From 29e8caf907063c2b4c4d2b65861ad595c10c8fb0 Mon Sep 17 00:00:00 2001 From: Ruben van Dijk <15885455+RubenNL@users.noreply.github.com> Date: Wed, 23 Apr 2025 21:48:40 +0200 Subject: T7260 Remove last firewall group member. (#403) Co-authored-by: omnom62 <75066712+omnom62@users.noreply.github.com> --- .../T7260-remove-last-firewall-group-member.yaml | 3 +++ .../vyos/config/firewall_global/firewall_global.py | 10 ++++++++++ .../vyos/fixtures/vyos_firewall_global_config.cfg | 2 ++ .../vyos/fixtures/vyos_firewall_global_config_v14.cfg | 2 ++ .../modules/network/vyos/test_vyos_firewall_global.py | 16 ++++++++++++++++ .../modules/network/vyos/test_vyos_firewall_global14.py | 16 ++++++++++++++++ 6 files changed, 49 insertions(+) create mode 100644 changelogs/fragments/T7260-remove-last-firewall-group-member.yaml diff --git a/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml b/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml new file mode 100644 index 00000000..78e07356 --- /dev/null +++ b/changelogs/fragments/T7260-remove-last-firewall-group-member.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - vyos_firewall_global - Fix removing last member of a firewall group. diff --git a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py index e2a25e32..b7bff53e 100644 --- a/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py +++ b/plugins/module_utils/network/vyos/config/firewall_global/firewall_global.py @@ -373,6 +373,8 @@ class Firewall_global(ConfigBase): ) elif not opr and key in l_set: if key == "name" and self._is_grp_del(h, want, key): + if commands[-1] == cmd + " " + want["name"] + " " + self._grp_type(attr): + commands.pop() commands.append(cmd + " " + want["name"]) continue if not (h and in_target_not_none(h, key)) and not self._is_grp_del(h, want, "name"): @@ -435,6 +437,14 @@ class Firewall_global(ConfigBase): + " " + member[self._get_mem_type(type)], ) + elif not opr and not have: + commands.append( + cmd + + " " + + name + + " " + + self._grp_type(type), + ) return commands def _get_mem_type(self, group): diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg index f54a03dc..464f132f 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config.cfg @@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1 set firewall group address-group RND-HOSTS address 192.0.2.3 set firewall group address-group RND-HOSTS address 192.0.2.5 set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group address-group DELETE-HOSTS address 1.2.3.4 +set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests' set firewall group ipv6-address-group LOCAL-v6 address ::1 set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1 set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine' diff --git a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg index 0a1247dd..ad60b45c 100644 --- a/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg +++ b/tests/unit/modules/network/vyos/fixtures/vyos_firewall_global_config_v14.cfg @@ -2,6 +2,8 @@ set firewall group address-group RND-HOSTS address 192.0.2.1 set firewall group address-group RND-HOSTS address 192.0.2.3 set firewall group address-group RND-HOSTS address 192.0.2.5 set firewall group address-group RND-HOSTS description 'This group has the Management hosts address lists' +set firewall group address-group DELETE-HOSTS address 1.2.3.4 +set firewall group address-group DELETE-HOSTS description 'The (single) last address from this group will be deleted in the tests' set firewall group ipv6-address-group LOCAL-v6 address ::1 set firewall group ipv6-address-group LOCAL-v6 address fdec:2503:89d6:59b3::1 set firewall group ipv6-address-group LOCAL-v6 description 'This group has the hosts address lists of this machine' diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py index 481cc1dd..db67ab2c 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global.py @@ -268,6 +268,12 @@ class TestVyosFirewallGlobalModule(TestVyosModule): dict(address="192.0.2.9"), ], ), + dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + # No members here + ), dict( afi="ipv6", name="LOCAL-v6", @@ -309,6 +315,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule): "delete firewall send-redirects", "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "delete firewall group address-group DELETE-HOSTS address", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", "delete firewall group network-group RND description", @@ -376,6 +383,7 @@ class TestVyosFirewallGlobalModule(TestVyosModule): ), ) commands = [ + "delete firewall group address-group DELETE-HOSTS", "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", "delete firewall ipv6-src-route", @@ -411,6 +419,14 @@ class TestVyosFirewallGlobalModule(TestVyosModule): dict(address="192.0.2.5"), ], ), + dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + members=[ + dict(address='1.2.3.4'), + ] + ), dict( afi="ipv6", name="LOCAL-v6", diff --git a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py index aae4aa83..0b85e62d 100644 --- a/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py +++ b/tests/unit/modules/network/vyos/test_vyos_firewall_global14.py @@ -271,6 +271,12 @@ class TestVyosFirewallRulesModule14(TestVyosModule): dict(address="192.0.2.9"), ], ), + dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + # No members here + ), dict( afi="ipv6", name="LOCAL-v6", @@ -310,6 +316,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): commands = [ "delete firewall group address-group RND-HOSTS address 192.0.2.3", "delete firewall group address-group RND-HOSTS address 192.0.2.5", + "delete firewall group address-group DELETE-HOSTS address", "delete firewall global-options all-ping", "delete firewall global-options state-policy related", "delete firewall global-options ipv6-src-route", @@ -349,6 +356,14 @@ class TestVyosFirewallRulesModule14(TestVyosModule): dict(address="192.0.2.5"), ], ), + dict( + afi="ipv4", + name="DELETE-HOSTS", + description="The (single) last address from this group will be deleted in the tests", + members=[ + dict(address='1.2.3.4'), + ] + ), dict( afi="ipv6", name="LOCAL-v6", @@ -451,6 +466,7 @@ class TestVyosFirewallRulesModule14(TestVyosModule): "delete firewall global-options send-redirects", "set firewall global-options state-policy related action 'drop'", "delete firewall global-options state-policy related log-level", + "delete firewall group address-group DELETE-HOSTS", "set firewall global-options state-policy invalid action 'reject'", "set firewall group address-group RND-HOSTS address 192.0.2.7", "set firewall group address-group RND-HOSTS address 192.0.2.9", -- cgit v1.2.3