diff options
3 files changed, 82 insertions, 1 deletions
diff --git a/changelogs/fragments/firewall_rule_cli_change_version_1.4.yaml b/changelogs/fragments/firewall_rule_cli_change_version_1.4.yaml new file mode 100644 index 0000000..652c39d --- /dev/null +++ b/changelogs/fragments/firewall_rule_cli_change_version_1.4.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - firewall_rules - icmpv6 type - add support for vyos sw >= 1.4. diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py index 2920878..ca47652 100644 --- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py @@ -29,6 +29,7 @@ from ansible.module_utils.six import iteritems from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import ( list_diff_want_only, ) +import re class Firewall_rules(ConfigBase): @@ -575,10 +576,27 @@ class Firewall_rules(ConfigBase): and not (h_icmp and self._is_w_same(w[attr], h_icmp, item)) ): if item == "type_name": + os_version = self._get_os_version() + ver = re.search( + "vyos ([\\d\\.]+)-?.*", # noqa: W605 + os_version, + re.IGNORECASE, + ) + if ver.group(1) >= "1.4": + param_name = "type-name" + else: + param_name = "type" if "ipv6-name" in cmd: commands.append( cmd - + (" " + "icmpv6" + " " + "type" + " " + val) + + ( + " " + + "icmpv6" + + " " + + param_name + + " " + + val + ) ) else: commands.append( @@ -1040,3 +1058,11 @@ class Firewall_rules(ConfigBase): "enable_default_log", ) return True if key in r_set else False + + def _get_os_version(self): + os_version = "1.2" + if self._connection: + os_version = self._connection.get_device_info()[ + "network_os_version" + ] + return os_version diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py index 4e1f344..80d0db5 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules.py @@ -66,6 +66,12 @@ class TestVyosFirewallRulesModule(TestVyosModule): ) self.execute_show_command = self.mock_execute_show_command.start() + self.mock_get_os_version = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.firewall_rules.firewall_rules.Firewall_rules._get_os_version" + ) + self.get_os_version = self.mock_get_os_version.start() + self.get_os_version.return_value = "Vyos 1.2" + def tearDown(self): super(TestVyosFirewallRulesModule, self).tearDown() self.mock_get_resource_connection_config.stop() @@ -73,6 +79,7 @@ class TestVyosFirewallRulesModule(TestVyosModule): self.mock_get_config.stop() self.mock_load_config.stop() self.mock_execute_show_command.stop() + self.mock_get_os_version.stop() def load_fixtures(self, commands=None): def load_from_file(*args, **kwargs): @@ -1144,3 +1151,48 @@ class TestVyosFirewallRulesModule(TestVyosModule): ) ) self.execute_module(changed=False, commands=[]) + + def test_vyos_firewall_v6_rule_sets_rule_merged_01_version(self): + self.get_os_version.return_value = "VyOS 1.4-rolling-202007010117" + set_module_args( + dict( + config=[ + dict( + afi="ipv6", + rule_sets=[ + dict( + name="INBOUND", + description="This is IPv6 INBOUND rule set", + default_action="accept", + enable_default_log=True, + rules=[ + dict( + number="101", + action="accept", + description="Rule 101 is configured by Ansible", + ipsec="match-ipsec", + protocol="icmp", + disabled=True, + icmp=dict(type_name="echo-request"), + ) + ], + ), + ], + ) + ], + state="merged", + ) + ) + commands = [ + "set firewall ipv6-name INBOUND default-action 'accept'", + "set firewall ipv6-name INBOUND description 'This is IPv6 INBOUND rule set'", + "set firewall ipv6-name INBOUND enable-default-log", + "set firewall ipv6-name INBOUND rule 101 protocol 'icmp'", + "set firewall ipv6-name INBOUND rule 101 description 'Rule 101 is configured by Ansible'", + "set firewall ipv6-name INBOUND rule 101", + "set firewall ipv6-name INBOUND rule 101 disable", + "set firewall ipv6-name INBOUND rule 101 action 'accept'", + "set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'", + "set firewall ipv6-name INBOUND rule 101 icmpv6 type-name echo-request", + ] + self.execute_module(changed=True, commands=commands) |