diff options
35 files changed, 5585 insertions, 14 deletions
@@ -56,6 +56,7 @@ Name | Description [vyos.vyos.vyos_ospfv2](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv2_module.rst)|OSPFv2 resource module [vyos.vyos.vyos_ospfv3](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv3_module.rst)|OSPFV3 resource module [vyos.vyos.vyos_ping](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ping_module.rst)|Tests reachability using ping from VyOS network devices +[vyos.vyos.vyos_prefix_lists](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_prefix_lists_module.rst)|Prefix-Lists resource module for VyOS [vyos.vyos.vyos_route_maps](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_route_maps_module.rst)|Route Map Resource Module. [vyos.vyos.vyos_static_route](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_route_module.rst)|(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices [vyos.vyos.vyos_static_routes](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_routes_module.rst)|Static routes resource module diff --git a/changelogs/fragments/vyos_prefix_lists.yml b/changelogs/fragments/vyos_prefix_lists.yml new file mode 100644 index 0000000..8eabc1e --- /dev/null +++ b/changelogs/fragments/vyos_prefix_lists.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Add vyos_prefix_lists Resource Module. diff --git a/docs/vyos.vyos.vyos_ping_module.rst b/docs/vyos.vyos.vyos_ping_module.rst index a1674b5..59e4a74 100644 --- a/docs/vyos.vyos.vyos_ping_module.rst +++ b/docs/vyos.vyos.vyos_ping_module.rst @@ -405,7 +405,7 @@ Common return values are documented `here <https://docs.ansible.com/ansible/late <div>The round trip time (RTT) stats.</div> <br/> <div style="font-size: smaller"><b>Sample:</b></div> - <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">AnsibleMapping([('avg', 2), ('max', 8), ('min', 1), ('mdev', 24)])</div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">{'avg': 2, 'max': 8, 'min': 1, 'mdev': 24}</div> </td> </tr> </table> diff --git a/docs/vyos.vyos.vyos_prefix_lists_module.rst b/docs/vyos.vyos.vyos_prefix_lists_module.rst new file mode 100644 index 0000000..965b890 --- /dev/null +++ b/docs/vyos.vyos.vyos_prefix_lists_module.rst @@ -0,0 +1,1591 @@ +.. _vyos.vyos.vyos_prefix_lists_module: + + +*************************** +vyos.vyos.vyos_prefix_lists +*************************** + +**Prefix-Lists resource module for VyOS** + + +Version added: 2.4.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module manages prefix-lists configuration on devices running VyOS + + + + +Parameters +---------- + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="4">Parameter</th> + <th>Choices/<font color="blue">Defaults</font></th> + <th width="100%">Comments</th> + </tr> + <tr> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>A list of prefix-list options</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>afi</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>ipv4</li> + <li>ipv6</li> + </ul> + </td> + <td> + <div>The Address Family Indicator (AFI) for the prefix-lists</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td colspan="3"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>prefix_lists</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>A list of prefix-list configurations</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>description</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>A brief text description for the prefix-list</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>entries</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + / <span style="color: purple">elements=dictionary</span> + </div> + </td> + <td> + </td> + <td> + <div>Rule configurations for the prefix-list</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>action</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li>permit</li> + <li>deny</li> + </ul> + </td> + <td> + <div>The action to be taken for packets matching a prefix list rule</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>description</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>A brief text description for the prefix list rule</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>ge</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Minimum prefix length to be matched</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>le</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + </div> + </td> + <td> + </td> + <td> + <div>Maximum prefix list length to be matched</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>prefix</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>IPv4 or IPv6 prefix in A.B.C.D/LEN or A:B::C:D/LEN format</div> + </td> + </tr> + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>sequence</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">integer</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>A numeric identifier for the rule</div> + </td> + </tr> + + <tr> + <td class="elbow-placeholder"></td> + <td class="elbow-placeholder"></td> + <td colspan="2"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>name</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + / <span style="color: red">required</span> + </div> + </td> + <td> + </td> + <td> + <div>The name of a defined prefix-list</div> + </td> + </tr> + + + <tr> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>running_config</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + </td> + <td> + <div>This option is used only with state <em>parsed</em>.</div> + <div>The value of this option should be the output received from the VyOS device by executing the command <b>show configuration commands | grep prefix-list</b>.</div> + <div>The state <em>parsed</em> reads the configuration from <code>running_config</code> option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the <em>parsed</em> key within the result.</div> + </td> + </tr> + <tr> + <td colspan="4"> + <div class="ansibleOptionAnchor" id="parameter-"></div> + <b>state</b> + <a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a> + <div style="font-size: small"> + <span style="color: purple">string</span> + </div> + </td> + <td> + <ul style="margin: 0; padding: 0"><b>Choices:</b> + <li><div style="color: blue"><b>merged</b> ←</div></li> + <li>replaced</li> + <li>overridden</li> + <li>deleted</li> + <li>gathered</li> + <li>rendered</li> + <li>parsed</li> + </ul> + </td> + <td> + <div>The state the configuration should be left in</div> + </td> + </tr> + </table> + <br/> + + +Notes +----- + +.. note:: + - Tested against VyOS 1.1.8 (helium) + - This module works with connection ``network_cli`` + + + +Examples +-------- + +.. code-block:: yaml + + # # ------------------- + # # 1. Using merged + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # vyos@vyos:~$ + + # # Task + # # ------------- + # - name: Merge the provided configuration with the existing running configuration + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: "PL configured by ansible" + # entries: + # - sequence: 2 + # description: "Rule 2 given by ansible" + # action: "permit" + # prefix: "92.168.10.0/26" + # le: 32 + + # - sequence: 3 + # description: "Rule 3" + # action: "deny" + # prefix: "72.168.2.0/24" + # ge: 26 + + # - afi: "ipv6" + # prefix_lists: + # - name: "AllowIPv6Prefix" + # description: "Configured by ansible for allowing IPv6 networks" + # entries: + # - sequence: 5 + # description: "Permit rule" + # action: "permit" + # prefix: "2001:db8:8000::/35" + # le: 37 + + # - name: DenyIPv6Prefix + # description: "Configured by ansible for disallowing IPv6 networks" + # entries: + # - sequence: 8 + # action: deny + # prefix: "2001:db8:2000::/35" + # le: 37 + # state: merged + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "before": [], + # "changed": true, + # "commands": [ + # "set policy prefix-list AnsibleIPv4PrefixList", + # "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", + # "set policy prefix-list6 AllowIPv6Prefix", + # "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", + # "set policy prefix-list6 DenyIPv6Prefix", + # "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" + # ] + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + + # # ------------------- + # # 2. Using replaced + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: "Configuration replaced by ansible" + # entries: + # - sequence: 3 + # description: "Rule 3 replaced by ansible" + # action: "permit" + # prefix: "82.168.2.0/24" + # ge: 26 + # state: replaced + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "Configuration replaced by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 3 replaced by ansible", + # "ge": 26, + # "sequence": 3, + # "prefix": "82.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 2" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + + # # ------------------- + # # 3. Using overridden + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Override all prefix-lists configuration with provided configuration + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: Rule 2 overridden by ansible + # entries: + # - sequence: 2 + # action: "deny" + # ge: 26 + # prefix: "82.168.2.0/24" + + # - name: "OverriddenPrefixList" + # description: Configuration overridden by ansible + # entries: + # - sequence: 10 + # action: permit + # prefix: "203.0.113.96/27" + # le: 32 + # state: overridden + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "Rule 2 overridden by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "deny", + # "ge": 26, + # "sequence": 2, + # "prefix": "82.168.2.0/24" + # } + # ] + # }, + # { + # "description": "Configuration overridden by ansible", + # "name": "OverriddenPrefixList", + # "entries": [ + # { + # "action": "permit", + # "sequence": 10, + # "le": 32, + # "prefix": "203.0.113.96/27" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list6 AllowIPv6Prefix", + # "delete policy prefix-list6 DenyIPv6Prefix", + # "set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 3", + # "set policy prefix-list OverriddenPrefixList", + # "set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible'", + # "set policy prefix-list OverriddenPrefixList rule 10", + # "set policy prefix-list OverriddenPrefixList rule 10 action 'permit'", + # "set policy prefix-list OverriddenPrefixList rule 10 le '32'", + # "set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27'" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24' + # set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible' + # set policy prefix-list OverriddenPrefixList rule 10 action 'permit' + # set policy prefix-list OverriddenPrefixList rule 10 le '32' + # set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27' + # vyos@vyos:~$ + + + # # ------------------- + # # 4(i). Using deleted (to delete all prefix lists from the device) + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Delete all prefix-lists + # vyos.vyos.vyos_prefix_lists: + # config: + # state: deleted + + # # Task output: + # # ------------- + # "after": [], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list AnsibleIPv4PrefixList", + # "delete policy prefix-list6 AllowIPv6Prefix", + # "delete policy prefix-list6 DenyIPv6Prefix" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # vyos@vyos:~$ + + + # # ------------------- + # # 4(ii). Using deleted (to delete all prefix lists for an AFI) + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Delete all prefix-lists for IPv6 AFI + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv6" + # state: deleted + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list6 AllowIPv6Prefix", + # "delete policy prefix-list6 DenyIPv6Prefix" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # vyos@vyos:~$ + + + # # ------------------- + # # 4(iii). Using deleted (to delete single prefix list by name in different AFIs) + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Delete a single prefix-list from different AFIs + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # - afi: "ipv6" + # prefix_lists: + # - name: "DenyIPv6Prefix" + # state: deleted + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list AnsibleIPv4PrefixList", + # "delete policy prefix-list6 DenyIPv6Prefix" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # vyos@vyos:~$ + + + # # ------------------- + # # 5. Using gathered + # # ------------------- + + # # Task: + # # ------------- + # - name: Gather prefix-lists configurations + # vyos.vyos.vyos_prefix_lists: + # config: + # state: gathered + + # # Task output: + # # ------------- + # "gathered": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ] + + + # # ------------------- + # # 6. Using rendered + # # ------------------- + + # # Task: + # # ------------- + # - name: Render commands externally for the described prefix-list configurations + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: "PL configured by ansible" + # entries: + # - sequence: 2 + # description: "Rule 2 given by ansible" + # action: "permit" + # prefix: "92.168.10.0/26" + # le: 32 + + # - sequence: 3 + # description: "Rule 3" + # action: "deny" + # prefix: "72.168.2.0/24" + # ge: 26 + + # - afi: "ipv6" + # prefix_lists: + # - name: "AllowIPv6Prefix" + # description: "Configured by ansible for allowing IPv6 networks" + # entries: + # - sequence: 5 + # description: "Permit rule" + # action: "permit" + # prefix: "2001:db8:8000::/35" + # le: 37 + + # - name: DenyIPv6Prefix + # description: "Configured by ansible for disallowing IPv6 networks" + # entries: + # - sequence: 8 + # action: deny + # prefix: "2001:db8:2000::/35" + # le: 37 + # state: rendered + + # # Task output: + # # ------------- + # "rendered": [ + # "set policy prefix-list AnsibleIPv4PrefixList", + # "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", + # "set policy prefix-list6 AllowIPv6Prefix", + # "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", + # "set policy prefix-list6 DenyIPv6Prefix", + # "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" + # ] + + + # # ------------------- + # # 7. Using parsed + # # ------------------- + + # # sample_config.cfg: + # # ------------- + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + + # # Task: + # # ------------- + # - name: Parse externally provided prefix-lists configuration + # vyos.vyos.vyos_prefix_lists: + # running_config: "{{ lookup('file', './sample_config.cfg') }}" + # state: parsed + + # # Task output: + # # ------------- + # "parsed": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ] + + + +Return Values +------------- +Common return values are documented `here <https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values>`_, the following are the fields unique to this module: + +.. raw:: html + + <table border=0 cellpadding=0 class="documentation-table"> + <tr> + <th colspan="1">Key</th> + <th>Returned</th> + <th width="100%">Description</th> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>after</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when changed</td> + <td> + <div>The resulting configuration after the module invocation.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">This output will always be in the same format as the module argspec.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>before</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when state is <em>merged</em>, <em>replaced</em>, <em>overridden</em> or <em>deleted</em></td> + <td> + <div>The configuration prior to the module invocation.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">This output will always be in the same format as the module argspec.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>commands</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when state is <em>merged</em>, <em>replaced</em>, <em>overridden</em> or <em>deleted</em></td> + <td> + <div>The set of commands pushed to the remote device for the required configurations to take place.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'"]</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>gathered</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when state is <em>gathered</em></td> + <td> + <div>Facts about the network resource gathered from the remote device as structured data.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">This output will always be in the same format as the module argspec.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>parsed</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when state is <em>parsed</em></td> + <td> + <div>The device native config provided in <em>running_config</em> option parsed into structured data as per module argspec.</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">This output will always be in the same format as the module argspec.</div> + </td> + </tr> + <tr> + <td colspan="1"> + <div class="ansibleOptionAnchor" id="return-"></div> + <b>rendered</b> + <a class="ansibleOptionLink" href="#return-" title="Permalink to this return value"></a> + <div style="font-size: small"> + <span style="color: purple">list</span> + </div> + </td> + <td>when state is <em>rendered</em></td> + <td> + <div>The provided configuration in the task rendered in device-native format (offline).</div> + <br/> + <div style="font-size: smaller"><b>Sample:</b></div> + <div style="font-size: smaller; color: blue; word-wrap: break-word; word-break: break-all;">["set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'"]</div> + </td> + </tr> + </table> + <br/><br/> + + +Status +------ + + +Authors +~~~~~~~ + +- Priyam Sahoo (@priyamsahoo) diff --git a/meta/runtime.yml b/meta/runtime.yml index f8db7cc..912c896 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,5 +1,5 @@ --- -requires_ansible: '>=2.9.10' +requires_ansible: ">=2.9.10" plugin_routing: action: vyos_banner: @@ -98,6 +98,10 @@ plugin_routing: redirect: vyos.vyos.vyos ping: redirect: vyos.vyos.vyos + vyos_prefix_lists: + redirect: vyos.vyos.vyos + prefix_lists: + redirect: vyos.vyos.vyos vyos_static_route: redirect: vyos.vyos.vyos static_route: @@ -140,22 +144,22 @@ plugin_routing: interface: redirect: vyos.vyos.vyos_interface deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_interface: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details interfaces: redirect: vyos.vyos.vyos_interfaces l3_interface: redirect: vyos.vyos.vyos_l3_interface deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_l3_interface: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details l3_interfaces: redirect: vyos.vyos.vyos_l3_interfaces @@ -164,31 +168,31 @@ plugin_routing: linkagg: redirect: vyos.vyos.vyos_linkagg deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_linkagg: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp: redirect: vyos.vyos.vyos_lldp deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_lldp: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp_global: redirect: vyos.vyos.vyos_lldp_global lldp_interface: redirect: vyos.vyos.vyos_lldp_interface deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_lldp_interface: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp_interfaces: redirect: vyos.vyos.vyos_lldp_interfaces @@ -202,14 +206,16 @@ plugin_routing: redirect: vyos.vyos.vyos_ospf_interfaces ping: redirect: vyos.vyos.vyos_ping + prefix_lists: + redirect: vyos.vyos.vyos_prefix_lists static_route: redirect: vyos.vyos.vyos_static_route deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_static_route: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details static_routes: redirect: vyos.vyos.vyos_static_routes diff --git a/plugins/module_utils/network/vyos/argspec/prefix_lists/__init__.py b/plugins/module_utils/network/vyos/argspec/prefix_lists/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/module_utils/network/vyos/argspec/prefix_lists/__init__.py diff --git a/plugins/module_utils/network/vyos/argspec/prefix_lists/prefix_lists.py b/plugins/module_utils/network/vyos/argspec/prefix_lists/prefix_lists.py new file mode 100644 index 0000000..c7d2e98 --- /dev/null +++ b/plugins/module_utils/network/vyos/argspec/prefix_lists/prefix_lists.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +############################################# +# WARNING # +############################################# +# +# This file is auto generated by the +# cli_rm_builder. +# +# Manually editing this file is not advised. +# +# To update the argspec make the desired changes +# in the module docstring and re-run +# cli_rm_builder. +# +############################################# + +""" +The arg spec for the vyos_prefix_lists module +""" + + +class Prefix_listsArgs(object): # pylint: disable=R0903 + """The arg spec for the vyos_prefix_lists module""" + + argument_spec = { + "config": { + "type": "list", + "elements": "dict", + "options": { + "afi": { + "type": "str", + "choices": ["ipv4", "ipv6"], + "required": True, + }, + "prefix_lists": { + "type": "list", + "elements": "dict", + "options": { + "name": {"type": "str", "required": True}, + "description": {"type": "str"}, + "entries": { + "type": "list", + "elements": "dict", + "options": { + "sequence": {"type": "int", "required": True}, + "description": {"type": "str"}, + "action": { + "type": "str", + "choices": ["permit", "deny"], + }, + "ge": {"type": "int"}, + "le": {"type": "int"}, + "prefix": {"type": "str"}, + }, + }, + }, + }, + }, + }, + "running_config": {"type": "str"}, + "state": { + "type": "str", + "choices": [ + "merged", + "replaced", + "overridden", + "deleted", + "gathered", + "rendered", + "parsed", + ], + "default": "merged", + }, + } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/vyos/config/prefix_lists/__init__.py b/plugins/module_utils/network/vyos/config/prefix_lists/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/module_utils/network/vyos/config/prefix_lists/__init__.py diff --git a/plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py b/plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py new file mode 100644 index 0000000..b2c119d --- /dev/null +++ b/plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py @@ -0,0 +1,182 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The vyos_prefix_lists config file. +It is in this file where the current configuration (as dict) +is compared to the provided configuration (as dict) and the command set +necessary to bring the current configuration to its desired end-state is +created. +""" + + +from ansible.module_utils.six import iteritems +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + dict_merge, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module import ( + ResourceModule, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import ( + Facts, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.prefix_lists import ( + Prefix_listsTemplate, +) + + +class Prefix_lists(ResourceModule): + """ + The vyos_prefix_lists config class + """ + + def __init__(self, module): + super(Prefix_lists, self).__init__( + empty_fact_val=[], + facts_module=Facts(module), + module=module, + resource="prefix_lists", + tmplt=Prefix_listsTemplate(), + ) + self.plist_parsers = [ + "name", + "description", + ] + self.entries_parsers = [ + "sequence", + "action", + "rule_description", + "ge", + "le", + "prefix", + ] + + def execute_module(self): + """Execute the module + + :rtype: A dictionary + :returns: The result from module execution + """ + if self.state not in ["parsed", "gathered"]: + self.generate_commands() + self.run_commands() + return self.result + + def generate_commands(self): + """Generate configuration commands to send based on + want, have and desired state. + """ + wantd = {entry["afi"]: entry for entry in self.want} + haved = {entry["afi"]: entry for entry in self.have} + + self._prefix_list_list_to_dict(wantd) + self._prefix_list_list_to_dict(haved) + + # if state is merged, merge want onto have and then compare + if self.state == "merged": + wantd = dict_merge(haved, wantd) + + # if state is deleted, empty out wantd and set haved to wantd + if self.state == "deleted": + haved = { + k: v for k, v in iteritems(haved) if k in wantd or not wantd + } + for key, hvalue in iteritems(haved): + wvalue = wantd.pop(key, {}) + if wvalue: + wplists = wvalue.get("prefix_lists", {}) + hplists = hvalue.get("prefix_lists", {}) + hvalue["prefix_lists"] = { + k: v + for k, v in iteritems(hplists) + if k in wplists or not wplists + } + + # remove superfluous config for overridden and deleted + if self.state in ["overridden", "deleted"]: + for k, have in iteritems(haved): + if k not in wantd: + self._compare(want={}, have=have) + + for k, want in iteritems(wantd): + self._compare(want=want, have=haved.pop(k, {})) + + def _compare(self, want, have): + """Leverages the base class `compare()` method and + populates the list of commands to be run by comparing + the `want` and `have` data with the `parsers` defined + for the Prefix_lists network resource. + """ + wplists = want.get("prefix_lists", {}) + hplists = have.get("prefix_lists", {}) + + self._compare_plists(want=wplists, have=hplists) + + if self.state in ["overridden", "deleted"]: + # remove remaining prefix lists + for h in hplists.values(): + self.commands.append( + "delete policy prefix-{0} {1}".format( + "list" if h["afi"] == "ipv4" else "list6", h["name"] + ) + ) + + def _compare_plists(self, want, have): + for wk, wentry in iteritems(want): + hentry = have.pop(wk, {}) + + # parser list for name and descriptions + self.compare( + parsers=self.plist_parsers, + want=wentry, + have=hentry, + ) + + wplrules = wentry.get("entries", {}) + hplrules = hentry.get("entries", {}) + + self._compare_rules(want=wplrules, have=hplrules) + + def _compare_rules(self, want, have): + for wr, wrule in iteritems(want): + hrule = have.pop(wr, {}) + + # parser list for entries + self.compare( + parsers=self.entries_parsers, + want=wrule, + have=hrule, + ) + + # remove remaining entries + for hr in have.values(): + self.commands.append( + "delete policy prefix-{0} {1} rule {2}".format( + "list" if hr["afi"] == "ipv4" else "list6", + hr["name"], + hr["sequence"], + ) + ) + + def _prefix_list_list_to_dict(self, entry): + for afi, value in iteritems(entry): + if "prefix_lists" in value: + for pl in value["prefix_lists"]: + pl.update({"afi": afi}) + if "entries" in pl: + for entry in pl["entries"]: + entry.update({"afi": afi, "name": pl["name"]}) + pl["entries"] = { + x["sequence"]: x for x in pl["entries"] + } + value["prefix_lists"] = { + entry["name"]: entry for entry in value["prefix_lists"] + } diff --git a/plugins/module_utils/network/vyos/facts/facts.py b/plugins/module_utils/network/vyos/facts/facts.py index 81518f8..90ee03c 100644 --- a/plugins/module_utils/network/vyos/facts/facts.py +++ b/plugins/module_utils/network/vyos/facts/facts.py @@ -58,6 +58,9 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_a from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.route_maps.route_maps import ( Route_mapsFacts, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.prefix_lists.prefix_lists import ( + Prefix_listsFacts, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.legacy.base import ( Default, Neighbors, @@ -82,6 +85,7 @@ FACT_RESOURCE_SUBSETS = dict( bgp_global=Bgp_globalFacts, bgp_address_family=Bgp_address_familyFacts, route_maps=Route_mapsFacts, + prefix_lists=Prefix_listsFacts, ) diff --git a/plugins/module_utils/network/vyos/facts/prefix_lists/__init__.py b/plugins/module_utils/network/vyos/facts/prefix_lists/__init__.py new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/plugins/module_utils/network/vyos/facts/prefix_lists/__init__.py diff --git a/plugins/module_utils/network/vyos/facts/prefix_lists/prefix_lists.py b/plugins/module_utils/network/vyos/facts/prefix_lists/prefix_lists.py new file mode 100644 index 0000000..15a2db9 --- /dev/null +++ b/plugins/module_utils/network/vyos/facts/prefix_lists/prefix_lists.py @@ -0,0 +1,93 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The vyos prefix_lists fact class +It is in this file the configuration is collected from the device +for a given resource, parsed, and the facts tree is populated +based on the configuration. +""" + + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.prefix_lists import ( + Prefix_listsTemplate, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.prefix_lists.prefix_lists import ( + Prefix_listsArgs, +) + + +class Prefix_listsFacts(object): + """The vyos prefix_lists facts class""" + + def __init__(self, module, subspec="config", options="options"): + self._module = module + self.argument_spec = Prefix_listsArgs.argument_spec + + def get_config(self, connection): + return connection.get("show configuration commands | grep prefix-list") + + def populate_facts(self, connection, ansible_facts, data=None): + """Populate the facts for Prefix_lists network resource + + :param connection: the device connection + :param ansible_facts: Facts dictionary + :param data: previously collected conf + + :rtype: dictionary + :returns: facts + """ + facts = {} + objs = [] + + if not data: + data = self.get_config(connection) + + # parse native config using the Prefix_lists template + prefix_lists_parser = Prefix_listsTemplate( + lines=data.splitlines(), module=self._module + ) + + objs = prefix_lists_parser.parse() + objs = sorted( + list(objs.values()), + key=lambda k: k["afi"], + ) + + if objs: + for item in objs: + item["prefix_lists"] = sorted( + list(item["prefix_lists"].values()), + key=lambda k: k["name"], + ) + for pl in item["prefix_lists"]: + if "entries" in pl: + pl["entries"] = sorted( + list(pl["entries"].values()), + key=lambda k: k["sequence"], + ) + + ansible_facts["ansible_network_resources"].pop("prefix_lists", None) + + params = utils.remove_empties( + prefix_lists_parser.validate_config( + self.argument_spec, {"config": objs}, redact=True + ) + ) + + if params.get("config"): + facts["prefix_lists"] = params["config"] + else: + facts["prefix_lists"] = [] + ansible_facts["ansible_network_resources"].update(facts) + + return ansible_facts diff --git a/plugins/module_utils/network/vyos/rm_templates/prefix_lists.py b/plugins/module_utils/network/vyos/rm_templates/prefix_lists.py new file mode 100644 index 0000000..9a66a8d --- /dev/null +++ b/plugins/module_utils/network/vyos/rm_templates/prefix_lists.py @@ -0,0 +1,265 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The Prefix_lists parser templates file. This contains +a list of parser definitions and associated functions that +facilitates both facts gathering and native command generation for +the given network resource. +""" + +import re +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( + NetworkTemplate, +) + + +class Prefix_listsTemplate(NetworkTemplate): + def __init__(self, lines=None, module=None): + prefix = {"set": "set", "remove": "delete"} + super(Prefix_listsTemplate, self).__init__( + lines=lines, tmplt=self, module=module, prefix=prefix + ) + + # fmt: off + PARSERS = [ + # policy prefix-list <list-name> + { + "name": "name", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }}", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + } + } + } + }, + }, + + # policy prefix-list <list-name> description <desc> + { + "name": "description", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \sdescription\s'(?P<description>.+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} description '{{ description }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "description": "{{ description }}" + } + } + } + }, + }, + + # policy prefix-list <list-name> rule <rule-num> + { + "name": "sequence", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \srule\s(?P<sequence>\d+) + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }}", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}" + } + } + } + } + } + }, + }, + + # policy prefix-list <list-name> rule <rule-num> action + { + "name": "action", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \srule\s(?P<sequence>\d+) + \saction\s'(?P<action>permit|deny)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} action '{{ action }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "action": "{{ action }}" + } + } + } + } + } + }, + }, + + # policy prefix-list <list-name> rule <rule-num> description <desc> + { + "name": "rule_description", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \srule\s(?P<sequence>\d+) + \sdescription\s'(?P<rule_description>.+)' + $""", re.VERBOSE), + "compval": "description", + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} description '{{ description }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "description": "{{ rule_description }}" + } + } + } + } + } + }, + }, + + # policy prefix-list <list-name> rule <rule-num> ge <value> + { + "name": "ge", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \srule\s(?P<sequence>\d+) + \sge\s'(?P<ge>\d+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} ge '{{ ge }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "ge": "{{ ge }}" + } + } + } + } + } + }, + }, + + # policy prefix-list <list-name> rule <rule-num> le <value> + { + "name": "le", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \srule\s(?P<sequence>\d+) + \sle\s'(?P<le>\d+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} le '{{ le }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "le": "{{ le }}" + } + } + } + } + } + }, + }, + + # policy prefix-list <list-name> rule <rule-num> prefix <ip> + { + "name": "prefix", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P<afi>\S+) + \s(?P<name>\S+) + \srule\s(?P<sequence>\d+) + \sprefix\s'(?P<prefix>\S+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} prefix '{{ prefix }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "prefix": "{{ prefix }}" + } + } + } + } + } + }, + }, + ] + # fmt: on diff --git a/plugins/modules/vyos_prefix_lists.py b/plugins/modules/vyos_prefix_lists.py new file mode 100644 index 0000000..8b67caf --- /dev/null +++ b/plugins/modules/vyos_prefix_lists.py @@ -0,0 +1,1329 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for vyos_prefix_lists +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: vyos_prefix_lists +short_description: Prefix-Lists resource module for VyOS +description: + - This module manages prefix-lists configuration on devices running VyOS +version_added: 2.4.0 +author: Priyam Sahoo (@priyamsahoo) +notes: + - Tested against VyOS 1.1.8 (helium) + - This module works with connection C(network_cli) +options: + config: + description: A list of prefix-list options + type: list + elements: dict + suboptions: + afi: + description: The Address Family Indicator (AFI) for the prefix-lists + type: str + choices: ["ipv4", "ipv6"] + required: true + prefix_lists: + description: A list of prefix-list configurations + type: list + elements: dict + suboptions: + name: + description: The name of a defined prefix-list + type: str + required: true + description: + description: A brief text description for the prefix-list + type: str + entries: + description: Rule configurations for the prefix-list + type: list + elements: dict + suboptions: + sequence: + description: A numeric identifier for the rule + type: int + required: true + description: + description: A brief text description for the prefix list rule + type: str + action: + description: The action to be taken for packets matching a prefix list rule + type: str + choices: ["permit", "deny"] + ge: + description: Minimum prefix length to be matched + type: int + le: + description: Maximum prefix list length to be matched + type: int + prefix: + description: IPv4 or IPv6 prefix in A.B.C.D/LEN or A:B::C:D/LEN format + type: str + running_config: + description: + - This option is used only with state I(parsed). + - The value of this option should be the output received from the VyOS device + by executing the command B(show configuration commands | grep prefix-list). + - The state I(parsed) reads the configuration from C(running_config) option and + transforms it into Ansible structured data as per the resource module's argspec + and the value is then returned in the I(parsed) key within the result. + type: str + state: + description: + - The state the configuration should be left in + type: str + choices: + - merged + - replaced + - overridden + - deleted + - gathered + - rendered + - parsed + default: merged +""" + +EXAMPLES = """ +# # ------------------- +# # 1. Using merged +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# vyos@vyos:~$ + +# # Task +# # ------------- +# - name: Merge the provided configuration with the existing running configuration +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: "PL configured by ansible" +# entries: +# - sequence: 2 +# description: "Rule 2 given by ansible" +# action: "permit" +# prefix: "92.168.10.0/26" +# le: 32 + +# - sequence: 3 +# description: "Rule 3" +# action: "deny" +# prefix: "72.168.2.0/24" +# ge: 26 + +# - afi: "ipv6" +# prefix_lists: +# - name: "AllowIPv6Prefix" +# description: "Configured by ansible for allowing IPv6 networks" +# entries: +# - sequence: 5 +# description: "Permit rule" +# action: "permit" +# prefix: "2001:db8:8000::/35" +# le: 37 + +# - name: DenyIPv6Prefix +# description: "Configured by ansible for disallowing IPv6 networks" +# entries: +# - sequence: 8 +# action: deny +# prefix: "2001:db8:2000::/35" +# le: 37 +# state: merged + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "before": [], +# "changed": true, +# "commands": [ +# "set policy prefix-list AnsibleIPv4PrefixList", +# "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", +# "set policy prefix-list6 AllowIPv6Prefix", +# "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", +# "set policy prefix-list6 DenyIPv6Prefix", +# "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" +# ] + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + + +# # ------------------- +# # 2. Using replaced +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: "Configuration replaced by ansible" +# entries: +# - sequence: 3 +# description: "Rule 3 replaced by ansible" +# action: "permit" +# prefix: "82.168.2.0/24" +# ge: 26 +# state: replaced + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "Configuration replaced by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 3 replaced by ansible", +# "ge": 26, +# "sequence": 3, +# "prefix": "82.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 2" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + + +# # ------------------- +# # 3. Using overridden +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Override all prefix-lists configuration with provided configuration +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: Rule 2 overridden by ansible +# entries: +# - sequence: 2 +# action: "deny" +# ge: 26 +# prefix: "82.168.2.0/24" + +# - name: "OverriddenPrefixList" +# description: Configuration overridden by ansible +# entries: +# - sequence: 10 +# action: permit +# prefix: "203.0.113.96/27" +# le: 32 +# state: overridden + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "Rule 2 overridden by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "deny", +# "ge": 26, +# "sequence": 2, +# "prefix": "82.168.2.0/24" +# } +# ] +# }, +# { +# "description": "Configuration overridden by ansible", +# "name": "OverriddenPrefixList", +# "entries": [ +# { +# "action": "permit", +# "sequence": 10, +# "le": 32, +# "prefix": "203.0.113.96/27" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list6 AllowIPv6Prefix", +# "delete policy prefix-list6 DenyIPv6Prefix", +# "set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 3", +# "set policy prefix-list OverriddenPrefixList", +# "set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible'", +# "set policy prefix-list OverriddenPrefixList rule 10", +# "set policy prefix-list OverriddenPrefixList rule 10 action 'permit'", +# "set policy prefix-list OverriddenPrefixList rule 10 le '32'", +# "set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27'" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24' +# set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible' +# set policy prefix-list OverriddenPrefixList rule 10 action 'permit' +# set policy prefix-list OverriddenPrefixList rule 10 le '32' +# set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27' +# vyos@vyos:~$ + + +# # ------------------- +# # 4(i). Using deleted (to delete all prefix lists from the device) +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Delete all prefix-lists +# vyos.vyos.vyos_prefix_lists: +# config: +# state: deleted + +# # Task output: +# # ------------- +# "after": [], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list AnsibleIPv4PrefixList", +# "delete policy prefix-list6 AllowIPv6Prefix", +# "delete policy prefix-list6 DenyIPv6Prefix" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# vyos@vyos:~$ + + +# # ------------------- +# # 4(ii). Using deleted (to delete all prefix lists for an AFI) +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Delete all prefix-lists for IPv6 AFI +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv6" +# state: deleted + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list6 AllowIPv6Prefix", +# "delete policy prefix-list6 DenyIPv6Prefix" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# vyos@vyos:~$ + + +# # ------------------- +# # 4(iii). Using deleted (to delete single prefix list by name in different AFIs) +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Delete a single prefix-list from different AFIs +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# - afi: "ipv6" +# prefix_lists: +# - name: "DenyIPv6Prefix" +# state: deleted + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list AnsibleIPv4PrefixList", +# "delete policy prefix-list6 DenyIPv6Prefix" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# vyos@vyos:~$ + + +# # ------------------- +# # 5. Using gathered +# # ------------------- + +# # Task: +# # ------------- +# - name: Gather prefix-lists configurations +# vyos.vyos.vyos_prefix_lists: +# config: +# state: gathered + +# # Task output: +# # ------------- +# "gathered": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ] + + +# # ------------------- +# # 6. Using rendered +# # ------------------- + +# # Task: +# # ------------- +# - name: Render commands externally for the described prefix-list configurations +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: "PL configured by ansible" +# entries: +# - sequence: 2 +# description: "Rule 2 given by ansible" +# action: "permit" +# prefix: "92.168.10.0/26" +# le: 32 + +# - sequence: 3 +# description: "Rule 3" +# action: "deny" +# prefix: "72.168.2.0/24" +# ge: 26 + +# - afi: "ipv6" +# prefix_lists: +# - name: "AllowIPv6Prefix" +# description: "Configured by ansible for allowing IPv6 networks" +# entries: +# - sequence: 5 +# description: "Permit rule" +# action: "permit" +# prefix: "2001:db8:8000::/35" +# le: 37 + +# - name: DenyIPv6Prefix +# description: "Configured by ansible for disallowing IPv6 networks" +# entries: +# - sequence: 8 +# action: deny +# prefix: "2001:db8:2000::/35" +# le: 37 +# state: rendered + +# # Task output: +# # ------------- +# "rendered": [ +# "set policy prefix-list AnsibleIPv4PrefixList", +# "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", +# "set policy prefix-list6 AllowIPv6Prefix", +# "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", +# "set policy prefix-list6 DenyIPv6Prefix", +# "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" +# ] + + +# # ------------------- +# # 7. Using parsed +# # ------------------- + +# # sample_config.cfg: +# # ------------- +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + +# # Task: +# # ------------- +# - name: Parse externally provided prefix-lists configuration +# vyos.vyos.vyos_prefix_lists: +# running_config: "{{ lookup('file', './sample_config.cfg') }}" +# state: parsed + +# # Task output: +# # ------------- +# "parsed": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ] + +""" + +RETURN = """ + +before: + description: The configuration prior to the module invocation. + returned: when state is I(merged), I(replaced), I(overridden) or I(deleted) + type: list + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after the module invocation. + returned: when changed + type: list + sample: > + This output will always be in the same format as the + module argspec. +commands: + description: The set of commands pushed to the remote device for the required configurations to take place. + returned: when state is I(merged), I(replaced), I(overridden) or I(deleted) + type: list + sample: + - set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + - set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +rendered: + description: The provided configuration in the task rendered in device-native format (offline). + returned: when state is I(rendered) + type: list + sample: + - set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + - set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when state is I(gathered) + type: list + sample: > + This output will always be in the same format as the + module argspec. +parsed: + description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. + returned: when state is I(parsed) + type: list + sample: > + This output will always be in the same format as the + module argspec. + +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.prefix_lists.prefix_lists import ( + Prefix_listsArgs, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.prefix_lists.prefix_lists import ( + Prefix_lists, +) + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule( + argument_spec=Prefix_listsArgs.argument_spec, + mutually_exclusive=[["config", "running_config"]], + required_if=[ + ["state", "merged", ["config"]], + ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], + ["state", "rendered", ["config"]], + ["state", "parsed", ["running_config"]], + ], + supports_check_mode=True, + ) + + result = Prefix_lists(module).execute_module() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/tests/integration/targets/vyos_prefix_lists/defaults/main.yaml b/tests/integration/targets/vyos_prefix_lists/defaults/main.yaml new file mode 100644 index 0000000..164afea --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "[^_].*" +test_items: [] diff --git a/tests/integration/targets/vyos_prefix_lists/tasks/cli.yaml b/tests/integration/targets/vyos_prefix_lists/tasks/cli.yaml new file mode 100644 index 0000000..93eb2fe --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + find: + paths: '{{ role_path }}/tests/cli' + patterns: '{{ testcase }}.yaml' + use_regex: true + register: test_cases + delegate_to: localhost + +- name: Set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) + include: '{{ test_case_to_run }}' + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: '{{ test_items }}' + loop_control: + loop_var: test_case_to_run diff --git a/tests/integration/targets/vyos_prefix_lists/tasks/main.yaml b/tests/integration/targets/vyos_prefix_lists/tasks/main.yaml new file mode 100644 index 0000000..b957d2f --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- include: cli.yaml + tags: + - network_cli diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/_parsed.cfg b/tests/integration/targets/vyos_prefix_lists/tests/cli/_parsed.cfg new file mode 100644 index 0000000..25744b3 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/_parsed.cfg @@ -0,0 +1,18 @@ +set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'
\ No newline at end of file diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/_populate_config.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/_populate_config.yaml new file mode 100644 index 0000000..9be477d --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/_populate_config.yaml @@ -0,0 +1,22 @@ +--- +- name: Populate config + vyos.vyos.vyos_config: + lines: + - "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'" + - "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'" + - "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'" + - "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'" + - "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'" + - "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/_remove_config.yaml new file mode 100644 index 0000000..f0777b6 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/_remove_config.yaml @@ -0,0 +1,11 @@ +--- +- name: Remove pre-existing prefix-list configurations + vyos.vyos.vyos_config: + lines: + - delete policy prefix-list AnsibleIPv4PrefixList + - delete policy prefix-list OverriddenPrefixList + - delete policy prefix-list6 AllowIPv6Prefix + - delete policy prefix-list6 DenyIPv6Prefix + ignore_errors: true + vars: + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/deleted.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/deleted.yaml new file mode 100644 index 0000000..9209fad --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/deleted.yaml @@ -0,0 +1,108 @@ +--- +- debug: + msg: START vyos_prefix_lists deleted integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + # Delete all prefix-lists + - name: Delete all prefix-lists + register: result + vyos.vyos.vyos_prefix_lists: &id006 + config: + state: deleted + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dict is correctly generated + assert: + that: + - result["after"] == [] + + - name: Delete all prefix-lists (IDEMPOTENT) + register: result + vyos.vyos.vyos_prefix_lists: *id006 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + + - include_tasks: _remove_config.yaml + + - include_tasks: _populate_config.yaml + + # Delete all prefix-lists for an AFI + - name: Delete all prefix-lists for IPv6 AFI + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv6" + state: deleted + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - '"delete policy prefix-list6 AllowIPv6Prefix" in result.commands' + - '"delete policy prefix-list6 DenyIPv6Prefix" in result.commands' + - result.commands|length == 2 + + - name: Assert that after dict is correctly generated + assert: + that: + - result["after"][0] == merged["after"][0] + - result["after"]|length == 1 + + - include_tasks: _remove_config.yaml + + - include_tasks: _populate_config.yaml + + # Delete single prefix-list from different AFIs + - name: Delete a single prefix-list from different AFIs + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + - afi: "ipv6" + prefix_lists: + - name: "DenyIPv6Prefix" + state: deleted + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - '"delete policy prefix-list AnsibleIPv4PrefixList" in result.commands' + - '"delete policy prefix-list6 DenyIPv6Prefix" in result.commands' + - result.commands|length == 2 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/empty_config.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/empty_config.yaml new file mode 100644 index 0000000..70ac937 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/empty_config.yaml @@ -0,0 +1,58 @@ +--- +- debug: + msg: START vyos_prefix_lists empty_config integration tests on connection={{ ansible_connection }} + +- name: Merged with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: merged + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: replaced + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Overridden with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: overridden + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state overridden' + +- name: Rendered with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: rendered + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state rendered' + +- name: Parsed with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + running_config: + state: parsed + +- assert: + that: + - result.msg == 'value of running_config parameter must not be empty for state parsed' diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/gathered.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/gathered.yaml new file mode 100644 index 0000000..ef23bcc --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/gathered.yaml @@ -0,0 +1,24 @@ +--- +- debug: + msg: START vyos_prefix_lists gathered integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Gather prefix-lists configurations + register: result + vyos.vyos.vyos_prefix_lists: + config: + state: gathered + + - name: Assert that facts are correctly generated + assert: + that: + - result["gathered"][0] == merged["after"][0] + - result["gathered"][1] == merged["after"][1] + - result['gathered']|length == 2 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/merged.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/merged.yaml new file mode 100644 index 0000000..ef94743 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/merged.yaml @@ -0,0 +1,77 @@ +--- +- debug: + msg: START vyos_prefix_lists merged integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + - name: Merge the provided configuration with the existing running configuration + register: result + vyos.vyos.vyos_prefix_lists: &id001 + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "PL configured by ansible" + entries: + - sequence: 2 + description: "Rule 2 given by ansible" + action: "permit" + prefix: "92.168.10.0/26" + le: 32 + + - sequence: 3 + description: "Rule 3" + action: "deny" + prefix: "72.168.2.0/24" + ge: 26 + + - afi: "ipv6" + prefix_lists: + - name: "AllowIPv6Prefix" + description: "Configured by ansible for allowing IPv6 networks" + entries: + - sequence: 5 + description: "Permit rule" + action: "permit" + prefix: "2001:db8:8000::/35" + le: 37 + + - name: DenyIPv6Prefix + description: "Configured by ansible for disallowing IPv6 networks" + entries: + - sequence: 8 + action: deny + prefix: "2001:db8:2000::/35" + le: 37 + state: merged + + - name: Assert that before dicts were correctly generated + assert: + that: "{{ result['before'] == [] }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts were correctly generated + assert: + that: + - "{{ result['after'][0] == merged['after'][0] }}" + - "{{ result['after'][1] == merged['after'][1] }}" + - "{{ result['after']|length == 2 }}" + + - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) + vyos.vyos.vyos_prefix_lists: *id001 + register: result + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/overridden.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/overridden.yaml new file mode 100644 index 0000000..7bcd26b --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/overridden.yaml @@ -0,0 +1,61 @@ +--- +- debug: + msg: START vyos_prefix_lists overridden integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Override all prefix-lists configuration with provided configuration + register: result + vyos.vyos.vyos_prefix_lists: &id003 + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: Rule 3 overridden by ansible + entries: + - sequence: 2 + action: "deny" + ge: 26 + prefix: "82.168.2.0/24" + + - name: "OverriddenPrefixList" + description: Configuration overridden by ansible + entries: + - sequence: 10 + action: permit + prefix: "203.0.113.96/27" + le: 32 + state: overridden + + - name: Assert that before dicts were correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ overridden['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts were correctly generated + assert: + that: + - "{{ overridden['after'][0] == result['after'][0] }}" + + - name: Override all prefix-lists configuration with provided configuration (IDEMPOTENT) + register: result + vyos.vyos.vyos_prefix_lists: *id003 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/parsed.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/parsed.yaml new file mode 100644 index 0000000..86772ef --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/parsed.yaml @@ -0,0 +1,16 @@ +--- +- debug: + msg: START vyos_prefix_lists parsed integration tests on connection={{ ansible_connection }} + +- name: Parse externally provided prefix-lists configuration + register: result + vyos.vyos.vyos_prefix_lists: + running_config: "{{ lookup('file', './_parsed.cfg') }}" + state: parsed + +- name: Assert that config was correctly parsed + assert: + that: + - "{{ result['parsed'][0] == merged['after'][0] }}" + - "{{ result['parsed'][1] == merged['after'][1] }}" + - "{{ result['parsed']|length == 2 }}" diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/rendered.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/rendered.yaml new file mode 100644 index 0000000..12a0deb --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/rendered.yaml @@ -0,0 +1,51 @@ +--- +- debug: + msg: START vyos_prefix_lists rendered integration tests on connection={{ ansible_connection }} + +- name: Render commands externally for the described prefix-list configurations + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "PL configured by ansible" + entries: + - sequence: 2 + description: "Rule 2 given by ansible" + action: "permit" + prefix: "92.168.10.0/26" + le: 32 + + - sequence: 3 + description: "Rule 3" + action: "deny" + prefix: "72.168.2.0/24" + ge: 26 + + - afi: "ipv6" + prefix_lists: + - name: "AllowIPv6Prefix" + description: "Configured by ansible for allowing IPv6 networks" + entries: + - sequence: 5 + description: "Permit rule" + action: "permit" + prefix: "2001:db8:8000::/35" + le: 37 + + - name: DenyIPv6Prefix + description: "Configured by ansible for disallowing IPv6 networks" + entries: + - sequence: 8 + action: deny + prefix: "2001:db8:2000::/35" + le: 37 + state: rendered + +- name: Assert that correct set of commands were rendered + assert: + that: + - "{{ merged['commands'] | symmetric_difference(result['rendered']) |length\ + \ == 0 }}" + - result.changed == False diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/replaced.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/replaced.yaml new file mode 100644 index 0000000..fc9f5da --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/replaced.yaml @@ -0,0 +1,57 @@ +--- +- debug: + msg: START vyos_prefix_lists replaced integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations + register: result + vyos.vyos.vyos_prefix_lists: &id002 + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "Configuration replaced by ansible" + entries: + - sequence: 3 + description: "Rule 3 replaced by ansible" + action: "permit" + prefix: "82.168.2.0/24" + ge: 26 + state: replaced + + - name: Assert that before dicts were correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ replaced['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts were correctly generated + assert: + that: + - "{{ replaced['after'][0] == result['after'][0] }}" + - "{{ replaced['after'][1] == result['after'][1] }}" + - "{{ result['after']|length == 2 }}" + + - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations (IDEMPOTENT) + register: result + vyos.vyos.vyos_prefix_lists: *id002 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/rtt.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/rtt.yaml new file mode 100644 index 0000000..2be2515 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/rtt.yaml @@ -0,0 +1,87 @@ +--- +- debug: + msg: START vyos_prefix_lists round trip integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "PL configured by ansible" + entries: + - sequence: 2 + description: "Rule 2 given by ansible" + action: "permit" + prefix: "92.168.10.0/26" + le: 32 + + - sequence: 3 + description: "Rule 3" + action: "deny" + prefix: "72.168.2.0/24" + ge: 26 + + - afi: "ipv6" + prefix_lists: + - name: "AllowIPv6Prefix" + description: "Configured by ansible for allowing IPv6 networks" + entries: + - sequence: 5 + description: "Permit rule" + action: "permit" + prefix: "2001:db8:8000::/35" + le: 37 + + - name: DenyIPv6Prefix + description: "Configured by ansible for disallowing IPv6 networks" + entries: + - sequence: 8 + action: deny + prefix: "2001:db8:2000::/35" + le: 37 + state: merged + + - name: Gather prefix-lists facts + vyos.vyos.vyos_facts: + gather_subset: + - default + gather_network_resources: + - prefix_lists + + - name: Update the configuration with the provided one (config to be reverted back) + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "Configuration replaced by ansible" + entries: + - sequence: 3 + description: "Rule 3 replaced by ansible" + action: "permit" + prefix: "82.168.2.0/24" + ge: 26 + state: replaced + + - name: Assert that changes were applied + assert: + that: "{{ result['after'] == replaced['after'] }}" + + - name: Revert back to base config using facts round trip + register: revert + vyos.vyos.vyos_prefix_lists: + config: "{{ ansible_facts['network_resources']['prefix_lists'] }}" + state: replaced + + - name: Assert that config was reverted + assert: + that: "{{ revert['after'] == base_config['after']}}" + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/vars/main.yaml b/tests/integration/targets/vyos_prefix_lists/vars/main.yaml new file mode 100644 index 0000000..3a30342 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/vars/main.yaml @@ -0,0 +1,145 @@ +--- +merged: + before: [] + + commands: + - set policy prefix-list6 AllowIPv6Prefix + - set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + - set policy prefix-list6 AllowIPv6Prefix rule 5 + - set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + - set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + - set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + - set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + - set policy prefix-list6 DenyIPv6Prefix + - set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + - set policy prefix-list6 DenyIPv6Prefix rule 8 + - set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + - set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + - set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + - set policy prefix-list AnsibleIPv4PrefixList + - set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 + - set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + + after: + - afi: ipv4 + prefix_lists: + - description: PL configured by ansible + name: AnsibleIPv4PrefixList + entries: + - action: permit + description: Rule 2 given by ansible + sequence: 2 + le: 32 + prefix: 92.168.10.0/26 + - action: deny + description: Rule 3 + ge: 26 + sequence: 3 + prefix: 72.168.2.0/24 + - afi: ipv6 + prefix_lists: + - description: Configured by ansible for allowing IPv6 networks + name: AllowIPv6Prefix + entries: + - action: permit + description: Permit rule + sequence: 5 + le: 37 + prefix: 2001:db8:8000::/35 + - description: Configured by ansible for disallowing IPv6 networks + name: DenyIPv6Prefix + entries: + - action: deny + sequence: 8 + le: 37 + prefix: 2001:db8:2000::/35 + +replaced: + commands: + - set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24' + - delete policy prefix-list AnsibleIPv4PrefixList rule 2 + + after: + - afi: ipv4 + prefix_lists: + - description: Configuration replaced by ansible + name: AnsibleIPv4PrefixList + entries: + - action: permit + description: Rule 3 replaced by ansible + ge: 26 + sequence: 3 + prefix: 82.168.2.0/24 + - afi: ipv6 + prefix_lists: + - description: Configured by ansible for allowing IPv6 networks + name: AllowIPv6Prefix + entries: + - action: permit + description: Permit rule + sequence: 5 + le: 37 + prefix: 2001:db8:8000::/35 + - description: Configured by ansible for disallowing IPv6 networks + name: DenyIPv6Prefix + entries: + - action: deny + sequence: 8 + le: 37 + prefix: 2001:db8:2000::/35 + +overridden: + commands: + - delete policy prefix-list6 AllowIPv6Prefix + - delete policy prefix-list6 DenyIPv6Prefix + - set policy prefix-list AnsibleIPv4PrefixList description 'Rule 3 overridden by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny' + - delete policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given + by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26' + - delete policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24' + - delete policy prefix-list AnsibleIPv4PrefixList rule 3 + - set policy prefix-list OverriddenPrefixList + - set policy prefix-list OverriddenPrefixList description 'Configuration overridden + by ansible' + - set policy prefix-list OverriddenPrefixList rule 10 + - set policy prefix-list OverriddenPrefixList rule 10 action 'permit' + - set policy prefix-list OverriddenPrefixList rule 10 le '32' + - set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27' + + after: + - afi: ipv4 + prefix_lists: + - description: Rule 3 overridden by ansible + name: AnsibleIPv4PrefixList + entries: + - action: deny + ge: 26 + sequence: 2 + prefix: 82.168.2.0/24 + - description: Configuration overridden by ansible + name: OverriddenPrefixList + entries: + - action: permit + sequence: 10 + le: 32 + prefix: 203.0.113.96/27 + +deleted: + commands: + - delete policy prefix-list AnsibleIPv4PrefixList + - delete policy prefix-list6 AllowIPv6Prefix + - delete policy prefix-list6 DenyIPv6Prefix diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index 69f4063..967e336 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -4,3 +4,6 @@ plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py impo plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 69f4063..967e336 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -4,3 +4,6 @@ plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py impo plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt index 69f4063..967e336 100644 --- a/tests/sanity/ignore-2.12.txt +++ b/tests/sanity/ignore-2.12.txt @@ -4,3 +4,6 @@ plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py impo plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 7178a20..aa3ef3f 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -16,3 +16,6 @@ plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py impo plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/unit/modules/network/vyos/test_vyos_prefix_lists.py b/tests/unit/modules/network/vyos/test_vyos_prefix_lists.py new file mode 100644 index 0000000..d1e1a8c --- /dev/null +++ b/tests/unit/modules/network/vyos/test_vyos_prefix_lists.py @@ -0,0 +1,1242 @@ +# (c) 2021 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see <http://www.gnu.org/licenses/>. + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from textwrap import dedent +from ansible_collections.vyos.vyos.tests.unit.compat.mock import patch +from ansible_collections.vyos.vyos.plugins.modules import vyos_prefix_lists +from ansible_collections.vyos.vyos.tests.unit.modules.utils import ( + set_module_args, +) +from .vyos_module import TestVyosModule + + +class TestVyosPrefixListsModule(TestVyosModule): + + # Testing strategy + # ------------------ + # (a) The unit tests cover `merged` and `replaced` for every attribute. + # Since `overridden` is essentially `replaced` but at a larger + # scale, these indirectly cover `overridden` as well. + # (b) For linear attributes replaced is not valid and hence, those tests + # delete the attributes from the config subsection. + # (c) The argspec for VRFs is same as the top-level spec and the config logic + # is re-used. Hence, those attributes are not explictly covered. However, a + # combination of VRF + top-level spec + AF is tested. + + module = vyos_prefix_lists + + def setUp(self): + super(TestVyosPrefixListsModule, self).setUp() + + self.mock_get_resource_connection = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module_base.get_resource_connection" + ) + self.get_resource_connection = ( + self.mock_get_resource_connection.start() + ) + + self.mock_get_config = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.prefix_lists.prefix_lists.Prefix_listsFacts.get_config" + ) + self.get_config = self.mock_get_config.start() + + def tearDown(self): + super(TestVyosPrefixListsModule, self).tearDown() + self.get_resource_connection.stop() + self.get_config.stop() + + # test merged for linear attributes + def test_vyos_prefix_lists_linear_merged(self): + self.get_config.return_value = dedent( + """\ + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + description="Test rule 10", + prefix="92.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ), + dict( + name="plist2", + entries=[ + dict( + sequence=20, + action="permit", + prefix="82.168.10.0/26", + le=32, + ), + dict( + sequence=30, + action="deny", + prefix="62.168.2.0/24", + ge=25, + ), + ], + ), + ], + ), + dict( + afi="ipv6", + prefix_lists=[ + dict( + name="plist3", + description="Test plist3", + entries=[ + dict( + sequence=10, + action="deny", + description="Test rule 10", + prefix="2001:db8:1000::/36", + le=36, + ), + dict( + sequence=20, + action="permit", + description="Test rule 20", + prefix="2001:db8:2000::/36", + ), + ], + ), + dict( + name="plist4", + entries=[ + dict( + sequence=20, + action="permit", + prefix="2001:db8:3000::/36", + ), + dict( + sequence=50, + action="deny", + prefix="2001:db8:4000::/36", + ), + ], + ), + ], + ), + ], + state="merged", + ) + ) + commands = [ + "set policy prefix-list plist1", + "set policy prefix-list plist1 description 'Test plist1'", + "set policy prefix-list plist1 rule 10", + "set policy prefix-list plist1 rule 10 action 'permit'", + "set policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26'", + "set policy prefix-list plist1 rule 20", + "set policy prefix-list plist1 rule 20 action 'deny'", + "set policy prefix-list plist1 rule 20 description 'Test rule 20'", + "set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24'", + "set policy prefix-list plist2", + "set policy prefix-list plist2 rule 20", + "set policy prefix-list plist2 rule 20 action 'permit'", + "set policy prefix-list plist2 rule 20 le '32'", + "set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26'", + "set policy prefix-list plist2 rule 30", + "set policy prefix-list plist2 rule 30 action 'deny'", + "set policy prefix-list plist2 rule 30 ge '25'", + "set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24'", + "set policy prefix-list6 plist3", + "set policy prefix-list6 plist3 description 'Test plist3'", + "set policy prefix-list6 plist3 rule 10", + "set policy prefix-list6 plist3 rule 10 action 'deny'", + "set policy prefix-list6 plist3 rule 10 description 'Test rule 10'", + "set policy prefix-list6 plist3 rule 10 le '36'", + "set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36'", + "set policy prefix-list6 plist3 rule 20", + "set policy prefix-list6 plist3 rule 20 action 'permit'", + "set policy prefix-list6 plist3 rule 20 description 'Test rule 20'", + "set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36'", + "set policy prefix-list6 plist4", + "set policy prefix-list6 plist4 rule 20", + "set policy prefix-list6 plist4 rule 20 action 'permit'", + "set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36'", + "set policy prefix-list6 plist4 rule 50", + "set policy prefix-list6 plist4 rule 50 action 'deny'", + "set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36'", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test merged for linear attributes (idempotent) + def test_vyos_prefix_lists_linear_merged_idempotent(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + description="Test rule 10", + prefix="92.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ), + dict( + name="plist2", + entries=[ + dict( + sequence=20, + action="permit", + prefix="82.168.10.0/26", + le=32, + ), + dict( + sequence=30, + action="deny", + prefix="62.168.2.0/24", + ge=25, + ), + ], + ), + ], + ), + dict( + afi="ipv6", + prefix_lists=[ + dict( + name="plist3", + description="Test plist3", + entries=[ + dict( + sequence=10, + action="deny", + description="Test rule 10", + prefix="2001:db8:1000::/36", + le=36, + ), + dict( + sequence=20, + action="permit", + description="Test rule 20", + prefix="2001:db8:2000::/36", + ), + ], + ), + dict( + name="plist4", + entries=[ + dict( + sequence=20, + action="permit", + prefix="2001:db8:3000::/36", + ), + dict( + sequence=50, + action="deny", + prefix="2001:db8:4000::/36", + ), + ], + ), + ], + ), + ], + state="merged", + ) + ) + result = self.execute_module(changed=False) + self.assertEqual(result["commands"], []) + + # test existing rule with replaced + def test_vyos_prefix_lists_replaced_update(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + prefix="82.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ) + ], + ) + ], + state="replaced", + ) + ) + commands = [ + "delete policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '82.168.10.0/26'", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test replaced + def test_vyos_prefix_lists_replaced(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + entries=[ + dict( + sequence=10, + action="permit", + prefix="82.168.10.0/26", + ) + ], + ) + ], + ) + ], + state="replaced", + ) + ) + commands = [ + "delete policy prefix-list plist1 description 'Test plist1'", + "set policy prefix-list plist1 rule 10 prefix '82.168.10.0/26'", + "delete policy prefix-list plist1 rule 20", + "delete policy prefix-list plist1 rule 10 description 'Test rule 10'", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test update with overridden + def test_vyos_prefix_lists_overridden_update(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + entries=[ + dict( + sequence=10, + action="deny", + prefix="102.168.10.0/26", + ) + ], + ) + ], + ) + ], + state="overridden", + ) + ) + commands = [ + "delete policy prefix-list plist1 description 'Test plist1'", + "delete policy prefix-list6 plist4", + "delete policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '102.168.10.0/26'", + "delete policy prefix-list6 plist3", + "delete policy prefix-list plist1 rule 20", + "set policy prefix-list plist1 rule 10 action 'deny'", + "delete policy prefix-list plist2", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test overridden + def test_vyos_prefix_lists_overridden(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist5", + entries=[ + dict( + sequence=50, + action="permit", + prefix="102.168.10.0/26", + ) + ], + ) + ], + ) + ], + state="overridden", + ) + ) + commands = [ + "set policy prefix-list plist5", + "set policy prefix-list plist5 rule 50", + "set policy prefix-list plist5 rule 50 action 'permit'", + "set policy prefix-list plist5 rule 50 prefix '102.168.10.0/26'", + "delete policy prefix-list plist1", + "delete policy prefix-list plist2", + "delete policy prefix-list6 plist3", + "delete policy prefix-list6 plist4", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (all) + def test_vyos_prefix_lists_deleted_all(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(state="deleted")) + commands = [ + "delete policy prefix-list plist1", + "delete policy prefix-list plist2", + "delete policy prefix-list6 plist3", + "delete policy prefix-list6 plist4", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (AFI) + def test_vyos_prefix_lists_deleted_afi(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(config=[dict(afi="ipv4")], state="deleted")) + commands = [ + "delete policy prefix-list plist1", + "delete policy prefix-list plist2", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (one prefix-list) + def test_vyos_prefix_lists_deleted_one(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[dict(afi="ipv6", prefix_lists=[dict(name="plist3")])], + state="deleted", + ) + ) + commands = ["delete policy prefix-list6 plist3"] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (one prefix-list from each AFI) + def test_vyos_prefix_lists_deleted_one_from_each_afi(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict(afi="ipv4", prefix_lists=[dict(name="plist2")]), + dict(afi="ipv6", prefix_lists=[dict(name="plist3")]), + ], + state="deleted", + ) + ) + commands = [ + "delete policy prefix-list plist2", + "delete policy prefix-list6 plist3", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test parsed + def test_vyos_prefix_lists_parsed(self): + cfg = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(running_config=cfg, state="parsed")) + parsed = [ + { + "afi": "ipv4", + "prefix_lists": [ + { + "description": "Test plist1", + "name": "plist1", + "entries": [ + { + "action": "permit", + "description": "Test rule 10", + "sequence": 10, + "prefix": "92.168.10.0/26", + }, + { + "action": "deny", + "description": "Test rule 20", + "sequence": 20, + "prefix": "72.168.2.0/24", + }, + ], + }, + { + "name": "plist2", + "entries": [ + { + "action": "permit", + "sequence": 20, + "le": 32, + "prefix": "82.168.10.0/26", + }, + { + "action": "deny", + "ge": 25, + "sequence": 30, + "prefix": "62.168.2.0/24", + }, + ], + }, + ], + }, + { + "afi": "ipv6", + "prefix_lists": [ + { + "description": "Test plist3", + "name": "plist3", + "entries": [ + { + "action": "deny", + "description": "Test rule 10", + "sequence": 10, + "le": 36, + "prefix": "2001:db8:1000::/36", + }, + { + "action": "permit", + "description": "Test rule 20", + "sequence": 20, + "prefix": "2001:db8:2000::/36", + }, + ], + }, + { + "name": "plist4", + "entries": [ + { + "action": "permit", + "sequence": 20, + "prefix": "2001:db8:3000::/36", + }, + { + "action": "deny", + "sequence": 50, + "prefix": "2001:db8:4000::/36", + }, + ], + }, + ], + }, + ] + result = self.execute_module(changed=False) + self.assertEqual(result["parsed"], parsed) + + # test rendered + def test_vyos_prefix_lists_rendered(self): + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + description="Test rule 10", + prefix="92.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ), + dict( + name="plist2", + entries=[ + dict( + sequence=20, + action="permit", + prefix="82.168.10.0/26", + le=32, + ), + dict( + sequence=30, + action="deny", + prefix="62.168.2.0/24", + ge=25, + ), + ], + ), + ], + ), + dict( + afi="ipv6", + prefix_lists=[ + dict( + name="plist3", + description="Test plist3", + entries=[ + dict( + sequence=10, + action="deny", + description="Test rule 10", + prefix="2001:db8:1000::/36", + le=36, + ), + dict( + sequence=20, + action="permit", + description="Test rule 20", + prefix="2001:db8:2000::/36", + ), + ], + ), + dict( + name="plist4", + entries=[ + dict( + sequence=20, + action="permit", + prefix="2001:db8:3000::/36", + ), + dict( + sequence=50, + action="deny", + prefix="2001:db8:4000::/36", + ), + ], + ), + ], + ), + ], + state="rendered", + ) + ) + rendered = [ + "set policy prefix-list plist1", + "set policy prefix-list plist1 description 'Test plist1'", + "set policy prefix-list plist1 rule 10", + "set policy prefix-list plist1 rule 10 action 'permit'", + "set policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26'", + "set policy prefix-list plist1 rule 20", + "set policy prefix-list plist1 rule 20 action 'deny'", + "set policy prefix-list plist1 rule 20 description 'Test rule 20'", + "set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24'", + "set policy prefix-list plist2", + "set policy prefix-list plist2 rule 20", + "set policy prefix-list plist2 rule 20 action 'permit'", + "set policy prefix-list plist2 rule 20 le '32'", + "set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26'", + "set policy prefix-list plist2 rule 30", + "set policy prefix-list plist2 rule 30 action 'deny'", + "set policy prefix-list plist2 rule 30 ge '25'", + "set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24'", + "set policy prefix-list6 plist3", + "set policy prefix-list6 plist3 description 'Test plist3'", + "set policy prefix-list6 plist3 rule 10", + "set policy prefix-list6 plist3 rule 10 action 'deny'", + "set policy prefix-list6 plist3 rule 10 description 'Test rule 10'", + "set policy prefix-list6 plist3 rule 10 le '36'", + "set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36'", + "set policy prefix-list6 plist3 rule 20", + "set policy prefix-list6 plist3 rule 20 action 'permit'", + "set policy prefix-list6 plist3 rule 20 description 'Test rule 20'", + "set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36'", + "set policy prefix-list6 plist4", + "set policy prefix-list6 plist4 rule 20", + "set policy prefix-list6 plist4 rule 20 action 'permit'", + "set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36'", + "set policy prefix-list6 plist4 rule 50", + "set policy prefix-list6 plist4 rule 50 action 'deny'", + "set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36'", + ] + result = self.execute_module(changed=False) + self.assertEqual(set(result["rendered"]), set(rendered)) + + # test gathered + def test_vyos_prefix_lists_gathered(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(state="gathered")) + gathered = [ + { + "afi": "ipv4", + "prefix_lists": [ + { + "description": "Test plist1", + "name": "plist1", + "entries": [ + { + "action": "permit", + "description": "Test rule 10", + "sequence": 10, + "prefix": "92.168.10.0/26", + }, + { + "action": "deny", + "description": "Test rule 20", + "sequence": 20, + "prefix": "72.168.2.0/24", + }, + ], + }, + { + "name": "plist2", + "entries": [ + { + "action": "permit", + "sequence": 20, + "le": 32, + "prefix": "82.168.10.0/26", + }, + { + "action": "deny", + "ge": 25, + "sequence": 30, + "prefix": "62.168.2.0/24", + }, + ], + }, + ], + }, + { + "afi": "ipv6", + "prefix_lists": [ + { + "description": "Test plist3", + "name": "plist3", + "entries": [ + { + "action": "deny", + "description": "Test rule 10", + "sequence": 10, + "le": 36, + "prefix": "2001:db8:1000::/36", + }, + { + "action": "permit", + "description": "Test rule 20", + "sequence": 20, + "prefix": "2001:db8:2000::/36", + }, + ], + }, + { + "name": "plist4", + "entries": [ + { + "action": "permit", + "sequence": 20, + "prefix": "2001:db8:3000::/36", + }, + { + "action": "deny", + "sequence": 50, + "prefix": "2001:db8:4000::/36", + }, + ], + }, + ], + }, + ] + result = self.execute_module(changed=False) + self.assertEqual(result["gathered"], gathered) |