diff options
32 files changed, 271 insertions, 62 deletions
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index cab10556..d5617c09 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -12,7 +12,7 @@ repos: - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -39,18 +39,18 @@ repos: - prettier-plugin-toml - repo: https://github.com/PyCQA/isort - rev: 5.13.2 + rev: 6.0.0 hooks: - id: isort name: Sort import statements using isort args: [--filter-files] - repo: https://github.com/psf/black - rev: 24.4.2 + rev: 25.1.0 hooks: - id: black - repo: https://github.com/pycqa/flake8 - rev: 7.1.0 + rev: 7.1.2 hooks: - id: flake8 @@ -210,12 +210,15 @@ Additionally: on the local network - eth1 and eth2 should be defined and uncofirgured (they'll be overwritten by the tests) - eth3 and beyond should not be present or interface-related tests will fail +- when using VMs for testing, ensure that the interfaces don't use `virtio`, as it will supress + some interface configurations. `e1000e` is a good choice for testing. - eth0 is also expected to show `duplex auto` and `speed auto` in the output of `show interfaces`, however others are not due to the fact that they are repeatedly deleted and recreated which causes the default values to be hidden. ## Changelogs -<!--Add a link to a changelog.md file or an external docsite to cover this information. --> + +Change logs are available [here](https://github.com/vyos/vyos.vyos/blob/main/CHANGELOG.rst). ## Release notes diff --git a/changelogs/fragments/T7162-interface-preflight.yaml b/changelogs/fragments/T7162-interface-preflight.yaml new file mode 100644 index 00000000..c829ca8b --- /dev/null +++ b/changelogs/fragments/T7162-interface-preflight.yaml @@ -0,0 +1,5 @@ +--- +trivial: + - fix pre-flight sets for interfaces + - restore previously-removed interface test duplex and speed + - remove unnecessary debug statements in integration tests diff --git a/changelogs/fragments/T7236_firewall_rules.yml b/changelogs/fragments/T7236_firewall_rules.yml new file mode 100644 index 00000000..bad04832 --- /dev/null +++ b/changelogs/fragments/T7236_firewall_rules.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - vyos_firewall_rules - Fixed comparing of firewall rules diff --git a/changelogs/fragments/T7259-get_config.yaml b/changelogs/fragments/T7259-get_config.yaml new file mode 100644 index 00000000..84bb1ab4 --- /dev/null +++ b/changelogs/fragments/T7259-get_config.yaml @@ -0,0 +1,3 @@ +--- +minor_changes: + - vyos_config - block get_config call if match is set to "none" diff --git a/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml b/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml new file mode 100644 index 00000000..78e07356 --- /dev/null +++ b/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - vyos_firewall_global - Fix removing last member of a firewall group. diff --git a/changelogs/fragments/test_module_patch.yml b/changelogs/fragments/test_module_patch.yml new file mode 100644 index 00000000..557a941a --- /dev/null +++ b/changelogs/fragments/test_module_patch.yml @@ -0,0 +1,3 @@ +--- +trivial: + - util.py - Add mock _ANSIBLE_PROFILE to reflect changes to Ansible libs diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py index e2a25e32..0d73d209 100644 --- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py @@ -31,11 +31,11 @@ from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils list_diff_want_only, in_target_not_none, ) - +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import ( + LooseVersion, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.vyos import get_os_version -from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.version import LooseVersion - class Firewall_global(ConfigBase): """ @@ -258,11 +258,7 @@ class Firewall_global(ConfigBase): self._form_attr_cmd(attr=key, key=self._bool_to_str(val), opr=opr), ) continue - if ( - key in l_set - and not self._in_target(h, key) - and not self._is_del(l_set, h) - ): + if key in l_set and not self._in_target(h, key) and not self._is_del(l_set, h): commands.append( self._form_attr_cmd(attr=key, val=self._bool_to_str(val), opr=opr), ) @@ -373,6 +369,8 @@ class Firewall_global(ConfigBase): ) elif not opr and key in l_set: if key == "name" and self._is_grp_del(h, want, key): + if commands[-1] == cmd + " " + want["name"] + " " + self._grp_type(attr): + commands.pop() commands.append(cmd + " " + want["name"]) continue if not (h and in_target_not_none(h, key)) and not self._is_grp_del(h, want, "name"): @@ -435,6 +433,14 @@ class Firewall_global(ConfigBase): + " " + member[self._get_mem_type(type)], ) + elif not opr and not have: + commands.append( + cmd + + " " + + name + + " " + + self._grp_type(type), + ) return commands def _get_mem_type(self, group): @@ -473,7 +479,9 @@ class Firewall_global(ConfigBase): for key, val in iteritems(w): if val and key != "connection_type": if opr and key in l_set and not (h and self._is_w_same(w, h, key)): - if key == "log" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if key == "log" and LooseVersion( + get_os_version(self._module), + ) >= LooseVersion("1.4"): commands.append( self._form_attr_cmd( key=attr + " " + w["connection_type"], @@ -499,7 +507,9 @@ class Firewall_global(ConfigBase): ), ) break # delete the whole thing and move on - if (not self._in_target(h, key) or h[key] is None) and (self._in_target(w, key) and w[key]): + if (not self._in_target(h, key) or h[key] is None) and ( + self._in_target(w, key) and w[key] + ): # delete if not being replaced and value currently exists commands.append( self._form_attr_cmd( @@ -531,11 +541,11 @@ class Firewall_global(ConfigBase): if want: for w in want: h = self.search_attrib_in_have(have, w, "afi") - if 'afi' in w: - afi = w['afi'] + if "afi" in w: + afi = w["afi"] else: - if h and 'afi' in h: - afi = h['afi'] + if h and "afi" in h: + afi = h["afi"] else: afi = None afi = None @@ -547,7 +557,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) elif not opr and key in l_set: @@ -557,7 +567,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) continue @@ -567,7 +577,7 @@ class Firewall_global(ConfigBase): attr=key, val=self._bool_to_str(val), opr=opr, - type=afi + type=afi, ), ) elif key == "icmp_redirects": @@ -587,11 +597,11 @@ class Firewall_global(ConfigBase): commands = [] h_red = {} l_set = ("send", "receive") - if w and 'afi' in w: - afi = w['afi'] + if w and "afi" in w: + afi = w["afi"] else: - if h and 'afi' in h: - afi = h['afi'] + if h and "afi" in h: + afi = h["afi"] else: afi = None if w[attr]: @@ -600,7 +610,12 @@ class Firewall_global(ConfigBase): for item, value in iteritems(w[attr]): if opr and item in l_set and not (h_red and self._is_w_same(w[attr], h_red, item)): commands.append( - self._form_attr_cmd(attr=item, val=self._bool_to_str(value), opr=opr, type=afi) + self._form_attr_cmd( + attr=item, + val=self._bool_to_str(value), + opr=opr, + type=afi, + ), ) elif ( not opr @@ -634,7 +649,12 @@ class Firewall_global(ConfigBase): :param type: AF type of attribute. :return: generated command. """ - command = self._compute_command(key=key, attr=self._map_attrib(attr, type=type), val=val, opr=opr) + command = self._compute_command( + key=key, + attr=self._map_attrib(attr, type=type), + val=val, + opr=opr, + ) return command def _compute_command(self, key=None, attr=None, val=None, remove=False, opr=True): @@ -651,14 +671,20 @@ class Firewall_global(ConfigBase): cmd = "delete firewall " else: cmd = "set firewall " - if attr and key != "group" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if ( + attr + and key != "group" + and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4") + ): cmd += "global-options " if key: cmd += key.replace("_", "-") + " " if attr: cmd += attr.replace("_", "-") if val and opr: - if key == "state_policy" and LooseVersion(get_os_version(self._module)) >= LooseVersion("1.4"): + if key == "state_policy" and LooseVersion(get_os_version(self._module)) >= LooseVersion( + "1.4", + ): cmd += "" else: cmd += " '" + str(val) + "'" diff --git a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py index 5c2ef6ca..bb6055b7 100644 --- a/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py +++ b/plugins/module_utils/network/vyos/config/firewall_rules/firewall_rules.py @@ -1167,13 +1167,19 @@ class Firewall_rules(ConfigBase): return True elif isinstance(w, list) and isinstance(rs, list): try: - sorted_list1 = sorted(w, key=lambda x: str(x)) # pylint: disable=unnecessary-lambda - sorted_list2 = sorted( - rs, - key=lambda x: str(x), # pylint: disable=unnecessary-lambda - ) + def comparison(x): + if 'name' in x: + return x['name'] + if 'number' in x: + return x['number'] + return str(x) + + sorted_list1 = sorted(w, key=comparison) + sorted_list2 = sorted(rs, key=comparison) except TypeError: return False + if len(sorted_list1) != len(sorted_list2): + return False return all(self._is_same_rs(x, y) for x, y in zip(sorted_list1, sorted_list2)) else: return w == rs diff --git a/plugins/module_utils/network/vyos/vyos.py b/plugins/module_utils/network/vyos/vyos.py index 1430b1b1..f37294e6 100644 --- a/plugins/module_utils/network/vyos/vyos.py +++ b/plugins/module_utils/network/vyos/vyos.py @@ -34,6 +34,7 @@ import json from ansible.module_utils._text import to_text from ansible.module_utils.connection import Connection, ConnectionError + _DEVICE_CONFIGS = {} @@ -68,8 +69,8 @@ def get_config(module, flags=None, format=None): flags = [] if flags is None else flags global _DEVICE_CONFIGS - if _DEVICE_CONFIGS != {}: - return _DEVICE_CONFIGS + if _DEVICE_CONFIGS != {} or module.params["match"] == "none": + return to_text(_DEVICE_CONFIGS) else: connection = get_connection(module) try: diff --git a/plugins/modules/vyos_config.py b/plugins/modules/vyos_config.py index 60be02c8..c6bc9959 100644 --- a/plugins/modules/vyos_config.py +++ b/plugins/modules/vyos_config.py @@ -286,6 +286,7 @@ def sanitize_config(config, result): def run(module, result): # get the current active config from the node or passed in via # the config param + config = module.params["config"] or get_config(module) # create the candidate config object from the arguments @@ -360,7 +361,7 @@ def main(): diff = run_commands(module, commands=["configure", "compare saved"])[1] if diff not in { "[edit]", - "No changes between working and saved configurations.\n\n[edit]" + "No changes between working and saved configurations.\n\n[edit]", }: if not module.check_mode: run_commands(module, commands=["save"]) diff --git a/tests/integration/targets/vyos_config/tests/cli/save.yaml b/tests/integration/targets/vyos_config/tests/cli/save.yaml index e8a9035b..b39ef957 100644 --- a/tests/integration/targets/vyos_config/tests/cli/save.yaml +++ b/tests/integration/targets/vyos_config/tests/cli/save.yaml @@ -6,7 +6,7 @@ lines: set system host-name {{ inventory_hostname_short }} match: none -- name: configure hostaname and save +- name: configure hostname and save register: result vyos.vyos.vyos_config: lines: set system host-name foo @@ -17,7 +17,7 @@ - result.changed == true - "'set system host-name foo' in result.commands" -- name: configure hostaname and don't save +- name: configure hostname and don't save register: result vyos.vyos.vyos_config: lines: set system host-name bar diff --git a/tests/integration/targets/vyos_config/tests/cli/simple.yaml b/tests/integration/targets/vyos_config/tests/cli/simple.yaml index 3db59270..1559fa2b 100644 --- a/tests/integration/targets/vyos_config/tests/cli/simple.yaml +++ b/tests/integration/targets/vyos_config/tests/cli/simple.yaml @@ -25,6 +25,17 @@ that: - result.changed == false +- name: configure simple config command while match = 'none' + register: result + vyos.vyos.vyos_config: + lines: set system host-name foo + match: none + +- assert: + that: + - result.changed == true + - "'set system host-name foo' in result.commands" + - name: Delete services vyos.vyos.vyos_config: &id001 lines: diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml index 45bd9b6a..cbc994ba 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/_populate.yaml @@ -9,6 +9,8 @@ config: |- {% for intf in ('eth1','eth2') %} set interfaces ethernet "{{ intf }}" description 'Configured by Ansible' + set interfaces ethernet "{{ intf }}" speed 'auto' + set interfaces ethernet "{{ intf }}" duplex 'auto' set interfaces ethernet "{{ intf }}" mtu '1500' set interfaces ethernet "{{ intf }}" vif 200 set interfaces ethernet "{{ intf }}" vif 200 description 'VIF - 200' diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml index 620bf53f..9f0734b4 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/deleted.yaml @@ -17,17 +17,17 @@ - name: Assert that the before dicts were correctly generated assert: that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + - populate | symmetric_difference(result['before']) |length == 0 - name: Assert that the correct set of commands were generated assert: that: - - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - deleted['commands'] | symmetric_difference(result['commands']) |length == 0 - name: Assert that the after dicts were correctly generated assert: that: - - "{{ deleted['after'] | symmetric_difference(result['after']) |length == 0 }}" + - deleted['after'] | symmetric_difference(result['after']) |length == 0 - name: Delete attributes of given interfaces (IDEMPOTENT) register: result @@ -41,6 +41,6 @@ - name: Assert that the before dicts were correctly generated assert: that: - - "{{ deleted['after'] | symmetric_difference(result['before']) |length == 0 }}" + - deleted['after'] | symmetric_difference(result['before']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml index 88e53762..46a0e166 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/gathered.yaml @@ -14,7 +14,7 @@ - name: Assert that gathered dicts was correctly generated assert: that: - - "{{ populate | symmetric_difference(result['gathered']) |length == 0 }}" + - populate | symmetric_difference(result['gathered']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml index 5c719b39..decdeca2 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/merged.yaml @@ -12,6 +12,8 @@ - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 + speed: auto + duplex: auto vifs: - vlan_id: 100 description: Eth1 - VIF 100 @@ -28,17 +30,17 @@ - name: Assert that before dicts were correctly generated assert: - that: "{{ merged['before'] | symmetric_difference(result['before']) |length == 0 }}" + that: merged['before'] | symmetric_difference(result['before']) |length == 0 - name: Assert that correct set of commands were generated assert: that: - - "{{ merged['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - merged['commands'] | symmetric_difference(result['commands']) |length == 0 - name: Assert that after dicts was correctly generated assert: that: - - "{{ merged['after'] | symmetric_difference(result['after']) |length == 0 }}" + - merged['after'] | symmetric_difference(result['after']) |length == 0 - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) register: result @@ -52,6 +54,6 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ merged['after'] | symmetric_difference(result['before']) |length == 0 }}" + - merged['after'] | symmetric_difference(result['before']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml index 7e86d3e4..5d87ab68 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/overridden.yaml @@ -21,17 +21,17 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" + - populate | symmetric_difference(result['before']) |length == 0 - name: Assert that correct commands were generated assert: that: - - "{{ overridden['commands'] | symmetric_difference(result['commands']) |length == 0 }}" + - overridden['commands'] | symmetric_difference(result['commands']) |length == 0 - name: Assert that after dicts were correctly generated assert: that: - - "{{ overridden['after'] | symmetric_difference(result['after']) |length == 0 }}" + - overridden['after'] | symmetric_difference(result['after']) |length == 0 - name: Overrides all device configuration with provided configurations (IDEMPOTENT) register: result @@ -45,6 +45,6 @@ - name: Assert that before dicts were correctly generated assert: that: - - "{{ overridden['after'] | symmetric_difference(result['before']) |length == 0 }}" + - overridden['after'] | symmetric_difference(result['before']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml index 0ebfd322..329d6b50 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/parsed.yaml @@ -11,4 +11,4 @@ - name: Assert that config was correctly parsed assert: that: - - "{{ parsed['after'] | symmetric_difference(result['parsed']) |length == 0 }}" + - parsed['after'] | symmetric_difference(result['parsed']) |length == 0 diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml index c03347fa..7b66c50e 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/rendered.yaml @@ -11,9 +11,13 @@ config: - name: eth0 enabled: true + duplex: auto + speed: auto - name: eth1 description: Configured by Ansible - Interface 1 mtu: 1500 + duplex: auto + speed: auto enabled: true vifs: - vlan_id: 100 diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml index 9d0a3a8b..5cfa4523 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/replaced.yaml @@ -25,17 +25,11 @@ that: - replaced['commands'] | symmetric_difference(result['commands']) |length == 0 - - debug: - var: populate | symmetric_difference(result['before']) - - name: Assert that before dicts are correctly generated assert: that: - populate | symmetric_difference(result['before']) |length == 0 - - debug: - var: replaced['after'] | symmetric_difference(result['after']) - - name: Assert that after dict is correctly generated assert: that: diff --git a/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml b/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml index cfe1b0f0..e6753cba 100644 --- a/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml +++ b/tests/integration/targets/vyos_interfaces/tests/cli/rtt.yaml @@ -11,6 +11,8 @@ config: - name: eth0 enabled: true + duplex: auto + speed: auto - name: eth1 description: Interface - 1 @@ -62,7 +64,7 @@ - name: Assert that changes were applied assert: - that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length == 0 }}" + that: round_trip['after'] | symmetric_difference(result['after']) |length == 0 - name: Revert back to base config using facts round trip register: revert @@ -72,6 +74,6 @@ - name: Assert that config was reverted assert: - that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length == 0 }}" + that: base_config['after'] | symmetric_difference(revert['after']) |length == 0 always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_interfaces/vars/main.yaml b/tests/integration/targets/vyos_interfaces/vars/main.yaml index 4e66747b..c65771f2 100644 --- a/tests/integration/targets/vyos_interfaces/vars/main.yaml +++ b/tests/integration/targets/vyos_interfaces/vars/main.yaml @@ -12,6 +12,8 @@ merged: commands: - set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1' - set interfaces ethernet eth1 mtu '1500' + - set interfaces ethernet eth1 duplex 'auto' + - set interfaces ethernet eth1 speed 'auto' - set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100' - set interfaces ethernet eth1 vif 100 mtu '1404' - set interfaces ethernet eth1 vif 101 description 'Eth1 - VIF 101' @@ -27,6 +29,8 @@ merged: description: Configured by Ansible - Interface 1 mtu: 1500 enabled: true + duplex: auto + speed: auto vifs: - vlan_id: 100 description: Eth1 - VIF 100 @@ -44,6 +48,8 @@ populate: enabled: true description: Configured by Ansible mtu: 1500 + duplex: auto + speed: auto vifs: - vlan_id: 200 enabled: true @@ -52,6 +58,8 @@ populate: enabled: true description: Configured by Ansible mtu: 1500 + duplex: auto + speed: auto vifs: - vlan_id: 200 enabled: true @@ -63,10 +71,14 @@ populate: replaced: commands: - delete interfaces ethernet eth1 mtu + - delete interfaces ethernet eth1 speed + - delete interfaces ethernet eth1 duplex - delete interfaces ethernet eth1 vif 200 - set interfaces ethernet eth1 description 'Replaced by Ansible' - set interfaces ethernet eth1 vif 100 description 'VIF 100 - Replaced by Ansible' - delete interfaces ethernet eth2 vif 200 + - delete interfaces ethernet eth2 speed + - delete interfaces ethernet eth2 duplex - set interfaces ethernet eth2 description 'Replaced by Ansible' - set interfaces ethernet eth2 mtu '1400' after: @@ -107,8 +119,12 @@ overridden: commands: - delete interfaces ethernet eth1 description - delete interfaces ethernet eth1 mtu + - delete interfaces ethernet eth1 speed + - delete interfaces ethernet eth1 duplex - delete interfaces ethernet eth1 vif 200 - delete interfaces ethernet eth2 vif 200 + - delete interfaces ethernet eth2 speed + - delete interfaces ethernet eth2 duplex - set interfaces ethernet eth2 description 'Overridden by Ansible' - set interfaces ethernet eth2 mtu '1402' after: @@ -124,6 +140,10 @@ overridden: mtu: 1402 rendered: commands: + - set interfaces ethernet eth0 duplex 'auto' + - set interfaces ethernet eth0 speed 'auto' + - set interfaces ethernet eth1 duplex 'auto' + - set interfaces ethernet eth1 speed 'auto' - set interfaces ethernet eth1 description 'Configured by Ansible - Interface 1' - set interfaces ethernet eth1 mtu '1500' - set interfaces ethernet eth1 vif 100 description 'Eth1 - VIF 100' @@ -137,9 +157,13 @@ deleted: - delete interfaces ethernet eth1 description - delete interfaces ethernet eth1 mtu - delete interfaces ethernet eth1 vif 200 + - delete interfaces ethernet eth1 speed + - delete interfaces ethernet eth1 duplex - delete interfaces ethernet eth2 description - delete interfaces ethernet eth2 mtu - delete interfaces ethernet eth2 vif 200 + - delete interfaces ethernet eth2 speed + - delete interfaces ethernet eth2 duplex after: - name: eth0 enabled: true @@ -149,6 +173,7 @@ deleted: enabled: true - name: eth2 enabled: true + round_trip: after: - name: eth0 diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg index f54a03dc..464f132f 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg @@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1 set firewall group address-group RND-HOSTS address 192.0.2.3 set firewall group address-group RND-HOSTS address 192.0.2.5 set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group address-group DELETE-HOSTS address 1.2.3.4 +set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests' set firewall group ipv6-address-group LOCAL-v6 address ::1 set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1 set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg index 0a1247dd..ad60b45c 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg @@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1 set firewall group address-group RND-HOSTS address 192.0.2.3 set firewall group address-group RND-HOSTS address 192.0.2.5 set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group address-group DELETE-HOSTS address 1.2.3.4 +set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests' set firewall group ipv6-address-group LOCAL-v6 address ::1 set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1 set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg index 6c248d2b..3ad6ec97 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config.cfg @@ -14,3 +14,8 @@ set firewall name EGRESS default-action 'reject' set firewall ipv6-name EGRESS default-action 'reject' set firewall ipv6-name EGRESS rule 20 set firewall ipv6-name EGRESS rule 20 icmpv6 type 'echo-request' +set firewall name MULTIPLE-RULE default-action 'drop' +set firewall name MULTIPLE-RULE rule 1 action 'accept' +set firewall name MULTIPLE-RULE rule 1 protocol 'all' +set firewall name MULTIPLE-RULE rule 2 action 'drop' +set firewall name MULTIPLE-RULE rule 2 protocol 'all'
\ No newline at end of file diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg index e82e3903..7f63dd78 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_rules_config_v14.cfg @@ -32,3 +32,8 @@ set firewall ipv4 name IF-TEST rule 10 inbound-interface name 'eth0' set firewall ipv4 name IF-TEST rule 10 outbound-interface group 'the-ethers' set firewall ipv4 name IF-TEST rule 10 icmp type-name 'echo-request' set firewall ipv4 name IF-TEST rule 10 state 'related' +set firewall ipv4 name MULTIPLE-RULE default-action 'drop' +set firewall ipv4 name MULTIPLE-RULE rule 1 action 'accept' +set firewall ipv4 name MULTIPLE-RULE rule 1 protocol 'all' +set firewall ipv4 name MULTIPLE-RULE rule 2 action 'drop' +set firewall ipv4 name MULTIPLE-RULE rule 2 protocol 'all'
\ No newline at end of file diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py index 481cc1dd..db67ab2c 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py @@ -269,6 +269,12 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + # No members here + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", @@ -309,6 +315,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule): "delete firewall send-redirects", "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "delete firewall group address-group DELETE-HOSTS address", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", "delete firewall group network-group RND description", @@ -376,6 +383,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ), ) commands = [ + "delete firewall group address-group DELETE-HOSTS", "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", "delete firewall ipv6-src-route", @@ -412,6 +420,14 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + members=[ + dict(address='1.2.3.4'), + ] + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py index aae4aa83..0b85e62d 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py @@ -272,6 +272,12 @@ class TestVyosFirewallRulesModule14(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + # No members here + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", @@ -310,6 +316,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): commands = [ "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "delete firewall group address-group DELETE-HOSTS address", "delete firewall global-options all-ping", "delete firewall global-options state-policy related", "delete firewall global-options ipv6-src-route", @@ -350,6 +357,14 @@ class TestVyosFirewallRulesModule14(TestVyosModule): ], ), dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + members=[ + dict(address='1.2.3.4'), + ] + ), + dict( afi="ipv6", name="LOCAL-v6", description="This group has the hosts address lists of this machine", @@ -451,6 +466,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall global-options send-redirects", "set firewall global-options state-policy related action 'drop'", "delete firewall global-options state-policy related log-level", + "delete firewall group address-group DELETE-HOSTS", "set firewall global-options state-policy invalid action 'reject'", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py index 101f389e..9a25198f 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules13.py @@ -1057,6 +1057,17 @@ class TestVyosFirewallRulesModule13(TestVyosModule): ), ], ), + dict( + name="MULTIPLE-RULE", + default_action="drop", + rules=[ + dict( + number="1", + action="accept", + protocol="all", + ), + ], + ), ], ), dict( @@ -1083,6 +1094,11 @@ class TestVyosFirewallRulesModule13(TestVyosModule): "delete firewall ipv6-name EGRESS", "delete firewall name V4-INGRESS", "delete firewall name EGRESS", + "delete firewall name MULTIPLE-RULE", + "set firewall name MULTIPLE-RULE default-action 'drop'", + "set firewall name MULTIPLE-RULE rule 1", + "set firewall name MULTIPLE-RULE rule 1 action 'accept'", + "set firewall name MULTIPLE-RULE rule 1 protocol 'all'", "set firewall name V4-IN default-action 'accept'", "set firewall name V4-IN description 'This is IPv4 INGRESS rule set'", "set firewall name V4-IN enable-default-log", @@ -1159,6 +1175,7 @@ class TestVyosFirewallRulesModule13(TestVyosModule): "delete firewall ipv6-name EGRESS", "delete firewall name V4-INGRESS", "delete firewall name EGRESS", + "delete firewall name MULTIPLE-RULE", "set firewall name V4-INGRESS rule 101", "set firewall name V4-INGRESS description 'This is IPv4 INGRESS rule set'", "set firewall name V4-INGRESS default-action 'accept'", @@ -1204,6 +1221,22 @@ class TestVyosFirewallRulesModule13(TestVyosModule): name="EGRESS", default_action="reject", ), + dict( + name="MULTIPLE-RULE", + default_action="drop", + rules=[ + dict( + number="1", + action="accept", + protocol="all", + ), + dict( + number="2", + action="drop", + protocol="all", + ), + ], + ), ], ), dict( diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py index 547b8f45..64884282 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_rules14.py @@ -1418,6 +1418,17 @@ class TestVyosFirewallRulesModule14(TestVyosModule): ), ], ), + dict( + name="MULTIPLE-RULE", + default_action="drop", + rules=[ + dict( + number="1", + action="accept", + protocol="all", + ), + ], + ), ], ), dict( @@ -1444,11 +1455,16 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall ipv6 name EGRESS", "delete firewall ipv4 name V4-INGRESS", "delete firewall ipv4 name EGRESS", + "delete firewall ipv4 name MULTIPLE-RULE", "delete firewall ipv4 input filter", "delete firewall ipv4 output filter", "delete firewall ipv6 input filter", "delete firewall ipv6 output filter", "delete firewall ipv4 name IF-TEST", + "set firewall ipv4 name MULTIPLE-RULE default-action 'drop'", + "set firewall ipv4 name MULTIPLE-RULE rule 1", + "set firewall ipv4 name MULTIPLE-RULE rule 1 action 'accept'", + "set firewall ipv4 name MULTIPLE-RULE rule 1 protocol 'all'", "set firewall ipv4 name V4-IN default-action 'accept'", "set firewall ipv4 name V4-IN description 'This is IPv4 INGRESS rule set'", "set firewall ipv4 name V4-IN default-log", @@ -1530,6 +1546,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall ipv6 input filter", "delete firewall ipv6 output filter", "delete firewall ipv4 name IF-TEST", + "delete firewall ipv4 name MULTIPLE-RULE", "set firewall ipv4 name V4-INGRESS rule 101", "set firewall ipv4 name V4-INGRESS default-log", "set firewall ipv4 name V4-INGRESS description 'This is IPv4 INGRESS rule set'", @@ -1609,6 +1626,22 @@ class TestVyosFirewallRulesModule14(TestVyosModule): name="EGRESS", default_action="reject", ), + dict( + name="MULTIPLE-RULE", + default_action="drop", + rules=[ + dict( + number="1", + action="accept", + protocol="all", + ), + dict( + number="2", + action="drop", + protocol="all", + ), + ], + ), ], ), dict( diff --git a/tests/unit/modules/utils.py b/tests/unit/modules/utils.py index 6489f13f..e2d17abd 100644 --- a/tests/unit/modules/utils.py +++ b/tests/unit/modules/utils.py @@ -20,6 +20,9 @@ def set_module_args(args): args = json.dumps({"ANSIBLE_MODULE_ARGS": args}) basic._ANSIBLE_ARGS = to_bytes(args) + profile = "legacy" + basic._ANSIBLE_PROFILE = profile + class AnsibleExitJson(Exception): pass |