| Age | Commit message (Collapse) | Author |
|---|
|
* T7013 route-map integration tests - 1.4 support and structure
* added workaround for 1.4 integration tests for route-maps
* merged commands generalised
* collapse route_maps intgeration tests vars
|
|
- Merge latest
|
|
* init T7003 - firewall_interfaces integration tests refactor
* v.1.3 fixed
* linter fixes
* v.14 fw_interfaces changes init
* v1.4 integration tests for firewall_interfaces
* v1.3. integration tests for firewall_interfaces (T7003)
* Isolating fw_int integration tests to 1.3- only
* linter fix
|
|
* T7008: update to fix interface tests
* T7006: fix: tests for interfaces
* T7006: further work on interfaces
* test: attempt to fix codecov on branch
* test: unwind cli_config loops for 1.4
* fix: vif handling in replace,override,delete
* fix: vif handling and docs
|
|
* T6817 updates
* updates / additions to unit tests and code for fw_rules (t6817)
* code and use cases for override fw_rules
* ovr idem unit test for fw rules v14 in WIP
* Fixed replace add_rule func to remove unmatching confug - t6825
* first cut of unit tests for t6825 and t6817 - dfaft
* Fixed replaced unit tests and code for inbound/outbound interface attributes
* use network_cli's remove_empties
* fixed disabled=True and a few unit tests in v1.3
* add_log func for firewall_rules updated
* firewall_rules log attribute processing for v1.4 and idemp
* + In overriden :
- Added func to compare r_sets
- Added code to isolate r_set changes to only targeted
- Fixed parsers for packet_length_exclude
- started to troubleshoot filter processing
* completed fixes and unit tests for firewall_rules as in T6817 and T6825
* T7004 integration tests init fix
* 'state' attrib processing fix
* deleted and merged integration tests fixed for 1.3- and 1.4+
* fixed deleted, parsed, replaced integration tests for 1.3- and 1.4+
* fixed _remove_config, merged integration tests
* added comments to unit tests
* more v1.3- unit tests moved to 1.4+ unit test suite
* 1.3/1.4 unit test suite synced
* overridden integration test fixed
* fixed replaced idempotency
* moved data to vars (integration tests)
* updated parsed (integration tests)
* D.R.Y. for integration tests for firewall_rules plugin
* vanilla data set for integration tests to support 1.5
|
|
|
|
* T68987: update for 1.4+
* chore: remove redundant vars
* tests: fix vyos_facts integration tests
* tests: fix integration tests for vyos_config
* fix: restore documentation samples
* chore: update readme
|
|
* T6988: fix: remove role/level, fix tests
* feature: add support for SSH keys
* tests: add integration tests for public_keys
* feat: add encrypted password support
* tests: add unit for encrypted
* tests: fix wrapping in YAML
* tests: fix smoke tests
|
|
* fix: get SNMP integration tests running
* fix: remove no_log from docs because it fails sanity
* tests: fix unit tests and no_log args
* tests: fix error in hostname integration test
|
|
* VyOS v1.4 support for BGP (T6892)
* WIP: chnages to scanners and facts for BGP on v1.4
* scanners and facts modification to support as_numberless commands
* remove optional regex groups
* VyOS v1.4 BGP system-as functionality
* bgp_af linter
* bgp_global mods and testing
* bgp_global v.1.4 support
* linter fixes
* bgp_global and bgp_af fixed 1.3 test cases
* unit tests for bgp modules for both versions
* obsolete stranzas removed from bgp_global for both versions
* some typos removed
* bgp_global rst updates
* t6829 related draft changes
* Draft changes to unit tests fot original set and t6888 updates
* changelog
* D.R.Y for bgp_global and testmodule names
* linter fixes
* fixtures for bgp_af options testts
* stranzas options processing
* T6888 bgp option test func and cases
* clean-up draft code and update to rm_templates
* v14 system-as change supported in conf and tests
* T6822 BGP global passive bugfix
* clean-up
* T6829: update integration tests
* T6829: fix integration tests for global
* T6829: fix integration tests for bgp_global
* T6829: fix for 1.4 AF integration tests
* T6829: fix unit tests after removing obsolete items
* T6829: fix sanity test failures
* T6829: fix documentation
* Lint and comments are addressed
* rtt.yaml and fix to integration tests
* updated fragments for bgp_global
* lint fixes
---------
Co-authored-by: Gaige B. Paulsen <gaige@cluetrust.com>
|
|
* tests: ntp: parsed
* tests: ntp tests working with 1.3
* T6894 : test: update 1.4 tests for compatibility
* fix: path replacement, docs, unit tests for 1.3-1.5
* T6894: fix: 1.4+ requires valid hostnames
* fix: update tests to handle deletion
* T6894: separate changelog
* fix: final test fixes
|
|
* VyOS v1.4+ chronyd conf support
* template typo fix
* Making replace tool more robust by distinctive placeholder
* allow-clients workaround
* test for ntp_global and v1.4
* sanity and change log
* sanity fix
* updates to tests (dynamic >.pool) and docs
* doc update 'system' > 'service'
|
|
* - Add feature for bonding interface in the firewall_interfaces
- Add feature for vlan interface in the firewall_interfaces
* fix a bug when invoking replaced in the module firewall_rules.
* - Add feature for bonding interface in the firewall_interfaces
- Add feature for vlan interface in the firewall_interfaces
* test: add tests
* fix: support for interface types
* docs: fixed for 1.4 deprecation
---------
Co-authored-by: Maxime.L <maxime@nfrance.com>
Co-authored-by: Gaige B. Paulsen <gaige@cluetrust.com>
Co-authored-by: Gaige B Paulsen <gaige@cluetrust.net>
|
|
* T6882: fix: firewall global-options
Updated a couple of RST files due to pre-commit
* T6882: chore: update changelog
* T6882: chore: update changelog
* T6882: test: update tests to cover change
|
|
* omnibus update for 1.3-1.4 (with some support for 1.5)
(see contents in release fragments)
---------
Co-authored-by: Om Nom <omnom62@outlook.com>
|
|
* Remove deprecation notice for vyos.vyos
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
* Add changelog
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
* fix review comments
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
* chore: auto fixes from pre-commit.com hooks
---------
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* Add deprecation notice in README
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
* Remove tox.ini
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---------
Signed-off-by: NilashishC <nilashishchakraborty8@gmail.com>
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* Avoid unsafe conditions for integration tests
* Remove .idea/ folder
* remove another jinja templating expression from asserts condition
* remove shortname jinja templating expression from asserts condition
* Update changelog
* changelog updates
|
|
* Fix prefix-lists Integration tests
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* remove autoversion
* fix galaxy.yml
* sanity fix
* sanity ignore
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
* fix ignore file
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* Fix integration test connection var
* Fix straggler
|
|
* Add ansible-lint
* Fix some tasks
* Ignore ignore_errors
* Stop prettier and yamllint from fighting
|
|
|
|
|
|
* Always clear config before setting base config in tests.
* Clear bond before removing
|
|
* Remove Python < 3.6 wrappers
* Update imports
|
|
* [pre-commit.ci] pre-commit autoupdate
updates:
- [github.com/psf/black: 22.12.0 → 23.1.0](https://github.com/psf/black/compare/22.12.0...23.1.0)
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* [command] run at least once when retries is 0
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
---------
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* Add prettier and isort to pre-commit.
* Bump line-length to 100
* [pre-commit.ci] auto fixes from pre-commit.com hooks
for more information, see https://pre-commit.ci
Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
|
|
* Remove deprecated modules and provider
* Remove tests for removed modules
* Remove references to vyos_argument_spec
|
|
|
|
Fixes #274
|
|
* Fix `pre-commit` Issues
This change fixes `.pre-commit-config.yaml` so that `main` no longer has
errors on it. To accomplish that, two things had to be done:
* Update the version of `black` that `pre-commit` uses to match what `tox` uses.
* Run `pre-commit run --all-files` and commit the results
Co-authored-by: Kate Case <this.is@katherineca.se>
|
|
|
|
Add support for icmpv6 type-name in firewall_rules
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
Fixes #257
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Sagar Paul <sagpaul@redhat.com>
|
|
Add fqcn to ansible_connection to support stable-2.9
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
strip_prompt argument is supported only in netcommon network_cli . Vyos jobs on stable-2.9 is failing with the following error, as this argument is not supported ansibe/ansible. This PR sets ansible_connection to ansible.netcommon.network_cli, so that the correct module is used.
2022-04-21 21:14:54.059623 | controller | capabilities = Connection(module._socket_path).get_capabilities()
2022-04-21 21:14:54.059626 | controller | File "/tmp/ansible_vyos.vyos.vyos_config_payload_hjioy2__/ansible_vyos.vyos.vyos_config_payload.zip/ansible/module_utils/connection.py", line 190, in __rpc__
2022-04-21 21:14:54.059629 | controller | raise ConnectionError(to_text(msg, errors='surrogate_then_replace'), code=code)
2022-04-21 21:14:54.059632 | controller | fatal: [vyos]: FAILED! => {
2022-04-21 21:14:54.059635 | controller | "changed": false,
2022-04-21 21:14:54.059638 | controller | "invocation": {
2022-04-21 21:14:54.059641 | controller | "module_args": {
2022-04-21 21:14:54.059644 | controller | "backup": false,
2022-04-21 21:14:54.059647 | controller | "backup_options": null,
2022-04-21 21:14:54.059650 | controller | "comment": "configured by vyos_config",
2022-04-21 21:14:54.059653 | controller | "config": null,
2022-04-21 21:14:54.059656 | controller | "lines": [
2022-04-21 21:14:54.059658 | controller | "delete interfaces ethernet eth1",
2022-04-21 21:14:54.059661 | controller | "delete interfaces ethernet eth2"
2022-04-21 21:14:54.059664 | controller | ],
2022-04-21 21:14:54.059667 | controller | "match": "none",
2022-04-21 21:14:54.059670 | controller | "provider": null,
2022-04-21 21:14:54.059673 | controller | "save": false,
2022-04-21 21:14:54.059676 | controller | "src": null
2022-04-21 21:14:54.059678 | controller | }
2022-04-21 21:14:54.059682 | controller | },
2022-04-21 21:14:54.059685 | controller | "msg": "send() got an unexpected keyword argument 'strip_prompt'"
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
|
|
vyos_facts: change default subset to min
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
Fixes #231
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nathaniel Case <this.is@nathanielca.se>
|
|
Create symmlinks for redirection of vyos modules
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Sagar Paul <sagpaul@redhat.com>
Reviewed-by: None <None>
|
|
Change preconfig hostname in integration test
SUMMARY
ISSUE TYPE
Bugfix Pull Request
Docs Pull Request
Feature Pull Request
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: None <None>
|
|
Change parameter 'disabled' to 'disable' in test_vyos_firewall_rules.py
SUMMARY
Fixes #239
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: Sagar Paul <sagpaul@redhat.com>
Reviewed-by: GomathiselviS <None>
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: None <None>
|
|
same name (#236)
firewall_rules: Fix incorrect behavior when IPv4 and IPv6 rule sets have the same name
SUMMARY
VyOS supports IPv4 and IPv6 rule sets having the same name, but there are a couple places in the Ansible module that don't handle this situation.
The fact gathering for ansible_network_resources.firewall_rules has been updated to look for name <name> or ipv6-name <name> instead of just <name>.
The vyos_firewall_rules module has been updated to take the afi into consideration when comparing the have and want states.
V4-EGRESS and V6-EGRESS have been renamed to just EGRESS in the tests. The existing tests seem to be complete enough to test this same-name situation. (V4-INGRESS and V6-INGRESS were not renamed.)
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
vyos_facts and vyos_firewall_rules
ADDITIONAL INFORMATION
An example of a configuration that was originally causing an issue:
(Click to expand):
name wan-lan {
default-action drop
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
}
ipv6-name wan-lan {
default-action drop
rule 1 {
action accept
state {
established enable
related enable
}
}
rule 2 {
action drop
log enable
state {
invalid enable
}
}
rule 10 {
action accept
protocol icmpv6
}
}
With this configuration, ansible_network_resources.firewall_rules would show the icmpv6 rule under both ipv4 and ipv6:
(Click to expand):
[
{
"afi": "ipv4",
"rule_sets": [
{
"default_action": "drop",
"name": "wan-lan",
"rules": [
{
"action": "accept",
"number": 1,
"state": {
"established": true,
"related": true
}
},
{
"action": "drop",
"number": 2,
"state": {
"invalid": true
}
},
{
"action": "accept",
"number": 10,
"protocol": "icmpv6"
}
]
},
]
},
{
"afi": "ipv6",
"rule_sets": [
{
"default_action": "drop",
"name": "wan-lan",
"rules": [
{
"action": "accept",
"number": 1,
"state": {
"established": true,
"related": true
}
},
{
"action": "drop",
"number": 2,
"state": {
"invalid": true
}
},
{
"action": "accept",
"number": 10,
"protocol": "icmpv6"
}
]
},
]
}
]
A similar issue would happen when using vyos_firewall_rules as well, where it would attempt to change rules for the wrong afi.
Reviewed-by: GomathiselviS <None>
Reviewed-by: None <None>
|
|
vyos_firewall_rules: Add support for log enable on individual rules
SUMMARY
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Rohit Thakur <rohitthakur2590@outlook.com>
Reviewed-by: None <None>
|
|
Add Vyos hostname resource module
SUMMARY
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: None <None>
|
|
Vyos snmp_server Resource Module
SUMMARY
Added vyos_snmp_server resource module
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: Ashwini Mhatre <mashu97@gmail.com>
Reviewed-by: None <None>
|
|
Enable configuring ntp server pool in ntp_global
Signed-off-by: GomathiselviS gomathiselvi@gmail.com
SUMMARY
Fixes #221
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
ADDITIONAL INFORMATION
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
|
|
tests: remove unintended .swp file
SUMMARY
Depends-On: #220
.swp files are VI temporary files and it was likely not intended to be
added to the repository.
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
tests
Reviewed-by: GomathiselviS <None>
Reviewed-by: None <None>
|
|
Add vyos_ntp resource module
SUMMARY
Resource module vyos_ntp
ISSUE TYPE
New Module Pull Request
COMPONENT NAME
vyos_ntp
ADDITIONAL INFORMATION
Reviewed-by: GomathiselviS <None>
Reviewed-by: Nilashish Chakraborty <nilashishchakraborty8@gmail.com>
Reviewed-by: None <None>
|
|
Copy ignore-2.12.txt to ignore-2.13.txt
SUMMARY
Relates to ansible-collections/overview#45 (comment)
Reviewed-by: None <None>
|
|
Add support for IPv6 `address_group` and `network_group`
SUMMARY
This adds support for ipv6 in network and address groups by adding an afi parameter, but defaulting it to ipv4 for backwards compatibility.
Fixes #137.
ISSUE TYPE
Feature Pull Request
COMPONENT NAME
vyos_firewall_global
Reviewed-by: GomathiselviS <None>
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
|
|
(#203)
Fix `vyos.vyos.vyos_firewall_rules` `state: replaced` to match documentation
SUMMARY
vyos.vyos.vyos_firewall_rules should only try to change listed firewall rules, as documented, when the state is set to replaced. As currently implemented (prior to this PR), it better matches what overridden is meant to do.
Fixes #201
ISSUE TYPE
Bugfix Pull Request
COMPONENT NAME
vyos.vyos.vyos_firewall_rules
ADDITIONAL INFORMATION
Cleanup and document existing code for clarity
Add a failing idempotent test
Add a failing change test
Fix failing tests
Add change fragment
Reviewed-by: GomathiselviS <None>
Reviewed-by: Shawn Wilsher <None>
Reviewed-by: None <None>
|
|
Allow_duplicates for prepare_vyos_tests
Signed-off-by: Paul Belanger pabelanger@redhat.com
Reviewed-by: None <None>
|
