T7236 firewall_rules Fix compare amount of firewall rulesets. (#401)

Co-authored-by: omnom62 <75066712+omnom62@users.noreply.github.com>
author: Ruben van Dijk <15885455+RubenNL@users.noreply.github.com> 2025-04-23 21:41:56 +0200
committer: GitHub <noreply@github.com> 2025-04-24 05:41:56 +1000
commit: b0b3adfb53e3089b087731986eb8ea8f89dcf17e (patch)
tree: 4b49c37cbd5e2f192e7a1da16a4d2d8df9e929e0
parent: 46838054d25bb3e8fcc8210a6433ae788bfa3d12 (diff)
download: vyos.vyos-b0b3adfb53e3089b087731986eb8ea8f89dcf17e.tar.gz
vyos.vyos-b0b3adfb53e3089b087731986eb8ea8f89dcf17e.zip
6 files changed, 90 insertions, 5 deletions
diff --git a/changelogs/fragments/T7236_firewall_rules.yml b/changelogs/fragments/T7236_firewall_rules.yml
new file mode 100644
index 00000000..bad04832
--- /dev/null
+++ b/changelogs/fragments/T7236_firewall_rules.yml
@@ -0,0 +1,3 @@
+---
+minor_changes:
+  - vyos_firewall_rules - Fixed comparing of firewall rules
diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
index 5c2ef6ca..bb6055b7 100644
--- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
+++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py
@@ -1167,13 +1167,19 @@ class Firewall_rules(ConfigBase):
             return True
         elif isinstance(w, list) and isinstance(rs, list):
             try:
-                sorted_list1 = sorted(w, key=lambda x: str(x))  # pylint: disable=unnecessary-lambda
-                sorted_list2 = sorted(
-                    rs,
-                    key=lambda x: str(x),  # pylint: disable=unnecessary-lambda
-                )
+                def comparison(x):
+                    if 'name' in x:
+                        return x['name']
+                    if 'number' in x:
+                        return x['number']
+                    return str(x)
+
+                sorted_list1 = sorted(w, key=comparison)
+                sorted_list2 = sorted(rs, key=comparison)
             except TypeError:
                 return False
+            if len(sorted_list1) != len(sorted_list2):
+                return False
             return all(self._is_same_rs(x, y) for x, y in zip(sorted_list1, sorted_list2))
         else:
             return w == rs
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
index 6c248d2b..3ad6ec97 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg
@@ -14,3 +14,8 @@ set firewall name EGRESS default-action 'reject'
 set firewall ipv6-name EGRESS default-action 'reject'
 set firewall ipv6-name EGRESS rule 20
 set firewall ipv6-name EGRESS rule 20 icmpv6 type 'echo-request'
+set firewall name MULTIPLE-RULE default-action 'drop'
+set firewall name MULTIPLE-RULE rule 1 action 'accept'
+set firewall name MULTIPLE-RULE rule 1 protocol 'all'
+set firewall name MULTIPLE-RULE rule 2 action 'drop'
+set firewall name MULTIPLE-RULE rule 2 protocol 'all'
+\ No newline at end of file
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg
index e82e3903..7f63dd78 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg
@@ -32,3 +32,8 @@ set firewall ipv4 name IF-TEST rule 10 inbound-interface name 'eth0'
 set firewall ipv4 name IF-TEST rule 10 outbound-interface group 'the-ethers'
 set firewall ipv4 name IF-TEST rule 10 icmp type-name 'echo-request'
 set firewall ipv4 name IF-TEST rule 10 state 'related'
+set firewall ipv4 name MULTIPLE-RULE default-action 'drop'
+set firewall ipv4 name MULTIPLE-RULE rule 1 action 'accept'
+set firewall ipv4 name MULTIPLE-RULE rule 1 protocol 'all'
+set firewall ipv4 name MULTIPLE-RULE rule 2 action 'drop'
+set firewall ipv4 name MULTIPLE-RULE rule 2 protocol 'all'
+\ No newline at end of file
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py
index 101f389e..9a25198f 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py
@@ -1057,6 +1057,17 @@ class TestVyosFirewallRulesModule13(TestVyosModule):
                                     ),
                                 ],
                             ),
+                            dict(
+                                name="MULTIPLE-RULE",
+                                default_action="drop",
+                                rules=[
+                                    dict(
+                                        number="1",
+                                        action="accept",
+                                        protocol="all",
+                                    ),
+                                ],
+                            ),
                         ],
                     ),
                     dict(
@@ -1083,6 +1094,11 @@ class TestVyosFirewallRulesModule13(TestVyosModule):
             "delete firewall ipv6-name EGRESS",
             "delete firewall name V4-INGRESS",
             "delete firewall name EGRESS",
+            "delete firewall name MULTIPLE-RULE",
+            "set firewall name MULTIPLE-RULE default-action 'drop'",
+            "set firewall name MULTIPLE-RULE rule 1",
+            "set firewall name MULTIPLE-RULE rule 1 action 'accept'",
+            "set firewall name MULTIPLE-RULE rule 1 protocol 'all'",
             "set firewall name V4-IN default-action 'accept'",
             "set firewall name V4-IN description 'This is IPv4 INGRESS rule set'",
             "set firewall name V4-IN enable-default-log",
@@ -1159,6 +1175,7 @@ class TestVyosFirewallRulesModule13(TestVyosModule):
             "delete firewall ipv6-name EGRESS",
             "delete firewall name V4-INGRESS",
             "delete firewall name EGRESS",
+            "delete firewall name MULTIPLE-RULE",
             "set firewall name V4-INGRESS rule 101",
             "set firewall name V4-INGRESS description 'This is IPv4 INGRESS rule set'",
             "set firewall name V4-INGRESS default-action 'accept'",
@@ -1204,6 +1221,22 @@ class TestVyosFirewallRulesModule13(TestVyosModule):
                                 name="EGRESS",
                                 default_action="reject",
                             ),
+                            dict(
+                                name="MULTIPLE-RULE",
+                                default_action="drop",
+                                rules=[
+                                    dict(
+                                        number="1",
+                                        action="accept",
+                                        protocol="all",
+                                    ),
+                                    dict(
+                                        number="2",
+                                        action="drop",
+                                        protocol="all",
+                                    ),
+                                ],
+                            ),
                         ],
                     ),
                     dict(
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py
index 547b8f45..64884282 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py
@@ -1418,6 +1418,17 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
                                     ),
                                 ],
                             ),
+                            dict(
+                                name="MULTIPLE-RULE",
+                                default_action="drop",
+                                rules=[
+                                    dict(
+                                        number="1",
+                                        action="accept",
+                                        protocol="all",
+                                    ),
+                                ],
+                            ),
                         ],
                     ),
                     dict(
@@ -1444,11 +1455,16 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
             "delete firewall ipv6 name EGRESS",
             "delete firewall ipv4 name V4-INGRESS",
             "delete firewall ipv4 name EGRESS",
+            "delete firewall ipv4 name MULTIPLE-RULE",
             "delete firewall ipv4 input filter",
             "delete firewall ipv4 output filter",
             "delete firewall ipv6 input filter",
             "delete firewall ipv6 output filter",
             "delete firewall ipv4 name IF-TEST",
+            "set firewall ipv4 name MULTIPLE-RULE default-action 'drop'",
+            "set firewall ipv4 name MULTIPLE-RULE rule 1",
+            "set firewall ipv4 name MULTIPLE-RULE rule 1 action 'accept'",
+            "set firewall ipv4 name MULTIPLE-RULE rule 1 protocol 'all'",
             "set firewall ipv4 name V4-IN default-action 'accept'",
             "set firewall ipv4 name V4-IN description 'This is IPv4 INGRESS rule set'",
             "set firewall ipv4 name V4-IN default-log",
@@ -1530,6 +1546,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
             "delete firewall ipv6 input filter",
             "delete firewall ipv6 output filter",
             "delete firewall ipv4 name IF-TEST",
+            "delete firewall ipv4 name MULTIPLE-RULE",
             "set firewall ipv4 name V4-INGRESS rule 101",
             "set firewall ipv4 name V4-INGRESS default-log",
             "set firewall ipv4 name V4-INGRESS description 'This is IPv4 INGRESS rule set'",
@@ -1609,6 +1626,22 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
                                 name="EGRESS",
                                 default_action="reject",
                             ),
+                            dict(
+                                name="MULTIPLE-RULE",
+                                default_action="drop",
+                                rules=[
+                                    dict(
+                                        number="1",
+                                        action="accept",
+                                        protocol="all",
+                                    ),
+                                    dict(
+                                        number="2",
+                                        action="drop",
+                                        protocol="all",
+                                    ),
+                                ],
+                            ),
                         ],
                     ),
                     dict(
author	Ruben van Dijk <15885455+RubenNL@users.noreply.github.com>	2025-04-23 21:41:56 +0200
committer	GitHub <noreply@github.com>	2025-04-24 05:41:56 +1000
commit	b0b3adfb53e3089b087731986eb8ea8f89dcf17e (patch)
tree	4b49c37cbd5e2f192e7a1da16a4d2d8df9e929e0
parent	46838054d25bb3e8fcc8210a6433ae788bfa3d12 (diff)
download	vyos.vyos-b0b3adfb53e3089b087731986eb8ea8f89dcf17e.tar.gz vyos.vyos-b0b3adfb53e3089b087731986eb8ea8f89dcf17e.zip