IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent (#187)

IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent SUMMARY fix issue: #170 ISSUE TYPE Bugfix Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: GomathiselviS <None> Reviewed-by: None <None>
author: YVarshitha <63169351+YVarshitha@users.noreply.github.com> 2021-08-27 11:00:33 -0400
committer: GitHub <noreply@github.com> 2021-08-27 15:00:33 +0000
commit: 93aaf8615a0535dfe8cbd3b68dd82a1051a31411 (patch)
tree: 034f55b7b3f81eca21ab65b63c3013a489342fc6
parent: 66c9b207fc95406b237c3b808466fc2c324a6731 (diff)
download: vyos.vyos-93aaf8615a0535dfe8cbd3b68dd82a1051a31411.tar.gz
vyos.vyos-93aaf8615a0535dfe8cbd3b68dd82a1051a31411.zip
4 files changed, 42 insertions, 0 deletions
diff --git a/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml b/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml
new file mode 100644
index 0000000..aed026c
--- /dev/null
+++ b/changelogs/fragments/fix_issue170_vyos_firewall_rules.yaml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+  - fix issue in firewall rules facts code when IPV6 ICMP type name in vyos.vyos.vyos_firewall_rules is not idempotent
diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
index 4424292..63a159e 100644
--- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
@@ -13,6 +13,7 @@ from __future__ import absolute_import, division, print_function
 
 __metaclass__ = type
 
+import re
 from re import findall, search, M
 from copy import deepcopy
 from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import (
@@ -167,6 +168,7 @@ class Firewall_rulesFacts(object):
             "fragment",
             "disabled",
             "description",
+            "icmp",
         ]
         rule = self.parse_attr(conf, a_lst)
         r_sub = {
@@ -282,6 +284,9 @@ class Firewall_rulesFacts(object):
         :return: generated config dictionary.
         """
         a_lst = ["code", "type", "type_name"]
+        if attrib == "icmp":
+            attrib = "icmpv6"
+        conf = re.sub("icmpv6 type", "icmpv6 type-name", conf)
         cfg_dict = self.parse_attr(conf, a_lst, match=attrib)
         return cfg_dict
 
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
index f65b386..8726301 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
@@ -11,3 +11,5 @@ set firewall name V4-INGRESS rule 101 action 'accept'
 set firewall name V4-INGRESS rule 101 ipsec 'match-ipsec'
 set firewall name V4-EGRESS default-action 'reject'
 set firewall ipv6-name V6-EGRESS default-action 'reject'
+set firewall ipv6-name V6-EGRESS rule 20
+set firewall ipv6-name V6-EGRESS rule 20 icmpv6 type 'echo-request'
+\ No newline at end of file
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
index 682b2da..520446e 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
@@ -416,6 +416,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                                         ipsec="match-ipsec",
                                         protocol="icmp",
                                         disabled=True,
+                                        icmp=dict(type_name="echo-request"),
                                     )
                                 ],
                             ),
@@ -435,6 +436,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
             "set firewall ipv6-name INBOUND rule 101 disabled",
             "set firewall ipv6-name INBOUND rule 101 action 'accept'",
             "set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'",
+            "set firewall ipv6-name INBOUND rule 101 icmpv6 type echo-request",
         ]
         self.execute_module(changed=True, commands=commands)
 
@@ -771,6 +773,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                                 name="V6-EGRESS",
                                 default_action="reject",
                                 description="This rule-set is configured by Ansible RM",
+                                rules=[
+                                    dict(
+                                        icmp=dict(type_name="echo-request"),
+                                        number=20,
+                                    )
+                                ],
                             ),
                         ],
                     ),
@@ -831,6 +839,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                             dict(
                                 name="V6-EGRESS",
                                 default_action="reject",
+                                rules=[
+                                    dict(
+                                        icmp=dict(type_name="echo-request"),
+                                        number=20,
+                                    )
+                                ],
                             ),
                         ],
                     ),
@@ -884,6 +898,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                             dict(
                                 name="V6-EGRESS",
                                 default_action="reject",
+                                rules=[
+                                    dict(
+                                        icmp=dict(type_name="echo-request"),
+                                        number=20,
+                                    )
+                                ],
                             ),
                         ],
                     ),
@@ -933,6 +953,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                             dict(
                                 name="V6-EGRESS",
                                 default_action="reject",
+                                rules=[
+                                    dict(
+                                        icmp=dict(type_name="echo-request"),
+                                        number=20,
+                                    )
+                                ],
                             ),
                         ],
                     ),
@@ -1070,6 +1096,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                             dict(
                                 name="V6-EGRESS",
                                 default_action="reject",
+                                rules=[
+                                    dict(
+                                        icmp=dict(type_name="echo-request"),
+                                        number=20,
+                                    )
+                                ],
                             ),
                         ],
                     ),
author	YVarshitha <63169351+YVarshitha@users.noreply.github.com>	2021-08-27 11:00:33 -0400
committer	GitHub <noreply@github.com>	2021-08-27 15:00:33 +0000
commit	93aaf8615a0535dfe8cbd3b68dd82a1051a31411 (patch)
tree	034f55b7b3f81eca21ab65b63c3013a489342fc6
parent	66c9b207fc95406b237c3b808466fc2c324a6731 (diff)
download	vyos.vyos-93aaf8615a0535dfe8cbd3b68dd82a1051a31411.tar.gz vyos.vyos-93aaf8615a0535dfe8cbd3b68dd82a1051a31411.zip