diff options
| author | Gaige B Paulsen <gaige@cluetrust.net> | 2024-11-18 07:33:49 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-11-18 12:33:49 +0000 |
| commit | 37ba454f746ab6c4b05fef520ced523e2ad032cb (patch) | |
| tree | b254416c0b5320fd091355e8c637d156b9443c35 | |
| parent | 081729eb8c9d6084916937a3095a6c0b2ba97144 (diff) | |
| download | vyos.vyos-37ba454f746ab6c4b05fef520ced523e2ad032cb.tar.gz vyos.vyos-37ba454f746ab6c4b05fef520ced523e2ad032cb.zip | |
T6882: fix: firewall global-options (#359)
* T6882: fix: firewall global-options
Updated a couple of RST files due to pre-commit
* T6882: chore: update changelog
* T6882: chore: update changelog
* T6882: test: update tests to cover change
9 files changed, 546 insertions, 27 deletions
diff --git a/changelogs/fragments/cliconf.yml b/changelogs/fragments/cliconf.yml index 53c26ada..1eb0880d 100644 --- a/changelogs/fragments/cliconf.yml +++ b/changelogs/fragments/cliconf.yml @@ -1,4 +1,3 @@ --- - minor_changes: - added `network_os_major_version` to facts diff --git a/changelogs/fragments/firewall_global_parsing.yml b/changelogs/fragments/firewall_global_parsing.yml new file mode 100644 index 00000000..cec6cfc9 --- /dev/null +++ b/changelogs/fragments/firewall_global_parsing.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Fixed parsing of global-options (1.4+) diff --git a/docs/vyos.vyos.vyos_firewall_global_module.rst b/docs/vyos.vyos.vyos_firewall_global_module.rst index a77ce80f..8c234afb 100644 --- a/docs/vyos.vyos.vyos_firewall_global_module.rst +++ b/docs/vyos.vyos.vyos_firewall_global_module.rst @@ -705,6 +705,33 @@ Parameters <div>Enable logging of packets part of an established connection.</div> </td> </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>log_level</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>emerg</li> + <li>alert</li> + <li>crit</li> + <li>err</li> + <li>warn</li> + <li>notice</li> + <li>info</li> + <li>debug</li> + </ul> + </td> + <td> + <div>Only available in 1.4+</div> + </td> + </tr> <tr> <td class="elbow-placeholder"></td> @@ -852,7 +879,6 @@ Examples - connection_type: established action: accept log: true - log_level: emer - connection_type: invalid action: reject route_redirects: @@ -898,7 +924,6 @@ Examples # "set firewall config-trap 'enable'", # "set firewall state-policy established action 'accept'", # "set firewall state-policy established log 'enable'", - # "set firewall state-policy established log-level 'emer'", # "set firewall state-policy invalid action 'reject'", # "set firewall broadcast-ping 'enable'", # "set firewall all-ping 'enable'", diff --git a/docs/vyos.vyos.vyos_firewall_rules_module.rst b/docs/vyos.vyos.vyos_firewall_rules_module.rst index b3d619be..ad363b4e 100644 --- a/docs/vyos.vyos.vyos_firewall_rules_module.rst +++ b/docs/vyos.vyos.vyos_firewall_rules_module.rst @@ -103,13 +103,33 @@ Parameters <li>drop</li> <li>reject</li> <li>accept</li> + <li>jump</li> </ul> </td> <td> <div>Default action for rule-set.</div> <div>drop (Drop if no prior rules are hit (default))</div> <div>reject (Drop and notify source if no prior rules are hit)</div> - <div>accept (Accept if no prior rules are hit)</div> + <div>accept (Accept if no prior rules are hit) - jump (Jump to another rule-set, 1.4+)</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>default_jump_target</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Default jump target if the default action is jump.</div> + <div>Only valid in 1.4 and later.</div> + <div>Only valid when default_action = jump.</div> </td> </tr> <tr> @@ -155,6 +175,29 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="4"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>filter</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>input</li> + <li>output</li> + <li>forward</li> + </ul> + </td> + <td> + <div>Filter type (exclusive to "name").</div> + <div>Supported in 1.4 and later.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>name</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -165,6 +208,7 @@ Parameters </td> <td> <div>Firewall rule set name.</div> + <div>Required for 1.3- and optional for 1.4+.</div> </td> </tr> <tr> @@ -203,10 +247,17 @@ Parameters <li>reject</li> <li>accept</li> <li>inspect</li> + <li>continue</li> + <li>return</li> + <li>jump</li> + <li>queue</li> + <li>synproxy</li> </ul> </td> <td> <div>Specifying the action.</div> + <div>inspect is available < 1.4</div> + <div>continue, return, jump, queue, synproxy are available >= 1.4</div> </td> </tr> <tr> @@ -389,6 +440,7 @@ Parameters </td> <td> <div>Option to disable firewall rule.</div> + <div>aliased to disabled</div> <div style="font-size: small; color: darkgreen"><br/>aliases: disabled</div> </td> </tr> @@ -538,6 +590,65 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>inbound_interface</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Inbound interface.</div> + <div>Only valid in 1.4 and later.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>group</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Interface group.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Interface name.</div> + <div>Can have wildcards</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>ipsec</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -546,10 +657,8 @@ Parameters </td> <td> <ul style="margin: 0; padding: 0"><b>Choices:</b> - <br><i>VyOS 1.4 & older:</i><br> <li>match-ipsec</li> <li>match-none</li> - <br><i>VyOS 1.5+ :</i><br> <li>match-ipsec-in</li> <li>match-ipsec-out</li> <li>match-none-in</li> @@ -566,6 +675,26 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>jump_target</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Jump target if the action is jump.</div> + <div>Only valid in 1.4 and later.</div> + <div>Only valid when action = jump.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>limit</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -679,7 +808,7 @@ Parameters </ul> </td> <td> - <div>Option to log packets matching rule</div> + <div>Log matching packets.</div> </td> </tr> <tr> @@ -707,6 +836,65 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>outbound_interface</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Match outbound interface.</div> + <div>Only valid in 1.4 and later.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>group</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Interface group.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Interface name.</div> + <div>Can have wildcards</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>p2p</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -755,6 +943,112 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>packet_length</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Packet length match.</div> + <div>Only valid in 1.4 and later.</div> + <div>Multiple values from 1 to 65535 and ranges are supported</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>length</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Packet length or range.</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>packet_length_exclude</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Packet length match.</div> + <div>Only valid in 1.4 and later.</div> + <div>Multiple values from 1 to 65535 and ranges are supported</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>length</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Packet length or range.</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>packet_type</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>broadcast</li> + <li>multicast</li> + <li>host</li> + <li>other</li> + </ul> + </td> + <td> + <div>Packet type match.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>protocol</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -778,6 +1072,51 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>queue</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Queue options.</div> + <div>Only valid in 1.4 and later.</div> + <div>Only valid when action = queue.</div> + <div>Can be a queue number or range.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>queue_options</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>bypass</li> + <li>fanout</li> + </ul> + </td> + <td> + <div>Queue options.</div> + <div>Only valid in 1.4 and later.</div> + <div>Only valid when action = queue.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>recent</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -819,13 +1158,14 @@ Parameters <b>time</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> - <span style="color: purple">integer</span> + <span style="color: purple">string</span> </div> </td> <td> </td> <td> <div>Source addresses seen in the last N seconds.</div> + <div>Since 1.4, this is a string of second/minute/hour</div> </td> </tr> @@ -876,6 +1216,26 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="2"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>fqdn</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>Fully qualified domain name.</div> + <div>Available in 1.4 and later.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>group</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -1108,6 +1468,65 @@ Parameters <td class="elbow-placeholder"></td> <td colspan="3"> <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>synproxy</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>SYN proxy options.</div> + <div>Only valid in 1.4 and later.</div> + <div>Only valid when action = synproxy.</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>mss</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Adjust MSS (501-65535)</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>window_scale</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Window scale (1-14).</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> <b>tcp</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> @@ -1130,16 +1549,76 @@ Parameters <b>flags</b> <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>list of tcp flags to be matched</div> + <div>5.0 breaking change to support 1.4+ and 1.3-</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>flag</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> <span style="color: purple">string</span> </div> </td> <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>ack</li> + <li>cwr</li> + <li>ecn</li> + <li>fin</li> + <li>psh</li> + <li>rst</li> + <li>syn</li> + <li>urg</li> + <li>all</li> + </ul> </td> <td> - <div>TCP flags to be matched.</div> + <div>TCP flag to be matched.</div> + <div>syn, ack, fin, rst, urg, psh, all (1.3-)</div> + <div>syn, ack, fin, rst, urg, psh, cwr, ecn (1.4+)</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>invert</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">boolean</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>no</li> + <li>yes</li> + </ul> + </td> + <td> + <div>Invert the match.</div> </td> </tr> + <tr> <td class="elbow-placeholder"></td> <td class="elbow-placeholder"></td> @@ -2408,7 +2887,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <b>after</b> <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> <div style="font-size: small"> - <span style="color: purple">list</span> + <span style="color: purple">dictionary</span> </div> </td> <td>when changed</td> @@ -2426,7 +2905,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <b>before</b> <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> <div style="font-size: small"> - <span style="color: purple">list</span> + <span style="color: purple">dictionary</span> </div> </td> <td>always</td> diff --git a/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py index 3f4da3ea..97386e99 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py @@ -111,7 +111,7 @@ class Firewall_globalFacts(object): rr_lst = [] v6_attr = findall( - r"^set firewall (?:ipv6-src-route|ipv6-receive-redirects) (\S+)", + r"^set firewall (?:global-options )(?:ipv6-src-route|ipv6-receive-redirects) (\S+)", conf, M, ) @@ -121,7 +121,7 @@ class Firewall_globalFacts(object): rr_lst.append(obj) v4_attr = findall( - r"^set firewall (?:ip-src-route|receive-redirects|send-redirects) (\S+)", + r"^set firewall (?:global-options )(?:ip-src-route|receive-redirects|send-redirects) (\S+)", conf, M, ) diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg index 16b7a142..f54a03dc 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg @@ -11,3 +11,5 @@ set firewall group ipv6-network-group UNIQUE-LOCAL-v6 network fc00::/7 set firewall group ipv6-network-group UNIQUE-LOCAL-v6 description 'This group encompasses the ULA address space in IPv6' set firewall group port-group SSH port 22 set firewall group port-group SSH description 'This group has the ssh ports' +set firewall ipv6-src-route 'enable' +set firewall send-redirects 'enable' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg index 7b281de6..0a1247dd 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg @@ -14,3 +14,5 @@ set firewall group port-group SSH description 'This group has the ssh ports' set firewall global-options all-ping enable set firewall global-options state-policy related action 'accept' set firewall global-options state-policy related log-level 'alert' +set firewall global-options ipv6-src-route 'enable' +set firewall global-options send-redirects 'enable' diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py index 0cc611c4..752bb0d6 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py @@ -29,11 +29,11 @@ from ansible_collections.vyos.vyos.tests.unit.modules.utils import set_module_ar from .vyos_module import TestVyosModule, load_fixture -class TestVyosFirewallRulesModule(TestVyosModule): +class TestVyosFirewallGlobalModule(TestVyosModule): module = vyos_firewall_global def setUp(self): - super(TestVyosFirewallRulesModule, self).setUp() + super(TestVyosFirewallGlobalModule, self).setUp() self.mock_get_config = patch( "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.network.Config.get_config", ) @@ -59,15 +59,16 @@ class TestVyosFirewallRulesModule(TestVyosModule): ) self.mock_get_os_version = patch( - "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_global.firewall_global.get_os_version" + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_global.firewall_global.get_os_version", ) self.get_os_version = self.mock_get_os_version.start() self.get_os_version.return_value = "1.2" self.execute_show_command = self.mock_execute_show_command.start() + self.maxDiff = None def tearDown(self): - super(TestVyosFirewallRulesModule, self).tearDown() + super(TestVyosFirewallGlobalModule, self).tearDown() self.mock_get_resource_connection_config.stop() self.mock_get_resource_connection_facts.stop() self.mock_get_config.stop() @@ -101,6 +102,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): dict(connection_type="invalid", action="reject"), ], route_redirects=[ + dict(ip_src_route=True, afi="ipv6"), dict( afi="ipv4", ip_src_route=True, @@ -177,6 +179,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): "set firewall group port-group TELNET description 'This group has the telnet ports'", "set firewall group port-group TELNET", "set firewall ip-src-route 'enable'", + "set firewall ipv6-src-route 'enable'", "set firewall receive-redirects 'disable'", "set firewall send-redirects 'enable'", "set firewall config-trap 'enable'", @@ -369,7 +372,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): commands = ["delete firewall"] self.execute_module(changed=True, commands=commands) - def test_vyos_firewall_global_set_01_replaced_version(self): + def test_vyos_firewall_global_set_01_merged_version14(self): self.get_os_version.return_value = "1.4" set_module_args( dict( @@ -398,7 +401,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): afi="ipv6", ip_src_route=True, icmp_redirects=dict(receive=False), - ) + ), ], group=dict( address_group=[ @@ -443,12 +446,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): name="TELNET", description="This group has the telnet ports", members=[dict(port="23")], - ) + ), ], ), ), state="merged", - ) + ), ) commands = [ "set firewall group address-group MGMT-HOSTS address 192.0.1.1", diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py index c594a1fe..a25da293 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py @@ -59,7 +59,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): ) self.mock_get_os_version = patch( - "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_global.firewall_global.get_os_version" + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_global.firewall_global.get_os_version", ) self.get_os_version = self.mock_get_os_version.start() self.get_os_version.return_value = "1.4" @@ -111,7 +111,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): afi="ipv6", ip_src_route=True, icmp_redirects=dict(receive=False), - ) + ), ], group=dict( address_group=[ @@ -156,12 +156,12 @@ class TestVyosFirewallRulesModule14(TestVyosModule): name="TELNET", description="This group has the telnet ports", members=[dict(port="23")], - ) + ), ], ), ), state="merged", - ) + ), ) commands = [ "set firewall group address-group MGMT-HOSTS address 192.0.1.1", @@ -184,9 +184,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "set firewall group port-group TELNET", "set firewall global-options ip-src-route 'enable'", "set firewall global-options receive-redirects 'disable'", - "set firewall global-options send-redirects 'enable'", "set firewall global-options config-trap 'enable'", - "set firewall global-options ipv6-src-route 'enable'", "set firewall global-options ipv6-receive-redirects 'disable'", "set firewall global-options state-policy established action 'accept'", "set firewall global-options state-policy established log 'enable'", @@ -314,6 +312,8 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall group address-group RND-HOSTS address 192.0.2.5", "delete firewall global-options all-ping", "delete firewall global-options state-policy related", + "delete firewall global-options ipv6-src-route", + "delete firewall global-options send-redirects", "set firewall global-options state-policy invalid action 'reject'", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", @@ -329,6 +329,10 @@ class TestVyosFirewallRulesModule14(TestVyosModule): dict( config=dict( ping=dict(all=True), + route_redirects=[ + dict(ip_src_route=True, afi="ipv6"), + dict(icmp_redirects=dict(send=True), afi="ipv4"), + ], state_policy=[ dict(connection_type="related", action="accept", log_level="alert"), ], @@ -442,6 +446,8 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", "delete firewall global-options all-ping", + "delete firewall global-options ipv6-src-route", + "delete firewall global-options send-redirects", "set firewall global-options state-policy related action 'drop'", "delete firewall global-options state-policy related log-level", "set firewall global-options state-policy invalid action 'reject'", |