vyos_firewall_rules: Add support for log enable on individual rules (#238)

vyos_firewall_rules: Add support for log enable on individual rules

SUMMARY


ISSUE TYPE


Feature Pull Request

COMPONENT NAME

ADDITIONAL INFORMATION

Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: None <None>

6 files changed, 21 insertions, 0 deletions

diff --git a/changelogs/fragments/vyos_firewall_rules_add_log.yaml b/changelogs/fragments/vyos_firewall_rules_add_log.yaml
new file mode 100644
index 0000000..0ffc76c
--- /dev/null
+++ b/changelogs/fragments/vyos_firewall_rules_add_log.yaml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - vyos_firewall_rules - Add support for log enable on individual rules
diff --git a/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py
index 2df7758..22dc8f7 100644
--- a/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py
@@ -164,6 +164,10 @@ class Firewall_rulesArgs(object):  # pylint: disable=R0903
                                     },
                                     "type": "dict",
                                 },
+                                "log": {
+                                    "type": "str",
+                                    "choices": ["enable", "disable"],
+                                },
                                 "number": {"required": True, "type": "int"},
                                 "p2p": {
                                     "elements": "dict",
diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
index 3c56626..1f1536c 100644
--- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
@@ -356,6 +356,7 @@ class Firewall_rules(ConfigBase):
             "fragment",
             "disabled",
             "description",
+            "log",
         )
         if w_rules:
             for w in w_rules:
@@ -1022,6 +1023,7 @@ class Firewall_rules(ConfigBase):
         r_set = (
             "p2p",
             "ipsec",
+            "log",
             "action",
             "fragment",
             "protocol",
diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
index 63a159e..8e29dbd 100644
--- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py
@@ -163,6 +163,7 @@ class Firewall_rulesFacts(object):
         """
         a_lst = [
             "ipsec",
+            "log",
             "action",
             "protocol",
             "fragment",
diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py
index b6ed81b..6df6892 100644
--- a/plugins/modules/vyos_firewall_rules.py
+++ b/plugins/modules/vyos_firewall_rules.py
@@ -220,6 +220,13 @@ options:
                 choices:
                 - match-ipsec
                 - match-none
+              log:
+                description:
+                - Option to log packets matching rule
+                type: str
+                choices:
+                - disable
+                - enable
               limit:
                 description:
                 - Rate limit using a token bucket filter.
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
index dd3dbce..f80157c 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
@@ -218,6 +218,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                                         action="accept",
                                         description="Rule 101 is configured by Ansible",
                                         ipsec="match-ipsec",
+                                        log="disable",
                                         protocol="icmp",
                                         fragment="match-frag",
                                         disabled=True,
@@ -241,6 +242,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
             "set firewall name INBOUND rule 101 disabled",
             "set firewall name INBOUND rule 101 action 'accept'",
             "set firewall name INBOUND rule 101 ipsec 'match-ipsec'",
+            "set firewall name INBOUND rule 101 log 'disable'",
         ]
         self.execute_module(changed=True, commands=commands)
 
@@ -1016,6 +1018,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
                                         action="reject",
                                         description="Rule 1 is configured by Ansible RM",
                                         ipsec="match-ipsec",
+                                        log="enable",
                                         protocol="tcp",
                                         fragment="match-frag",
                                         disabled=False,
@@ -1066,6 +1069,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
             "set firewall name V4-IN description 'This is IPv4 INGRESS rule set'",
             "set firewall name V4-IN enable-default-log",
             "set firewall name V4-IN rule 1 protocol 'tcp'",
+            "set firewall name V4-IN rule 1 log 'enable'",
             "set firewall name V4-IN rule 1 description 'Rule 1 is configured by Ansible RM'",
             "set firewall name V4-IN rule 1 fragment 'match-frag'",
             "set firewall name V4-IN rule 1 source group address-group IN-ADDR-GROUP",