diff options
| author | omnom62 <75066712+omnom62@users.noreply.github.com> | 2025-02-13 09:01:45 +1000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-13 09:01:45 +1000 |
| commit | cfc4c93253d57de953c4cae7acc5f2b2890614ac (patch) | |
| tree | 5bb2265c6c6f42f49512ec55e98ea47f3a3ab8d8 /tests/integration | |
| parent | 8f7cc603d7f6700302f3d34c7ecfd6faa13ef264 (diff) | |
| download | vyos.vyos-cfc4c93253d57de953c4cae7acc5f2b2890614ac.tar.gz vyos.vyos-cfc4c93253d57de953c4cae7acc5f2b2890614ac.zip | |
* T7002 fw_global integration tests fix init
* adding 1.3 structure
* v1.3- integration tests for fw_global
* fixed integration tests for 1.3 and fw_global
* D.R.Y. for firewall_global integration tests
* changelog
* config-trap is fixed for 1.4
* fw_global log mod fixed
* firewall_gobal 1.4 integration and unit tests fixes
* firewall_gobal unit tests fix
* T7002 firewall_global integration tests fixed
* clean-up work things
* some updates from PR review
* populate_commands for fw_global
* D.R.Y fw_global integration tests
* linter fw_global
* linter
* fragments for T7002 updated
* linter
Diffstat (limited to 'tests/integration')
13 files changed, 391 insertions, 318 deletions
diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_get_version.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/_get_version.yaml new file mode 100644 index 0000000..2588b19 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_get_version.yaml @@ -0,0 +1,28 @@ +- name: make sure to get facts + vyos.vyos.vyos_facts: + vars: + ansible_connection: ansible.netcommon.network_cli + register: vyos_facts + when: vyos_version is not defined + +- name: debug vyos_facts + debug: + var: vyos_facts + +- name: pull version from facts + set_fact: + vyos_version: "{{ vyos_facts.ansible_facts.ansible_net_version.split('-')[0].split(' ')[-1] }}" + when: vyos_version is not defined + +- name: fix '.0' versions + set_fact: + vyos_version: "{{ vyos_version }}.0" + when: vyos_version.count('.') == 1 + +- name: include correct vars + include_vars: pre-v1_4.yaml + when: vyos_version is version('1.4.0', '<', version_type='semver') + +- name: include correct vars + include_vars: v1_4.yaml + when: vyos_version is version('1.4.0', '>=', version_type='semver') diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config_1_3.cfg index 45446bd..9d9a2df 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config.cfg +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config_1_3.cfg @@ -1,6 +1,5 @@ set firewall all-ping 'enable' set firewall broadcast-ping 'enable' -set firewall config-trap 'enable' set firewall group address-group MGMT-HOSTS address '192.0.1.1' set firewall group address-group MGMT-HOSTS address '192.0.1.3' set firewall group address-group MGMT-HOSTS address '192.0.1.5' diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config_1_4.cfg b/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config_1_4.cfg new file mode 100644 index 0000000..4143578 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_parsed_config_1_4.cfg @@ -0,0 +1,18 @@ +set firewall global-options all-ping 'enable' +set firewall global-options broadcast-ping 'enable' +set firewall group address-group MGMT-HOSTS address '192.0.1.1' +set firewall group address-group MGMT-HOSTS address '192.0.1.3' +set firewall group address-group MGMT-HOSTS address '192.0.1.5' +set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' +set firewall group network-group MGMT description 'This group has the Management network addresses' +set firewall group network-group MGMT network '192.0.1.0/24' +set firewall global-options ip-src-route 'enable' +set firewall global-options log-martians 'enable' +set firewall global-options receive-redirects 'disable' +set firewall global-options send-redirects 'enable' +set firewall global-options source-validation 'strict' +set firewall global-options state-policy established action 'accept' +set firewall global-options state-policy established log 'enable' +set firewall global-options state-policy invalid action 'reject' +set firewall global-options syn-cookies 'enable' +set firewall global-options twa-hazards-protection 'enable' diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml index 865bf2f..ccd0f67 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/_populate.yaml @@ -1,47 +1,11 @@ --- - ansible.builtin.include_tasks: _remove_config.yaml -- name: Setup - vars: - lines: >- - set firewall all-ping 'enable' - - set firewall broadcast-ping 'enable' - - set firewall config-trap 'enable' - - set firewall group address-group MGMT-HOSTS address '192.0.1.1' - - set firewall group address-group MGMT-HOSTS address '192.0.1.3' - - set firewall group address-group MGMT-HOSTS address '192.0.1.5' - - set firewall group address-group MGMT-HOSTS description 'This group has - the Management hosts address list' - - set firewall group network-group MGMT description 'This group has the - Management network addresses' - - set firewall group network-group MGMT network '192.0.1.0/24' - - set firewall ip-src-route 'enable' +- name: ensure facts + include_tasks: _get_version.yaml - set firewall log-martians 'enable' - - set firewall receive-redirects 'disable' - - set firewall send-redirects 'enable' - - set firewall source-validation 'strict' - - set firewall state-policy established action 'accept' - - set firewall state-policy established log 'enable' - - set firewall state-policy invalid action 'reject' - - set firewall syn-cookies 'enable' - - set firewall twa-hazards-protection 'enable' - ansible.netcommon.cli_config: - config: "{{ lines }}" +- name: Setup {{ vyos_version }} + vyos.vyos.vyos_config: + lines: "{{ populate_commands }}" + vars: + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml index 4fb2a2d..a538476 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml @@ -8,43 +8,7 @@ - name: Merge the provided configuration with the existing running configuration register: result vyos.vyos.vyos_firewall_global: &id001 - config: - validation: strict - config_trap: true - log_martians: true - syn_cookies: true - twa_hazards_protection: true - ping: - all: true - broadcast: true - state_policy: - - connection_type: established - action: accept - log: true - - - connection_type: invalid - action: reject - route_redirects: - - afi: ipv4 - ip_src_route: true - icmp_redirects: - send: true - receive: false - group: - address_group: - - name: MGMT-HOSTS - description: This group has the Management hosts address list - members: - - address: 192.0.1.1 - - - address: 192.0.1.3 - - - address: 192.0.1.5 - network_group: - - name: MGMT - description: This group has the Management network addresses - members: - - address: 192.0.1.0/24 + config: "{{ merged['config'] }}" state: merged - name: Assert that before dicts were correctly generated diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml index 59851c3..1afffef 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/parsed.yaml @@ -16,7 +16,7 @@ - name: Provide the running configuration for parsing (config to be parsed) register: result vyos.vyos.vyos_firewall_global: &id001 - running_config: "{{ lookup('file', '_parsed_config.cfg') }}" + running_config: "{{ lookup('file', parsed_config_file) }}" state: parsed - name: Assert that correct parsing done diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml index 34796b8..d8704ed 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/rendered.yaml @@ -8,50 +8,7 @@ - name: Structure provided configuration into device specific commands register: result vyos.vyos.vyos_firewall_global: &id001 - config: - validation: strict - config_trap: true - log_martians: true - syn_cookies: true - twa_hazards_protection: true - ping: - all: true - broadcast: true - state_policy: - - connection_type: established - action: accept - log: true - - - connection_type: invalid - action: reject - route_redirects: - - afi: ipv4 - ip_src_route: true - icmp_redirects: - send: true - receive: false - group: - address_group: - - name: SALES-HOSTS - description: Sales office hosts address list - members: - - address: 192.0.2.1 - - - address: 192.0.2.2 - - - address: 192.0.2.3 - - - name: ENG-HOSTS - description: Sales office hosts address list - members: - - address: 192.0.3.1 - - - address: 192.0.3.2 - network_group: - - name: MGMT - description: This group has the Management network addresses - members: - - address: 192.0.1.0/24 + config: "{{ rendered['config'] }}" state: rendered - name: Assert that correct set of commands were generated diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml index ec71139..4c7b427 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml @@ -8,50 +8,7 @@ - name: Replace device configurations of listed firewall with provided configurations register: result vyos.vyos.vyos_firewall_global: &id001 - config: - validation: strict - config_trap: true - log_martians: true - syn_cookies: true - twa_hazards_protection: true - ping: - all: true - broadcast: true - state_policy: - - connection_type: established - action: accept - log: true - - - connection_type: invalid - action: reject - route_redirects: - - afi: ipv4 - ip_src_route: true - icmp_redirects: - send: true - receive: false - group: - address_group: - - name: SALES-HOSTS - description: Sales office hosts address list - members: - - address: 192.0.2.1 - - - address: 192.0.2.2 - - - address: 192.0.2.3 - - - name: ENG-HOSTS - description: Sales office hosts address list - members: - - address: 192.0.3.1 - - - address: 192.0.3.2 - network_group: - - name: MGMT - description: This group has the Management network addresses - members: - - address: 192.0.1.0/24 + config: "{{ replaced['config'] }}" state: replaced - name: Assert that correct set of commands were generated diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml index f48e432..31cbbbd 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/rtt.yaml @@ -2,49 +2,15 @@ - debug: msg: START vyos_firewall_global round trip integration tests on connection={{ ansible_connection }} +- include_tasks: _get_version.yaml + - include_tasks: _remove_config.yaml - block: - name: Apply the provided configuration (base config) register: base_config vyos.vyos.vyos_firewall_global: - config: - validation: strict - config_trap: true - log_martians: true - syn_cookies: true - twa_hazards_protection: true - ping: - all: true - broadcast: true - state_policy: - - connection_type: established - action: accept - log: true - - - connection_type: invalid - action: reject - route_redirects: - - afi: ipv4 - ip_src_route: true - icmp_redirects: - send: true - receive: false - group: - address_group: - - name: MGMT-HOSTS - description: This group has the Management hosts address list - members: - - address: 192.0.1.1 - - - address: 192.0.1.3 - - - address: 192.0.1.5 - network_group: - - name: MGMT - description: This group has the Management network addresses - members: - - address: 192.0.1.0/24 + config: "{{ round_trip['forward_config'] }}" state: merged - name: Gather firewall_global facts @@ -57,15 +23,7 @@ - name: Apply the provided configuration (config to be reverted) register: result vyos.vyos.vyos_firewall_global: - config: - validation: strict - config_trap: false - log_martians: false - syn_cookies: false - twa_hazards_protection: false - ping: - all: false - broadcast: false + config: "{{ round_trip['revert_config'] }}" state: merged - name: Assert that changes were applied diff --git a/tests/integration/targets/vyos_firewall_global/tests/redirection/cli/shortname.yaml b/tests/integration/targets/vyos_firewall_global/tests/redirection/cli/shortname.yaml index 721a138..2255531 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/redirection/cli/shortname.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/redirection/cli/shortname.yaml @@ -8,43 +8,7 @@ - name: Merge the provided configuration with the existing running configuration register: result vyos.vyos.firewall_global: &id001 - config: - validation: strict - config_trap: true - log_martians: true - syn_cookies: true - twa_hazards_protection: true - ping: - all: true - broadcast: true - state_policy: - - connection_type: established - action: accept - log: true - - - connection_type: invalid - action: reject - route_redirects: - - afi: ipv4 - ip_src_route: true - icmp_redirects: - send: true - receive: false - group: - address_group: - - name: MGMT-HOSTS - description: This group has the Management hosts address list - members: - - address: 192.0.1.1 - - - address: 192.0.1.3 - - - address: 192.0.1.5 - network_group: - - name: MGMT - description: This group has the Management network addresses - members: - - address: 192.0.1.0/24 + config: "{{ merged['config'] }}" state: merged - name: Assert that before dicts were correctly generated diff --git a/tests/integration/targets/vyos_firewall_global/vars/main.yaml b/tests/integration/targets/vyos_firewall_global/vars/main.yaml index b996a94..363cc9e 100644 --- a/tests/integration/targets/vyos_firewall_global/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_global/vars/main.yaml @@ -1,30 +1,8 @@ --- merged: before: [] - commands: - - set firewall group address-group MGMT-HOSTS address 192.0.1.1 - - set firewall group address-group MGMT-HOSTS address 192.0.1.3 - - set firewall group address-group MGMT-HOSTS address 192.0.1.5 - - set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' - - set firewall group address-group MGMT-HOSTS - - set firewall group network-group MGMT network 192.0.1.0/24 - - set firewall group network-group MGMT description 'This group has the Management network addresses' - - set firewall group network-group MGMT - - set firewall ip-src-route 'enable' - - set firewall receive-redirects 'disable' - - set firewall send-redirects 'enable' - - set firewall config-trap 'enable' - - set firewall state-policy established action 'accept' - - set firewall state-policy established log 'enable' - - set firewall state-policy invalid action 'reject' - - set firewall broadcast-ping 'enable' - - set firewall all-ping 'enable' - - set firewall log-martians 'enable' - - set firewall twa-hazards-protection 'enable' - - set firewall syn-cookies 'enable' - - set firewall source-validation 'strict' + commands: "{{ merged_commands }}" after: - config_trap: true group: address_group: - members: @@ -59,9 +37,42 @@ merged: connection_type: invalid twa_hazards_protection: true validation: strict + config: + validation: strict + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: MGMT-HOSTS + description: This group has the Management hosts address list + members: + - address: 192.0.1.1 + - address: 192.0.1.3 + - address: 192.0.1.5 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 192.0.1.0/24 + populate: validation: strict - config_trap: true log_martians: true syn_cookies: true twa_hazards_protection: true @@ -95,20 +106,10 @@ populate: members: - address: 192.0.1.0/24 afi: ipv4 + replaced: - commands: - - delete firewall group address-group MGMT-HOSTS - - set firewall group address-group SALES-HOSTS address 192.0.2.1 - - set firewall group address-group SALES-HOSTS address 192.0.2.2 - - set firewall group address-group SALES-HOSTS address 192.0.2.3 - - set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' - - set firewall group address-group SALES-HOSTS - - set firewall group address-group ENG-HOSTS address 192.0.3.1 - - set firewall group address-group ENG-HOSTS address 192.0.3.2 - - set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' - - set firewall group address-group ENG-HOSTS + commands: "{{ replaced_commands }}" after: - config_trap: true group: address_group: - members: @@ -149,41 +150,93 @@ replaced: syn_cookies: true twa_hazards_protection: true validation: strict + config: + validation: strict + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: SALES-HOSTS + description: Sales office hosts address list + members: + - address: 192.0.2.1 + - address: 192.0.2.2 + - address: 192.0.2.3 + - name: ENG-HOSTS + description: Sales office hosts address list + members: + - address: 192.0.3.1 + - address: 192.0.3.2 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 192.0.1.0/24 + rendered: - commands: - - set firewall group address-group SALES-HOSTS address 192.0.2.1 - - set firewall group address-group SALES-HOSTS address 192.0.2.2 - - set firewall group address-group SALES-HOSTS address 192.0.2.3 - - set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' - - set firewall group address-group SALES-HOSTS - - set firewall group address-group ENG-HOSTS address 192.0.3.1 - - set firewall group address-group ENG-HOSTS address 192.0.3.2 - - set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' - - set firewall group address-group ENG-HOSTS - - set firewall group network-group MGMT network 192.0.1.0/24 - - set firewall group network-group MGMT description 'This group has the Management network addresses' - - set firewall group network-group MGMT - - set firewall ip-src-route 'enable' - - set firewall receive-redirects 'disable' - - set firewall send-redirects 'enable' - - set firewall config-trap 'enable' - - set firewall state-policy established action 'accept' - - set firewall state-policy established log 'enable' - - set firewall state-policy invalid action 'reject' - - set firewall broadcast-ping 'enable' - - set firewall all-ping 'enable' - - set firewall log-martians 'enable' - - set firewall twa-hazards-protection 'enable' - - set firewall syn-cookies 'enable' - - set firewall source-validation 'strict' + commands: "{{ rendered_commands }}" + config: + validation: strict + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: SALES-HOSTS + description: Sales office hosts address list + members: + - address: 192.0.2.1 + - address: 192.0.2.2 + - address: 192.0.2.3 + - name: ENG-HOSTS + description: Sales office hosts address list + members: + - address: 192.0.3.1 + - address: 192.0.3.2 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 192.0.1.0/24 + deleted: - commands: - - "delete firewall " + commands: "{{ deleted_commands }}" after: [] + round_trip: after: validation: strict - config_trap: false log_martians: false syn_cookies: false twa_hazards_protection: false @@ -217,3 +270,44 @@ round_trip: members: - address: 192.0.1.0/24 afi: ipv4 + forward_config: + validation: strict + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: MGMT-HOSTS + description: This group has the Management hosts address list + members: + - address: 192.0.1.1 + - address: 192.0.1.3 + - address: 192.0.1.5 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 192.0.1.0/24 + revert_config: + validation: strict + log_martians: false + syn_cookies: false + twa_hazards_protection: false + ping: + all: false + broadcast: false diff --git a/tests/integration/targets/vyos_firewall_global/vars/pre-v1_4.yaml b/tests/integration/targets/vyos_firewall_global/vars/pre-v1_4.yaml new file mode 100644 index 0000000..db29345 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/vars/pre-v1_4.yaml @@ -0,0 +1,85 @@ +--- +merged_commands: + - set firewall group address-group MGMT-HOSTS address 192.0.1.1 + - set firewall group address-group MGMT-HOSTS address 192.0.1.3 + - set firewall group address-group MGMT-HOSTS address 192.0.1.5 + - set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' + - set firewall group address-group MGMT-HOSTS + - set firewall group network-group MGMT network 192.0.1.0/24 + - set firewall group network-group MGMT description 'This group has the Management network addresses' + - set firewall group network-group MGMT + - set firewall ip-src-route 'enable' + - set firewall receive-redirects 'disable' + - set firewall send-redirects 'enable' + - set firewall state-policy established action 'accept' + - set firewall state-policy established log 'enable' + - set firewall state-policy invalid action 'reject' + - set firewall broadcast-ping 'enable' + - set firewall all-ping 'enable' + - set firewall log-martians 'enable' + - set firewall twa-hazards-protection 'enable' + - set firewall syn-cookies 'enable' + - set firewall source-validation 'strict' + +populate_commands: + - set firewall all-ping 'enable' + - set firewall broadcast-ping 'enable' + - set firewall group address-group MGMT-HOSTS address '192.0.1.1' + - set firewall group address-group MGMT-HOSTS address '192.0.1.3' + - set firewall group address-group MGMT-HOSTS address '192.0.1.5' + - set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' + - set firewall group network-group MGMT description 'This group has the Management network addresses' + - set firewall group network-group MGMT network '192.0.1.0/24' + - set firewall ip-src-route 'enable' + - set firewall log-martians 'enable' + - set firewall receive-redirects 'disable' + - set firewall send-redirects 'enable' + - set firewall source-validation 'strict' + - set firewall state-policy established action 'accept' + - set firewall state-policy established log 'enable' + - set firewall state-policy invalid action 'reject' + - set firewall syn-cookies 'enable' + - set firewall twa-hazards-protection 'enable' + +replaced_commands: + - delete firewall group address-group MGMT-HOSTS + - set firewall group address-group SALES-HOSTS address 192.0.2.1 + - set firewall group address-group SALES-HOSTS address 192.0.2.2 + - set firewall group address-group SALES-HOSTS address 192.0.2.3 + - set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' + - set firewall group address-group SALES-HOSTS + - set firewall group address-group ENG-HOSTS address 192.0.3.1 + - set firewall group address-group ENG-HOSTS address 192.0.3.2 + - set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' + - set firewall group address-group ENG-HOSTS + +rendered_commands: + - set firewall group address-group SALES-HOSTS address 192.0.2.1 + - set firewall group address-group SALES-HOSTS address 192.0.2.2 + - set firewall group address-group SALES-HOSTS address 192.0.2.3 + - set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' + - set firewall group address-group SALES-HOSTS + - set firewall group address-group ENG-HOSTS address 192.0.3.1 + - set firewall group address-group ENG-HOSTS address 192.0.3.2 + - set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' + - set firewall group address-group ENG-HOSTS + - set firewall group network-group MGMT network 192.0.1.0/24 + - set firewall group network-group MGMT description 'This group has the Management network addresses' + - set firewall group network-group MGMT + - set firewall ip-src-route 'enable' + - set firewall receive-redirects 'disable' + - set firewall send-redirects 'enable' + - set firewall state-policy established action 'accept' + - set firewall state-policy established log 'enable' + - set firewall state-policy invalid action 'reject' + - set firewall broadcast-ping 'enable' + - set firewall all-ping 'enable' + - set firewall log-martians 'enable' + - set firewall twa-hazards-protection 'enable' + - set firewall syn-cookies 'enable' + - set firewall source-validation 'strict' + +deleted_commands: + - "delete firewall" + +parsed_config_file: "_parsed_config_1_3.cfg" diff --git a/tests/integration/targets/vyos_firewall_global/vars/v1_4.yaml b/tests/integration/targets/vyos_firewall_global/vars/v1_4.yaml new file mode 100644 index 0000000..d1ee6f2 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_global/vars/v1_4.yaml @@ -0,0 +1,85 @@ +--- +merged_commands: + - set firewall group address-group MGMT-HOSTS address 192.0.1.1 + - set firewall group address-group MGMT-HOSTS address 192.0.1.3 + - set firewall group address-group MGMT-HOSTS address 192.0.1.5 + - set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' + - set firewall group address-group MGMT-HOSTS + - set firewall group network-group MGMT network 192.0.1.0/24 + - set firewall group network-group MGMT description 'This group has the Management network addresses' + - set firewall group network-group MGMT + - set firewall global-options ip-src-route 'enable' + - set firewall global-options receive-redirects 'disable' + - set firewall global-options send-redirects 'enable' + - set firewall global-options state-policy established action 'accept' + - set firewall global-options state-policy established log + - set firewall global-options state-policy invalid action 'reject' + - set firewall global-options broadcast-ping 'enable' + - set firewall global-options all-ping 'enable' + - set firewall global-options log-martians 'enable' + - set firewall global-options twa-hazards-protection 'enable' + - set firewall global-options syn-cookies 'enable' + - set firewall global-options source-validation 'strict' + +populate_commands: + - set firewall global-options all-ping 'enable' + - set firewall global-options broadcast-ping 'enable' + - set firewall group address-group MGMT-HOSTS address '192.0.1.1' + - set firewall group address-group MGMT-HOSTS address '192.0.1.3' + - set firewall group address-group MGMT-HOSTS address '192.0.1.5' + - set firewall group address-group MGMT-HOSTS description 'This group has the Management hosts address list' + - set firewall group network-group MGMT description 'This group has the Management network addresses' + - set firewall group network-group MGMT network '192.0.1.0/24' + - set firewall global-options ip-src-route 'enable' + - set firewall global-options log-martians 'enable' + - set firewall global-options receive-redirects 'disable' + - set firewall global-options send-redirects 'enable' + - set firewall global-options source-validation 'strict' + - set firewall global-options state-policy established action 'accept' + - set firewall global-options state-policy established log + - set firewall global-options state-policy invalid action 'reject' + - set firewall global-options syn-cookies 'enable' + - set firewall global-options twa-hazards-protection 'enable' + +replaced_commands: + - delete firewall group address-group MGMT-HOSTS + - set firewall group address-group SALES-HOSTS address 192.0.2.1 + - set firewall group address-group SALES-HOSTS address 192.0.2.2 + - set firewall group address-group SALES-HOSTS address 192.0.2.3 + - set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' + - set firewall group address-group SALES-HOSTS + - set firewall group address-group ENG-HOSTS address 192.0.3.1 + - set firewall group address-group ENG-HOSTS address 192.0.3.2 + - set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' + - set firewall group address-group ENG-HOSTS + +rendered_commands: + - set firewall group address-group SALES-HOSTS address 192.0.2.1 + - set firewall group address-group SALES-HOSTS address 192.0.2.2 + - set firewall group address-group SALES-HOSTS address 192.0.2.3 + - set firewall group address-group SALES-HOSTS description 'Sales office hosts address list' + - set firewall group address-group SALES-HOSTS + - set firewall group address-group ENG-HOSTS address 192.0.3.1 + - set firewall group address-group ENG-HOSTS address 192.0.3.2 + - set firewall group address-group ENG-HOSTS description 'Sales office hosts address list' + - set firewall group address-group ENG-HOSTS + - set firewall group network-group MGMT network 192.0.1.0/24 + - set firewall group network-group MGMT description 'This group has the Management network addresses' + - set firewall group network-group MGMT + - set firewall global-options ip-src-route 'enable' + - set firewall global-options receive-redirects 'disable' + - set firewall global-options send-redirects 'enable' + - set firewall global-options state-policy established action 'accept' + - set firewall global-options state-policy established log + - set firewall global-options state-policy invalid action 'reject' + - set firewall global-options broadcast-ping 'enable' + - set firewall global-options all-ping 'enable' + - set firewall global-options log-martians 'enable' + - set firewall global-options twa-hazards-protection 'enable' + - set firewall global-options syn-cookies 'enable' + - set firewall global-options source-validation 'strict' + +deleted_commands: + - "delete firewall" + +parsed_config_file: "_parsed_config_1_4.cfg" |