diff options
| author | GomathiselviS <gomathiselvi@gmail.com> | 2022-03-01 11:01:04 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-03-01 16:01:04 +0000 |
| commit | 2299c492ca285f227cdb2043c9602e58ba55bf72 (patch) | |
| tree | 35bde410f5940aea7337d34808c844e240278ec8 | |
| parent | b28632c3e581371f3b0d670d376ab409a4b8fa0e (diff) | |
| download | vyos.vyos-2299c492ca285f227cdb2043c9602e58ba55bf72.tar.gz vyos.vyos-2299c492ca285f227cdb2043c9602e58ba55bf72.zip | |
Change parameter 'disabled' to 'disable' in test_vyos_firewall_rules.py (#240)
Change parameter 'disabled' to 'disable' in test_vyos_firewall_rules.py
SUMMARY
Fixes #239
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: Sagar Paul <sagpaul@redhat.com>
Reviewed-by: GomathiselviS <None>
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: None <None>
10 files changed, 65 insertions, 16 deletions
diff --git a/changelogs/fragments/vyos_firewall_rules_fix_rules_disable.yaml b/changelogs/fragments/vyos_firewall_rules_fix_rules_disable.yaml new file mode 100644 index 0000000..612ba5c --- /dev/null +++ b/changelogs/fragments/vyos_firewall_rules_fix_rules_disable.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - vyos_firewall_rules - fixed incorrect option 'disabled' passed to the rules. diff --git a/docs/vyos.vyos.vyos_firewall_rules_module.rst b/docs/vyos.vyos.vyos_firewall_rules_module.rst index 7a7428d..05c74f5 100644 --- a/docs/vyos.vyos.vyos_firewall_rules_module.rst +++ b/docs/vyos.vyos.vyos_firewall_rules_module.rst @@ -375,7 +375,7 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> - <b>disabled</b> + <b>disable</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> <span style="color: purple">boolean</span> @@ -389,6 +389,7 @@ Parameters </td> <td> <div>Option to disable firewall rule.</div> + <div style="font-size: small; color: darkgreen"><br/>aliases: disabled</div> </td> </tr> <tr> @@ -659,6 +660,28 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>log</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>disable</li> + <li>enable</li> + </ul> + </td> + <td> + <div>Option to log packets matching rule</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>number</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> diff --git a/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py index 22dc8f7..61d9a55 100644 --- a/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/argspec/firewall_rules/firewall_rules.py @@ -87,7 +87,10 @@ class Firewall_rulesArgs(object): # pylint: disable=R0903 }, "type": "dict", }, - "disabled": {"type": "bool"}, + "disable": { + "type": "bool", + "aliases": ["disabled"], + }, "fragment": { "choices": [ "match-frag", diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py index 22973bd..2920878 100644 --- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py @@ -358,7 +358,7 @@ class Firewall_rules(ConfigBase): "number", "protocol", "fragment", - "disabled", + "disable", "description", "log", ) @@ -375,7 +375,7 @@ class Firewall_rules(ConfigBase): and key in l_set and not (h and self._is_w_same(w, h, key)) ): - if key == "disabled": + if key == "disable": if not ( not val and (not h or key not in h or not h[key]) @@ -398,7 +398,7 @@ class Firewall_rules(ConfigBase): ) continue if ( - key == "disabled" + key == "disable" and val and h and (key not in h or not h[key]) @@ -924,7 +924,7 @@ class Firewall_rules(ConfigBase): value and opr and attrib != "enable_default_log" - and attrib != "disabled" + and attrib != "disable" ): cmd += " '" + str(value) + "'" return cmd @@ -1033,7 +1033,7 @@ class Firewall_rules(ConfigBase): "action", "fragment", "protocol", - "disabled", + "disable", "description", "mac_address", "default_action", diff --git a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py index f1c080f..cb1d4bb 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/facts/firewall_rules/firewall_rules.py @@ -168,7 +168,7 @@ class Firewall_rulesFacts(object): "action", "protocol", "fragment", - "disabled", + "disable", "description", "icmp", ] @@ -341,10 +341,14 @@ class Firewall_rulesFacts(object): config[attrib] = True else: out = search(r"^.*" + regex + " (.+)", conf, M) + if not out and attrib == "disable": + out = search(r"^.*\d+" + " ('disable'$)", conf, M) if out: val = out.group(1).strip("'") if self.is_num(attrib): val = int(val) + if attrib == "disable": + val = True config[attrib] = val return config diff --git a/plugins/modules/vyos_firewall_rules.py b/plugins/modules/vyos_firewall_rules.py index 6df6892..aaef8a1 100644 --- a/plugins/modules/vyos_firewall_rules.py +++ b/plugins/modules/vyos_firewall_rules.py @@ -144,10 +144,11 @@ options: - The whole list can also be "negated" using '!'. - For example:'!22,telnet,http,123,1001-1005'. type: str - disabled: + disable: description: - Option to disable firewall rule. type: bool + aliases: ["disabled"] fragment: description: - IP fragment match. diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml index d8b7d17..48fdff7 100644 --- a/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml @@ -39,11 +39,13 @@ action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec + disabled: true - number: 102 action: reject description: Rule 102 is configured by Ansible ipsec: match-ipsec + disable: true - number: 103 action: accept @@ -60,6 +62,9 @@ related: true state: merged + - vyos.vyos.vyos_facts: + gather_network_resources: firewall_rules + - name: Assert that before dicts were correctly generated assert: that: @@ -72,6 +77,12 @@ - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\ \ == 0 }}" + - name: Assert that fact was correctly generated + assert: + that: + - "{{ merged['after'] | symmetric_difference(ansible_facts['network_resources']['firewall_rules']) |length\ + \ == 0 }}" + - name: Assert that after dicts was correctly generated assert: that: diff --git a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml index 88323ba..3bd1512 100644 --- a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml @@ -17,10 +17,12 @@ merged: - set firewall name INBOUND default-action 'accept' - set firewall name INBOUND description 'IPv4 INBOUND rule set' - set firewall name INBOUND rule 101 action 'accept' + - set firewall name INBOUND rule 101 disable - set firewall name INBOUND rule 101 - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - set firewall name INBOUND rule 101 ipsec 'match-ipsec' - set firewall name INBOUND rule 102 action 'reject' + - set firewall name INBOUND rule 102 disable - set firewall name INBOUND rule 102 - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' - set firewall name INBOUND rule 102 ipsec 'match-ipsec' @@ -58,8 +60,10 @@ merged: action: accept description: Rule 101 is configured by Ansible ipsec: match-ipsec + disable: true - number: 102 action: reject + disable: true description: Rule 102 is configured by Ansible ipsec: match-ipsec - number: 103 diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg index 32d4294..a3aec78 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg @@ -6,7 +6,7 @@ set firewall name V4-INGRESS rule 101 protocol 'icmp' set firewall name V4-INGRESS rule 101 description 'Rule 101 is configured by Ansible' set firewall name V4-INGRESS rule 101 fragment 'match-frag' set firewall name V4-INGRESS rule 101 -set firewall name V4-INGRESS rule 101 disabled +set firewall name V4-INGRESS rule 101 'disable' set firewall name V4-INGRESS rule 101 action 'accept' set firewall name V4-INGRESS rule 101 ipsec 'match-ipsec' set firewall name EGRESS default-action 'reject' diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py index 4be8ec9..4e1f344 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py @@ -221,7 +221,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): log="disable", protocol="icmp", fragment="match-frag", - disabled=True, + disable=True, ) ], ), @@ -239,7 +239,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): "set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", "set firewall name INBOUND rule 101 fragment 'match-frag'", "set firewall name INBOUND rule 101", - "set firewall name INBOUND rule 101 disabled", + "set firewall name INBOUND rule 101 disable", "set firewall name INBOUND rule 101 action 'accept'", "set firewall name INBOUND rule 101 ipsec 'match-ipsec'", "set firewall name INBOUND rule 101 log 'disable'", @@ -435,7 +435,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): "set firewall ipv6-name INBOUND rule 101 protocol 'icmp'", "set firewall ipv6-name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", "set firewall ipv6-name INBOUND rule 101", - "set firewall ipv6-name INBOUND rule 101 disabled", + "set firewall ipv6-name INBOUND rule 101 disable", "set firewall ipv6-name INBOUND rule 101 action 'accept'", "set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'", "set firewall ipv6-name INBOUND rule 101 icmpv6 type echo-request", @@ -789,12 +789,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): ) ) commands = [ - "delete firewall name V4-INGRESS rule 101 disabled", + "delete firewall name V4-INGRESS rule 101 disable", "set firewall name V4-INGRESS description 'This is IPv4 INGRESS rule set'", "set firewall name V4-INGRESS rule 101 protocol 'tcp'", "set firewall name V4-INGRESS rule 101 description 'Rule 101 is configured by Ansible RM'", "set firewall name V4-INGRESS rule 101 action 'reject'", - "set firewall name V4-INGRESS rule 102 disabled", + "set firewall name V4-INGRESS rule 102 disable", "set firewall name V4-INGRESS rule 102 action 'accept'", "set firewall name V4-INGRESS rule 102 protocol 'icmp'", "set firewall name V4-INGRESS rule 102 description 'Rule 102 is configured by Ansible RM'", @@ -1078,7 +1078,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): "set firewall name V4-IN rule 1", "set firewall name V4-IN rule 1 action 'reject'", "set firewall name V4-IN rule 1 ipsec 'match-ipsec'", - "set firewall name V4-IN rule 2 disabled", + "set firewall name V4-IN rule 2 disable", "set firewall name V4-IN rule 2 action 'accept'", "set firewall name V4-IN rule 2 protocol 'icmp'", "set firewall name V4-IN rule 2 description 'Rule 102 is configured by Ansible RM'", |