diff options
| author | CaptTrews <capttrews@gmail.com> | 2020-03-02 00:11:37 +0000 | 
|---|---|---|
| committer | CaptTrews <capttrews@gmail.com> | 2020-03-02 00:11:37 +0000 | 
| commit | a38aeadb72d2a6aef8510ca535060add98fccc3b (patch) | |
| tree | 2cd790e3470c8cd13502e5dbff47c9b3dfb2cf8c /plugins/modules | |
| parent | 4313b070205766e68d30cea4f49a6bad83007bb0 (diff) | |
| download | vyos.vyos-a38aeadb72d2a6aef8510ca535060add98fccc3b.tar.gz vyos.vyos-a38aeadb72d2a6aef8510ca535060add98fccc3b.zip | |
Updated from network content collector
Signed-off-by: CaptTrews <capttrews@gmail.com>
Diffstat (limited to 'plugins/modules')
| -rw-r--r-- | plugins/modules/vyos_facts.py | 3 | ||||
| -rw-r--r-- | plugins/modules/vyos_firewall_interfaces.py | 1289 | 
2 files changed, 1291 insertions, 1 deletions
| diff --git a/plugins/modules/vyos_facts.py b/plugins/modules/vyos_facts.py index eec4c3b7..4a640663 100644 --- a/plugins/modules/vyos_facts.py +++ b/plugins/modules/vyos_facts.py @@ -47,7 +47,8 @@ options:        Can specify a list of values to include a larger subset. Values can also be        used with an initial C(M(!)) to specify that a specific subset should not be        collected. Valid subsets are 'all', 'interfaces', 'l3_interfaces', 'lag_interfaces', -      'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global'. +      'lldp_global', 'lldp_interfaces', 'static_routes', 'firewall_rules', 'firewall_global', +      'firewall_interfaces'.      required: false  """ diff --git a/plugins/modules/vyos_firewall_interfaces.py b/plugins/modules/vyos_firewall_interfaces.py new file mode 100644 index 00000000..1c2ce98a --- /dev/null +++ b/plugins/modules/vyos_firewall_interfaces.py @@ -0,0 +1,1289 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2019 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +############################################# +#                WARNING                    # +############################################# +# +# This file is auto generated by the resource +#   module builder playbook. +# +# Do not edit this file manually. +# +# Changes to this file will be over written +#   by the resource module builder. +# +# Changes should be made in the model used to +#   generate this file or in the resource module +#   builder template. +# +############################################# + +""" +The module file for vyos_firewall_interfaces +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +ANSIBLE_METADATA = { +    "metadata_version": "1.1", +    "status": ["preview"], +    "supported_by": "network", +} + +DOCUMENTATION = """module: vyos_firewall_interfaces +short_description: Manage firewall rules attributes of interfaces on VyOS devices +description: Manage firewall rules of interfaces on VyOS network devices. +author: +- Rohit Thakur (@rohitthakur2590) +options: +  config: +    description: A list of firewall rules options for interfaces. +    type: list +    elements: dict +    suboptions: +      name: +        description: +        - Name/Identifier for the interface. +        type: str +        required: true +      access_rules: +        description: +        - Specifies firewall rules attached to the interfaces. +        type: list +        elements: dict +        suboptions: +          afi: +            description: +            - Specifies the AFI for the Firewall rules to be configured on this interface. +            type: str +            choices: +            - ipv4 +            - ipv6 +            required: true +          rules: +            description: +            - Specifies the firewall rules for the provided AFI. +            type: list +            elements: dict +            suboptions: +              name: +                description: +                - Specifies the name of the IPv4/IPv6 Firewall rule for the interface. +                type: str +              direction: +                description: +                - Specifies the direction of packets that the firewall rule will be +                  applied on. +                type: str +                choices: +                - in +                - local +                - out +                required: true +  running_config: +    description: +    - The module, by default, will connect to the remote device and retrieve the current +      running-config to use as a base for comparing against the contents of source. +      There are times when it is not desirable to have the task get the current running-config +      for every task in a playbook.  The I(running_config) argument allows the implementer +      to pass in the configuration to use as the base config for comparison. This +      value of this option should be the output received from device by executing +      command C(show configuration commands | grep 'firewall' +    type: str +  state: +    description: +    - The state the configuration should be left in. +    type: str +    choices: +    - merged +    - replaced +    - overridden +    - deleted +    - parsed +    - rendered +    - gathered +    default: merged +""" +EXAMPLES = """ +# Using merged +# +# Before state: +# ------------- +# +# vyos@192# run show configuration commands | grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# +- name: Merge the provided configuration with the existing running configuration +  vyos_firewall_interfaces: +    config: +      - access_rules: +          - afi: 'ipv4' +            rules: +              - name: 'INBOUND' +                direction: 'in' +              - name: 'OUTBOUND' +                direction: 'out' +              - name: 'LOCAL' +                direction: 'local' +          - afi: 'ipv6' +            rules: +              - name: 'V6-LOCAL' +                direction: 'local' +        name: 'eth1' +      - access_rules: +          - afi: 'ipv4' +            rules: +              - name: 'INBOUND' +                direction: 'in' +              - name: 'OUTBOUND' +                direction: 'out' +              - name: 'LOCAL' +                direction: 'local' +          - afi: 'ipv6' +            rules: +              - name: 'V6-LOCAL' +                direction: 'local' +        name: 'eth3' +    state: merged +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +# before": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "name": "eth3" +#        } +#    ] +# +#    "commands": [ +#       "set interfaces ethernet eth1 firewall in name 'INBOUND'", +#       "set interfaces ethernet eth1 firewall out name 'OUTBOUND'", +#       "set interfaces ethernet eth1 firewall local name 'LOCAL'", +#       "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'", +#       "set interfaces ethernet eth3 firewall in name 'INBOUND'", +#       "set interfaces ethernet eth3 firewall out name 'OUTBOUND'", +#       "set interfaces ethernet eth3 firewall local name 'LOCAL'", +#       "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'" +#    ] +# +# "after": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +# After state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'INBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' + + +# Using merged +# +# Before state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'INBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' +# +- name: Merge the provided configuration with the existing running configuration +  vyos_firewall_interfaces: +    config: +      - access_rules: +          - afi: 'ipv4' +            rules: +              - name: 'OUTBOUND' +                direction: 'in' +              - name: 'INBOUND' +                direction: 'out' +        name: 'eth1' +    state: merged +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +#    "before": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +#    "commands": [ +#       "set interfaces ethernet eth1 firewall in name 'OUTBOUND'", +#       "set interfaces ethernet eth1 firewall out name 'INBOUND'" +#    ] +# +#    "after": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "OUTBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "INBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +# After state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'OUTBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'INBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' + + +# Using replaced +# +# Before state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'INBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' +# +- name: Replace device configurations of listed firewall interfaces with provided configurations +  vyos_firewall_interfaces: +    config: +      - name: 'eth1' +        access_rules: +          - afi: 'ipv4' +            rules: +              - name: 'OUTBOUND' +                direction: 'out' +          - afi: 'ipv6' +            rules: +              - name: 'V6-LOCAL' +                direction: 'local' +      - name: 'eth3' +        access_rules: +          - afi: 'ipv4' +            rules: +              - name: 'INBOUND' +                direction: 'in' +    state: replaced +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +#    "before": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +# "commands": [ +#        "delete interfaces ethernet eth1 firewall in name", +#        "delete interfaces ethernet eth1 firewall local name", +#        "delete interfaces ethernet eth3 firewall local name", +#        "delete interfaces ethernet eth3 firewall out name", +#        "delete interfaces ethernet eth3 firewall local ipv6-name" +#    ] +# +#    "after": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +# After state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall 'in' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall 'local' +# set interfaces ethernet eth3 firewall 'out' + + +# Using overridden +# +# Before state +# -------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall 'in' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall 'local' +# set interfaces ethernet eth3 firewall 'out' +# +- name: Overrides all device configuration with provided configuration +  vyos_firewall_interfaces: +    config: +      - name: 'eth3' +        access_rules: +          - afi: 'ipv4' +            rules: +              - name: 'INBOUND' +                direction: 'out' +    state: overridden +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +# "before":[ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +#    "commands": [ +#        "delete interfaces ethernet eth1 firewall", +#        "delete interfaces ethernet eth3 firewall in name", +#        "set interfaces ethernet eth3 firewall out name 'INBOUND'" +# +# +#    "after": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "out", +#                            "name": "INBOUND" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +# +# After state +# ------------ +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth3 firewall 'in' +# set interfaces ethernet eth3 firewall 'local' +# set interfaces ethernet eth3 firewall out name 'INBOUND' + + +# Using deleted per interface name +# +# Before state +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'INBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' +# +- name: Delete firewall interfaces based on interface name. +  vyos_firewall_interfaces: +    config: +      - name: 'eth1' +      - name: 'eth3' +    state: deleted +# +# +# ------------------------ +# Module Execution Results +# ------------------------ +# +# "before": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +#    "commands": [ +#        "delete interfaces ethernet eth1 firewall", +#        "delete interfaces ethernet eth3 firewall" +#    ] +# +# "after": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "name": "eth3" +#        } +#    ] +# After state +# ------------ +# vyos@vyos# run show configuration commands | grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' + + +# Using deleted per afi +# +# Before state +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'INBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' +# +- name: Delete firewall interfaces config per afi. +  vyos_firewall_interfaces: +    config: +      - name: 'eth1' +        access_rules: +          - afi: 'ipv4' +          - afi: 'ipv6' +    state: deleted +# +# +# ------------------------ +# Module Execution Results +# ------------------------ +# +#    "commands": [ +#        "delete interfaces ethernet eth1 firewall in name", +#        "delete interfaces ethernet eth1 firewall out name", +#        "delete interfaces ethernet eth1 firewall local name", +#        "delete interfaces ethernet eth1 firewall local ipv6-name" +#    ] +# +# After state +# ------------ +# vyos@vyos# run show configuration commands | grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' + + +# Using deleted without config +# +# Before state +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall in name 'INBOUND' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall local name 'LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth3 firewall local name 'LOCAL' +# set interfaces ethernet eth3 firewall out name 'OUTBOUND' +# +- name: Delete firewall interfaces config when empty config provided. +  vyos_firewall_interfaces: +    config: +    state: deleted +# +# +# ------------------------ +# Module Execution Results +# ------------------------ +# +#    "commands": [ +#        "delete interfaces ethernet eth1 firewall", +#        "delete interfaces ethernet eth1 firewall" +#    ] +# +# After state +# ------------ +# vyos@vyos# run show configuration commands | grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' + + +# Using parsed +# +# +- name: Parse the provided  configuration +  vyos_firewall_interfaces: +    running_config: +      "set interfaces ethernet eth1 firewall in name 'INBOUND' + set interfaces ethernet eth1 firewall out name 'OUTBOUND' + set interfaces ethernet eth1 firewall local name 'LOCAL' + set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' + set interfaces ethernet eth2 firewall in name 'INBOUND' + set interfaces ethernet eth2 firewall out name 'OUTBOUND' + set interfaces ethernet eth2 firewall local name 'LOCAL' + set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL'" +    state: parsed +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +# +# "parsed": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        }, +#                        { +#                            "direction": "local", +#                            "name": "LOCAL" +#                        }, +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth2" +#        }, +#        { +#            "name": "eth3" +#        } +#    ] + + +# Using gathered +# +# Before state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall 'in' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall 'local' +# set interfaces ethernet eth3 firewall 'out' +# +- name: Gather listed firewall interfaces. +  vyos_firewall_interfaces: +    config: +    state: gathered +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +#    "gathered": [ +#        { +#            "name": "eth0" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "out", +#                            "name": "OUTBOUND" +#                        } +#                    ] +#                }, +#                { +#                    "afi": "ipv6", +#                    "rules": [ +#                        { +#                            "direction": "local", +#                            "name": "V6-LOCAL" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth1" +#        }, +#        { +#            "name": "eth2" +#        }, +#        { +#            "access_rules": [ +#                { +#                    "afi": "ipv4", +#                    "rules": [ +#                        { +#                            "direction": "in", +#                            "name": "INBOUND" +#                        } +#                    ] +#                } +#            ], +#            "name": "eth3" +#        } +#    ] +# +# +# After state: +# ------------- +# +# vyos@vyos:~$ show configuration commands| grep firewall +# set firewall ipv6-name 'V6-LOCAL' +# set firewall name 'INBOUND' +# set firewall name 'LOCAL' +# set firewall name 'OUTBOUND' +# set interfaces ethernet eth1 firewall 'in' +# set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' +# set interfaces ethernet eth1 firewall out name 'OUTBOUND' +# set interfaces ethernet eth3 firewall in name 'INBOUND' +# set interfaces ethernet eth3 firewall 'local' +# set interfaces ethernet eth3 firewall 'out' + + +# Using rendered +# +# +- name: Render the commands for provided  configuration +  vyos_firewall_interfaces: +    config: +      - name: 'eth2' +        access_rules: +          - afi: 'ipv4' +            rules: +              - direction: 'in' +                name: 'INGRESS' +              - direction: 'out' +                name: 'OUTGRESS' +              - direction: 'local' +                name: 'DROP' +    state: rendered +# +# +# ------------------------- +# Module Execution Result +# ------------------------- +# +# +# "rendered": [ +#        "set interfaces ethernet eth2 firewall in name 'INGRESS'", +#        "set interfaces ethernet eth2 firewall out name 'OUTGRESS'", +#        "set interfaces ethernet eth2 firewall local name 'DROP'", +#        "set interfaces ethernet eth2 firewall local ipv6-name 'LOCAL'" +#    ] + + +""" +RETURN = """ +before: +  description: The configuration prior to the model invocation. +  returned: always +  type: list +  sample: > +    The configuration returned will always be in the same format +     of the parameters above. +after: +  description: The resulting configuration model invocation. +  returned: when changed +  type: list +  sample: > +    The configuration returned will always be in the same format +     of the parameters above. +commands: +  description: The set of commands pushed to the remote device. +  returned: always +  type: list +  sample: +    - "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'" +    - "set interfaces ethernet eth3 firewall in name 'INBOUND'" +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.firewall_interfaces.firewall_interfaces import ( +    Firewall_interfacesArgs, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_interfaces.firewall_interfaces import ( +    Firewall_interfaces, +) + + +def main(): +    """ +    Main entry point for module execution + +    :returns: the result form module invocation +    """ +    required_if = [ +        ("state", "merged", ("config",)), +        ("state", "replaced", ("config",)), +        ("state", "overridden", ("config",)), +        ("state", "parsed", ("running_config",)), +    ] +    mutually_exclusive = [("config", "running_config")] + +    module = AnsibleModule( +        argument_spec=Firewall_interfacesArgs.argument_spec, +        required_if=required_if, +        supports_check_mode=True, +        mutually_exclusive=mutually_exclusive, +    ) + +    result = Firewall_interfaces(module).execute_module() +    module.exit_json(**result) + + +if __name__ == "__main__": +    main() | 
