-lan { default-action drop rule 1 { action accept state { established enable related enable } } rule 2 { action drop log enable state { invalid enable } } rule 10 { action accept protocol icmpv6 } } With this configuration, ansible_network_resources.firewall_rules would show the icmpv6 rule under both ipv4 and ipv6: (Click to expand): [ { "afi": "ipv4", "rule_sets": [ { "default_action": "drop", "name": "wan-lan", "rules": [ { "action": "accept", "number": 1, "state": { "established": true, "related": true } }, { "action": "drop", "number": 2, "state": { "invalid": true } }, { "action": "accept", "number": 10, "protocol": "icmpv6" } ] }, ] }, { "afi": "ipv6", "rule_sets": [ { "default_action": "drop", "name": "wan-lan", "rules": [ { "action": "accept", "number": 1, "state": { "established": true, "related": true } }, { "action": "drop", "number": 2, "state": { "invalid": true } }, { "action": "accept", "number": 10, "protocol": "icmpv6" } ] }, ] } ] A similar issue would happen when using vyos_firewall_rules as well, where it would attempt to change rules for the wrong afi. Reviewed-by: GomathiselviS <None> Reviewed-by: None <None> 2022-02-22T21:30:07+00:00 GomathiselviS gomathiselvi@gmail.com 2022-02-22T21:30:07+00:00 urn:sha1:d3c91d0ee00c187a5623a6b66f9fedad800ff3d0 vyos_firewall_rules: Add support for log enable on individual rules SUMMARY ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com> Reviewed-by: None <None>