summaryrefslogtreecommitdiff
path: root/tests/integration/targets/vyos_firewall_rules
diff options
context:
space:
mode:
Diffstat (limited to 'tests/integration/targets/vyos_firewall_rules')
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/_get_version.yaml31
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_3.cfg (renamed from tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg)8
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_4.cfg23
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml38
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml12
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml2
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml2
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml2
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml8
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml8
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml21
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml4
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml4
-rw-r--r--tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml10
-rw-r--r--tests/integration/targets/vyos_firewall_rules/vars/main.yaml161
-rw-r--r--tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml130
-rw-r--r--tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml123
17 files changed, 398 insertions, 189 deletions
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_get_version.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/_get_version.yaml
new file mode 100644
index 0000000..dda9fcc
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_get_version.yaml
@@ -0,0 +1,31 @@
+- name: make sure to get facts
+ vyos.vyos.vyos_facts:
+ vars:
+ ansible_connection: ansible.netcommon.network_cli
+ register: vyos_facts
+ when: vyos_version is not defined
+
+- name: debug vyos_facts
+ debug:
+ var: vyos_facts
+
+- name: pull version from facts
+ set_fact:
+ vyos_version: "{{ vyos_facts.ansible_facts.ansible_net_version.split('-')[0].split(' ')[-1] }}"
+ when: vyos_version is not defined
+
+- name: fix '.0' versions
+ set_fact:
+ vyos_version: "{{ vyos_version }}.0"
+ when: vyos_version.count('.') == 1
+
+- name: include correct vars
+ include_vars: pre-v1_4.yaml
+ when: vyos_version is version('1.4.0', '<', version_type='semver')
+
+- name: include correct vars
+ include_vars: v1_4.yaml
+ when: vyos_version is version('1.4.0', '>=', version_type='semver')
+
+- name: include common vars
+ include_vars: main.yaml
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_3.cfg
index b54c109..bb8bc23 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_3.cfg
@@ -3,18 +3,18 @@ set firewall ipv6-name UPLINK default-action 'accept'
set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
set firewall ipv6-name UPLINK rule 1 action 'accept'
set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
-set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
+set firewall ipv6-name UPLINK rule 1 protocol 'tcp'
set firewall ipv6-name UPLINK rule 2 action 'accept'
set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
-set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
+set firewall ipv6-name UPLINK rule 2 protocol 'tcp'
set firewall name INBOUND default-action 'accept'
set firewall name INBOUND description 'IPv4 INBOUND rule set'
set firewall name INBOUND rule 101 action 'accept'
set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
-set firewall name INBOUND rule 101 ipsec 'match-ipsec'
+set firewall name INBOUND rule 101 protocol 'tcp'
set firewall name INBOUND rule 102 action 'reject'
set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
-set firewall name INBOUND rule 102 ipsec 'match-ipsec'
+set firewall name INBOUND rule 102 protocol 'tcp'
set firewall name INBOUND rule 103 action 'accept'
set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
set firewall name INBOUND rule 103 destination group address-group 'inbound'
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_4.cfg b/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_4.cfg
new file mode 100644
index 0000000..315ae95
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config_1_4.cfg
@@ -0,0 +1,23 @@
+set firewall group address-group 'inbound'
+set firewall ipv6 name UPLINK default-action 'accept'
+set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+set firewall ipv6 name UPLINK rule 1 action 'accept'
+set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+set firewall ipv6 name UPLINK rule 1 protocol 'tcp'
+set firewall ipv6 name UPLINK rule 2 action 'accept'
+set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+set firewall ipv6 name UPLINK rule 2 protocol 'tcp'
+set firewall ipv4 name INBOUND default-action 'accept'
+set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+set firewall ipv4 name INBOUND rule 101 action 'accept'
+set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+set firewall ipv4 name INBOUND rule 101 protocol 'tcp'
+set firewall ipv4 name INBOUND rule 102 action 'reject'
+set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+set firewall ipv4 name INBOUND rule 102 protocol 'tcp'
+set firewall ipv4 name INBOUND rule 103 action 'accept'
+set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound'
+set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0'
+set firewall ipv4 name INBOUND rule 103 state established
+set firewall ipv4 name INBOUND rule 103 state related
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml
index 31e0d13..6c235be 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml
@@ -1,31 +1,11 @@
---
-- name: Setup
+- ansible.builtin.include_tasks: _remove_config.yaml
+
+- name: ensure facts
+ include_tasks: _get_version.yaml
+
+- name: Setup {{ vyos_version }}
+ vyos.vyos.vyos_config:
+ lines: "{{ populate_config }}"
vars:
- lines: |-
- set firewall group address-group 'inbound'
- set firewall ipv6-name UPLINK default-action 'accept'
- set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
- set firewall ipv6-name UPLINK rule 1 action 'accept'
- set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
- set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
- set firewall ipv6-name UPLINK rule 2 action 'accept'
- set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
- set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
- set firewall name INBOUND default-action 'accept'
- set firewall name INBOUND description 'IPv4 INBOUND rule set'
- set firewall name INBOUND rule 101 action 'accept'
- set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
- set firewall name INBOUND rule 101 ipsec 'match-ipsec'
- set firewall name INBOUND rule 102 action 'reject'
- set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
- set firewall name INBOUND rule 102 ipsec 'match-ipsec'
- set firewall name INBOUND rule 103 action 'accept'
- set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
- set firewall name INBOUND rule 103 destination group address-group 'inbound'
- set firewall name INBOUND rule 103 source address '192.0.2.0'
- set firewall name INBOUND rule 103 state established 'enable'
- set firewall name INBOUND rule 103 state invalid 'disable'
- set firewall name INBOUND rule 103 state new 'disable'
- set firewall name INBOUND rule 103 state related 'enable'
- ansible.netcommon.cli_config:
- config: "{{ lines }}"
+ ansible_connection: ansible.netcommon.network_cli
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml
index b4fc796..31f527f 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml
@@ -1,6 +1,10 @@
---
-- name: Remove Config
+- name: ensure facts
+ include_tasks: _get_version.yaml
+
+- name: Remove pre-existing firewall rules
+ vyos.vyos.vyos_config:
+ lines: "{{ remove_config }}"
+ ignore_errors: true
vars:
- lines: "delete firewall ipv6-name\ndelete firewall name\n"
- ansible.netcommon.cli_config:
- config: "{{ lines }}"
+ ansible_connection: ansible.netcommon.network_cli
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml
index 97b3ae8..2784c2d 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml
@@ -5,7 +5,7 @@
- include_tasks: _populate.yaml
- block:
- - name: Delete firewall rule set.
+ - name: Delete firewall rule set
register: result
vyos.vyos.vyos_firewall_rules: &id001
config:
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml
index c7a2278..3df19cd 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml
@@ -5,7 +5,7 @@
- include_tasks: _populate.yaml
- block:
- - name: Delete firewall rule.
+ - name: Delete firewall rule
register: result
vyos.vyos.vyos_firewall_rules: &id001
config:
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml
index c55a4c5..84c66bd 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml
@@ -5,7 +5,7 @@
- include_tasks: _populate.yaml
- block:
- - name: Delete all the firewall rules.
+ - name: Delete all the firewall rules
register: result
vyos.vyos.vyos_firewall_rules: &id001
config:
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml
index 674b437..27973d8 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml
@@ -20,12 +20,12 @@
- number: 1
action: accept
description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 2
action: accept
description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- afi: ipv4
rule_sets:
@@ -36,13 +36,13 @@
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
disabled: true
- number: 102
action: reject
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
disable: true
- number: 103
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml
index 6e1b3a3..3b64939 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml
@@ -20,14 +20,18 @@
- number: 501
action: accept
description: Rule 501 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 502
action: reject
description: Rule 502 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
state: overridden
+ - name: Print result
+ debug:
+ msg: "Result: {{ result }}"
+
- name: Assert that before dicts were correctly generated
assert:
that:
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml
index e6eae78..85a7c33 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml
@@ -2,13 +2,22 @@
- debug:
msg: START vyos_firewall_rules parsed integration tests on connection={{ ansible_connection }}
-- name: Parse externally provided Firewall rules config to agnostic model
- register: result
- vyos.vyos.vyos_firewall_rules:
- running_config: "{{ lookup('file', '_parsed_config.cfg') }}"
- state: parsed
+- name: ensure facts
+ include_tasks: _get_version.yaml
+
+- name: version {{ vyos_version }}
+ block:
+ - name: Parse externally provided Firewall rules config to agnostic model
+ register: result
+ vyos.vyos.vyos_firewall_rules:
+ running_config: "{{ lookup('file', parsed_config_file) }}"
+ state: parsed
+ - name: set result
+ set_fact:
+ parsed_result: "{{ result }}"
- name: Assert that config was correctly parsed
assert:
that:
- - "{{ parsed['after'] | symmetric_difference(result['parsed']) |length == 0 }}"
+ - parsed_result.changed == false
+ - "{{ parsed['after'] | symmetric_difference(parsed_result['parsed']) |length == 0 }}"
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml
index 36feb69..229ceb0 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml
@@ -24,12 +24,12 @@
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 102
action: reject
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 103
action: accept
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml
index 5959c22..b194462 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml
@@ -26,12 +26,12 @@
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 104
action: reject
description: Rule 104 is configured by Ansible
- ipsec: match-none
+ protocol: udp
state: replaced
- name: Assert that correct set of commands were generated
diff --git a/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml b/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml
index dcf5b28..be066f9 100644
--- a/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml
@@ -2,6 +2,8 @@
- debug:
msg: START vyos_firewall_rules round trip integration tests on connection={{ ansible_connection }}
+- include_tasks: _populate.yaml
+
- include_tasks: _remove_config.yaml
- block:
@@ -18,12 +20,12 @@
- number: 1
action: accept
description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 2
action: accept
description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- afi: ipv4
rule_sets:
@@ -34,12 +36,12 @@
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 102
action: reject
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
state: merged
- name: Gather firewall_rules facts
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml
index e2b3e10..c249b34 100644
--- a/tests/integration/targets/vyos_firewall_rules/vars/main.yaml
+++ b/tests/integration/targets/vyos_firewall_rules/vars/main.yaml
@@ -1,38 +1,7 @@
---
merged:
before: []
- commands:
- - set firewall ipv6-name UPLINK default-action 'accept'
- - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
- - set firewall ipv6-name UPLINK rule 1 action 'accept'
- - set firewall ipv6-name UPLINK rule 1
- - set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
- - set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec'
- - set firewall ipv6-name UPLINK rule 2 action 'accept'
- - set firewall ipv6-name UPLINK rule 2
- - set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
- - set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec'
- - set firewall name INBOUND default-action 'accept'
- - set firewall name INBOUND description 'IPv4 INBOUND rule set'
- - set firewall name INBOUND rule 101 action 'accept'
- - set firewall name INBOUND rule 101 disable
- - set firewall name INBOUND rule 101
- - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
- - set firewall name INBOUND rule 101 ipsec 'match-ipsec'
- - set firewall name INBOUND rule 102 action 'reject'
- - set firewall name INBOUND rule 102 disable
- - set firewall name INBOUND rule 102
- - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
- - set firewall name INBOUND rule 102 ipsec 'match-ipsec'
- - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
- - set firewall name INBOUND rule 103 destination group address-group inbound
- - set firewall name INBOUND rule 103
- - set firewall name INBOUND rule 103 source address 192.0.2.0
- - set firewall name INBOUND rule 103 state established enable
- - set firewall name INBOUND rule 103 state related enable
- - set firewall name INBOUND rule 103 state invalid disable
- - set firewall name INBOUND rule 103 state new disable
- - set firewall name INBOUND rule 103 action 'accept'
+ commands: "{{ merged_commands }}"
after:
- afi: ipv6
rule_sets:
@@ -43,11 +12,11 @@ merged:
- number: 1
action: accept
description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 2
action: accept
description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- afi: ipv4
rule_sets:
- name: INBOUND
@@ -57,13 +26,13 @@ merged:
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
disable: true
- number: 102
action: reject
disable: true
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 103
action: accept
description: Rule 103 is configured by Ansible
@@ -72,11 +41,8 @@ merged:
address_group: inbound
source:
address: 192.0.2.0
- state:
- established: true
- new: false
- invalid: false
- related: true
+ state: "{{ state_dict }}"
+
populate:
- afi: ipv6
rule_sets:
@@ -87,11 +53,11 @@ populate:
- number: 1
action: accept
description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 2
action: accept
description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- afi: ipv4
rule_sets:
- name: INBOUND
@@ -101,11 +67,11 @@ populate:
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 102
action: reject
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 103
action: accept
description: Rule 103 is configured by Ansible
@@ -114,21 +80,10 @@ populate:
address_group: inbound
source:
address: 192.0.2.0
- state:
- established: true
- new: false
- invalid: false
- related: true
+ state: "{{ state_dict }}"
+
replaced:
- commands:
- - delete firewall ipv6-name UPLINK rule 1
- - delete firewall ipv6-name UPLINK rule 2
- - delete firewall name INBOUND rule 102
- - delete firewall name INBOUND rule 103
- - set firewall name INBOUND rule 104 action 'reject'
- - set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
- - set firewall name INBOUND rule 104
- - set firewall name INBOUND rule 104 ipsec 'match-none'
+ commands: "{{ replaced_commands }}"
after:
- afi: ipv6
rule_sets:
@@ -144,11 +99,11 @@ replaced:
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 104
action: reject
description: Rule 104 is configured by Ansible
- ipsec: match-none
+ protocol: udp
overridden:
before:
- afi: ipv6
@@ -165,24 +120,12 @@ overridden:
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 104
action: reject
description: Rule 104 is configured by Ansible
- ipsec: match-none
- commands:
- - delete firewall ipv6-name UPLINK
- - delete firewall name INBOUND
- - set firewall name Downlink default-action 'accept'
- - set firewall name Downlink description 'IPv4 INBOUND rule set'
- - set firewall name Downlink rule 501 action 'accept'
- - set firewall name Downlink rule 501
- - set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
- - set firewall name Downlink rule 501 ipsec 'match-ipsec'
- - set firewall name Downlink rule 502 action 'reject'
- - set firewall name Downlink rule 502
- - set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
- - set firewall name Downlink rule 502 ipsec 'match-ipsec'
+ protocol: udp
+ commands: "{{ overridden_commands }}"
after:
- afi: ipv4
rule_sets:
@@ -193,11 +136,11 @@ overridden:
- number: 501
action: accept
description: Rule 501 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 502
action: reject
description: Rule 502 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
parsed:
after:
- afi: ipv6
@@ -209,11 +152,11 @@ parsed:
- number: 1
action: accept
description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 2
action: accept
description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- afi: ipv4
rule_sets:
- name: INBOUND
@@ -223,11 +166,11 @@ parsed:
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 102
action: reject
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 103
action: accept
description: Rule 103 is configured by Ansible
@@ -236,44 +179,8 @@ parsed:
address_group: inbound
source:
address: 192.0.2.0
- state:
- established: true
- new: false
- invalid: false
- related: true
-rendered:
- commands:
- - set firewall ipv6-name UPLINK default-action 'accept'
- - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
- - set firewall name INBOUND default-action 'accept'
- - set firewall name INBOUND description 'IPv4 INBOUND rule set'
- - set firewall name INBOUND rule 101 action 'accept'
- - set firewall name INBOUND rule 101
- - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
- - set firewall name INBOUND rule 101 ipsec 'match-ipsec'
- - set firewall name INBOUND rule 102 action 'reject'
- - set firewall name INBOUND rule 102
- - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
- - set firewall name INBOUND rule 102 ipsec 'match-ipsec'
- - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
- - set firewall name INBOUND rule 103 destination group address-group inbound
- - set firewall name INBOUND rule 103
- - set firewall name INBOUND rule 103 source address 192.0.2.0
- - set firewall name INBOUND rule 103 state established enable
- - set firewall name INBOUND rule 103 state related enable
- - set firewall name INBOUND rule 103 state invalid disable
- - set firewall name INBOUND rule 103 state new disable
- - set firewall name INBOUND rule 103 action 'accept'
-deleted_rs:
- commands:
- - delete firewall ipv6-name UPLINK
- - delete firewall name INBOUND
- after: []
-deleted_afi_all:
- commands:
- - delete firewall ipv6-name
- - delete firewall name
- after: []
+ state: "{{ state_dict }}"
+
round_trip:
after:
- afi: ipv6
@@ -285,11 +192,11 @@ round_trip:
- number: 1
action: accept
description: Fwipv6-Rule 1 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 2
action: accept
description: Fwipv6-Rule 2 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- afi: ipv4
rule_sets:
- name: INBOUND
@@ -299,18 +206,14 @@ round_trip:
- number: 101
action: accept
description: Rule 101 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 102
action: reject
description: Rule 102 is configured by Ansible
- ipsec: match-ipsec
+ protocol: tcp
- number: 103
action: accept
description: Rule 103 is configured by Ansible
source:
address: 192.0.2.0
- state:
- established: true
- new: false
- invalid: false
- related: true
+ state: "{{ state_dict }}"
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml b/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml
new file mode 100644
index 0000000..c7d7398
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_rules/vars/pre-v1_4.yaml
@@ -0,0 +1,130 @@
+---
+merged_commands:
+ - set firewall ipv6-name UPLINK default-action 'accept'
+ - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+ - set firewall ipv6-name UPLINK rule 1 action 'accept'
+ - set firewall ipv6-name UPLINK rule 1
+ - set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+ - set firewall ipv6-name UPLINK rule 1 protocol 'tcp'
+ - set firewall ipv6-name UPLINK rule 2 action 'accept'
+ - set firewall ipv6-name UPLINK rule 2
+ - set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+ - set firewall ipv6-name UPLINK rule 2 protocol 'tcp'
+ - set firewall name INBOUND default-action 'accept'
+ - set firewall name INBOUND description 'IPv4 INBOUND rule set'
+ - set firewall name INBOUND rule 101 action 'accept'
+ - set firewall name INBOUND rule 101 disable
+ - set firewall name INBOUND rule 101
+ - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+ - set firewall name INBOUND rule 101 protocol 'tcp'
+ - set firewall name INBOUND rule 102 action 'reject'
+ - set firewall name INBOUND rule 102 disable
+ - set firewall name INBOUND rule 102
+ - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+ - set firewall name INBOUND rule 102 protocol 'tcp'
+ - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+ - set firewall name INBOUND rule 103 destination group address-group inbound
+ - set firewall name INBOUND rule 103
+ - set firewall name INBOUND rule 103 source address 192.0.2.0
+ - set firewall name INBOUND rule 103 state established enable
+ - set firewall name INBOUND rule 103 state related enable
+ - set firewall name INBOUND rule 103 state invalid disable
+ - set firewall name INBOUND rule 103 state new disable
+ - set firewall name INBOUND rule 103 action 'accept'
+
+populate_config:
+ - set firewall group address-group 'inbound'
+ - set firewall ipv6-name UPLINK default-action 'accept'
+ - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+ - set firewall ipv6-name UPLINK rule 1 action 'accept'
+ - set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+ - set firewall ipv6-name UPLINK rule 1 protocol 'tcp'
+ - set firewall ipv6-name UPLINK rule 2 action 'accept'
+ - set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+ - set firewall ipv6-name UPLINK rule 2 protocol 'tcp'
+ - set firewall name INBOUND default-action 'accept'
+ - set firewall name INBOUND description 'IPv4 INBOUND rule set'
+ - set firewall name INBOUND rule 101 action 'accept'
+ - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+ - set firewall name INBOUND rule 101 protocol 'tcp'
+ - set firewall name INBOUND rule 102 action 'reject'
+ - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+ - set firewall name INBOUND rule 102 protocol 'tcp'
+ - set firewall name INBOUND rule 103 action 'accept'
+ - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+ - set firewall name INBOUND rule 103 destination group address-group 'inbound'
+ - set firewall name INBOUND rule 103 source address '192.0.2.0'
+ - set firewall name INBOUND rule 103 state established 'enable'
+ - set firewall name INBOUND rule 103 state invalid 'disable'
+ - set firewall name INBOUND rule 103 state new 'disable'
+ - set firewall name INBOUND rule 103 state related 'enable'
+
+remove_config:
+ - delete firewall name
+ - delete firewall ipv6-name
+
+parsed_config_file: "_parsed_config_1_3.cfg"
+
+replaced_commands:
+ - delete firewall ipv6-name UPLINK rule 1
+ - delete firewall ipv6-name UPLINK rule 2
+ - delete firewall name INBOUND rule 102
+ - delete firewall name INBOUND rule 103
+ - set firewall name INBOUND rule 104 action 'reject'
+ - set firewall name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
+ - set firewall name INBOUND rule 104
+ - set firewall name INBOUND rule 104 protocol 'udp'
+
+overridden_commands:
+ - delete firewall ipv6-name UPLINK
+ - delete firewall name INBOUND
+ - set firewall name Downlink default-action 'accept'
+ - set firewall name Downlink description 'IPv4 INBOUND rule set'
+ - set firewall name Downlink rule 501 action 'accept'
+ - set firewall name Downlink rule 501
+ - set firewall name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+ - set firewall name Downlink rule 501 protocol 'tcp'
+ - set firewall name Downlink rule 502 action 'reject'
+ - set firewall name Downlink rule 502
+ - set firewall name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+ - set firewall name Downlink rule 502 protocol 'tcp'
+
+rendered:
+ commands:
+ - set firewall ipv6-name UPLINK default-action 'accept'
+ - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set'
+ - set firewall name INBOUND default-action 'accept'
+ - set firewall name INBOUND description 'IPv4 INBOUND rule set'
+ - set firewall name INBOUND rule 101 action 'accept'
+ - set firewall name INBOUND rule 101
+ - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+ - set firewall name INBOUND rule 101 protocol 'tcp'
+ - set firewall name INBOUND rule 102 action 'reject'
+ - set firewall name INBOUND rule 102
+ - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+ - set firewall name INBOUND rule 102 protocol 'tcp'
+ - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+ - set firewall name INBOUND rule 103 destination group address-group inbound
+ - set firewall name INBOUND rule 103
+ - set firewall name INBOUND rule 103 source address 192.0.2.0
+ - set firewall name INBOUND rule 103 state established enable
+ - set firewall name INBOUND rule 103 state related enable
+ - set firewall name INBOUND rule 103 state invalid disable
+ - set firewall name INBOUND rule 103 state new disable
+ - set firewall name INBOUND rule 103 action 'accept'
+deleted_rs:
+ commands:
+ - delete firewall ipv6-name UPLINK
+ - delete firewall name INBOUND
+ after: []
+deleted_afi_all:
+ commands:
+ - delete firewall ipv6-name
+ - delete firewall name
+ after: []
+
+state_dict:
+ established: true
+ new: false
+ invalid: false
+ related: true
diff --git a/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml b/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
new file mode 100644
index 0000000..267803f
--- /dev/null
+++ b/tests/integration/targets/vyos_firewall_rules/vars/v1_4.yaml
@@ -0,0 +1,123 @@
+---
+merged_commands:
+ - set firewall ipv6 name UPLINK default-action 'accept'
+ - set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+ - set firewall ipv6 name UPLINK rule 1 action 'accept'
+ - set firewall ipv6 name UPLINK rule 1
+ - set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+ - set firewall ipv6 name UPLINK rule 1 protocol 'tcp'
+ - set firewall ipv6 name UPLINK rule 2 action 'accept'
+ - set firewall ipv6 name UPLINK rule 2
+ - set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+ - set firewall ipv6 name UPLINK rule 2 protocol 'tcp'
+ - set firewall ipv4 name INBOUND default-action 'accept'
+ - set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+ - set firewall ipv4 name INBOUND rule 101 action 'accept'
+ - set firewall ipv4 name INBOUND rule 101 disable
+ - set firewall ipv4 name INBOUND rule 101
+ - set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 101 protocol 'tcp'
+ - set firewall ipv4 name INBOUND rule 102 action 'reject'
+ - set firewall ipv4 name INBOUND rule 102 disable
+ - set firewall ipv4 name INBOUND rule 102
+ - set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 102 protocol 'tcp'
+ - set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 103 destination group address-group inbound
+ - set firewall ipv4 name INBOUND rule 103
+ - set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0
+ - set firewall ipv4 name INBOUND rule 103 state established
+ - set firewall ipv4 name INBOUND rule 103 state related
+ - set firewall ipv4 name INBOUND rule 103 action 'accept'
+
+populate_config:
+ - set firewall group address-group 'inbound'
+ - set firewall ipv6 name UPLINK default-action 'accept'
+ - set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+ - set firewall ipv6 name UPLINK rule 1 action 'accept'
+ - set firewall ipv6 name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible'
+ - set firewall ipv6 name UPLINK rule 1 protocol 'tcp'
+ - set firewall ipv6 name UPLINK rule 2 action 'accept'
+ - set firewall ipv6 name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible'
+ - set firewall ipv6 name UPLINK rule 2 protocol 'tcp'
+ - set firewall ipv4 name INBOUND default-action 'accept'
+ - set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+ - set firewall ipv4 name INBOUND rule 101 action 'accept'
+ - set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 101 protocol 'tcp'
+ - set firewall ipv4 name INBOUND rule 102 action 'reject'
+ - set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 102 protocol 'tcp'
+ - set firewall ipv4 name INBOUND rule 103 action 'accept'
+ - set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 103 destination group address-group 'inbound'
+ - set firewall ipv4 name INBOUND rule 103 source address '192.0.2.0'
+ - set firewall ipv4 name INBOUND rule 103 state established
+ - set firewall ipv4 name INBOUND rule 103 state related
+
+remove_config:
+ - delete firewall ipv4
+ - delete firewall ipv6
+
+parsed_config_file: "_parsed_config_1_4.cfg"
+
+replaced_commands:
+ - delete firewall ipv6 name UPLINK rule 1
+ - delete firewall ipv6 name UPLINK rule 2
+ - delete firewall ipv4 name INBOUND rule 102
+ - delete firewall ipv4 name INBOUND rule 103
+ - set firewall ipv4 name INBOUND rule 104 action 'reject'
+ - set firewall ipv4 name INBOUND rule 104 description 'Rule 104 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 104
+ - set firewall ipv4 name INBOUND rule 104 protocol 'udp'
+
+overridden_commands:
+ - delete firewall ipv6 name UPLINK
+ - delete firewall ipv4 name INBOUND
+ - set firewall ipv4 name Downlink default-action 'accept'
+ - set firewall ipv4 name Downlink description 'IPv4 INBOUND rule set'
+ - set firewall ipv4 name Downlink rule 501 action 'accept'
+ - set firewall ipv4 name Downlink rule 501
+ - set firewall ipv4 name Downlink rule 501 description 'Rule 501 is configured by Ansible'
+ - set firewall ipv4 name Downlink rule 501 protocol 'tcp'
+ - set firewall ipv4 name Downlink rule 502 action 'reject'
+ - set firewall ipv4 name Downlink rule 502
+ - set firewall ipv4 name Downlink rule 502 description 'Rule 502 is configured by Ansible'
+ - set firewall ipv4 name Downlink rule 502 protocol 'tcp'
+
+
+rendered:
+ commands:
+ - set firewall ipv6 name UPLINK default-action 'accept'
+ - set firewall ipv6 name UPLINK description 'This is ipv6 specific rule-set'
+ - set firewall ipv4 name INBOUND default-action 'accept'
+ - set firewall ipv4 name INBOUND description 'IPv4 INBOUND rule set'
+ - set firewall ipv4 name INBOUND rule 101 action 'accept'
+ - set firewall ipv4 name INBOUND rule 101
+ - set firewall ipv4 name INBOUND rule 101 description 'Rule 101 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 101 protocol 'tcp'
+ - set firewall ipv4 name INBOUND rule 102 action 'reject'
+ - set firewall ipv4 name INBOUND rule 102
+ - set firewall ipv4 name INBOUND rule 102 description 'Rule 102 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 102 protocol 'tcp'
+ - set firewall ipv4 name INBOUND rule 103 description 'Rule 103 is configured by Ansible'
+ - set firewall ipv4 name INBOUND rule 103 destination group address-group inbound
+ - set firewall ipv4 name INBOUND rule 103
+ - set firewall ipv4 name INBOUND rule 103 source address 192.0.2.0
+ - set firewall ipv4 name INBOUND rule 103 state established
+ - set firewall ipv4 name INBOUND rule 103 state related
+ - set firewall ipv4 name INBOUND rule 103 action 'accept'
+deleted_rs:
+ commands:
+ - delete firewall ipv6 name UPLINK
+ - delete firewall ipv4 name INBOUND
+ after: []
+deleted_afi_all:
+ commands:
+ - delete firewall ipv6
+ - delete firewall ipv4
+ after: []
+
+state_dict:
+ established: true
+ related: true
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-24 19:21:32 +0000