summaryrefslogtreecommitdiff
path: root/tests/integration/targets/vyos_firewall_rules
diff options
context:
space:
mode:
Diffstat (limited to 'tests/integration/targets/vyos_firewall_rules')
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/diff_mode.yaml61
-rw-r--r--tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml139
-rw-r--r--tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml148
3 files changed, 348 insertions, 0 deletions
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/diff_mode.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/diff_mode.yaml
new file mode 100644
index 00000000..43f3c88b
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/diff_mode.yaml
@@ -0,0 +1,61 @@
+---
+- debug:
+ msg: START vyos_firewall_rules diff mode integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _populate.yaml
+
+- block:
+ - name: Replace device configurations - No Diff
+ register: result
+ diff: true
+ vyos.vyos.vyos_firewall_rules:
+ config: "{{ populate }}"
+
+ - name: Assert No Diff
+ assert:
+ that:
+ - result['changed'] == false
+ - result.diff is not defined
+
+ - name: Replace single rule's attribute and register Diff
+ register: result
+ diff: true
+ vyos.vyos.vyos_firewall_rules:
+ config: "{{ replaced_diff_01.config }}"
+ state: replaced
+
+ - name: Assert - Diff for a single rule and attribute
+ assert:
+ that:
+ - result['changed'] == true
+ - result.diff.prepared == "{{ replaced_diff_01.diff.rstrip() }}"
+
+ - name: Replace single rule's multiple attributes and register Diff
+ register: result
+ diff: true
+ vyos.vyos.vyos_firewall_rules:
+ config: "{{ replaced_diff_02.config }}"
+ state: replaced
+
+ - name: Assert - Diff for a single rule and multiple attributes
+ assert:
+ that:
+ - result['changed'] == true
+ - result.diff.prepared == "{{ replaced_diff_02.diff.rstrip() }}"
+
+ - name: Replace attributes in multiple rules and register Diff
+ register: result
+ diff: true
+ vyos.vyos.vyos_firewall_rules:
+ config: "{{ replaced_diff_03.config }}"
+ state: replaced
+
+ - name: Assert - Diff for a single rule and multiple attributes
+ assert:
+ that:
+ - result['changed'] == true
+ - result.diff.prepared == "{{ replaced_diff_03.diff.rstrip() }}"
+ always:
+ - include_tasks: _remove_config.yaml
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml b/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml
index c7d7398b..825afe67 100644
--- a/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml
@@ -128,3 +128,142 @@ state_dict:
new: false
invalid: false
related: true
+
+replaced_diff_01:
+ config:
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ protocol: tcp
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ protocol: tcp
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: reject
+ description: Rule 101 is configured by Ansible
+ protocol: tcp
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ protocol: tcp
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state: "{{ state_dict }}"
+ diff: |-
+ [edit firewall name INBOUND rule 101]
+ >action reject
+
+ [edit]
+
+replaced_diff_02:
+ config:
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ protocol: tcp
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ protocol: tcp
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: reject
+ description: Rule 101 is configured by Ansible
+ protocol: tcp
+ - number: 102
+ action: accept
+ description: Rule 102 is configured by Ansible
+ protocol: udp
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state: "{{ state_dict }}"
+ diff: |-
+ [edit firewall name INBOUND rule 102]
+ >action accept
+ >protocol udp
+
+ [edit]
+
+replaced_diff_03:
+ config:
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: reject
+ description: Fwipv6-Rule 1 is configured by Ansible
+ protocol: udp
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ protocol: tcp
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: reject
+ description: Rule 101 is configured by Ansible
+ protocol: tcp
+ - number: 102
+ action: accept
+ description: Rule 102 is configured by Ansible
+ protocol: tcp
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state: "{{ state_dict }}"
+ diff: |-
+ [edit firewall ipv6-name UPLINK rule 1]
+ >action reject
+ >protocol udp
+ [edit firewall name INBOUND rule 102]
+ >protocol tcp
+
+ [edit]
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml b/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
index 08675983..20ee461b 100644
--- a/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
@@ -120,3 +120,151 @@ deleted_afi_all:
state_dict:
established: true
related: true
+
+replaced_diff_01:
+ config:
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ protocol: tcp
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ protocol: tcp
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: reject
+ description: Rule 101 is configured by Ansible
+ protocol: tcp
+ - number: 102
+ action: reject
+ description: Rule 102 is configured by Ansible
+ protocol: tcp
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state: "{{ state_dict }}"
+ diff: |-
+ [firewall ipv4 name INBOUND rule 101]
+ - action \"accept\"
+ + action \"reject\"
+
+
+ [edit]
+
+replaced_diff_02:
+ config:
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: accept
+ description: Fwipv6-Rule 1 is configured by Ansible
+ protocol: tcp
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ protocol: tcp
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: reject
+ description: Rule 101 is configured by Ansible
+ protocol: tcp
+ - number: 102
+ action: accept
+ description: Rule 102 is configured by Ansible
+ protocol: udp
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state: "{{ state_dict }}"
+ diff: |-
+ [firewall ipv4 name INBOUND rule 102]
+ - action \"reject\"
+ + action \"accept\"
+ - protocol \"tcp\"
+ + protocol \"udp\"
+
+
+ [edit]
+
+replaced_diff_03:
+ config:
+ - afi: ipv6
+ rule_sets:
+ - name: UPLINK
+ description: This is ipv6 specific rule-set
+ default_action: accept
+ rules:
+ - number: 1
+ action: reject
+ description: Fwipv6-Rule 1 is configured by Ansible
+ protocol: udp
+ - number: 2
+ action: accept
+ description: Fwipv6-Rule 2 is configured by Ansible
+ protocol: tcp
+ - afi: ipv4
+ rule_sets:
+ - name: INBOUND
+ description: IPv4 INBOUND rule set
+ default_action: accept
+ rules:
+ - number: 101
+ action: reject
+ description: Rule 101 is configured by Ansible
+ protocol: tcp
+ - number: 102
+ action: accept
+ description: Rule 102 is configured by Ansible
+ protocol: tcp
+ - number: 103
+ action: accept
+ description: Rule 103 is configured by Ansible
+ destination:
+ group:
+ address_group: inbound
+ source:
+ address: 192.0.2.0
+ state: "{{ state_dict }}"
+ diff: |-
+ [firewall ipv4 name INBOUND rule 102]
+ - protocol \"udp\"
+ + protocol \"tcp\"
+ [firewall ipv6 name UPLINK rule 1]
+ - action \"accept\"
+ + action \"reject\"
+ - protocol \"tcp\"
+ + protocol \"udp\"
+
+
+ [edit]
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-04 03:13:35 +0000