diff options
| author | Shawn Wilsher <656602+sdwilsh@users.noreply.github.com> | 2021-09-20 16:25:49 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-20 23:25:49 +0000 |
| commit | c2cf82dfea4aa89e5aa9ba57b798bee030a9abbe (patch) | |
| tree | ee7c09a7e0296c5c2ccf766ceaa8ad71d91da69f /plugins | |
| parent | 9e829e1b75996b6b8268ab29b105d5dfa97da441 (diff) | |
| download | vyos.vyos-c2cf82dfea4aa89e5aa9ba57b798bee030a9abbe.tar.gz vyos.vyos-c2cf82dfea4aa89e5aa9ba57b798bee030a9abbe.zip | |
Add support for IPv6 `address_group` and `network_group` (#202)
Add support for IPv6 `address_group` and `network_group`
SUMMARY
This adds support for ipv6 in network and address groups by adding an afi parameter, but defaulting it to ipv4 for backwards compatibility.
Fixes #137.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
vyos_firewall_global
Reviewed-by: GomathiselviS <None>
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
Diffstat (limited to 'plugins')
4 files changed, 57 insertions, 6 deletions
diff --git a/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py index 92a0255..baafa89 100644 --- a/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/argspec/firewall_global/firewall_global.py @@ -45,6 +45,11 @@ class Firewall_globalArgs(object): # pylint: disable=R0903 "address_group": { "elements": "dict", "options": { + "afi": { + "choices": ["ipv4", "ipv6"], + "default": "ipv4", + "type": "str", + }, "description": {"type": "str"}, "members": { "elements": "dict", @@ -58,6 +63,11 @@ class Firewall_globalArgs(object): # pylint: disable=R0903 "network_group": { "elements": "dict", "options": { + "afi": { + "choices": ["ipv4", "ipv6"], + "default": "ipv4", + "type": "str", + }, "description": {"type": "str"}, "members": { "elements": "dict", diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py index 29da3ec..be8b172 100644 --- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py @@ -378,8 +378,15 @@ class Firewall_global(ConfigBase): if w_grp: for want in w_grp: - cmd = self._compute_command(key="group", attr=attr, opr=opr) h = self.search_attrib_in_have(h_grp, want, "name") + if "afi" in want and want["afi"] == "ipv6": + cmd = self._compute_command( + key="group", attr="ipv6-" + attr, opr=opr + ) + else: + cmd = self._compute_command( + key="group", attr=attr, opr=opr + ) for key, val in iteritems(want): if val: if ( diff --git a/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py index e6e42d7..1b1076c 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/facts/firewall_global/firewall_global.py @@ -207,17 +207,24 @@ class Firewall_globalFacts(object): :return: generated config dictionary. """ cfg_dict = {} - cfg_dict["port_group"] = self.parse_group_lst(conf, "port-group") - cfg_dict["address_group"] = self.parse_group_lst(conf, "address-group") - cfg_dict["network_group"] = self.parse_group_lst(conf, "network-group") + cfg_dict["port_group"] = self.parse_group_lst( + conf, "port-group", False + ) + cfg_dict["address_group"] = self.parse_group_lst( + conf, "address-group" + ) + self.parse_group_lst(conf, "ipv6-address-group") + cfg_dict["network_group"] = self.parse_group_lst( + conf, "network-group" + ) + self.parse_group_lst(conf, "ipv6-network-group") return cfg_dict - def parse_group_lst(self, conf, type): + def parse_group_lst(self, conf, type, include_afi=True): """ This function fetches the name of group and invoke function to parse group attributes'. :param conf: configuration data. :param type: type of group. + :param include_afi: if the afi should be included in the parsed object :return: generated group list configuration. """ g_lst = [] @@ -228,7 +235,16 @@ class Firewall_globalFacts(object): for gr in set(groups): gr_regex = r" %s .+$" % gr cfg = "\n".join(findall(gr_regex, conf, M)) - obj = self.parse_groups(cfg, type, gr) + if "ipv6" in type: + # fmt: off + obj = self.parse_groups(cfg, type[len("ipv6-"):], gr) + # fmt: on + if include_afi: + obj["afi"] = "ipv6" + else: + obj = self.parse_groups(cfg, type, gr) + if include_afi: + obj["afi"] = "ipv4" obj["name"] = gr.strip("'") if obj: rules_lst.append(obj) diff --git a/plugins/modules/vyos_firewall_global.py b/plugins/modules/vyos_firewall_global.py index 71dc4a6..91d97a9 100644 --- a/plugins/modules/vyos_firewall_global.py +++ b/plugins/modules/vyos_firewall_global.py @@ -123,6 +123,15 @@ options: type: list elements: dict suboptions: + afi: + description: + - Specifies IP address type + type: str + default: ipv4 + choices: + - ipv4 + - ipv6 + required: false name: description: - Name of the firewall address group. @@ -149,6 +158,15 @@ options: type: list elements: dict suboptions: + afi: + description: + - Specifies network address type + type: str + default: ipv4 + choices: + - ipv4 + - ipv6 + required: false name: description: - Name of the firewall network group. |