summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorYVarshitha <63169351+YVarshitha@users.noreply.github.com>2021-08-27 11:00:33 -0400
committerGitHub <noreply@github.com>2021-08-27 15:00:33 +0000
commit93aaf8615a0535dfe8cbd3b68dd82a1051a31411 (patch)
tree034f55b7b3f81eca21ab65b63c3013a489342fc6
parent66c9b207fc95406b237c3b808466fc2c324a6731 (diff)
downloadvyos.vyos-93aaf8615a0535dfe8cbd3b68dd82a1051a31411.tar.gz
vyos.vyos-93aaf8615a0535dfe8cbd3b68dd82a1051a31411.zip
IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent (#187)
IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent SUMMARY fix issue: #170 ISSUE TYPE Bugfix Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: GomathiselviS <None> Reviewed-by: None <None>
Diffstat
-rw-r--r--changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml3
-rw-r--r--plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py5
-rw-r--r--tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg2
-rw-r--r--tests/unit/modules/network/vyos/test_vyos_firewall_rules.py32
4 files changed, 42 insertions, 0 deletions
diff --git a/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml b/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml
new file mode 100644
index 00000000..aed026c7
--- /dev/null
+++ b/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+ - fix issue in firewall rules facts code when IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent
diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
index 44242929..63a159e6 100644
--- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
@@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function
__metaclass__ = type
+import re
from re import findall, search, M
from copy import deepcopy
from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import (
@@ -167,6 +168,7 @@ class Firewall_rulesFacts(object):
"fragment",
"disabled",
"description",
+ "icmp",
]
rule = self.parse_attr(conf, a_lst)
r_sub = {
@@ -282,6 +284,9 @@ class Firewall_rulesFacts(object):
:return: generated config dictionary.
"""
a_lst = ["code", "type", "type_name"]
+ if attrib == "icmp":
+ attrib = "icmpv6"
+ conf = re.sub("icmpv6 type", "icmpv6 type-name", conf)
cfg_dict = self.parse_attr(conf, a_lst, match=attrib)
return cfg_dict
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
index f65b3869..87263015 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
@@ -11,3 +11,5 @@ set firewall name V4-INGRESS rule 101 action 'accept'
set firewall name V4-INGRESS rule 101 ipsec 'match-ipsec'
set firewall name V4-EGRESS default-action 'reject'
set firewall ipv6-name V6-EGRESS default-action 'reject'
+set firewall ipv6-name V6-EGRESS rule 20
+set firewall ipv6-name V6-EGRESS rule 20 icmpv6 type 'echo-request' \ No newline at end of file
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
index 682b2dad..520446ed 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
@@ -416,6 +416,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
ipsec="match-ipsec",
protocol="icmp",
disabled=True,
+ icmp=dict(type_name="echo-request"),
)
],
),
@@ -435,6 +436,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
"set firewall ipv6-name INBOUND rule 101 disabled",
"set firewall ipv6-name INBOUND rule 101 action 'accept'",
"set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'",
+ "set firewall ipv6-name INBOUND rule 101 icmpv6 type echo-request",
]
self.execute_module(changed=True, commands=commands)
@@ -771,6 +773,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
name="V6-EGRESS",
default_action="reject",
description="This rule-set is configured by Ansible RM",
+ rules=[
+ dict(
+ icmp=dict(type_name="echo-request"),
+ number=20,
+ )
+ ],
),
],
),
@@ -831,6 +839,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
dict(
name="V6-EGRESS",
default_action="reject",
+ rules=[
+ dict(
+ icmp=dict(type_name="echo-request"),
+ number=20,
+ )
+ ],
),
],
),
@@ -884,6 +898,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
dict(
name="V6-EGRESS",
default_action="reject",
+ rules=[
+ dict(
+ icmp=dict(type_name="echo-request"),
+ number=20,
+ )
+ ],
),
],
),
@@ -933,6 +953,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
dict(
name="V6-EGRESS",
default_action="reject",
+ rules=[
+ dict(
+ icmp=dict(type_name="echo-request"),
+ number=20,
+ )
+ ],
),
],
),
@@ -1070,6 +1096,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
dict(
name="V6-EGRESS",
default_action="reject",
+ rules=[
+ dict(
+ icmp=dict(type_name="echo-request"),
+ number=20,
+ )
+ ],
),
],
),
generated by cgit v1.2.3 (git 2.39.1) at 2025-10-31 12:15:44 +0000