diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml index 29bc3018..186ed4e4 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/deleted.yaml @@ -1,53 +1,48 @@ --- - debug: msg: START vyos_firewall_global deleted integration tests ansible_connection={{ ansible_connection }} - include_tasks: _populate.yaml - block: - name: Delete attributes of firewall. register: result vyos.vyos.vyos_firewall_global: &id001 config: state: deleted diff: true - name: Assert that the before dicts were correctly generated assert: that: - "{{ populate == result['before'] }}" - - '"global-options" in result.diff.prepared' - - '"all-ping" in result.diff.prepared' - - '"MGMT-HOSTS" in result.diff.prepared' - - '"192.0.1.5" in result.diff.prepared' - - '"network-group MGMT" in result.diff.prepared' - - '"192.0.1.0/24" in result.diff.prepared' + - '''- network "192.0.1.0/24"'' in result.diff.prepared' - name: Assert that the correct set of commands were generated assert: that: - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - name: Assert that the after dicts were correctly generated assert: that: - "{{ deleted['after'] == result['after'] }}" - name: Delete attributes of given interfaces (IDEMPOTENT) register: result vyos.vyos.vyos_firewall_global: *id001 diff: true - name: Assert that the previous task was idempotent assert: that: - result.changed == false - result.commands|length == 0 - result['diff'] is not defined - name: Assert that the before dicts were correctly generated assert: that: - "{{ deleted['after'] == result['before'] }}" always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml index a538476a..34b5ea9f 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/merged.yaml @@ -1,42 +1,44 @@ --- - debug: msg: START vyos_firewall_global merged integration tests on connection={{ ansible_connection }} - include_tasks: _remove_config.yaml - block: - name: Merge the provided configuration with the existing running configuration register: result vyos.vyos.vyos_firewall_global: &id001 config: "{{ merged['config'] }}" state: merged - name: Assert that before dicts were correctly generated assert: that: "{{ merged['before'] == result['before'] }}" - name: Assert that correct set of commands were generated assert: that: - "{{ merged['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - name: Assert that after dicts was correctly generated assert: that: - "{{ merged['after'] == result['after'] }}" - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) register: result vyos.vyos.vyos_firewall_global: *id001 + diff: true - name: Assert that the previous task was idempotent assert: that: - result['changed'] == false + - result['diff'] is not defined - name: Assert that before dicts were correctly generated assert: that: - "{{ merged['after'] == result['before'] }}" always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml b/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml index c828cc08..e1cca313 100644 --- a/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml +++ b/tests/integration/targets/vyos_firewall_global/tests/cli/replaced.yaml @@ -1,51 +1,59 @@ --- - debug: msg: START vyos_firewall_global replaced integration tests on connection={{ ansible_connection }} - include_tasks: _populate.yaml - block: - name: Replace device configurations of listed firewall with provided configurations register: result vyos.vyos.vyos_firewall_global: &id001 config: "{{ replaced['config'] }}" state: replaced - diff: true - name: Assert that correct set of commands were generated assert: that: - "{{ replaced['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - "{{ result['diff'] | length > 0 }}" - - '"MGMT-HOSTS" in result.diff.prepared' - - '"ENG-HOSTS" in result.diff.prepared' - - '"SALES-HOSTS" in result.diff.prepared' - - '"192.0.2.3" in result.diff.prepared' - name: Assert that before dicts are correctly generated assert: that: - "{{ populate == result['before'] }}" - name: Assert that after dict is correctly generated assert: that: - "{{ replaced['after'] == result['after'] }}" - name: Replace device configurations of listed firewall with provided configurarions (IDEMPOTENT) register: result vyos.vyos.vyos_firewall_global: *id001 diff: true - name: Assert that task was idempotent assert: that: - result['changed'] == false - result['diff'] is not defined - name: Assert that before dict is correctly generated assert: that: - "{{ replaced['after'] == result['before'] }}" + + - name: Replace device configurations and test diff mode + register: result + vyos.vyos.vyos_firewall_global: + config: "{{ diffed }}" + state: replaced + diff: true + + - name: Assert that correct set of commands were generated + assert: + that: + - '''+ network "1.1.1.1/32"'' in result.diff.prepared' + - '''- network "192.0.1.0/24"'' in result.diff.prepared' + always: - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_firewall_global/vars/main.yaml b/tests/integration/targets/vyos_firewall_global/vars/main.yaml index 363cc9e6..2da92dd9 100644 --- a/tests/integration/targets/vyos_firewall_global/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_global/vars/main.yaml @@ -1,313 +1,352 @@ --- merged: before: [] commands: "{{ merged_commands }}" after: group: address_group: - members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 description: This group has the Management hosts address list name: MGMT-HOSTS afi: ipv4 network_group: - members: - address: 192.0.1.0/24 description: This group has the Management network addresses name: MGMT afi: ipv4 log_martians: true ping: all: true broadcast: true route_redirects: - afi: ipv4 icmp_redirects: receive: false send: true ip_src_route: true syn_cookies: true state_policy: - action: accept connection_type: established log: true - action: reject connection_type: invalid twa_hazards_protection: true validation: strict config: validation: strict log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 populate: validation: strict log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 afi: ipv4 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 afi: ipv4 +diffed: + validation: strict + log_martians: true + syn_cookies: true + twa_hazards_protection: true + ping: + all: true + broadcast: true + state_policy: + - connection_type: established + action: accept + log: true + - connection_type: invalid + action: reject + route_redirects: + - afi: ipv4 + ip_src_route: true + icmp_redirects: + send: true + receive: false + group: + address_group: + - name: SALES-HOSTS + description: Sales office hosts address list + members: + - address: 192.0.2.1 + - address: 192.0.2.2 + - address: 192.0.2.3 + - name: ENG-HOSTS + description: Sales office hosts address list + members: + - address: 192.0.3.1 + - address: 192.0.3.2 + network_group: + - name: MGMT + description: This group has the Management network addresses + members: + - address: 1.1.1.1/32 + replaced: commands: "{{ replaced_commands }}" after: group: address_group: - members: - address: 192.0.3.1 - address: 192.0.3.2 description: Sales office hosts address list name: ENG-HOSTS afi: ipv4 - members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 description: Sales office hosts address list name: SALES-HOSTS afi: ipv4 network_group: - members: - address: 192.0.1.0/24 description: This group has the Management network addresses name: MGMT afi: ipv4 log_martians: true ping: all: true broadcast: true route_redirects: - afi: ipv4 icmp_redirects: receive: false send: true ip_src_route: true state_policy: - action: accept connection_type: established log: true - action: reject connection_type: invalid syn_cookies: true twa_hazards_protection: true validation: strict config: validation: strict log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 rendered: commands: "{{ rendered_commands }}" config: validation: strict log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: SALES-HOSTS description: Sales office hosts address list members: - address: 192.0.2.1 - address: 192.0.2.2 - address: 192.0.2.3 - name: ENG-HOSTS description: Sales office hosts address list members: - address: 192.0.3.1 - address: 192.0.3.2 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 deleted: commands: "{{ deleted_commands }}" after: [] round_trip: after: validation: strict log_martians: false syn_cookies: false twa_hazards_protection: false ping: all: false broadcast: false state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 afi: ipv4 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 afi: ipv4 forward_config: validation: strict log_martians: true syn_cookies: true twa_hazards_protection: true ping: all: true broadcast: true state_policy: - connection_type: established action: accept log: true - connection_type: invalid action: reject route_redirects: - afi: ipv4 ip_src_route: true icmp_redirects: send: true receive: false group: address_group: - name: MGMT-HOSTS description: This group has the Management hosts address list members: - address: 192.0.1.1 - address: 192.0.1.3 - address: 192.0.1.5 network_group: - name: MGMT description: This group has the Management network addresses members: - address: 192.0.1.0/24 revert_config: validation: strict log_martians: false syn_cookies: false twa_hazards_protection: false ping: all: false broadcast: false