Add support for icmpv6 type-name in firewall_rules (#258)

Add support for icmpv6 type-name in firewall_rules Signed-off-by: GomathiselviS gomathiselvi@gmail.com SUMMARY Fixes #257 ISSUE TYPE Feature Pull Request COMPONENT NAME ADDITIONAL INFORMATION Reviewed-by: Sagar Paul <sagpaul@redhat.com>
author: GomathiselviS <gomathiselvi@gmail.com> 2022-05-23 12:03:58 -0400
committer: GitHub <noreply@github.com> 2022-05-23 16:03:58 +0000
commit: ac9a0c2fd95edc93753b5f4c236991fb3634750a (patch)
tree: 5d21f11f6c17517dd8d74e78dd87d2843e5d2d02
parent: 5baf4a4495aebda69d1b2e74d2ff6700b1b70c83 (diff)
download: vyos.vyos-ac9a0c2fd95edc93753b5f4c236991fb3634750a.tar.gz
vyos.vyos-ac9a0c2fd95edc93753b5f4c236991fb3634750a.zip
3 files changed, 82 insertions, 1 deletions
diff --git a/changelogs/fragments/firewall_rule_cli_change_version_1.4.yaml b/changelogs/fragments/firewall_rule_cli_change_version_1.4.yaml
new file mode 100644
index 00000000..652c39de
--- /dev/null
+++ b/changelogs/fragments/firewall_rule_cli_change_version_1.4.yaml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - firewall_rules - icmpv6 type - add support for vyos sw >= 1.4.
diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
index 2920878c..ca47652f 100644
--- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
@@ -29,6 +29,7 @@ from ansible.module_utils.six import iteritems
 from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import (
     list_diff_want_only,
 )
+import re
 
 
 class Firewall_rules(ConfigBase):
@@ -575,10 +576,27 @@ class Firewall_rules(ConfigBase):
                     and not (h_icmp and self._is_w_same(w[attr], h_icmp, item))
                 ):
                     if item == "type_name":
+                        os_version = self._get_os_version()
+                        ver = re.search(
+                            "vyos ([\\d\\.]+)-?.*",  # noqa: W605
+                            os_version,
+                            re.IGNORECASE,
+                        )
+                        if ver.group(1) >= "1.4":
+                            param_name = "type-name"
+                        else:
+                            param_name = "type"
                         if "ipv6-name" in cmd:
                             commands.append(
                                 cmd
-                                + (" " + "icmpv6" + " " + "type" + " " + val)
+                                + (
+                                    " "
+                                    + "icmpv6"
+                                    + " "
+                                    + param_name
+                                    + " "
+                                    + val
+                                )
                             )
                         else:
                             commands.append(
@@ -1040,3 +1058,11 @@ class Firewall_rules(ConfigBase):
             "enable_default_log",
         )
         return True if key in r_set else False
+
+    def _get_os_version(self):
+        os_version = "1.2"
+        if self._connection:
+            os_version = self._connection.get_device_info()[
+                "network_os_version"
+            ]
+        return os_version
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
index 4e1f3440..80d0db56 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py
@@ -66,6 +66,12 @@ class TestVyosFirewallRulesModule(TestVyosModule):
         )
         self.execute_show_command = self.mock_execute_show_command.start()
 
+        self.mock_get_os_version = patch(
+            "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_rules.firewall_rules.Firewall_rules._get_os_version"
+        )
+        self.get_os_version = self.mock_get_os_version.start()
+        self.get_os_version.return_value = "Vyos 1.2"
+
     def tearDown(self):
         super(TestVyosFirewallRulesModule, self).tearDown()
         self.mock_get_resource_connection_config.stop()
@@ -73,6 +79,7 @@ class TestVyosFirewallRulesModule(TestVyosModule):
         self.mock_get_config.stop()
         self.mock_load_config.stop()
         self.mock_execute_show_command.stop()
+        self.mock_get_os_version.stop()
 
     def load_fixtures(self, commands=None):
         def load_from_file(*args, **kwargs):
@@ -1144,3 +1151,48 @@ class TestVyosFirewallRulesModule(TestVyosModule):
             )
         )
         self.execute_module(changed=False, commands=[])
+
+    def test_vyos_firewall_v6_rule_sets_rule_merged_01_version(self):
+        self.get_os_version.return_value = "VyOS 1.4-rolling-202007010117"
+        set_module_args(
+            dict(
+                config=[
+                    dict(
+                        afi="ipv6",
+                        rule_sets=[
+                            dict(
+                                name="INBOUND",
+                                description="This is IPv6 INBOUND rule set",
+                                default_action="accept",
+                                enable_default_log=True,
+                                rules=[
+                                    dict(
+                                        number="101",
+                                        action="accept",
+                                        description="Rule 101 is configured by Ansible",
+                                        ipsec="match-ipsec",
+                                        protocol="icmp",
+                                        disabled=True,
+                                        icmp=dict(type_name="echo-request"),
+                                    )
+                                ],
+                            ),
+                        ],
+                    )
+                ],
+                state="merged",
+            )
+        )
+        commands = [
+            "set firewall ipv6-name INBOUND default-action 'accept'",
+            "set firewall ipv6-name INBOUND description 'This is IPv6 INBOUND rule set'",
+            "set firewall ipv6-name INBOUND enable-default-log",
+            "set firewall ipv6-name INBOUND rule 101 protocol 'icmp'",
+            "set firewall ipv6-name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
+            "set firewall ipv6-name INBOUND rule 101",
+            "set firewall ipv6-name INBOUND rule 101 disable",
+            "set firewall ipv6-name INBOUND rule 101 action 'accept'",
+            "set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'",
+            "set firewall ipv6-name INBOUND rule 101 icmpv6 type-name echo-request",
+        ]
+        self.execute_module(changed=True, commands=commands)
author	GomathiselviS <gomathiselvi@gmail.com>	2022-05-23 12:03:58 -0400
committer	GitHub <noreply@github.com>	2022-05-23 16:03:58 +0000
commit	ac9a0c2fd95edc93753b5f4c236991fb3634750a (patch)
tree	5d21f11f6c17517dd8d74e78dd87d2843e5d2d02
parent	5baf4a4495aebda69d1b2e74d2ff6700b1b70c83 (diff)
download	vyos.vyos-ac9a0c2fd95edc93753b5f4c236991fb3634750a.tar.gz vyos.vyos-ac9a0c2fd95edc93753b5f4c236991fb3634750a.zip