diff options
author | maxime <37832743+mlk-89@users.noreply.github.com> | 2024-11-18 20:37:36 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-11-18 21:37:36 +0200 |
commit | 67cda0147ab54136ef0604427c5a01a7f4b21986 (patch) | |
tree | 4d78ab585fcf90f2dfd6315294969199aef9ed33 /plugins/module_utils | |
parent | 37ba454f746ab6c4b05fef520ced523e2ad032cb (diff) | |
download | vyos.vyos-67cda0147ab54136ef0604427c5a01a7f4b21986.tar.gz vyos.vyos-67cda0147ab54136ef0604427c5a01a7f4b21986.zip |
Add feature for bonding/vlan interface in the firewall_interfaces (#246)
* - Add feature for bonding interface in the firewall_interfaces
- Add feature for vlan interface in the firewall_interfaces
* fix a bug when invoking replaced in the module firewall_rules.
* - Add feature for bonding interface in the firewall_interfaces
- Add feature for vlan interface in the firewall_interfaces
* test: add tests
* fix: support for interface types
* docs: fixed for 1.4 deprecation
---------
Co-authored-by: Maxime.L <maxime@nfrance.com>
Co-authored-by: Gaige B. Paulsen <gaige@cluetrust.com>
Co-authored-by: Gaige B Paulsen <gaige@cluetrust.net>
Diffstat (limited to 'plugins/module_utils')
3 files changed, 49 insertions, 9 deletions
diff --git a/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py index a613ccd3..93c898e8 100644 --- a/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py +++ b/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py @@ -25,6 +25,7 @@ The arg spec for the vyos_firewall_interfaces module """ + from __future__ import absolute_import, division, print_function @@ -45,7 +46,10 @@ class Firewall_interfacesArgs(object): # pylint: disable=R0903 "elements": "dict", "options": { "afi": { - "choices": ["ipv4", "ipv6"], + "choices": [ + "ipv4", + "ipv6", + ], "required": True, "type": "str", }, @@ -53,7 +57,11 @@ class Firewall_interfacesArgs(object): # pylint: disable=R0903 "elements": "dict", "options": { "direction": { - "choices": ["in", "local", "out"], + "choices": [ + "in", + "local", + "out", + ], "required": True, "type": "str", }, diff --git a/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py index 5c4db736..85a8042f 100644 --- a/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py +++ b/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py @@ -27,6 +27,9 @@ from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.u ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import Facts +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import ( + get_interface_type, +) class Firewall_interfaces(ConfigBase): @@ -393,10 +396,24 @@ class Firewall_interfaces(ConfigBase): :param opr: operation flag. :return: generated command. """ + + # Append vif if interface contains a dot + vlan = None + interface_real = name + if "." in name: + interface_real, vlan = name.split(".") + + if vlan is not None: + interface_real = interface_real + " vif " + vlan + + # if interface name is bondX, then it's a bonding interface. Everything else is an ethernet + iftype = get_interface_type(interface_real) + if not opr: - cmd = "delete interfaces ethernet" + " " + name + " firewall" + cmd = "delete interfaces " + iftype + " " + interface_real + " firewall" else: - cmd = "set interfaces ethernet" + " " + name + " firewall" + cmd = "set interfaces " + iftype + " " + interface_real + " firewall" + if attrib: cmd += " " + attrib if afi: diff --git a/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py index b9804692..bac31920 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py +++ b/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py @@ -58,7 +58,10 @@ class Firewall_interfacesFacts(object): # using mock data instead data = self.get_device_data(connection) objs = [] - interfaces = findall(r"^set interfaces ethernet (?:\'*)(\S+)(?:\'*)", data, M) + # Search all set from configuration with set interface, including ethernet and bonding + interfaces_raw = findall(r"^set interfaces \S+ (\S+) firewall (?:\'*)", data, M) + interfaces_vif = findall(r"^set interfaces \S+ (\S+) vif (\d+)* firewall (?:\'*)", data, M) + interfaces = interfaces_raw + interfaces_vif if interfaces: objs = self.get_names(data, interfaces) ansible_facts["ansible_network_resources"].pop("firewall_interfaces", None) @@ -83,10 +86,22 @@ class Firewall_interfacesFacts(object): """ names = [] for r in set(interfaces): - int_regex = r" %s .+$" % r.strip("'") - cfg = findall(int_regex, data, M) - fi = self.render_config(cfg) - fi["name"] = r.strip("'") + myvif = None + if isinstance(r, tuple): + myinterface, myvif = r + else: + myinterface = r + # Parse interfaces that contains string or tuple when the interface is in a vlan + if myvif is not None: + int_regex = r" %s vif \d+ firewall .+$" % myinterface + cfg = findall(int_regex, data, M) + fi = self.render_config(cfg) + fi["name"] = myinterface + "." + myvif + else: + int_regex = r" %s firewall .+$" % myinterface + cfg = findall(int_regex, data, M) + fi = self.render_config(cfg) + fi["name"] = myinterface names.append(fi) if names: names = sorted(names, key=lambda i: i["name"]) |