From 67cda0147ab54136ef0604427c5a01a7f4b21986 Mon Sep 17 00:00:00 2001 From: maxime <37832743+mlk-89@users.noreply.github.com> Date: Mon, 18 Nov 2024 20:37:36 +0100 Subject: Add feature for bonding/vlan interface in the firewall_interfaces (#246) * - Add feature for bonding interface in the firewall_interfaces - Add feature for vlan interface in the firewall_interfaces * fix a bug when invoking replaced in the module firewall_rules. * - Add feature for bonding interface in the firewall_interfaces - Add feature for vlan interface in the firewall_interfaces * test: add tests * fix: support for interface types * docs: fixed for 1.4 deprecation --------- Co-authored-by: Maxime.L Co-authored-by: Gaige B. Paulsen Co-authored-by: Gaige B Paulsen --- .../firewall_interfaces/firewall_interfaces.py | 12 +++++++++-- .../firewall_interfaces/firewall_interfaces.py | 21 ++++++++++++++++-- .../firewall_interfaces/firewall_interfaces.py | 25 +++++++++++++++++----- 3 files changed, 49 insertions(+), 9 deletions(-) (limited to 'plugins/module_utils') diff --git a/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py index a613ccd3..93c898e8 100644 --- a/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py +++ b/plugins/module_utils/network/vyos/argspec/firewall_interfaces/firewall_interfaces.py @@ -25,6 +25,7 @@ The arg spec for the vyos_firewall_interfaces module """ + from __future__ import absolute_import, division, print_function @@ -45,7 +46,10 @@ class Firewall_interfacesArgs(object): # pylint: disable=R0903 "elements": "dict", "options": { "afi": { - "choices": ["ipv4", "ipv6"], + "choices": [ + "ipv4", + "ipv6", + ], "required": True, "type": "str", }, @@ -53,7 +57,11 @@ class Firewall_interfacesArgs(object): # pylint: disable=R0903 "elements": "dict", "options": { "direction": { - "choices": ["in", "local", "out"], + "choices": [ + "in", + "local", + "out", + ], "required": True, "type": "str", }, diff --git a/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py index 5c4db736..85a8042f 100644 --- a/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py +++ b/plugins/module_utils/network/vyos/config/firewall_interfaces/firewall_interfaces.py @@ -27,6 +27,9 @@ from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.u ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import Facts +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.utils.utils import ( + get_interface_type, +) class Firewall_interfaces(ConfigBase): @@ -393,10 +396,24 @@ class Firewall_interfaces(ConfigBase): :param opr: operation flag. :return: generated command. """ + + # Append vif if interface contains a dot + vlan = None + interface_real = name + if "." in name: + interface_real, vlan = name.split(".") + + if vlan is not None: + interface_real = interface_real + " vif " + vlan + + # if interface name is bondX, then it's a bonding interface. Everything else is an ethernet + iftype = get_interface_type(interface_real) + if not opr: - cmd = "delete interfaces ethernet" + " " + name + " firewall" + cmd = "delete interfaces " + iftype + " " + interface_real + " firewall" else: - cmd = "set interfaces ethernet" + " " + name + " firewall" + cmd = "set interfaces " + iftype + " " + interface_real + " firewall" + if attrib: cmd += " " + attrib if afi: diff --git a/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py b/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py index b9804692..bac31920 100644 --- a/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py +++ b/plugins/module_utils/network/vyos/facts/firewall_interfaces/firewall_interfaces.py @@ -58,7 +58,10 @@ class Firewall_interfacesFacts(object): # using mock data instead data = self.get_device_data(connection) objs = [] - interfaces = findall(r"^set interfaces ethernet (?:\'*)(\S+)(?:\'*)", data, M) + # Search all set from configuration with set interface, including ethernet and bonding + interfaces_raw = findall(r"^set interfaces \S+ (\S+) firewall (?:\'*)", data, M) + interfaces_vif = findall(r"^set interfaces \S+ (\S+) vif (\d+)* firewall (?:\'*)", data, M) + interfaces = interfaces_raw + interfaces_vif if interfaces: objs = self.get_names(data, interfaces) ansible_facts["ansible_network_resources"].pop("firewall_interfaces", None) @@ -83,10 +86,22 @@ class Firewall_interfacesFacts(object): """ names = [] for r in set(interfaces): - int_regex = r" %s .+$" % r.strip("'") - cfg = findall(int_regex, data, M) - fi = self.render_config(cfg) - fi["name"] = r.strip("'") + myvif = None + if isinstance(r, tuple): + myinterface, myvif = r + else: + myinterface = r + # Parse interfaces that contains string or tuple when the interface is in a vlan + if myvif is not None: + int_regex = r" %s vif \d+ firewall .+$" % myinterface + cfg = findall(int_regex, data, M) + fi = self.render_config(cfg) + fi["name"] = myinterface + "." + myvif + else: + int_regex = r" %s firewall .+$" % myinterface + cfg = findall(int_regex, data, M) + fi = self.render_config(cfg) + fi["name"] = myinterface names.append(fi) if names: names = sorted(names, key=lambda i: i["name"]) -- cgit v1.2.3