diff options
| author | ansible-zuul[bot] <48994755+ansible-zuul[bot]@users.noreply.github.com> | 2020-02-19 21:10:08 +0000 | 
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-19 21:10:08 +0000 | 
| commit | c390b91be90c6fec33a1d4d3ed37d9c55f4328b2 (patch) | |
| tree | c5ff33aa0e4770a13340a52b1e2bda7531541a5f /tests/integration/targets | |
| parent | f63b5c97edbf598f7b2a4c044386de3dddfda100 (diff) | |
| parent | 45f223636c73ba69d3fea3c8aab8edd41de01388 (diff) | |
| download | vyos.vyos-c390b91be90c6fec33a1d4d3ed37d9c55f4328b2.tar.gz vyos.vyos-c390b91be90c6fec33a1d4d3ed37d9c55f4328b2.zip | |
Merge pull request #2 from CaptTrews/master
Updated from network content collector
Reviewed-by: https://github.com/apps/ansible-zuul
Diffstat (limited to 'tests/integration/targets')
40 files changed, 2109 insertions, 0 deletions
| diff --git a/tests/integration/targets/vyos_firewall_rules/defaults/main.yaml b/tests/integration/targets/vyos_firewall_rules/defaults/main.yaml new file mode 100644 index 00000000..852a6bee --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: '[^_].*' +test_items: [] diff --git a/tests/integration/targets/vyos_firewall_rules/meta/main.yaml b/tests/integration/targets/vyos_firewall_rules/meta/main.yaml new file mode 100644 index 00000000..7413320e --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/meta/main.yaml @@ -0,0 +1,3 @@ +--- +dependencies: +  - prepare_vyos_tests diff --git a/tests/integration/targets/vyos_firewall_rules/tasks/cli.yaml b/tests/integration/targets/vyos_firewall_rules/tasks/cli.yaml new file mode 100644 index 00000000..93eb2fe4 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases +  find: +    paths: '{{ role_path }}/tests/cli' +    patterns: '{{ testcase }}.yaml' +    use_regex: true +  register: test_cases +  delegate_to: localhost + +- name: Set test_items +  set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) +  include: '{{ test_case_to_run }}' +  vars: +    ansible_connection: ansible.netcommon.network_cli +  with_items: '{{ test_items }}' +  loop_control: +    loop_var: test_case_to_run diff --git a/tests/integration/targets/vyos_firewall_rules/tasks/main.yaml b/tests/integration/targets/vyos_firewall_rules/tasks/main.yaml new file mode 100644 index 00000000..a3db933e --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- include: cli.yaml +  tags: +    - cli diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg new file mode 100644 index 00000000..b54c1094 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg @@ -0,0 +1,25 @@ +set firewall group address-group 'inbound' +set firewall ipv6-name UPLINK default-action 'accept' +set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' +set firewall ipv6-name UPLINK rule 1 action 'accept' +set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' +set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' +set firewall ipv6-name UPLINK rule 2 action 'accept' +set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' +set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' +set firewall name INBOUND default-action 'accept' +set firewall name INBOUND description 'IPv4 INBOUND rule set' +set firewall name INBOUND rule 101 action 'accept' +set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +set firewall name INBOUND rule 101 ipsec 'match-ipsec' +set firewall name INBOUND rule 102 action 'reject' +set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +set firewall name INBOUND rule 102 ipsec 'match-ipsec' +set firewall name INBOUND rule 103 action 'accept' +set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +set firewall name INBOUND rule 103 destination group address-group 'inbound' +set firewall name INBOUND rule 103 source address '192.0.2.0' +set firewall name INBOUND rule 103 state established 'enable' +set firewall name INBOUND rule 103 state invalid 'disable' +set firewall name INBOUND rule 103 state new 'disable' +set firewall name INBOUND rule 103 state related 'enable' diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml new file mode 100644 index 00000000..551736e4 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml @@ -0,0 +1,27 @@ +--- +- name: Setup +  vars: +    lines: "set firewall group address-group 'inbound'\nset firewall ipv6-name UPLINK\ +      \ default-action 'accept'\nset firewall ipv6-name UPLINK description 'This\ +      \ is ipv6 specific rule-set'\nset firewall ipv6-name UPLINK rule 1 action\ +      \ 'accept'\nset firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule\ +      \ 1 is configured by Ansible'\nset firewall ipv6-name UPLINK rule 1 ipsec\ +      \ 'match-ipsec'\nset firewall ipv6-name UPLINK rule 2 action 'accept'\nset\ +      \ firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured\ +      \ by Ansible'\nset firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'\n\ +      set firewall name INBOUND default-action 'accept'\nset firewall name INBOUND\ +      \ description 'IPv4 INBOUND rule set'\nset firewall name INBOUND rule 101\ +      \ action 'accept'\nset firewall name INBOUND rule 101 description 'Rule 101\ +      \ is configured by Ansible'\nset firewall name INBOUND rule 101 ipsec 'match-ipsec'\n\ +      set firewall name INBOUND rule 102 action 'reject'\nset firewall name INBOUND\ +      \ rule 102 description 'Rule 102 is configured by Ansible'\nset firewall name\ +      \ INBOUND rule 102 ipsec 'match-ipsec'\nset firewall name INBOUND rule 103\ +      \ action 'accept'\nset firewall name INBOUND rule 103 description 'Rule 103\ +      \ is configured by Ansible'\nset firewall name INBOUND rule 103 destination\ +      \ group address-group 'inbound'\nset firewall name INBOUND rule 103 source\ +      \ address '192.0.2.0'\nset firewall name INBOUND rule 103 state established\ +      \ 'enable'\nset firewall name INBOUND rule 103 state invalid 'disable'\nset\ +      \ firewall name INBOUND rule 103 state new 'disable'\nset firewall name INBOUND\ +      \ rule 103 state related 'enable'\n" +  ansible.netcommon.cli_config: +    config: '{{ lines }}' diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml new file mode 100644 index 00000000..acb08034 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml @@ -0,0 +1,6 @@ +--- +- name: Remove Config +  vars: +    lines: "delete firewall ipv6-name\ndelete firewall name\n" +  ansible.netcommon.cli_config: +    config: '{{ lines }}' diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml new file mode 100644 index 00000000..7acfe653 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml @@ -0,0 +1,60 @@ +--- +- debug: +    msg: Start vyos_firewall_rules deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete firewall rule set. +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv6 +            rule_sets: + +              - name: UPLINK + +          - afi: ipv4 +            rule_sets: + +              - name: INBOUND +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_rs['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_rs['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_rs['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml new file mode 100644 index 00000000..e20670de --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml @@ -0,0 +1,54 @@ +--- +- debug: +    msg: Start vyos_firewall_rules deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete firewall rule. +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv6 + +          - afi: ipv4 +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_afi_all['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['after'])\ +            \ |length == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['before'])\ +            \ |length == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml new file mode 100644 index 00000000..16e563c2 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml @@ -0,0 +1,50 @@ +--- +- debug: +    msg: Start vyos_firewall_rules deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete all the firewall rules. +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_afi_all['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['after'])\ +            \ |length == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['before'])\ +            \ |length == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml new file mode 100644 index 00000000..d77e2a9c --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml @@ -0,0 +1,58 @@ +--- +- debug: +    msg: Start vyos_firewall_rules deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete firewall rule. +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv6 +            rule_sets: + +              - name: UPLINK +                rules: + +                  - number: 1 +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_r['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_r['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_r['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/empty_config.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/empty_config.yaml new file mode 100644 index 00000000..c30cf03e --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/empty_config.yaml @@ -0,0 +1,60 @@ +--- +- debug: +    msg: START vyos_firewall_rules empty_config integration tests on connection={{ +      ansible_connection }} + +- name: Merged with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_firewall_rules: +    config: +    state: merged + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_firewall_rules: +    config: +    state: replaced + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Overridden with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_firewall_rules: +    config: +    state: overridden + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state overridden' + +- name: Parsed with empty running_config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_firewall_rules: +    running_config: +    state: parsed + +- assert: +    that: +      - result.msg == 'value of running_config parameter must not be empty for state +        parsed' + +- name: Rendered with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_firewall_rules: +    config: +    state: rendered + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state rendered' diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml new file mode 100644 index 00000000..cdc8e51c --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml @@ -0,0 +1,34 @@ +--- +- debug: +    msg: START vyos_firewall_rules gathered integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Merge the provided configuration with the exisiting running configuration +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: +        state: gathered + +    - name: Assert that gathered dicts was correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['gathered']) |length == 0\ +            \ }}" + +    - name: Gather the existing running configuration (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml new file mode 100644 index 00000000..adf7e471 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml @@ -0,0 +1,102 @@ +--- +- debug: +    msg: START vyos_firewall_rules merged integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _populate.yaml + +- include_tasks: _remove_config.yaml + +- block: + +    - name: Merge the provided configuration with the exisiting running configuration +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv6 +            rule_sets: + +              - name: UPLINK +                description: This is ipv6 specific rule-set +                default_action: accept +                rules: + +                  - number: 1 +                    action: accept +                    description: Fwipv6-Rule 1 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 2 +                    action: accept +                    description: Fwipv6-Rule 2 is configured by Ansible +                    ipsec: match-ipsec + +          - afi: ipv4 +            rule_sets: + +              - name: INBOUND +                description: IPv4 INBOUND rule set +                default_action: accept +                rules: + +                  - number: 101 +                    action: accept +                    description: Rule 101 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 102 +                    action: reject +                    description: Rule 102 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 103 +                    action: accept +                    description: Rule 103 is configured by Ansible +                    destination: +                      group: +                        address_group: inbound +                    source: +                      address: 192.0.2.0 +                    state: +                      established: true +                      new: false +                      invalid: false +                      related: true +        state: merged + +    - name: Assert that before dicts were correctly generated +      assert: +        that: "{{ merged['before'] | symmetric_difference(result['before']) |length\ +          \ == 0 }}" + +    - name: Assert that correct set of commands were generated +      assert: +        that: +          - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\ +            \ == 0 }}" + +    - name: Assert that after dicts was correctly generated +      assert: +        that: +          - "{{ merged['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Merge the provided configuration with the existing running configuration +        (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false + +    - name: Assert that before dicts were correctly generated +      assert: +        that: +          - "{{ merged['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml new file mode 100644 index 00000000..6acc9518 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml @@ -0,0 +1,69 @@ +--- +- debug: +    msg: START vyos_firewall_rules overridden integration tests on connection={{ +      ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Overrides all device configuration with provided configuration +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv4 +            rule_sets: + +              - name: Downlink +                description: IPv4 INBOUND rule set +                default_action: accept +                rules: + +                  - number: 501 +                    action: accept +                    description: Rule 501 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 502 +                    action: reject +                    description: Rule 502 is configured by Ansible +                    ipsec: match-ipsec +        state: overridden + +    - name: Assert that before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that correct commands were generated +      assert: +        that: +          - "{{ overridden['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that after dicts were correctly generated +      assert: +        that: +          - "{{ overridden['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Overrides all device configuration with provided configurations (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false + +    - name: Assert that before dicts were correctly generated +      assert: +        that: +          - "{{ overridden['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml new file mode 100644 index 00000000..a793ac58 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml @@ -0,0 +1,41 @@ +--- +- debug: +    msg: START vyos_firewall_rules parsed integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Gather firewall_rules facts +      register: firewall_rules_facts +      vyos.vyos.vyos_facts: +        gather_subset: +          - default +        gather_network_resources: +          - firewall_rules + +    - name: Provide the running configuration for parsing (config to be parsed) +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        running_config: "{{ lookup('file', '_parsed_config.cfg') }}" +        state: parsed + +    - name: Assert that correct parsing done +      assert: +        that: "{{ ansible_facts['network_resources']['firewall_rules'] | symmetric_difference(result['parsed'])\ +          \ |length == 0 }}" + +    - name: Gather the existing running configuration (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml new file mode 100644 index 00000000..f000998e --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml @@ -0,0 +1,73 @@ +--- +- debug: +    msg: START vyos_firewall_rules rendered integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Structure provided configuration into device specific commands +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv6 +            rule_sets: + +              - name: UPLINK +                description: This is ipv6 specific rule-set +                default_action: accept + +          - afi: ipv4 +            rule_sets: + +              - name: INBOUND +                description: IPv4 INBOUND rule set +                default_action: accept +                rules: + +                  - number: 101 +                    action: accept +                    description: Rule 101 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 102 +                    action: reject +                    description: Rule 102 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 103 +                    action: accept +                    description: Rule 103 is configured by Ansible +                    destination: +                      group: +                        address_group: inbound +                    source: +                      address: 192.0.2.0 +                    state: +                      established: true +                      new: false +                      invalid: false +                      related: true +        state: rendered + +    - name: Assert that correct set of commands were generated +      assert: +        that: +          - "{{ rendered['commands'] | symmetric_difference(result['rendered'])\ +            \ |length == 0 }}" + +    - name: Structure provided configuration into device specific commands (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml new file mode 100644 index 00000000..eba16892 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml @@ -0,0 +1,78 @@ +--- +- debug: +    msg: START vyos_firewall_rules replaced integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Replace device configurations of listed firewall rules with provided +        configurations +      register: result +      vyos.vyos.vyos_firewall_rules: &id001 +        config: + +          - afi: ipv6 +            rule_sets: + +              - name: UPLINK +                description: This is ipv6 specific rule-set +                default_action: accept + +          - afi: ipv4 +            rule_sets: + +              - name: INBOUND +                description: IPv4 INBOUND rule set +                default_action: accept +                rules: + +                  - number: 101 +                    action: accept +                    description: Rule 101 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 104 +                    action: reject +                    description: Rule 104 is configured by Ansible +                    ipsec: match-none +        state: replaced + +    - name: Assert that correct set of commands were generated +      assert: +        that: +          - "{{ replaced['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that before dicts are correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that after dict is correctly generated +      assert: +        that: +          - "{{ replaced['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Replace device configurations of listed firewall rules with provided +        configurarions (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_firewall_rules: *id001 + +    - name: Assert that task was idempotent +      assert: +        that: +          - result['changed'] == false + +    - name: Assert that before dict is correctly generated +      assert: +        that: +          - "{{ replaced['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml new file mode 100644 index 00000000..762086f4 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml @@ -0,0 +1,101 @@ +--- +- debug: +    msg: START vyos_firewall_rules round trip integration tests on connection={{ +      ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + +    - name: Apply the provided configuration (base config) +      register: base_config +      vyos.vyos.vyos_firewall_rules: +        config: + +          - afi: ipv6 +            rule_sets: + +              - name: UPLINK +                description: This is ipv6 specific rule-set +                default_action: accept +                rules: + +                  - number: 1 +                    action: accept +                    description: Fwipv6-Rule 1 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 2 +                    action: accept +                    description: Fwipv6-Rule 2 is configured by Ansible +                    ipsec: match-ipsec + +          - afi: ipv4 +            rule_sets: + +              - name: INBOUND +                description: IPv4 INBOUND rule set +                default_action: accept +                rules: + +                  - number: 101 +                    action: accept +                    description: Rule 101 is configured by Ansible +                    ipsec: match-ipsec + +                  - number: 102 +                    action: reject +                    description: Rule 102 is configured by Ansible +                    ipsec: match-ipsec +        state: merged + +    - name: Gather firewall_rules facts +      vyos.vyos.vyos_facts: +        gather_subset: +          - default +        gather_network_resources: +          - firewall_rules + +    - name: Apply the provided configuration (config to be reverted) +      register: result +      vyos.vyos.vyos_firewall_rules: +        config: + +          - afi: ipv4 +            rule_sets: + +              - name: INBOUND +                description: IPv4 INBOUND rule set +                default_action: accept +                rules: + +                  - number: 103 +                    action: accept +                    description: Rule 103 is configured by Ansible +                    source: +                      address: 192.0.2.0 +                    state: +                      established: true +                      new: false +                      invalid: false +                      related: true +        state: merged + +    - name: Assert that changes were applied +      assert: +        that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length\ +          \ == 0 }}" + +    - name: Revert back to base config using facts round trip +      register: revert +      vyos.vyos.vyos_firewall_rules: +        config: "{{ ansible_facts['network_resources']['firewall_rules'] }}" +        state: overridden + +    - name: Assert that config was reverted +      assert: +        that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length\ +          \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml new file mode 100644 index 00000000..c15a101a --- /dev/null +++ b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml @@ -0,0 +1,312 @@ +--- +merged: +  before: [] +  commands: +    - set firewall ipv6-name UPLINK default-action 'accept' +    - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' +    - set firewall ipv6-name UPLINK rule 1 action 'accept' +    - set firewall ipv6-name UPLINK rule 1 +    - set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured +      by Ansible' +    - set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' +    - set firewall ipv6-name UPLINK rule 2 action 'accept' +    - set firewall ipv6-name UPLINK rule 2 +    - set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured +      by Ansible' +    - set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' +    - set firewall name INBOUND default-action 'accept' +    - set firewall name INBOUND description 'IPv4 INBOUND rule set' +    - set firewall name INBOUND rule 101 action 'accept' +    - set firewall name INBOUND rule 101 +    - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +    - set firewall name INBOUND rule 101 ipsec 'match-ipsec' +    - set firewall name INBOUND rule 102 action 'reject' +    - set firewall name INBOUND rule 102 +    - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +    - set firewall name INBOUND rule 102 ipsec 'match-ipsec' +    - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +    - set firewall name INBOUND rule 103 destination group address-group inbound +    - set firewall name INBOUND rule 103 +    - set firewall name INBOUND rule 103 source address 192.0.2.0 +    - set firewall name INBOUND rule 103 state established enable +    - set firewall name INBOUND rule 103 state related enable +    - set firewall name INBOUND rule 103 state invalid disable +    - set firewall name INBOUND rule 103 state new disable +    - set firewall name INBOUND rule 103 action 'accept' +  after: +    - afi: ipv6 +      rule_sets: +        - name: UPLINK +          description: This is ipv6 specific rule-set +          default_action: accept +          rules: +            - number: 1 +              action: accept +              description: Fwipv6-Rule 1 is configured by Ansible +              ipsec: match-ipsec +            - number: 2 +              action: accept +              description: Fwipv6-Rule 2 is configured by Ansible +              ipsec: match-ipsec +    - afi: ipv4 +      rule_sets: +        - name: INBOUND +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 101 +              action: accept +              description: Rule 101 is configured by Ansible +              ipsec: match-ipsec +            - number: 102 +              action: reject +              description: Rule 102 is configured by Ansible +              ipsec: match-ipsec +            - number: 103 +              action: accept +              description: Rule 103 is configured by Ansible +              destination: +                group: +                  address_group: inbound +              source: +                address: 192.0.2.0 +              state: +                established: true +                new: false +                invalid: false +                related: true +populate: +  - afi: ipv6 +    rule_sets: +      - name: UPLINK +        description: This is ipv6 specific rule-set +        default_action: accept +        rules: +          - number: 1 +            action: accept +            description: Fwipv6-Rule 1 is configured by Ansible +            ipsec: match-ipsec +          - number: 2 +            action: accept +            description: Fwipv6-Rule 2 is configured by Ansible +            ipsec: match-ipsec +  - afi: ipv4 +    rule_sets: +      - name: INBOUND +        description: IPv4 INBOUND rule set +        default_action: accept +        rules: +          - number: 101 +            action: accept +            description: Rule 101 is configured by Ansible +            ipsec: match-ipsec +          - number: 102 +            action: reject +            description: Rule 102 is configured by Ansible +            ipsec: match-ipsec +          - number: 103 +            action: accept +            description: Rule 103 is configured by Ansible +            destination: +              group: +                address_group: inbound +            source: +              address: 192.0.2.0 +            state: +              established: true +              new: false +              invalid: false +              related: true +replaced: +  commands: +    - delete firewall ipv6-name UPLINK rule 1 +    - delete firewall ipv6-name UPLINK rule 2 +    - delete firewall name INBOUND rule 102 +    - delete firewall name INBOUND rule 103 +    - set firewall name INBOUND rule 104 action 'reject' +    - set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible' +    - set firewall name INBOUND rule 104 +    - set firewall name INBOUND rule 104 ipsec 'match-none' +  after: +    - afi: ipv6 +      rule_sets: +        - name: UPLINK +          description: This is ipv6 specific rule-set +          default_action: accept +    - afi: ipv4 +      rule_sets: +        - name: INBOUND +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 101 +              action: accept +              description: Rule 101 is configured by Ansible +              ipsec: match-ipsec +            - number: 104 +              action: reject +              description: Rule 104 is configured by Ansible +              ipsec: match-none +overridden: +  before: +    - afi: ipv6 +      rule_sets: +        - name: UPLINK +          description: This is ipv6 specific rule-set +          default_action: accept +    - afi: ipv4 +      rule_sets: +        - name: INBOUND +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 101 +              action: accept +              description: Rule 101 is configured by Ansible +              ipsec: match-ipsec +            - number: 104 +              action: reject +              description: Rule 104 is configured by Ansible +              ipsec: match-none +  commands: +    - delete firewall ipv6-name UPLINK +    - delete firewall name INBOUND +    - set firewall name Downlink default-action 'accept' +    - set firewall name Downlink description 'IPv4 INBOUND rule set' +    - set firewall name Downlink rule 501 action 'accept' +    - set firewall name Downlink rule 501 +    - set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible' +    - set firewall name Downlink rule 501 ipsec 'match-ipsec' +    - set firewall name Downlink rule 502 action 'reject' +    - set firewall name Downlink rule 502 +    - set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible' +    - set firewall name Downlink rule 502 ipsec 'match-ipsec' +  after: +    - afi: ipv4 +      rule_sets: +        - name: Downlink +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 501 +              action: accept +              description: Rule 501 is configured by Ansible +              ipsec: match-ipsec +            - number: 502 +              action: reject +              description: Rule 502 is configured by Ansible +              ipsec: match-ipsec +rendered: +  commands: +    - set firewall ipv6-name UPLINK default-action 'accept' +    - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' +    - set firewall name INBOUND default-action 'accept' +    - set firewall name INBOUND description 'IPv4 INBOUND rule set' +    - set firewall name INBOUND rule 101 action 'accept' +    - set firewall name INBOUND rule 101 +    - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' +    - set firewall name INBOUND rule 101 ipsec 'match-ipsec' +    - set firewall name INBOUND rule 102 action 'reject' +    - set firewall name INBOUND rule 102 +    - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' +    - set firewall name INBOUND rule 102 ipsec 'match-ipsec' +    - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' +    - set firewall name INBOUND rule 103 destination group address-group inbound +    - set firewall name INBOUND rule 103 +    - set firewall name INBOUND rule 103 source address 192.0.2.0 +    - set firewall name INBOUND rule 103 state established enable +    - set firewall name INBOUND rule 103 state related enable +    - set firewall name INBOUND rule 103 state invalid disable +    - set firewall name INBOUND rule 103 state new disable +    - set firewall name INBOUND rule 103 action 'accept' +deleted_rs: +  commands: +    - delete firewall ipv6-name UPLINK +    - delete firewall name INBOUND +  after: [] +deleted_afi_all: +  commands: +    - delete firewall ipv6-name +    - delete firewall name +  after: [] +deleted_r: +  commands: +    - delete firewall ipv6-name UPLINK rule 1 +  after: +    - afi: ipv6 +      rule_sets: +        - name: UPLINK +          description: This is ipv6 specific rule-set +          default_action: accept +          rules: +            - number: 2 +              action: accept +              description: Fwipv6-Rule 2 is configured by Ansible +              ipsec: match-ipsec +    - afi: ipv4 +      rule_sets: +        - name: INBOUND +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 101 +              action: accept +              description: Rule 101 is configured by Ansible +              ipsec: match-ipsec +            - number: 102 +              action: reject +              description: Rule 102 is configured by Ansible +              ipsec: match-ipsec +            - number: 103 +              action: accept +              description: Rule 103 is configured by Ansible +              destination: +                group: +                  address_group: inbound +              source: +                address: 192.0.2.0 +              state: +                established: true +                new: false +                invalid: false +                related: true +round_trip: +  after: +    - afi: ipv6 +      rule_sets: +        - name: UPLINK +          description: This is ipv6 specific rule-set +          default_action: accept +          rules: +            - number: 1 +              action: accept +              description: Fwipv6-Rule 1 is configured by Ansible +              ipsec: match-ipsec +            - number: 2 +              action: accept +              description: Fwipv6-Rule 2 is configured by Ansible +              ipsec: match-ipsec +    - afi: ipv4 +      rule_sets: +        - name: INBOUND +          description: IPv4 INBOUND rule set +          default_action: accept +          rules: +            - number: 101 +              action: accept +              description: Rule 101 is configured by Ansible +              ipsec: match-ipsec +            - number: 102 +              action: reject +              description: Rule 102 is configured by Ansible +              ipsec: match-ipsec +            - number: 103 +              action: accept +              description: Rule 103 is configured by Ansible +              source: +                address: 192.0.2.0 +              state: +                established: true +                new: false +                invalid: false +                related: true diff --git a/tests/integration/targets/vyos_static_routes/defaults/main.yaml b/tests/integration/targets/vyos_static_routes/defaults/main.yaml new file mode 100644 index 00000000..852a6bee --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: '[^_].*' +test_items: [] diff --git a/tests/integration/targets/vyos_static_routes/meta/main.yaml b/tests/integration/targets/vyos_static_routes/meta/main.yaml new file mode 100644 index 00000000..91da2a75 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/meta/main.yaml @@ -0,0 +1,2 @@ +--- +... diff --git a/tests/integration/targets/vyos_static_routes/tasks/cli.yaml b/tests/integration/targets/vyos_static_routes/tasks/cli.yaml new file mode 100644 index 00000000..93eb2fe4 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases +  find: +    paths: '{{ role_path }}/tests/cli' +    patterns: '{{ testcase }}.yaml' +    use_regex: true +  register: test_cases +  delegate_to: localhost + +- name: Set test_items +  set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) +  include: '{{ test_case_to_run }}' +  vars: +    ansible_connection: ansible.netcommon.network_cli +  with_items: '{{ test_items }}' +  loop_control: +    loop_var: test_case_to_run diff --git a/tests/integration/targets/vyos_static_routes/tasks/main.yaml b/tests/integration/targets/vyos_static_routes/tasks/main.yaml new file mode 100644 index 00000000..a3db933e --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- include: cli.yaml +  tags: +    - cli diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_static_routes/tests/cli/_parsed_config.cfg new file mode 100644 index 00000000..b2ecd4e9 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/_parsed_config.cfg @@ -0,0 +1,6 @@ +set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' +set protocols static route 192.0.2.32/28 next-hop '192.0.2.10' +set protocols static route 192.0.2.32/28 blackhole +set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' +set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' +set protocols static route6 2001:db8:1000::/36 blackhole distance '2' diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/_populate.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/_populate.yaml new file mode 100644 index 00000000..f292e5de --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/_populate.yaml @@ -0,0 +1,12 @@ +--- +- name: Setup +  vars: +    lines: "set protocols static route 192.0.2.32/28 next-hop '192.0.2.10'\nset\ +      \ protocols static route 192.0.2.32/28 next-hop '192.0.2.9'\nset protocols\ +      \ static route 192.0.2.32/28 blackhole\nset protocols static route 192.0.2.32/28\n\ +      set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1'\n\ +      set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2'\n\ +      set protocols static route6 2001:db8:1000::/36 blackhole distance '2'\nset\ +      \ protocols static route6 2001:db8:1000::/36\n" +  ansible.netcommon.cli_config: +    config: '{{ lines }}' diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/_remove_config.yaml new file mode 100644 index 00000000..5a5cccb8 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/_remove_config.yaml @@ -0,0 +1,6 @@ +--- +- name: Remove Config +  vars: +    lines: "delete protocols static route\ndelete protocols static route6\n" +  ansible.netcommon.cli_config: +    config: '{{ lines }}' diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/deleted.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/deleted.yaml new file mode 100644 index 00000000..7f098f52 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/deleted.yaml @@ -0,0 +1,62 @@ +--- +- debug: +    msg: Start vyos_static_routes deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete static route based on destiation. +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 + +              - afi: ipv6 +                routes: + +                  - dest: 2001:db8:1000::/36 +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_dest['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_dest['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_dest['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/deleted_afi.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/deleted_afi.yaml new file mode 100644 index 00000000..221f1b51 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/deleted_afi.yaml @@ -0,0 +1,56 @@ +--- +- debug: +    msg: Start vyos_static_routes deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete static route based on afi. +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 + +              - afi: ipv6 +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_afi_all['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['after'])\ +            \ |length == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['before'])\ +            \ |length == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/deleted_all.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/deleted_all.yaml new file mode 100644 index 00000000..e10f1bc6 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/deleted_all.yaml @@ -0,0 +1,50 @@ +--- +- debug: +    msg: Start vyos_static_routes deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete all the static routes. +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_afi_all['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['after'])\ +            \ |length == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_afi_all['after'] | symmetric_difference(result['before'])\ +            \ |length == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/deleted_nh.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/deleted_nh.yaml new file mode 100644 index 00000000..f6075d26 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/deleted_nh.yaml @@ -0,0 +1,68 @@ +--- +- debug: +    msg: Start vyos_static_routes deleted integration tests ansible_connection={{ +      ansible_connection }} + +- include_tasks: _populate.yaml + +- block: + +    - name: Delete static route based on next_hop. +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 +                    next_hops: + +                      - forward_router_address: 192.0.2.9 + +              - afi: ipv6 +                routes: + +                  - dest: 2001:db8:1000::/36 +                    next_hops: + +                      - forward_router_address: 2001:db8:2000:2::1 +        state: deleted + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that the correct set of commands were generated +      assert: +        that: +          - "{{ deleted_nh['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that the after dicts were correctly generated +      assert: +        that: +          - "{{ deleted_nh['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Delete attributes of given interfaces (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result.changed == false +          - result.commands|length == 0 + +    - name: Assert that the before dicts were correctly generated +      assert: +        that: +          - "{{ deleted_nh['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/empty_config.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/empty_config.yaml new file mode 100644 index 00000000..f58ef398 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/empty_config.yaml @@ -0,0 +1,60 @@ +--- +- debug: +    msg: START vyos_static_routes empty_config integration tests on connection={{ +      ansible_connection }} + +- name: Merged with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_static_routes: +    config: +    state: merged + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_static_routes: +    config: +    state: replaced + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Overridden with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_static_routes: +    config: +    state: overridden + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state overridden' + +- name: Parsed with empty running_config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_static_routes: +    running_config: +    state: parsed + +- assert: +    that: +      - result.msg == 'value of running_config parameter must not be empty for state +        parsed' + +- name: Rendered with empty config should give appropriate error message +  register: result +  ignore_errors: true +  vyos.vyos.vyos_static_routes: +    config: +    state: rendered + +- assert: +    that: +      - result.msg == 'value of config parameter must not be empty for state rendered' diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/gathered.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/gathered.yaml new file mode 100644 index 00000000..d3b84d1f --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/gathered.yaml @@ -0,0 +1,34 @@ +--- +- debug: +    msg: START vyos_static_routes gathered integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Merge the provided configuration with the exisiting running configuration +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: +        state: gathered + +    - name: Assert that gathered dicts was correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['gathered']) |length == 0\ +            \ }}" + +    - name: Gather the existing running configuration (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/merged.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/merged.yaml new file mode 100644 index 00000000..999ae867 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/merged.yaml @@ -0,0 +1,78 @@ +--- +- debug: +    msg: START vyos_static_routes merged integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- block: + +    - name: Merge the provided configuration with the exisiting running configuration +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 +                    blackhole_config: +                      type: blackhole +                    next_hops: + +                      - forward_router_address: 192.0.2.10 + +                      - forward_router_address: 192.0.2.9 + +          - address_families: + +              - afi: ipv6 +                routes: + +                  - dest: 2001:db8:1000::/36 +                    blackhole_config: +                      distance: 2 +                    next_hops: + +                      - forward_router_address: 2001:db8:2000:2::1 + +                      - forward_router_address: 2001:db8:2000:2::2 +        state: merged + +    - name: Assert that before dicts were correctly generated +      assert: +        that: "{{ merged['before'] | symmetric_difference(result['before']) |length\ +          \ == 0 }}" + +    - name: Assert that correct set of commands were generated +      assert: +        that: +          - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\ +            \ == 0 }}" + +    - name: Assert that after dicts was correctly generated +      assert: +        that: +          - "{{ merged['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Merge the provided configuration with the existing running configuration +        (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false + +    - name: Assert that before dicts were correctly generated +      assert: +        that: +          - "{{ merged['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/overridden.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/overridden.yaml new file mode 100644 index 00000000..a9112a51 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/overridden.yaml @@ -0,0 +1,61 @@ +--- +- debug: +    msg: START vyos_static_routes overridden integration tests on connection={{ +      ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Overrides all device configuration with provided configuration +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 198.0.2.48/28 +                    next_hops: + +                      - forward_router_address: 192.0.2.18 +        state: overridden + +    - name: Assert that before dicts were correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that correct commands were generated +      assert: +        that: +          - "{{ overridden['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that after dicts were correctly generated +      assert: +        that: +          - "{{ overridden['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Overrides all device configuration with provided configurations (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false + +    - name: Assert that before dicts were correctly generated +      assert: +        that: +          - "{{ overridden['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/parsed.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/parsed.yaml new file mode 100644 index 00000000..4b6e434a --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/parsed.yaml @@ -0,0 +1,41 @@ +--- +- debug: +    msg: START vyos_static_routes parsed integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Gather static_routes facts +      register: static_routes_facts +      vyos.vyos.vyos_facts: +        gather_subset: +          - default +        gather_network_resources: +          - static_routes + +    - name: Provide the running configuration for parsing (config to be parsed) +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        running_config: "{{ lookup('file', '_parsed_config.cfg') }}" +        state: parsed + +    - name: Assert that correct parsing done +      assert: +        that: "{{ ansible_facts['network_resources']['static_routes'] | symmetric_difference(result['parsed'])\ +          \ |length == 0 }}" + +    - name: Gather the existing running configuration (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/rendered.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/rendered.yaml new file mode 100644 index 00000000..ff185232 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/rendered.yaml @@ -0,0 +1,62 @@ +--- +- debug: +    msg: START vyos_static_routes rendered integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Structure provided configuration into device specific commands +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 +                    blackhole_config: +                      type: blackhole +                    next_hops: + +                      - forward_router_address: 192.0.2.10 + +                      - forward_router_address: 192.0.2.9 + +          - address_families: + +              - afi: ipv6 +                routes: + +                  - dest: 2001:db8:1000::/36 +                    blackhole_config: +                      distance: 2 +                    next_hops: + +                      - forward_router_address: 2001:db8:2000:2::1 + +                      - forward_router_address: 2001:db8:2000:2::2 +        state: rendered + +    - name: Assert that correct set of commands were generated +      assert: +        that: +          - "{{ rendered['commands'] | symmetric_difference(result['rendered'])\ +            \ |length == 0 }}" + +    - name: Structure provided configuration into device specific commands (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that the previous task was idempotent +      assert: +        that: +          - result['changed'] == false +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/replaced.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/replaced.yaml new file mode 100644 index 00000000..80ed8010 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/replaced.yaml @@ -0,0 +1,69 @@ +--- +- debug: +    msg: START vyos_static_routes replaced integration tests on connection={{ ansible_connection +      }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate.yaml + +- block: + +    - name: Replace device configurations of listed static routes with provided +        configurations +      register: result +      vyos.vyos.vyos_static_routes: &id001 +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 +                    blackhole_config: +                      distance: 2 +                    next_hops: + +                      - forward_router_address: 192.0.2.7 + +                      - forward_router_address: 192.0.2.8 + +                      - forward_router_address: 192.0.2.9 +        state: replaced + +    - name: Assert that correct set of commands were generated +      assert: +        that: +          - "{{ replaced['commands'] | symmetric_difference(result['commands'])\ +            \ |length == 0 }}" + +    - name: Assert that before dicts are correctly generated +      assert: +        that: +          - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + +    - name: Assert that after dict is correctly generated +      assert: +        that: +          - "{{ replaced['after'] | symmetric_difference(result['after']) |length\ +            \ == 0 }}" + +    - name: Replace device configurations of listed static routes with provided +        configurarions (IDEMPOTENT) +      register: result +      vyos.vyos.vyos_static_routes: *id001 + +    - name: Assert that task was idempotent +      assert: +        that: +          - result['changed'] == false + +    - name: Assert that before dict is correctly generated +      assert: +        that: +          - "{{ replaced['after'] | symmetric_difference(result['before']) |length\ +            \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/tests/cli/rtt.yaml b/tests/integration/targets/vyos_static_routes/tests/cli/rtt.yaml new file mode 100644 index 00000000..340fde9e --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/tests/cli/rtt.yaml @@ -0,0 +1,90 @@ +--- +- debug: +    msg: START vyos_static_routes round trip integration tests on connection={{ +      ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + +    - name: Apply the provided configuration (base config) +      register: base_config +      vyos.vyos.vyos_static_routes: +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 +                    blackhole_config: +                      type: blackhole +                    next_hops: + +                      - forward_router_address: 192.0.2.10 + +                      - forward_router_address: 192.0.2.9 + +          - address_families: + +              - afi: ipv6 +                routes: + +                  - dest: 2001:db8:1000::/36 +                    blackhole_config: +                      distance: 2 +                    next_hops: + +                      - forward_router_address: 2001:db8:2000:2::1 + +                      - forward_router_address: 2001:db8:2000:2::2 +        state: merged + +    - name: Gather static_routes facts +      vyos.vyos.vyos_facts: +        gather_subset: +          - default +        gather_network_resources: +          - static_routes + +    - name: Apply the provided configuration (config to be reverted) +      register: result +      vyos.vyos.vyos_static_routes: +        config: + +          - address_families: + +              - afi: ipv4 +                routes: + +                  - dest: 192.0.2.32/28 +                    blackhole_config: +                      distance: 2 +                    next_hops: + +                      - forward_router_address: 192.0.2.7 + +                      - forward_router_address: 192.0.2.8 + +                      - forward_router_address: 192.0.2.9 +        state: merged + +    - name: Assert that changes were applied +      assert: +        that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length\ +          \ == 0 }}" + +    - name: Revert back to base config using facts round trip +      register: revert +      vyos.vyos.vyos_static_routes: +        config: "{{ ansible_facts['network_resources']['static_routes'] }}" +        state: overridden + +    - name: Assert that config was reverted +      assert: +        that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length\ +          \ == 0 }}" +  always: + +    - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_static_routes/vars/main.yaml b/tests/integration/targets/vyos_static_routes/vars/main.yaml new file mode 100644 index 00000000..93b875f2 --- /dev/null +++ b/tests/integration/targets/vyos_static_routes/vars/main.yaml @@ -0,0 +1,147 @@ +--- +merged: +  before: [] +  commands: +    - set protocols static route 192.0.2.32/28 next-hop '192.0.2.10' +    - set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' +    - set protocols static route 192.0.2.32/28 blackhole +    - set protocols static route 192.0.2.32/28 +    - set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' +    - set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' +    - set protocols static route6 2001:db8:1000::/36 blackhole distance '2' +    - set protocols static route6 2001:db8:1000::/36 +  after: +    - address_families: +        - afi: ipv4 +          routes: +            - dest: 192.0.2.32/28 +              blackhole_config: +                type: blackhole +              next_hops: +                - forward_router_address: 192.0.2.9 +                - forward_router_address: 192.0.2.10 +        - afi: ipv6 +          routes: +            - dest: 2001:db8:1000::/36 +              blackhole_config: +                distance: 2 +              next_hops: +                - forward_router_address: 2001:db8:2000:2::1 +                - forward_router_address: 2001:db8:2000:2::2 +populate: +  - address_families: +      - afi: ipv4 +        routes: +          - dest: 192.0.2.32/28 +            blackhole_config: +              type: blackhole +            next_hops: +              - forward_router_address: 192.0.2.9 +              - forward_router_address: 192.0.2.10 +      - afi: ipv6 +        routes: +          - dest: 2001:db8:1000::/36 +            blackhole_config: +              distance: 2 +            next_hops: +              - forward_router_address: 2001:db8:2000:2::1 +              - forward_router_address: 2001:db8:2000:2::2 +replaced: +  commands: +    - delete protocols static route 192.0.2.32/28 next-hop '192.0.2.10' +    - set protocols static route 192.0.2.32/28 next-hop '192.0.2.7' +    - set protocols static route 192.0.2.32/28 next-hop '192.0.2.8' +    - set protocols static route 192.0.2.32/28 blackhole distance '2' +  after: +    - address_families: +        - afi: ipv4 +          routes: +            - dest: 192.0.2.32/28 +              blackhole_config: +                distance: 2 +              next_hops: +                - forward_router_address: 192.0.2.7 +                - forward_router_address: 192.0.2.8 +                - forward_router_address: 192.0.2.9 +        - afi: ipv6 +          routes: +            - dest: 2001:db8:1000::/36 +              blackhole_config: +                distance: 2 +              next_hops: +                - forward_router_address: 2001:db8:2000:2::1 +                - forward_router_address: 2001:db8:2000:2::2 +overridden: +  commands: +    - delete protocols static route 192.0.2.32/28 +    - delete protocols static route6 2001:db8:1000::/36 +    - set protocols static route 198.0.2.48/28 next-hop '192.0.2.18' +    - set protocols static route 198.0.2.48/28 +  after: +    - address_families: +        - afi: ipv4 +          routes: +            - dest: 198.0.2.48/28 +              next_hops: +                - forward_router_address: 192.0.2.18 +rendered: +  commands: +    - set protocols static route 192.0.2.32/28 next-hop '192.0.2.10' +    - set protocols static route 192.0.2.32/28 next-hop '192.0.2.9' +    - set protocols static route 192.0.2.32/28 blackhole +    - set protocols static route 192.0.2.32/28 +    - set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' +    - set protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::2' +    - set protocols static route6 2001:db8:1000::/36 blackhole distance '2' +    - set protocols static route6 2001:db8:1000::/36 +deleted_dest: +  commands: +    - delete protocols static route 192.0.2.32/28 +    - delete protocols static route6 2001:db8:1000::/36 +  after: [] +deleted_nh: +  commands: +    - delete protocols static route 192.0.2.32/28 next-hop '192.0.2.9' +    - delete protocols static route6 2001:db8:1000::/36 next-hop '2001:db8:2000:2::1' +  after: +    - address_families: +        - afi: ipv4 +          routes: +            - dest: 192.0.2.32/28 +              blackhole_config: +                type: blackhole +              next_hops: +                - forward_router_address: 192.0.2.10 +        - afi: ipv6 +          routes: +            - dest: 2001:db8:1000::/36 +              blackhole_config: +                distance: 2 +              next_hops: +                - forward_router_address: 2001:db8:2000:2::2 +deleted_afi_all: +  commands: +    - delete protocols static route +    - delete protocols static route6 +  after: [] +round_trip: +  after: +    - address_families: +        - afi: ipv4 +          routes: +            - dest: 192.0.2.32/28 +              blackhole_config: +                distance: 2 +              next_hops: +                - forward_router_address: 192.0.2.7 +                - forward_router_address: 192.0.2.8 +                - forward_router_address: 192.0.2.9 +                - forward_router_address: 192.0.2.10 +        - afi: ipv6 +          routes: +            - dest: 2001:db8:1000::/36 +              blackhole_config: +                distance: 2 +              next_hops: +                - forward_router_address: 2001:db8:2000:2::1 +                - forward_router_address: 2001:db8:2000:2::2 | 
