summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changelogs/fragments/T7260-remove-last-firewall-group-member.yaml3
-rw-r--r--plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py10
-rw-r--r--tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg2
-rw-r--r--tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg2
-rw-r--r--tests/unit/modules/network/vyos/test_vyos_firewall_global.py16
-rw-r--r--tests/unit/modules/network/vyos/test_vyos_firewall_global14.py16
6 files changed, 49 insertions, 0 deletions
diff --git a/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml b/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml
new file mode 100644
index 00000000..78e07356
--- /dev/null
+++ b/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml
@@ -0,0 +1,3 @@
+---
+bugfixes:
+ - vyos_firewall_global - Fix removing last member of a firewall group.
diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py
index e2a25e32..b7bff53e 100644
--- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py
+++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py
@@ -373,6 +373,8 @@ class Firewall_global(ConfigBase):
)
elif not opr and key in l_set:
if key == "name" and self._is_grp_del(h, want, key):
+ if commands[-1] == cmd + " " + want["name"] + " " + self._grp_type(attr):
+ commands.pop()
commands.append(cmd + " " + want["name"])
continue
if not (h and in_target_not_none(h, key)) and not self._is_grp_del(h, want, "name"):
@@ -435,6 +437,14 @@ class Firewall_global(ConfigBase):
+ " "
+ member[self._get_mem_type(type)],
)
+ elif not opr and not have:
+ commands.append(
+ cmd
+ + " "
+ + name
+ + " "
+ + self._grp_type(type),
+ )
return commands
def _get_mem_type(self, group):
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg
index f54a03dc..464f132f 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg
@@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1
set firewall group address-group RND-HOSTS address 192.0.2.3
set firewall group address-group RND-HOSTS address 192.0.2.5
set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists'
+set firewall group address-group DELETE-HOSTS address 1.2.3.4
+set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests'
set firewall group ipv6-address-group LOCAL-v6 address ::1
set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1
set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine'
diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg
index 0a1247dd..ad60b45c 100644
--- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg
+++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg
@@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1
set firewall group address-group RND-HOSTS address 192.0.2.3
set firewall group address-group RND-HOSTS address 192.0.2.5
set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists'
+set firewall group address-group DELETE-HOSTS address 1.2.3.4
+set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests'
set firewall group ipv6-address-group LOCAL-v6 address ::1
set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1
set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine'
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py
index 481cc1dd..db67ab2c 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py
@@ -269,6 +269,12 @@ class TestVyosFirewallGlobalModule(TestVyosModule):
],
),
dict(
+ afi="ipv4",
+ name="DELETE-HOSTS",
+ description="The (single) last address from this group will be deleted in the tests",
+ # No members here
+ ),
+ dict(
afi="ipv6",
name="LOCAL-v6",
description="This group has the hosts address lists of this machine",
@@ -309,6 +315,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule):
"delete firewall send-redirects",
"delete firewall group address-group RND-HOSTS address 192.0.2.3",
"delete firewall group address-group RND-HOSTS address 192.0.2.5",
+ "delete firewall group address-group DELETE-HOSTS address",
"set firewall group address-group RND-HOSTS address 192.0.2.7",
"set firewall group address-group RND-HOSTS address 192.0.2.9",
"delete firewall group network-group RND description",
@@ -376,6 +383,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule):
),
)
commands = [
+ "delete firewall group address-group DELETE-HOSTS",
"delete firewall group address-group RND-HOSTS address 192.0.2.3",
"delete firewall group address-group RND-HOSTS address 192.0.2.5",
"delete firewall ipv6-src-route",
@@ -412,6 +420,14 @@ class TestVyosFirewallGlobalModule(TestVyosModule):
],
),
dict(
+ afi="ipv4",
+ name="DELETE-HOSTS",
+ description="The (single) last address from this group will be deleted in the tests",
+ members=[
+ dict(address='1.2.3.4'),
+ ]
+ ),
+ dict(
afi="ipv6",
name="LOCAL-v6",
description="This group has the hosts address lists of this machine",
diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py
index aae4aa83..0b85e62d 100644
--- a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py
+++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py
@@ -272,6 +272,12 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
],
),
dict(
+ afi="ipv4",
+ name="DELETE-HOSTS",
+ description="The (single) last address from this group will be deleted in the tests",
+ # No members here
+ ),
+ dict(
afi="ipv6",
name="LOCAL-v6",
description="This group has the hosts address lists of this machine",
@@ -310,6 +316,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
commands = [
"delete firewall group address-group RND-HOSTS address 192.0.2.3",
"delete firewall group address-group RND-HOSTS address 192.0.2.5",
+ "delete firewall group address-group DELETE-HOSTS address",
"delete firewall global-options all-ping",
"delete firewall global-options state-policy related",
"delete firewall global-options ipv6-src-route",
@@ -350,6 +357,14 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
],
),
dict(
+ afi="ipv4",
+ name="DELETE-HOSTS",
+ description="The (single) last address from this group will be deleted in the tests",
+ members=[
+ dict(address='1.2.3.4'),
+ ]
+ ),
+ dict(
afi="ipv6",
name="LOCAL-v6",
description="This group has the hosts address lists of this machine",
@@ -451,6 +466,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule):
"delete firewall global-options send-redirects",
"set firewall global-options state-policy related action 'drop'",
"delete firewall global-options state-policy related log-level",
+ "delete firewall group address-group DELETE-HOSTS",
"set firewall global-options state-policy invalid action 'reject'",
"set firewall group address-group RND-HOSTS address 192.0.2.7",
"set firewall group address-group RND-HOSTS address 192.0.2.9",
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-25 06:34:24 +0000