Firewall_rules diff mode support (#407)HEAD main

* fw_rules diff init * comment support * sanity fix * remove redundant * integration tests for fw_rules diff mode * 1.3- integration tests for firewall_rule diff * 1.4+ long string linter fix * 1.3- long string linter fix * long str rework * typo * Remove commented-out diff block in YAML file removed comments --------- Co-authored-by: Daniil Baturin <daniil@baturin.org>
author: omnom62 <75066712+omnom62@users.noreply.github.com> 2025-04-03 08:58:37 +1000
committer: GitHub <noreply@github.com> 2025-04-03 08:58:37 +1000
commit: f6220fd827d974ecba3ab18fa3e8935557cfd58f (patch)
tree: d020bb1ed5bc5b47fe27abaddebee5b645a63582 /tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
parent: ef8ddefce682656a1f1f1155707cfcff67a29c0f (diff)
download: vyos.vyos-main.tar.gz
vyos.vyos-main.zip
1 files changed, 148 insertions, 0 deletions
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml b/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
index 08675983..20ee461b 100644
--- a/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
@@ -120,3 +120,151 @@ deleted_afi_all:
 state_dict:
   established: true
   related: true
+
+replaced_diff_01:
+  config:
+    - afi: ipv6
+      rule_sets:
+        - name: UPLINK
+          description: This is ipv6 specific rule-set
+          default_action: accept
+          rules:
+            - number: 1
+              action: accept
+              description: Fwipv6-Rule 1 is configured by Ansible
+              protocol: tcp
+            - number: 2
+              action: accept
+              description: Fwipv6-Rule 2 is configured by Ansible
+              protocol: tcp
+    - afi: ipv4
+      rule_sets:
+        - name: INBOUND
+          description: IPv4 INBOUND rule set
+          default_action: accept
+          rules:
+            - number: 101
+              action: reject
+              description: Rule 101 is configured by Ansible
+              protocol: tcp
+            - number: 102
+              action: reject
+              description: Rule 102 is configured by Ansible
+              protocol: tcp
+            - number: 103
+              action: accept
+              description: Rule 103 is configured by Ansible
+              destination:
+                group:
+                  address_group: inbound
+              source:
+                address: 192.0.2.0
+              state: "{{ state_dict }}"
+  diff: |-
+    [firewall ipv4 name INBOUND rule 101]
+    - action \"accept\"
+    + action \"reject\"
+
+
+    [edit]
+
+replaced_diff_02:
+  config:
+    - afi: ipv6
+      rule_sets:
+        - name: UPLINK
+          description: This is ipv6 specific rule-set
+          default_action: accept
+          rules:
+            - number: 1
+              action: accept
+              description: Fwipv6-Rule 1 is configured by Ansible
+              protocol: tcp
+            - number: 2
+              action: accept
+              description: Fwipv6-Rule 2 is configured by Ansible
+              protocol: tcp
+    - afi: ipv4
+      rule_sets:
+        - name: INBOUND
+          description: IPv4 INBOUND rule set
+          default_action: accept
+          rules:
+            - number: 101
+              action: reject
+              description: Rule 101 is configured by Ansible
+              protocol: tcp
+            - number: 102
+              action: accept
+              description: Rule 102 is configured by Ansible
+              protocol: udp
+            - number: 103
+              action: accept
+              description: Rule 103 is configured by Ansible
+              destination:
+                group:
+                  address_group: inbound
+              source:
+                address: 192.0.2.0
+              state: "{{ state_dict }}"
+  diff: |-
+    [firewall ipv4 name INBOUND rule 102]
+    - action \"reject\"
+    + action \"accept\"
+    - protocol \"tcp\"
+    + protocol \"udp\"
+
+
+    [edit]
+
+replaced_diff_03:
+  config:
+    - afi: ipv6
+      rule_sets:
+        - name: UPLINK
+          description: This is ipv6 specific rule-set
+          default_action: accept
+          rules:
+            - number: 1
+              action: reject
+              description: Fwipv6-Rule 1 is configured by Ansible
+              protocol: udp
+            - number: 2
+              action: accept
+              description: Fwipv6-Rule 2 is configured by Ansible
+              protocol: tcp
+    - afi: ipv4
+      rule_sets:
+        - name: INBOUND
+          description: IPv4 INBOUND rule set
+          default_action: accept
+          rules:
+            - number: 101
+              action: reject
+              description: Rule 101 is configured by Ansible
+              protocol: tcp
+            - number: 102
+              action: accept
+              description: Rule 102 is configured by Ansible
+              protocol: tcp
+            - number: 103
+              action: accept
+              description: Rule 103 is configured by Ansible
+              destination:
+                group:
+                  address_group: inbound
+              source:
+                address: 192.0.2.0
+              state: "{{ state_dict }}"
+  diff: |-
+    [firewall ipv4 name INBOUND rule 102]
+    - protocol \"udp\"
+    + protocol \"tcp\"
+    [firewall ipv6 name UPLINK rule 1]
+    - action \"accept\"
+    + action \"reject\"
+    - protocol \"tcp\"
+    + protocol \"udp\"
+
+
+    [edit]
author	omnom62 <75066712+omnom62@users.noreply.github.com>	2025-04-03 08:58:37 +1000
committer	GitHub <noreply@github.com>	2025-04-03 08:58:37 +1000
commit	f6220fd827d974ecba3ab18fa3e8935557cfd58f (patch)
tree	d020bb1ed5bc5b47fe27abaddebee5b645a63582 /tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
parent	ef8ddefce682656a1f1f1155707cfcff67a29c0f (diff)
download	vyos.vyos-main.tar.gz vyos.vyos-main.zip