diff options
| author | omnom62 <75066712+omnom62@users.noreply.github.com> | 2025-01-27 22:02:17 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-01-27 12:02:17 +0000 |
| commit | f64dd509fc1f53a2e9b4296512f1ee5c46bb47e6 (patch) | |
| tree | c8c36af1ea86a934832af0ba967e616e7878c1ab | |
| parent | 0a0ab13f84e3930e203a412ae08c127b282ab675 (diff) | |
| download | vyos.vyos-f64dd509fc1f53a2e9b4296512f1ee5c46bb47e6.tar.gz vyos.vyos-f64dd509fc1f53a2e9b4296512f1ee5c46bb47e6.zip | |
T7003 - firewall_interfaces integration tests refactor (#373)
* init T7003 - firewall_interfaces integration tests refactor
* v.1.3 fixed
* linter fixes
* v.14 fw_interfaces changes init
* v1.4 integration tests for firewall_interfaces
* v1.3. integration tests for firewall_interfaces (T7003)
* Isolating fw_int integration tests to 1.3- only
* linter fix
13 files changed, 381 insertions, 426 deletions
diff --git a/changelogs/fragments/T7003-firewall-interface-integration-tests.yml b/changelogs/fragments/T7003-firewall-interface-integration-tests.yml new file mode 100644 index 0000000..1f834b4 --- /dev/null +++ b/changelogs/fragments/T7003-firewall-interface-integration-tests.yml @@ -0,0 +1,6 @@ +--- +minor_changes: + - fix integration tests for `firewall_interfaces` for v1.3- + +known_issues: + - integration tests for `firewall_interfaces` are failing for v1.4+ as the module is deprecated in favour of firewall_rules diff --git a/tests/integration/targets/vyos_firewall_interfaces/1 b/tests/integration/targets/vyos_firewall_interfaces/1 deleted file mode 100644 index 628ada5..0000000 --- a/tests/integration/targets/vyos_firewall_interfaces/1 +++ /dev/null @@ -1,120 +0,0 @@ ---- -merged: - before: [] - - - commands: - - "set interfaces ethernet eth1 firewall in name 'INBOUND'" - - "set interfaces ethernet eth1 firewall out name 'OUTBOUND'" - - "set interfaces ethernet eth1 firewall local name 'LOCAL'" - - "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'" - - "set interfaces ethernet eth3 firewall in name 'INBOUND'" - - "set interfaces ethernet eth3 firewall out name 'OUTBOUND'" - - "set interfaces ethernet eth3 firewall local name 'LOCAL'" - - "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'" - - after: - - name: 'eth1' - access_rules: - - afi: 'ipv4' - rules: - - name: 'INBOUND' - direction: 'in' - - name: 'OUBOUND' - direction: 'out' - - afi: 'ipv6' - rules: - - name: 'V6-LOCAL' - direction: 'local' - -populate: - - name: 'eth1' - access_rules: - - afi: 'ipv4' - rules: - - name: 'INBOUND' - direction: 'in' - - name: 'OUBOUND' - direction: 'out' - - afi: 'ipv6' - rules: - - name: 'LOCAL' - direction: 'local' - -replaced: - commands: - - "delete service lldp interface eth2 location" - - "set service lldp interface eth2 'disable'" - - "set service lldp interface eth2 location civic-based country-code 'US'" - - "set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'" - - "delete service lldp interface eth1 location" - - "set service lldp interface eth1 'disable'" - - "set service lldp interface eth1 location coordinate-based latitude '33.524449N'" - - "set service lldp interface eth1 location coordinate-based altitude '2200'" - - "set service lldp interface eth1 location coordinate-based datum 'WGS84'" - - "set service lldp interface eth1 location coordinate-based longitude '222.267255W'" - - after: - - name: 'eth2' - enable: false - location: - civic_based: - country_code: 'US' - ca_info: - - ca_type: 0 - ca_value: 'ENGLISH' - - - name: 'eth1' - enable: false - location: - coordinate_based: - altitude: 2200 - datum: 'WGS84' - longitude: '222.267255W' - latitude: '33.524449N' - -populate_intf: - - name: 'eth2' - enable: false - location: - civic_based: - country_code: 'US' - ca_info: - - ca_type: 0 - ca_value: 'ENGLISH' - -overridden: - commands: - - "delete service lldp interface eth2 location" - - "delete service lldp interface eth2 'disable'" - - "set service lldp interface eth2 location elin '0000000911'" - - after: - - name: 'eth2' - location: - elin: 0000000911 - -deleted: - commands: - - "delete service lldp interface eth1" - - "delete service lldp interface eth2" - - after: [] - -round_trip: - after: - - name: 'eth1' - location: - civic_based: - country_code: 'US' - ca_info: - - ca_type: 0 - ca_value: 'ENGLISH' - - - name: 'eth2' - location: - coordinate_based: - altitude: 2200 - datum: 'WGS84' - longitude: '222.267255W' - latitude: '33.524449N' diff --git a/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml b/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml index daccf72..aaac7c9 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml @@ -1,4 +1,25 @@ --- +- name: Make sure to get facts + vyos.vyos.vyos_facts: + vars: + ansible_connection: ansible.netcommon.network_cli + register: vyos_facts + when: vyos_version is not defined + +- name: Debug vyos_facts + ansible.builtin.debug: + var: vyos_facts + +- name: Pull version from facts + ansible.builtin.set_fact: + vyos_version: "{{ vyos_facts.ansible_facts.ansible_net_version.split('-')[0].split(' ')[-1] }}" + when: vyos_version is not defined + +- name: Fix '.0' versions + ansible.builtin.set_fact: + vyos_version: "{{ vyos_version }}.0" + when: vyos_version.count('.') == 1 + - name: Collect all cli test cases ansible.builtin.find: paths: "{{ role_path }}/tests/cli" @@ -18,3 +39,4 @@ with_items: "{{ test_items }}" loop_control: loop_var: test_case_to_run + when: vyos_version is version('1.4.0', '<', version_type='semver') diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_get_version.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_get_version.yaml new file mode 100644 index 0000000..90aeef2 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_get_version.yaml @@ -0,0 +1,24 @@ +- name: make sure to get facts + vyos.vyos.vyos_facts: + vars: + ansible_connection: ansible.netcommon.network_cli + register: vyos_facts + when: vyos_version is not defined + +- name: debug vyos_facts + debug: + var: vyos_facts + +- name: pull version from facts + set_fact: + vyos_version: "{{ vyos_facts.ansible_facts.ansible_net_version.split('-')[0].split(' ')[-1] }}" + when: vyos_version is not defined + +- name: fix '.0' versions + set_fact: + vyos_version: "{{ vyos_version }}.0" + when: vyos_version.count('.') == 1 + +- name: include correct vars + include_vars: pre-v1_4.yaml + when: vyos_version is version('1.4.0', '<', version_type='semver') diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config_1_3.cfg index 48f286e..48f286e 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config_1_3.cfg diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml index c5e2f4f..6c235be 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml @@ -1,16 +1,11 @@ --- - ansible.builtin.include_tasks: _remove_config.yaml -- name: Setup +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Setup {{ vyos_version }} + vyos.vyos.vyos_config: + lines: "{{ populate_config }}" vars: - lines: |- - set interfaces ethernet eth1 firewall in name 'INBOUND' - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - set interfaces ethernet eth1 firewall local name 'LOCAL' - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - set interfaces ethernet eth2 firewall in name 'INBOUND' - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - set interfaces ethernet eth2 firewall local name 'LOCAL' - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml index b1e9425..6a54433 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml @@ -1,6 +1,9 @@ --- -- name: Setup +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Setup Rule Sets {{ vyos_version }} + vyos.vyos.vyos_config: + lines: "{{ populate_rs }}" vars: - lines: "set firewall name 'INBOUND'\nset firewall name 'OUTBOUND'\nset firewall name 'LOCAL'\nset firewall ipv6-name 'V6-LOCAL'\n" - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml index 6074960..9144919 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml @@ -1,6 +1,11 @@ --- -- name: Remove Config + +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Remove pre-existing firewall rules + vyos.vyos.vyos_config: + lines: "{{ remove_config }}" + ignore_errors: true vars: - lines: "delete interfaces ethernet eth1 firewall\ndelete interfaces ethernet eth2 firewall\n" - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml index f77e6b7..1cd452b 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml @@ -1,6 +1,11 @@ --- -- name: Remove Config + +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Remove pre-existing firewall rules + vyos.vyos.vyos_config: + lines: "{{ remove_firewall_config }}" + ignore_errors: true vars: - lines: "delete firewall name INBOUND\ndelete firewall name OUTBOUND\ndelete firewall name LOCAL\ndelete firewall ipv6-name V6-LOCAL\n" - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml index 065fcf2..48561cf 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml @@ -14,13 +14,10 @@ - name: eth1 access_rules: - afi: ipv4 - - afi: ipv6 - - name: eth2 access_rules: - afi: ipv4 - - afi: ipv6 state: deleted diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml index 339e64e..4cfc001 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml @@ -22,7 +22,7 @@ - name: Provide the running configuration for parsing (config to be parsed) register: result vyos.vyos.vyos_firewall_interfaces: &id001 - running_config: "{{ lookup('file', '_parsed_config.cfg') }}" + running_config: "{{ lookup('file', parsed_config_file ) }}" state: parsed - name: Assert that correct parsing done diff --git a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml index 45be6db..ed97d53 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml @@ -1,279 +1 @@ --- -merged: - before: - - name: eth0 - - name: eth1 - - name: eth2 - commands: - - set interfaces ethernet eth1 firewall in name 'INBOUND' - - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - - set interfaces ethernet eth1 firewall local name 'LOCAL' - - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - - set interfaces ethernet eth2 firewall in name 'INBOUND' - - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - - set interfaces ethernet eth2 firewall local name 'LOCAL' - - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -populate: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -merged_edit: - commands: - - set interfaces ethernet eth1 firewall in name 'OUTBOUND' - - set interfaces ethernet eth1 firewall out name 'INBOUND' - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: OUTBOUND - - direction: local - name: LOCAL - - direction: out - name: INBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -replaced: - commands: - - delete interfaces ethernet eth2 firewall out name - - delete interfaces ethernet eth2 firewall local name - - delete interfaces ethernet eth2 firewall local ipv6-name - - delete interfaces ethernet eth1 firewall local name - - delete interfaces ethernet eth1 firewall in name - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - name: eth2 -overridden: - before: - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - name: INBOUND - direction: in - - name: LOCAL - direction: local - - name: OUTBOUND - direction: out - - afi: ipv6 - rules: - - name: V6-LOCAL - direction: local - name: eth2 - commands: - - delete interfaces ethernet eth1 firewall - - delete interfaces ethernet eth2 firewall in name - - delete interfaces ethernet eth2 firewall local name - - delete interfaces ethernet eth2 firewall local ipv6-name - - set interfaces ethernet eth2 firewall out name 'INBOUND' - after: - - name: eth0 - - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - name: INBOUND - direction: out - name: eth2 -deleted: - commands: - - delete interfaces ethernet eth1 firewall - - delete interfaces ethernet eth2 firewall - after: - - name: eth0 - - name: eth1 - - name: eth2 -deleted_afi: - commands: - - delete interfaces ethernet eth1 firewall in name - - delete interfaces ethernet eth1 firewall local name - - delete interfaces ethernet eth1 firewall out name - - delete interfaces ethernet eth1 firewall local ipv6-name - - delete interfaces ethernet eth2 firewall in name - - delete interfaces ethernet eth2 firewall local name - - delete interfaces ethernet eth2 firewall out name - - delete interfaces ethernet eth2 firewall local ipv6-name - after: - - name: eth0 - - access_rules: - - afi: ipv4 - - afi: ipv6 - name: eth1 - - access_rules: - - afi: ipv4 - - afi: ipv6 - name: eth2 -deleted_single: - commands: - - delete interfaces ethernet eth1 firewall in name 'INBOUND' - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -rendered: - commands: - - set interfaces ethernet eth1 firewall in name 'INBOUND' - - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - - set interfaces ethernet eth1 firewall local name 'LOCAL' - - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - - set interfaces ethernet eth2 firewall in name 'INBOUND' - - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - - set interfaces ethernet eth2 firewall local name 'LOCAL' - - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' -round_trip: - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - name: eth2 - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL diff --git a/tests/integration/targets/vyos_firewall_interfaces/vars/pre-v1_4.yaml b/tests/integration/targets/vyos_firewall_interfaces/vars/pre-v1_4.yaml new file mode 100644 index 0000000..67b0475 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_interfaces/vars/pre-v1_4.yaml @@ -0,0 +1,296 @@ +--- +merged: + before: [] + commands: + - set interfaces ethernet eth1 firewall in name 'INBOUND' + - set interfaces ethernet eth1 firewall out name 'OUTBOUND' + - set interfaces ethernet eth1 firewall local name 'LOCAL' + - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' + - set interfaces ethernet eth2 firewall in name 'INBOUND' + - set interfaces ethernet eth2 firewall out name 'OUTBOUND' + - set interfaces ethernet eth2 firewall local name 'LOCAL' + - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' + after: + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth1 + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth2 + +populate_config: + - set interfaces ethernet eth1 firewall in name 'INBOUND' + - set interfaces ethernet eth1 firewall out name 'OUTBOUND' + - set interfaces ethernet eth1 firewall local name 'LOCAL' + - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' + - set interfaces ethernet eth2 firewall in name 'INBOUND' + - set interfaces ethernet eth2 firewall out name 'OUTBOUND' + - set interfaces ethernet eth2 firewall local name 'LOCAL' + - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' + +populate_rs: + - set firewall name 'INBOUND' + - set firewall name 'OUTBOUND' + - set firewall name 'LOCAL' + - set firewall ipv6-name 'V6-LOCAL' + +remove_config: + - delete interfaces ethernet eth1 firewall + - delete interfaces ethernet eth2 firewall + +remove_firewall_config: + - delete firewall name INBOUND + - delete firewall name OUTBOUND + - delete firewall name LOCAL + - delete firewall ipv6-name V6-LOCAL + +parsed_config_file: "_parsed_config_1_3.cfg" + +populate: + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth1 + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth2 +merged_edit: + commands: + - set interfaces ethernet eth1 firewall in name 'OUTBOUND' + - set interfaces ethernet eth1 firewall out name 'INBOUND' + after: + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: OUTBOUND + - direction: local + name: LOCAL + - direction: out + name: INBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth1 + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth2 +replaced: + commands: + - delete interfaces ethernet eth2 firewall out name + - delete interfaces ethernet eth2 firewall local name + - delete interfaces ethernet eth2 firewall local ipv6-name + - delete interfaces ethernet eth1 firewall local name + - delete interfaces ethernet eth1 firewall in name + after: + - access_rules: + - afi: ipv4 + rules: + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth1 + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + name: eth2 +overridden: + before: + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth1 + - access_rules: + - afi: ipv4 + rules: + - name: INBOUND + direction: in + - name: LOCAL + direction: local + - name: OUTBOUND + direction: out + - afi: ipv6 + rules: + - name: V6-LOCAL + direction: local + name: eth2 + commands: + - delete interfaces ethernet eth1 firewall + - delete interfaces ethernet eth2 firewall in name + - delete interfaces ethernet eth2 firewall local name + - delete interfaces ethernet eth2 firewall local ipv6-name + - set interfaces ethernet eth2 firewall out name 'INBOUND' + after: + - name: eth2 + access_rules: + - afi: ipv4 + rules: + - name: INBOUND + direction: out +deleted: + commands: + - delete interfaces ethernet eth1 firewall + - delete interfaces ethernet eth2 firewall + # after: + # - name: eth1 + # - name: eth2 + after: [] +deleted_afi: + commands: + - delete interfaces ethernet eth1 firewall in name + - delete interfaces ethernet eth1 firewall local name + - delete interfaces ethernet eth1 firewall out name + - delete interfaces ethernet eth1 firewall local ipv6-name + - delete interfaces ethernet eth2 firewall in name + - delete interfaces ethernet eth2 firewall local name + - delete interfaces ethernet eth2 firewall out name + - delete interfaces ethernet eth2 firewall local ipv6-name + after: + - access_rules: + - afi: ipv4 + - afi: ipv6 + name: eth1 + - access_rules: + - afi: ipv4 + - afi: ipv6 + name: eth2 +deleted_single: + commands: + - delete interfaces ethernet eth1 firewall in name 'INBOUND' + after: + - access_rules: + - afi: ipv4 + rules: + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth1 + - access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + name: eth2 +rendered: + commands: + - set interfaces ethernet eth1 firewall in name 'INBOUND' + - set interfaces ethernet eth1 firewall out name 'OUTBOUND' + - set interfaces ethernet eth1 firewall local name 'LOCAL' + - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' + - set interfaces ethernet eth2 firewall in name 'INBOUND' + - set interfaces ethernet eth2 firewall out name 'OUTBOUND' + - set interfaces ethernet eth2 firewall local name 'LOCAL' + - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' +round_trip: + after: + - name: eth1 + access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL + - name: eth2 + access_rules: + - afi: ipv4 + rules: + - direction: in + name: INBOUND + - direction: local + name: LOCAL + - direction: out + name: OUTBOUND + - afi: ipv6 + rules: + - direction: local + name: V6-LOCAL |