diff options
| author | Rohit Thakur <rohitthakur2590@outlook.com> | 2020-05-08 13:14:12 +0530 | 
|---|---|---|
| committer | Rohit Thakur <rohitthakur2590@outlook.com> | 2020-05-08 13:14:12 +0530 | 
| commit | 45715027fec488a74f7942cbc647ce7a6e0c69ed (patch) | |
| tree | 6f72763224aa225a7718ddee3fabc50159e17570 | |
| parent | bf9a91b4859e07c40b0a6aeb64b8ef6096af41b1 (diff) | |
| download | vyos.vyos-45715027fec488a74f7942cbc647ce7a6e0c69ed.tar.gz vyos.vyos-45715027fec488a74f7942cbc647ce7a6e0c69ed.zip | |
test cases updated
Signed-off-by: Rohit Thakur <rohitthakur2590@outlook.com>
5 files changed, 77 insertions, 78 deletions
| diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py index 687eb03c..9c2e832d 100644 --- a/plugins/modules/vyos_firewall_rules.py +++ b/plugins/modules/vyos_firewall_rules.py @@ -37,8 +37,9 @@ ANSIBLE_METADATA = {  }  DOCUMENTATION = """module: vyos_firewall_rules -short_description: This configures and manages attributes of firewall_rules resorce module  +short_description: Firewall rules resource module  description: This module manages firewall rule-set attributes on VyOS devices +version_added: "1.0.0"  notes:  - Tested against VyOS 1.1.8 (helium).  - This module works with connection C(network_cli). See L(the VyOS OS Platform Options,../network/user_guide/platform_vyos.html). @@ -397,13 +398,12 @@ options:                      type: str    running_config:      description: -    - The module, by default, will connect to the remote device and retrieve the current -      running-config to use as a base for comparing against the contents of source. -      There are times when it is not desirable to have the task get the current running-config -      for every task in a playbook.  The I(running_config) argument allows the implementer -      to pass in the configuration to use as the base config for comparison. This -      value of this option should be the output received from device by executing -      command C(show configuration commands | grep 'firewall' +      - This option is used only with state I(parsed). +      - The value of this option should be the output received from the VyOS device by executing +        the command B(show configuration commands | grep firewall). +      - The state I(parsed) reads the configuration from C(running_config) option and transforms +        it into Ansible structured data as per the resource module's argspec and the value is then +        returned in the I(parsed) key within the result.      type: str    state:      description: @@ -437,7 +437,7 @@ EXAMPLES = """  # set firewall name Downlink rule 502 ipsec 'match-ipsec'  #  - name: Delete attributes of given firewall rules. -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:        - afi: ipv4          rule_sets: @@ -514,7 +514,7 @@ EXAMPLES = """  #  - name: Delete attributes of given firewall rules. -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:        - afi: ipv4      state: deleted @@ -611,7 +611,7 @@ EXAMPLES = """  # set firewall name Downlink rule 502 ipsec 'match-ipsec'  #  - name: Delete attributes of given firewall rules. -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:      state: deleted  # @@ -666,7 +666,7 @@ EXAMPLES = """  # set firewall group address-group 'inbound'  #  - name: Merge the provided configuration with the exisiting running configuration -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:        - afi: 'ipv6'          rule_sets: @@ -885,7 +885,7 @@ EXAMPLES = """  # set firewall name INBOUND rule 103 state related 'enable'  #  - name: Replace device configurations of listed firewall rules with provided configurations -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:        - afi: 'ipv6'          rule_sets: @@ -1067,7 +1067,7 @@ EXAMPLES = """  # set firewall name INBOUND rule 104 ipsec 'match-none'  #  - name: Overrides all device configuration with provided configuration -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:        - afi: 'ipv4'          rule_sets: @@ -1218,7 +1218,7 @@ EXAMPLES = """  # set firewall name INBOUND rule 103 state related 'enable'  #  - name: Gather listed firewall rules with provided configurations -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:      state: gathered  # @@ -1333,7 +1333,7 @@ EXAMPLES = """  #  #  - name: Render the commands for provided  configuration -  vyos_firewall_rules: +  vyos.vyos.vyos_firewall_rules:      config:        - afi: 'ipv6'          rule_sets: @@ -1403,8 +1403,8 @@ EXAMPLES = """  # Using parsed  #  # -- name: Render the commands for provided  configuration -  vyos_firewall_rules: +- name: Parsed the provided input commands. +  vyos.vyos.vyos_firewall_rules:      running_config:        "set firewall group address-group 'inbound'   set firewall name Downlink default-action 'accept' diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml index cdc8e51c..59c81aad 100644 --- a/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml @@ -9,9 +9,9 @@  - block: -    - name: Merge the provided configuration with the exisiting running configuration +    - name: Gather the provided configuration with the exisiting running configuration        register: result -      vyos.vyos.vyos_firewall_rules: &id001 +      vyos.vyos.vyos_firewall_rules:          config:          state: gathered @@ -21,14 +21,6 @@            - "{{ populate | symmetric_difference(result['gathered']) |length == 0\              \ }}" -    - name: Gather the existing running configuration (IDEMPOTENT) -      register: result -      vyos.vyos.vyos_firewall_rules: *id001 - -    - name: Assert that the previous task was idempotent -      assert: -        that: -          - result['changed'] == false    always:      - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml index a793ac58..bc955249 100644 --- a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml @@ -3,39 +3,14 @@      msg: START vyos_firewall_rules parsed integration tests on connection={{ ansible_connection        }} -- include_tasks: _remove_config.yaml - -- include_tasks: _populate.yaml - -- block: - -    - name: Gather firewall_rules facts -      register: firewall_rules_facts -      vyos.vyos.vyos_facts: -        gather_subset: -          - default -        gather_network_resources: -          - firewall_rules - -    - name: Provide the running configuration for parsing (config to be parsed) -      register: result -      vyos.vyos.vyos_firewall_rules: &id001 -        running_config: "{{ lookup('file', '_parsed_config.cfg') }}" -        state: parsed - -    - name: Assert that correct parsing done -      assert: -        that: "{{ ansible_facts['network_resources']['firewall_rules'] | symmetric_difference(result['parsed'])\ -          \ |length == 0 }}" - -    - name: Gather the existing running configuration (IDEMPOTENT) -      register: result -      vyos.vyos.vyos_firewall_rules: *id001 - -    - name: Assert that the previous task was idempotent -      assert: -        that: -          - result['changed'] == false -  always: - -    - include_tasks: _remove_config.yaml +- name: Parse externally provided Firewall rules config to agnostic model +  register: result +  vyos.vyos.vyos_firewall_rules: +    running_config: "{{ lookup('file', '_parsed_config.cfg') }}" +    state: parsed + +- name: Assert that config was correctly parsed +  assert: +    that: +      - "{{ parsed['after'] | symmetric_difference(result['parsed']) |length ==\ +        \ 0 }}" diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml index f000998e..6670fd7b 100644 --- a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml @@ -5,13 +5,11 @@  - include_tasks: _remove_config.yaml -- include_tasks: _populate.yaml -  - block:      - name: Structure provided configuration into device specific commands        register: result -      vyos.vyos.vyos_firewall_rules: &id001 +      vyos.vyos.vyos_firewall_rules:          config:            - afi: ipv6 @@ -60,14 +58,5 @@            - "{{ rendered['commands'] | symmetric_difference(result['rendered'])\              \ |length == 0 }}" -    - name: Structure provided configuration into device specific commands (IDEMPOTENT) -      register: result -      vyos.vyos.vyos_firewall_rules: *id001 - -    - name: Assert that the previous task was idempotent -      assert: -        that: -          - result['changed'] == false -  always: - -    - include_tasks: _remove_config.yaml +- debug: +    msg: END vyos_firewall_rules rendered integration tests on connection={{ ansible_connection }} diff --git a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml index adfc48af..88323bae 100644 --- a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml @@ -196,6 +196,49 @@ overridden:                action: reject                description: Rule 502 is configured by Ansible                ipsec: match-ipsec +parsed: +  after: +    - afi: ipv6 +      rule_sets: +        - name: UPLINK +          description: This is ipv6 specific rule-set +          default_action: accept +          rules: +            - number: 1 +              action: accept +              description: Fwipv6-Rule 1 is configured by Ansible +              ipsec: match-ipsec +            - number: 2 +              action: accept +              description: Fwipv6-Rule 2 is configured by Ansible +              ipsec: match-ipsec +    - afi: ipv4 +      rule_sets: +        - name: INBOUND +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 101 +              action: accept +              description: Rule 101 is configured by Ansible +              ipsec: match-ipsec +            - number: 102 +              action: reject +              description: Rule 102 is configured by Ansible +              ipsec: match-ipsec +            - number: 103 +              action: accept +              description: Rule 103 is configured by Ansible +              destination: +                group: +                  address_group: inbound +              source: +                address: 192.0.2.0 +              state: +                established: true +                new: false +                invalid: false +                related: true  rendered:    commands:      - set firewall ipv6-name UPLINK default-action 'accept' | 
