diff --git a/README.md b/README.md index 3449750..4c8649b 100644 --- a/README.md +++ b/README.md @@ -1,168 +1,169 @@ # VyOS Collection [![CI](https://zuul-ci.org/gated.svg)](https://dashboard.zuul.ansible.com/t/ansible/project/github.com/ansible-collections/vyos.vyos) The Ansible VyOS collection includes a variety of Ansible content to help automate the management of VyOS network appliances. This collection has been tested against VyOS 1.1.8 (helium). ## Ansible version compatibility This collection has been tested against following Ansible versions: **>=2.9.10**. Plugins and modules within a collection may be tested with only specific Ansible versions. A collection may contain metadata that identifies these versions. PEP440 is the schema used to describe the versions of Ansible. ### Supported connections The VyOS collection supports ``network_cli`` connections. ## Included content ### Cliconf plugins Name | Description --- | --- [vyos.vyos.vyos](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_cliconf.rst)|Use vyos cliconf to run command on VyOS platform ### Modules Name | Description --- | --- [vyos.vyos.vyos_banner](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_banner_module.rst)|Manage multiline banners on VyOS devices [vyos.vyos.vyos_bgp_address_family](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_bgp_address_family_module.rst)|BGP Address Family Resource Module. [vyos.vyos.vyos_bgp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_bgp_global_module.rst)|BGP Global Resource Module. [vyos.vyos.vyos_command](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_command_module.rst)|Run one or more commands on VyOS devices [vyos.vyos.vyos_config](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_config_module.rst)|Manage VyOS configuration on remote device [vyos.vyos.vyos_facts](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_facts_module.rst)|Get facts about vyos devices. [vyos.vyos.vyos_firewall_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_global_module.rst)|FIREWALL global resource module [vyos.vyos.vyos_firewall_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_interfaces_module.rst)|FIREWALL interfaces resource module [vyos.vyos.vyos_firewall_rules](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_firewall_rules_module.rst)|FIREWALL rules resource module [vyos.vyos.vyos_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage Interface on VyOS network devices [vyos.vyos.vyos_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_interfaces_module.rst)|Interfaces resource module [vyos.vyos.vyos_l3_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage L3 interfaces on VyOS network devices [vyos.vyos.vyos_l3_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_l3_interfaces_module.rst)|L3 interfaces resource module [vyos.vyos.vyos_lag_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lag_interfaces_module.rst)|LAG interfaces resource module [vyos.vyos.vyos_linkagg](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_linkagg_module.rst)|(deprecated, removed after 2022-06-01) Manage link aggregation groups on VyOS network devices [vyos.vyos.vyos_lldp](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP configuration on VyOS network devices [vyos.vyos.vyos_lldp_global](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_global_module.rst)|LLDP global resource module [vyos.vyos.vyos_lldp_interface](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interface_module.rst)|(deprecated, removed after 2022-06-01) Manage LLDP interfaces configuration on VyOS network devices [vyos.vyos.vyos_lldp_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_lldp_interfaces_module.rst)|LLDP interfaces resource module [vyos.vyos.vyos_logging](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_logging_module.rst)|Manage logging on network devices [vyos.vyos.vyos_ospf_interfaces](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospf_interfaces_module.rst)|OSPF Interfaces Resource Module. [vyos.vyos.vyos_ospfv2](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv2_module.rst)|OSPFv2 resource module [vyos.vyos.vyos_ospfv3](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ospfv3_module.rst)|OSPFV3 resource module [vyos.vyos.vyos_ping](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_ping_module.rst)|Tests reachability using ping from VyOS network devices +[vyos.vyos.vyos_prefix_lists](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_prefix_lists_module.rst)|Prefix-Lists resource module for VyOS [vyos.vyos.vyos_route_maps](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_route_maps_module.rst)|Route Map Resource Module. [vyos.vyos.vyos_static_route](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_route_module.rst)|(deprecated, removed after 2022-06-01) Manage static IP routes on Vyatta VyOS network devices [vyos.vyos.vyos_static_routes](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_static_routes_module.rst)|Static routes resource module [vyos.vyos.vyos_system](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_system_module.rst)|Run `set system` commands on VyOS devices [vyos.vyos.vyos_user](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_user_module.rst)|Manage the collection of local users on VyOS device [vyos.vyos.vyos_vlan](https://github.com/ansible-collections/vyos.vyos/blob/main/docs/vyos.vyos.vyos_vlan_module.rst)|Manage VLANs on VyOS network devices Click the ``Content`` button to see the list of content included in this collection. ## Installing this collection You can install the VyOS collection with the Ansible Galaxy CLI: ansible-galaxy collection install vyos.vyos You can also include it in a `requirements.yml` file and install it with `ansible-galaxy collection install -r requirements.yml`, using the format: ```yaml --- collections: - name: vyos.vyos ``` ## Using this collection This collection includes [network resource modules](https://docs.ansible.com/ansible/latest/network/user_guide/network_resource_modules.html). ### Using modules from the VyOS collection in your playbooks You can call modules by their Fully Qualified Collection Namespace (FQCN), such as `vyos.vyos.vyos_static_routes`. The following example task replaces configuration changes in the existing configuration on a VyOS network device, using the FQCN: ```yaml --- - name: Replace device configurations of listed static routes with provided configurations register: result vyos.vyos.vyos_static_routes: &id001 config: - address_families: - afi: ipv4 routes: - dest: 192.0.2.32/28 blackhole_config: distance: 2 next_hops: - forward_router_address: 192.0.2.7 - forward_router_address: 192.0.2.8 - forward_router_address: 192.0.2.9 state: replaced ``` **NOTE**: For Ansible 2.9, you may not see deprecation warnings when you run your playbooks with this collection. Use this documentation to track when a module is deprecated. ### See Also: * [VyOS Platform Options](https://docs.ansible.com/ansible/latest/network/user_guide/platform_vyos.html) * [Ansible Using collections](https://docs.ansible.com/ansible/latest/user_guide/collections_using.html) for more details. ## Contributing to this collection We welcome community contributions to this collection. If you find problems, please open an issue or create a PR against the [VyOS collection repository](https://github.com/ansible-collections/vyos). See [Contributing to Ansible-maintained collections](https://docs.ansible.com/ansible/devel/community/contributing_maintained_collections.html#contributing-maintained-collections) for complete details. You can also join us on: - IRC - the ``#ansible-network`` [irc.libera.chat](https://libera.chat/) channel - Slack - https://ansiblenetwork.slack.com See the [Ansible Community Guide](https://docs.ansible.com/ansible/latest/community/index.html) for details on contributing to Ansible. ### Code of Conduct This collection follows the Ansible project's [Code of Conduct](https://docs.ansible.com/ansible/devel/community/code_of_conduct.html). Please read and familiarize yourself with this document. ## Changelogs ## Release notes Release notes are available [here](https://github.com/ansible-collections/vyos.vyos/blob/main/CHANGELOG.rst). ## Roadmap ## More information - [Ansible network resources](https://docs.ansible.com/ansible/latest/network/getting_started/network_resources.html) - [Ansible Collection overview](https://github.com/ansible-collections/overview) - [Ansible User guide](https://docs.ansible.com/ansible/latest/user_guide/index.html) - [Ansible Developer guide](https://docs.ansible.com/ansible/latest/dev_guide/index.html) - [Ansible Community code of conduct](https://docs.ansible.com/ansible/latest/community/code_of_conduct.html) ## Licensing GNU General Public License v3.0 or later. See [LICENSE](https://www.gnu.org/licenses/gpl-3.0.txt) to see the full text. diff --git a/changelogs/fragments/vyos_prefix_lists.yml b/changelogs/fragments/vyos_prefix_lists.yml new file mode 100644 index 0000000..8eabc1e --- /dev/null +++ b/changelogs/fragments/vyos_prefix_lists.yml @@ -0,0 +1,3 @@ +--- +minor_changes: + - Add vyos_prefix_lists Resource Module. diff --git a/docs/vyos.vyos.vyos_ping_module.rst b/docs/vyos.vyos.vyos_ping_module.rst index a1674b5..59e4a74 100644 --- a/docs/vyos.vyos.vyos_ping_module.rst +++ b/docs/vyos.vyos.vyos_ping_module.rst @@ -1,422 +1,422 @@ .. _vyos.vyos.vyos_ping_module: ******************* vyos.vyos.vyos_ping ******************* **Tests reachability using ping from VyOS network devices** Version added: 1.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - Tests reachability using ping from a VyOS device to a remote destination. - Tested against VyOS 1.1.8 (helium) - For a general purpose network module, see the :ref:`net_ping ` module. - For Windows targets, use the :ref:`win_ping ` module instead. - For targets running Python, use the :ref:`ping ` module instead. Parameters ---------- .. raw:: html
Parameter Choices/Defaults Comments
count
integer
Default:
5
Number of packets to send to check reachability.
dest
string / required
The IP Address or hostname (resolvable by the device) of the remote node.
interval
integer
Determines the interval (in seconds) between consecutive pings.
provider
dictionary
Deprecated
Starting with Ansible 2.5 we recommend using connection: network_cli.
For more information please see the Network Guide.
A dict object containing connection details.
host
string
Specifies the DNS host name or address for connecting to the remote device over the specified transport. The value of host is used as the destination address for the transport.
password
string
Specifies the password to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_PASSWORD will be used instead.
port
integer
Specifies the port to use when building the connection to the remote device.
ssh_keyfile
path
Specifies the SSH key to use to authenticate the connection to the remote device. This value is the path to the key used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_SSH_KEYFILE will be used instead.
timeout
integer
Specifies the timeout in seconds for communicating with the network device for either connecting or sending commands. If the timeout is exceeded before the operation is completed, the module will error.
username
string
Configures the username to use to authenticate the connection to the remote device. This value is used to authenticate the SSH session. If the value is not specified in the task, the value of environment variable ANSIBLE_NET_USERNAME will be used instead.
size
integer
Determines the size (in bytes) of the ping packet(s).
source
string
The source interface or IP Address to use while sending the ping packet(s).
state
string
    Choices:
  • absent
  • present ←
Determines if the expected result is success or fail.
ttl
integer
The time-to-live value for the ICMP packet(s).

Notes ----- .. note:: - Tested against VyOS 1.1.8 (helium). - For a general purpose network module, see the :ref:`net_ping ` module. - For Windows targets, use the :ref:`win_ping ` module instead. - For targets running Python, use the :ref:`ping ` module instead. - This module works with connection ``network_cli``. See `the VyOS OS Platform Options <../network/user_guide/platform_vyos.html>`_. - For more information on using Ansible to manage network devices see the :ref:`Ansible Network Guide ` Examples -------- .. code-block:: yaml - name: Test reachability to 10.10.10.10 vyos.vyos.vyos_ping: dest: 10.10.10.10 - name: Test reachability to 10.20.20.20 using source and ttl set vyos.vyos.vyos_ping: dest: 10.20.20.20 source: eth0 ttl: 128 - name: Test reachability to 10.30.30.30 using interval vyos.vyos.vyos_ping: dest: 10.30.30.30 interval: 3 state: absent - name: Test reachability to 10.40.40.40 setting count and source vyos.vyos.vyos_ping: dest: 10.40.40.40 source: eth1 count: 20 size: 512 Return Values ------------- Common return values are documented `here `_, the following are the fields unique to this module: .. raw:: html
Key Returned Description
commands
list
always
List of commands sent.

Sample:
['ping 10.8.38.44 count 10 interface eth0 ttl 128']
packet_loss
string
always
Percentage of packets lost.

Sample:
0%
packets_rx
integer
always
Packets successfully received.

Sample:
20
packets_tx
integer
always
Packets successfully transmitted.

Sample:
20
rtt
dictionary
when ping succeeds
The round trip time (RTT) stats.

Sample:
-
AnsibleMapping([('avg', 2), ('max', 8), ('min', 1), ('mdev', 24)])
+
{'avg': 2, 'max': 8, 'min': 1, 'mdev': 24}


Status ------ Authors ~~~~~~~ - Nilashish Chakraborty (@NilashishC) diff --git a/docs/vyos.vyos.vyos_prefix_lists_module.rst b/docs/vyos.vyos.vyos_prefix_lists_module.rst new file mode 100644 index 0000000..965b890 --- /dev/null +++ b/docs/vyos.vyos.vyos_prefix_lists_module.rst @@ -0,0 +1,1591 @@ +.. _vyos.vyos.vyos_prefix_lists_module: + + +*************************** +vyos.vyos.vyos_prefix_lists +*************************** + +**Prefix-Lists resource module for VyOS** + + +Version added: 2.4.0 + +.. contents:: + :local: + :depth: 1 + + +Synopsis +-------- +- This module manages prefix-lists configuration on devices running VyOS + + + + +Parameters +---------- + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ParameterChoices/DefaultsComments
+
+ config + +
+ list + / elements=dictionary +
+ 		+ +
A list of prefix-list options
+
+
+ afi + +
+ string + / required +
+ 		+
    Choices: +
  • ipv4
    • +
  • ipv6
    • +
+ 		+
The Address Family Indicator (AFI) for the prefix-lists
+
+
+ prefix_lists + +
+ list + / elements=dictionary +
+ 		+ +
A list of prefix-list configurations
+
+
+ description + +
+ string +
+ 		+ +
A brief text description for the prefix-list
+
+
+ entries + +
+ list + / elements=dictionary +
+ 		+ +
Rule configurations for the prefix-list
+
+
+ action + +
+ string +
+ 		+
    Choices: +
  • permit
    • +
  • deny
    • +
+ 		+
The action to be taken for packets matching a prefix list rule
+
+
+ description + +
+ string +
+ 		+ +
A brief text description for the prefix list rule
+
+
+ ge + +
+ integer +
+ 		+ +
Minimum prefix length to be matched
+
+
+ le + +
+ integer +
+ 		+ +
Maximum prefix list length to be matched
+
+
+ prefix + +
+ string +
+ 		+ +
IPv4 or IPv6 prefix in A.B.C.D/LEN or A:B::C:D/LEN format
+
+
+ sequence + +
+ integer + / required +
+ 		+ +
A numeric identifier for the rule
+
+
+ name + +
+ string + / required +
+ 		+ +
The name of a defined prefix-list
+
+
+ running_config + +
+ string +
+ 		+ +
This option is used only with state parsed.
+
The value of this option should be the output received from the VyOS device by executing the command show configuration commands | grep prefix-list.
+
The state parsed reads the configuration from running_config option and transforms it into Ansible structured data as per the resource module's argspec and the value is then returned in the parsed key within the result.
+
+
+ state + +
+ string +
+ 		+
    Choices: +
  • merged ←
    • +
  • replaced
    • +
  • overridden
    • +
  • deleted
    • +
  • gathered
    • +
  • rendered
    • +
  • parsed
    • +
+ 		+
The state the configuration should be left in
+
+
+ + +Notes +----- + +.. note:: + - Tested against VyOS 1.1.8 (helium) + - This module works with connection ``network_cli`` + + + +Examples +-------- + +.. code-block:: yaml + + # # ------------------- + # # 1. Using merged + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # vyos@vyos:~$ + + # # Task + # # ------------- + # - name: Merge the provided configuration with the existing running configuration + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: "PL configured by ansible" + # entries: + # - sequence: 2 + # description: "Rule 2 given by ansible" + # action: "permit" + # prefix: "92.168.10.0/26" + # le: 32 + + # - sequence: 3 + # description: "Rule 3" + # action: "deny" + # prefix: "72.168.2.0/24" + # ge: 26 + + # - afi: "ipv6" + # prefix_lists: + # - name: "AllowIPv6Prefix" + # description: "Configured by ansible for allowing IPv6 networks" + # entries: + # - sequence: 5 + # description: "Permit rule" + # action: "permit" + # prefix: "2001:db8:8000::/35" + # le: 37 + + # - name: DenyIPv6Prefix + # description: "Configured by ansible for disallowing IPv6 networks" + # entries: + # - sequence: 8 + # action: deny + # prefix: "2001:db8:2000::/35" + # le: 37 + # state: merged + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "before": [], + # "changed": true, + # "commands": [ + # "set policy prefix-list AnsibleIPv4PrefixList", + # "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", + # "set policy prefix-list6 AllowIPv6Prefix", + # "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", + # "set policy prefix-list6 DenyIPv6Prefix", + # "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" + # ] + + # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + + # # ------------------- + # # 2. Using replaced + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: "Configuration replaced by ansible" + # entries: + # - sequence: 3 + # description: "Rule 3 replaced by ansible" + # action: "permit" + # prefix: "82.168.2.0/24" + # ge: 26 + # state: replaced + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "Configuration replaced by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 3 replaced by ansible", + # "ge": 26, + # "sequence": 3, + # "prefix": "82.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 2" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + + # # ------------------- + # # 3. Using overridden + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Override all prefix-lists configuration with provided configuration + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: Rule 2 overridden by ansible + # entries: + # - sequence: 2 + # action: "deny" + # ge: 26 + # prefix: "82.168.2.0/24" + + # - name: "OverriddenPrefixList" + # description: Configuration overridden by ansible + # entries: + # - sequence: 10 + # action: permit + # prefix: "203.0.113.96/27" + # le: 32 + # state: overridden + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "Rule 2 overridden by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "deny", + # "ge": 26, + # "sequence": 2, + # "prefix": "82.168.2.0/24" + # } + # ] + # }, + # { + # "description": "Configuration overridden by ansible", + # "name": "OverriddenPrefixList", + # "entries": [ + # { + # "action": "permit", + # "sequence": 10, + # "le": 32, + # "prefix": "203.0.113.96/27" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list6 AllowIPv6Prefix", + # "delete policy prefix-list6 DenyIPv6Prefix", + # "set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24'", + # "delete policy prefix-list AnsibleIPv4PrefixList rule 3", + # "set policy prefix-list OverriddenPrefixList", + # "set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible'", + # "set policy prefix-list OverriddenPrefixList rule 10", + # "set policy prefix-list OverriddenPrefixList rule 10 action 'permit'", + # "set policy prefix-list OverriddenPrefixList rule 10 le '32'", + # "set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27'" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24' + # set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible' + # set policy prefix-list OverriddenPrefixList rule 10 action 'permit' + # set policy prefix-list OverriddenPrefixList rule 10 le '32' + # set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27' + # vyos@vyos:~$ + + + # # ------------------- + # # 4(i). Using deleted (to delete all prefix lists from the device) + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Delete all prefix-lists + # vyos.vyos.vyos_prefix_lists: + # config: + # state: deleted + + # # Task output: + # # ------------- + # "after": [], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list AnsibleIPv4PrefixList", + # "delete policy prefix-list6 AllowIPv6Prefix", + # "delete policy prefix-list6 DenyIPv6Prefix" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # vyos@vyos:~$ + + + # # ------------------- + # # 4(ii). Using deleted (to delete all prefix lists for an AFI) + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Delete all prefix-lists for IPv6 AFI + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv6" + # state: deleted + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list6 AllowIPv6Prefix", + # "delete policy prefix-list6 DenyIPv6Prefix" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # vyos@vyos:~$ + + + # # ------------------- + # # 4(iii). Using deleted (to delete single prefix list by name in different AFIs) + # # ------------------- + + # # Before state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + # vyos@vyos:~$ + + # # Task: + # # ------------- + # - name: Delete a single prefix-list from different AFIs + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # - afi: "ipv6" + # prefix_lists: + # - name: "DenyIPv6Prefix" + # state: deleted + + # # Task output: + # # ------------- + # "after": [ + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # } + # ] + # } + # ], + # "before": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ], + # "changed": true, + # "commands": [ + # "delete policy prefix-list AnsibleIPv4PrefixList", + # "delete policy prefix-list6 DenyIPv6Prefix" + # ] + + # # After state: + # # ------------- + # vyos@vyos:~$ show configuration commands | grep prefix-list + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # vyos@vyos:~$ + + + # # ------------------- + # # 5. Using gathered + # # ------------------- + + # # Task: + # # ------------- + # - name: Gather prefix-lists configurations + # vyos.vyos.vyos_prefix_lists: + # config: + # state: gathered + + # # Task output: + # # ------------- + # "gathered": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ] + + + # # ------------------- + # # 6. Using rendered + # # ------------------- + + # # Task: + # # ------------- + # - name: Render commands externally for the described prefix-list configurations + # vyos.vyos.vyos_prefix_lists: + # config: + # - afi: "ipv4" + # prefix_lists: + # - name: "AnsibleIPv4PrefixList" + # description: "PL configured by ansible" + # entries: + # - sequence: 2 + # description: "Rule 2 given by ansible" + # action: "permit" + # prefix: "92.168.10.0/26" + # le: 32 + + # - sequence: 3 + # description: "Rule 3" + # action: "deny" + # prefix: "72.168.2.0/24" + # ge: 26 + + # - afi: "ipv6" + # prefix_lists: + # - name: "AllowIPv6Prefix" + # description: "Configured by ansible for allowing IPv6 networks" + # entries: + # - sequence: 5 + # description: "Permit rule" + # action: "permit" + # prefix: "2001:db8:8000::/35" + # le: 37 + + # - name: DenyIPv6Prefix + # description: "Configured by ansible for disallowing IPv6 networks" + # entries: + # - sequence: 8 + # action: deny + # prefix: "2001:db8:2000::/35" + # le: 37 + # state: rendered + + # # Task output: + # # ------------- + # "rendered": [ + # "set policy prefix-list AnsibleIPv4PrefixList", + # "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", + # "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", + # "set policy prefix-list6 AllowIPv6Prefix", + # "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", + # "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", + # "set policy prefix-list6 DenyIPv6Prefix", + # "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", + # "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" + # ] + + + # # ------------------- + # # 7. Using parsed + # # ------------------- + + # # sample_config.cfg: + # # ------------- + # set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + # set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + # set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + # set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + # set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + # set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + # set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + # set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + # set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + # set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + # set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + # set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + + # # Task: + # # ------------- + # - name: Parse externally provided prefix-lists configuration + # vyos.vyos.vyos_prefix_lists: + # running_config: "{{ lookup('file', './sample_config.cfg') }}" + # state: parsed + + # # Task output: + # # ------------- + # "parsed": [ + # { + # "afi": "ipv4", + # "prefix_lists": [ + # { + # "description": "PL configured by ansible", + # "name": "AnsibleIPv4PrefixList", + # "entries": [ + # { + # "action": "permit", + # "description": "Rule 2 given by ansible", + # "sequence": 2, + # "le": 32, + # "prefix": "92.168.10.0/26" + # }, + # { + # "action": "deny", + # "description": "Rule 3", + # "ge": 26, + # "sequence": 3, + # "prefix": "72.168.2.0/24" + # } + # ] + # } + # ] + # }, + # { + # "afi": "ipv6", + # "prefix_lists": [ + # { + # "description": "Configured by ansible for allowing IPv6 networks", + # "name": "AllowIPv6Prefix", + # "entries": [ + # { + # "action": "permit", + # "description": "Permit rule", + # "sequence": 5, + # "le": 37, + # "prefix": "2001:db8:8000::/35" + # } + # ] + # }, + # { + # "description": "Configured by ansible for disallowing IPv6 networks", + # "name": "DenyIPv6Prefix", + # "entries": [ + # { + # "action": "deny", + # "sequence": 8, + # "le": 37, + # "prefix": "2001:db8:2000::/35" + # } + # ] + # } + # ] + # } + # ] + + + +Return Values +------------- +Common return values are documented `here `_, the following are the fields unique to this module: + +.. raw:: html + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
KeyReturnedDescription
+
+ after + +
+ list +
+ 		when changed +
The resulting configuration after the module invocation.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ before + +
+ list +
+ 		when state is merged, replaced, overridden or deleted +
The configuration prior to the module invocation.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ commands + +
+ list +
+ 		when state is merged, replaced, overridden or deleted +
The set of commands pushed to the remote device for the required configurations to take place.
+
+
Sample:
+
["set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'"]
+
+
+ gathered + +
+ list +
+ 		when state is gathered +
Facts about the network resource gathered from the remote device as structured data.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ parsed + +
+ list +
+ 		when state is parsed +
The device native config provided in running_config option parsed into structured data as per module argspec.
+
+
Sample:
+
This output will always be in the same format as the module argspec.
+
+
+ rendered + +
+ list +
+ 		when state is rendered +
The provided configuration in the task rendered in device-native format (offline).
+
+
Sample:
+
["set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'"]
+
+

+ + +Status +------ + + +Authors +~~~~~~~ + +- Priyam Sahoo (@priyamsahoo) diff --git a/meta/runtime.yml b/meta/runtime.yml index f8db7cc..912c896 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,221 +1,227 @@ --- -requires_ansible: '>=2.9.10' +requires_ansible: ">=2.9.10" plugin_routing: action: vyos_banner: redirect: vyos.vyos.vyos banner: redirect: vyos.vyos.vyos vyos_bgp_global: redirect: vyos.vyos.vyos bgp_global: redirect: vyos.vyos.vyos vyos_bgp_address_family: redirect: vyos.vyos.vyos bgp_address_family: redirect: vyos.vyos.vyos vyos_command: redirect: vyos.vyos.vyos command: redirect: vyos.vyos.vyos vyos_config: redirect: vyos.vyos.vyos config: redirect: vyos.vyos.vyos vyos_facts: redirect: vyos.vyos.vyos facts: redirect: vyos.vyos.vyos vyos_firewall_global: redirect: vyos.vyos.vyos firewall_global: redirect: vyos.vyos.vyos vyos_firewall_interfaces: redirect: vyos.vyos.vyos firewall_interfaces: redirect: vyos.vyos.vyos vyos_firewall_rules: redirect: vyos.vyos.vyos firewall_rules: redirect: vyos.vyos.vyos vyos_interface: redirect: vyos.vyos.vyos interface: redirect: vyos.vyos.vyos vyos_interfaces: redirect: vyos.vyos.vyos interfaces: redirect: vyos.vyos.vyos vyos_l3_interface: redirect: vyos.vyos.vyos l3_interface: redirect: vyos.vyos.vyos vyos_l3_interfaces: redirect: vyos.vyos.vyos l3_interfaces: redirect: vyos.vyos.vyos vyos_lag_interfaces: redirect: vyos.vyos.vyos lag_interfaces: redirect: vyos.vyos.vyos vyos_linkagg: redirect: vyos.vyos.vyos linkagg: redirect: vyos.vyos.vyos vyos_lldp: redirect: vyos.vyos.vyos lldp: redirect: vyos.vyos.vyos vyos_lldp_global: redirect: vyos.vyos.vyos lldp_global: redirect: vyos.vyos.vyos vyos_lldp_interface: redirect: vyos.vyos.vyos lldp_interface: redirect: vyos.vyos.vyos vyos_lldp_interfaces: redirect: vyos.vyos.vyos lldp_interfaces: redirect: vyos.vyos.vyos vyos_logging: redirect: vyos.vyos.vyos logging: redirect: vyos.vyos.vyos vyos_ospfv2: redirect: vyos.vyos.vyos ospfv2: redirect: vyos.vyos.vyos vyos_ospfv3: redirect: vyos.vyos.vyos ospfv3: redirect: vyos.vyos.vyos vyos_ospf_interfaces: redirect: vyos.vyos.vyos ospf_interfaces: redirect: vyos.vyos.vyos vyos_ping: redirect: vyos.vyos.vyos ping: redirect: vyos.vyos.vyos + vyos_prefix_lists: + redirect: vyos.vyos.vyos + prefix_lists: + redirect: vyos.vyos.vyos vyos_static_route: redirect: vyos.vyos.vyos static_route: redirect: vyos.vyos.vyos vyos_static_routes: redirect: vyos.vyos.vyos static_routes: redirect: vyos.vyos.vyos vyos_system: redirect: vyos.vyos.vyos system: redirect: vyos.vyos.vyos vyos_user: redirect: vyos.vyos.vyos user: redirect: vyos.vyos.vyos vyos_vlan: redirect: vyos.vyos.vyos vlan: redirect: vyos.vyos.vyos modules: banner: redirect: vyos.vyos.vyos_banner bgp_global: redirect: vyos.vyos.vyos_bgp_global bgp_address_family: redirect: vyos.vyos.vyos_bgp_address_family command: redirect: vyos.vyos.vyos_command config: redirect: vyos.vyos.vyos_config facts: redirect: vyos.vyos.vyos_facts firewall_global: redirect: vyos.vyos.vyos_firewall_global firewall_interfaces: redirect: vyos.vyos.vyos_firewall_interfaces firewall_rules: redirect: vyos.vyos.vyos_firewall_rules interface: redirect: vyos.vyos.vyos_interface deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_interface: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details interfaces: redirect: vyos.vyos.vyos_interfaces l3_interface: redirect: vyos.vyos.vyos_l3_interface deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_l3_interface: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details l3_interfaces: redirect: vyos.vyos.vyos_l3_interfaces lag_interfaces: redirect: vyos.vyos.vyos_lag_interfaces linkagg: redirect: vyos.vyos.vyos_linkagg deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_linkagg: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp: redirect: vyos.vyos.vyos_lldp deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_lldp: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp_global: redirect: vyos.vyos.vyos_lldp_global lldp_interface: redirect: vyos.vyos.vyos_lldp_interface deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_lldp_interface: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details lldp_interfaces: redirect: vyos.vyos.vyos_lldp_interfaces logging: redirect: vyos.vyos.vyos_logging ospfv2: redirect: vyos.vyos.vyos_ospfv2 ospfv3: redirect: vyos.vyos.vyos_ospfv3 ospf_interfaces: redirect: vyos.vyos.vyos_ospf_interfaces ping: redirect: vyos.vyos.vyos_ping + prefix_lists: + redirect: vyos.vyos.vyos_prefix_lists static_route: redirect: vyos.vyos.vyos_static_route deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details vyos_static_route: deprecation: - removal_date: '2022-06-01' + removal_date: "2022-06-01" warning_text: See the plugin documentation for more details static_routes: redirect: vyos.vyos.vyos_static_routes system: redirect: vyos.vyos.vyos_system user: redirect: vyos.vyos.vyos_user vlan: redirect: vyos.vyos.vyos_vlan diff --git a/plugins/module_utils/network/vyos/argspec/prefix_lists/__init__.py b/plugins/module_utils/network/vyos/argspec/prefix_lists/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/plugins/module_utils/network/vyos/argspec/prefix_lists/prefix_lists.py b/plugins/module_utils/network/vyos/argspec/prefix_lists/prefix_lists.py new file mode 100644 index 0000000..c7d2e98 --- /dev/null +++ b/plugins/module_utils/network/vyos/argspec/prefix_lists/prefix_lists.py @@ -0,0 +1,82 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +############################################# +# WARNING # +############################################# +# +# This file is auto generated by the +# cli_rm_builder. +# +# Manually editing this file is not advised. +# +# To update the argspec make the desired changes +# in the module docstring and re-run +# cli_rm_builder. +# +############################################# + +""" +The arg spec for the vyos_prefix_lists module +""" + + +class Prefix_listsArgs(object): # pylint: disable=R0903 + """The arg spec for the vyos_prefix_lists module""" + + argument_spec = { + "config": { + "type": "list", + "elements": "dict", + "options": { + "afi": { + "type": "str", + "choices": ["ipv4", "ipv6"], + "required": True, + }, + "prefix_lists": { + "type": "list", + "elements": "dict", + "options": { + "name": {"type": "str", "required": True}, + "description": {"type": "str"}, + "entries": { + "type": "list", + "elements": "dict", + "options": { + "sequence": {"type": "int", "required": True}, + "description": {"type": "str"}, + "action": { + "type": "str", + "choices": ["permit", "deny"], + }, + "ge": {"type": "int"}, + "le": {"type": "int"}, + "prefix": {"type": "str"}, + }, + }, + }, + }, + }, + }, + "running_config": {"type": "str"}, + "state": { + "type": "str", + "choices": [ + "merged", + "replaced", + "overridden", + "deleted", + "gathered", + "rendered", + "parsed", + ], + "default": "merged", + }, + } # pylint: disable=C0301 diff --git a/plugins/module_utils/network/vyos/config/prefix_lists/__init__.py b/plugins/module_utils/network/vyos/config/prefix_lists/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py b/plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py new file mode 100644 index 0000000..b2c119d --- /dev/null +++ b/plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py @@ -0,0 +1,182 @@ +# +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The vyos_prefix_lists config file. +It is in this file where the current configuration (as dict) +is compared to the provided configuration (as dict) and the command set +necessary to bring the current configuration to its desired end-state is +created. +""" + + +from ansible.module_utils.six import iteritems +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.utils import ( + dict_merge, +) +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module import ( + ResourceModule, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.facts import ( + Facts, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.prefix_lists import ( + Prefix_listsTemplate, +) + + +class Prefix_lists(ResourceModule): + """ + The vyos_prefix_lists config class + """ + + def __init__(self, module): + super(Prefix_lists, self).__init__( + empty_fact_val=[], + facts_module=Facts(module), + module=module, + resource="prefix_lists", + tmplt=Prefix_listsTemplate(), + ) + self.plist_parsers = [ + "name", + "description", + ] + self.entries_parsers = [ + "sequence", + "action", + "rule_description", + "ge", + "le", + "prefix", + ] + + def execute_module(self): + """Execute the module + + :rtype: A dictionary + :returns: The result from module execution + """ + if self.state not in ["parsed", "gathered"]: + self.generate_commands() + self.run_commands() + return self.result + + def generate_commands(self): + """Generate configuration commands to send based on + want, have and desired state. + """ + wantd = {entry["afi"]: entry for entry in self.want} + haved = {entry["afi"]: entry for entry in self.have} + + self._prefix_list_list_to_dict(wantd) + self._prefix_list_list_to_dict(haved) + + # if state is merged, merge want onto have and then compare + if self.state == "merged": + wantd = dict_merge(haved, wantd) + + # if state is deleted, empty out wantd and set haved to wantd + if self.state == "deleted": + haved = { + k: v for k, v in iteritems(haved) if k in wantd or not wantd + } + for key, hvalue in iteritems(haved): + wvalue = wantd.pop(key, {}) + if wvalue: + wplists = wvalue.get("prefix_lists", {}) + hplists = hvalue.get("prefix_lists", {}) + hvalue["prefix_lists"] = { + k: v + for k, v in iteritems(hplists) + if k in wplists or not wplists + } + + # remove superfluous config for overridden and deleted + if self.state in ["overridden", "deleted"]: + for k, have in iteritems(haved): + if k not in wantd: + self._compare(want={}, have=have) + + for k, want in iteritems(wantd): + self._compare(want=want, have=haved.pop(k, {})) + + def _compare(self, want, have): + """Leverages the base class `compare()` method and + populates the list of commands to be run by comparing + the `want` and `have` data with the `parsers` defined + for the Prefix_lists network resource. + """ + wplists = want.get("prefix_lists", {}) + hplists = have.get("prefix_lists", {}) + + self._compare_plists(want=wplists, have=hplists) + + if self.state in ["overridden", "deleted"]: + # remove remaining prefix lists + for h in hplists.values(): + self.commands.append( + "delete policy prefix-{0} {1}".format( + "list" if h["afi"] == "ipv4" else "list6", h["name"] + ) + ) + + def _compare_plists(self, want, have): + for wk, wentry in iteritems(want): + hentry = have.pop(wk, {}) + + # parser list for name and descriptions + self.compare( + parsers=self.plist_parsers, + want=wentry, + have=hentry, + ) + + wplrules = wentry.get("entries", {}) + hplrules = hentry.get("entries", {}) + + self._compare_rules(want=wplrules, have=hplrules) + + def _compare_rules(self, want, have): + for wr, wrule in iteritems(want): + hrule = have.pop(wr, {}) + + # parser list for entries + self.compare( + parsers=self.entries_parsers, + want=wrule, + have=hrule, + ) + + # remove remaining entries + for hr in have.values(): + self.commands.append( + "delete policy prefix-{0} {1} rule {2}".format( + "list" if hr["afi"] == "ipv4" else "list6", + hr["name"], + hr["sequence"], + ) + ) + + def _prefix_list_list_to_dict(self, entry): + for afi, value in iteritems(entry): + if "prefix_lists" in value: + for pl in value["prefix_lists"]: + pl.update({"afi": afi}) + if "entries" in pl: + for entry in pl["entries"]: + entry.update({"afi": afi, "name": pl["name"]}) + pl["entries"] = { + x["sequence"]: x for x in pl["entries"] + } + value["prefix_lists"] = { + entry["name"]: entry for entry in value["prefix_lists"] + } diff --git a/plugins/module_utils/network/vyos/facts/facts.py b/plugins/module_utils/network/vyos/facts/facts.py index 81518f8..90ee03c 100644 --- a/plugins/module_utils/network/vyos/facts/facts.py +++ b/plugins/module_utils/network/vyos/facts/facts.py @@ -1,115 +1,119 @@ # Copyright 2019 Red Hat # GNU General Public License v3.0+ # (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) """ The facts class for vyos this file validates each subset of facts and selectively calls the appropriate facts gathering function """ from __future__ import absolute_import, division, print_function __metaclass__ = type from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.facts.facts import ( FactsBase, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.interfaces.interfaces import ( InterfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.l3_interfaces.l3_interfaces import ( L3_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.lag_interfaces.lag_interfaces import ( Lag_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.lldp_global.lldp_global import ( Lldp_globalFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.lldp_interfaces.lldp_interfaces import ( Lldp_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_rules.firewall_rules import ( Firewall_rulesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.static_routes.static_routes import ( Static_routesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_global.firewall_global import ( Firewall_globalFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.firewall_interfaces.firewall_interfaces import ( Firewall_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ospfv3.ospfv3 import ( Ospfv3Facts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ospfv2.ospfv2 import ( Ospfv2Facts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.ospf_interfaces.ospf_interfaces import ( Ospf_interfacesFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_global.bgp_global import ( Bgp_globalFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.bgp_address_family.bgp_address_family import ( Bgp_address_familyFacts, ) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.route_maps.route_maps import ( Route_mapsFacts, ) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.prefix_lists.prefix_lists import ( + Prefix_listsFacts, +) from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.legacy.base import ( Default, Neighbors, Config, ) FACT_LEGACY_SUBSETS = dict(default=Default, neighbors=Neighbors, config=Config) FACT_RESOURCE_SUBSETS = dict( interfaces=InterfacesFacts, l3_interfaces=L3_interfacesFacts, lag_interfaces=Lag_interfacesFacts, lldp_global=Lldp_globalFacts, lldp_interfaces=Lldp_interfacesFacts, static_routes=Static_routesFacts, firewall_rules=Firewall_rulesFacts, firewall_global=Firewall_globalFacts, firewall_interfaces=Firewall_interfacesFacts, ospfv3=Ospfv3Facts, ospfv2=Ospfv2Facts, ospf_interfaces=Ospf_interfacesFacts, bgp_global=Bgp_globalFacts, bgp_address_family=Bgp_address_familyFacts, route_maps=Route_mapsFacts, + prefix_lists=Prefix_listsFacts, ) class Facts(FactsBase): """The fact class for vyos""" VALID_LEGACY_GATHER_SUBSETS = frozenset(FACT_LEGACY_SUBSETS.keys()) VALID_RESOURCE_SUBSETS = frozenset(FACT_RESOURCE_SUBSETS.keys()) def __init__(self, module): super(Facts, self).__init__(module) def get_facts( self, legacy_facts_type=None, resource_facts_type=None, data=None ): """Collect the facts for vyos :param legacy_facts_type: List of legacy facts types :param resource_facts_type: List of resource fact types :param data: previously collected conf :rtype: dict :return: the facts gathered """ if self.VALID_RESOURCE_SUBSETS: self.get_network_resources_facts( FACT_RESOURCE_SUBSETS, resource_facts_type, data ) if self.VALID_LEGACY_GATHER_SUBSETS: self.get_network_legacy_facts( FACT_LEGACY_SUBSETS, legacy_facts_type ) return self.ansible_facts, self._warnings diff --git a/plugins/module_utils/network/vyos/facts/prefix_lists/__init__.py b/plugins/module_utils/network/vyos/facts/prefix_lists/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/plugins/module_utils/network/vyos/facts/prefix_lists/prefix_lists.py b/plugins/module_utils/network/vyos/facts/prefix_lists/prefix_lists.py new file mode 100644 index 0000000..15a2db9 --- /dev/null +++ b/plugins/module_utils/network/vyos/facts/prefix_lists/prefix_lists.py @@ -0,0 +1,93 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The vyos prefix_lists fact class +It is in this file the configuration is collected from the device +for a given resource, parsed, and the facts tree is populated +based on the configuration. +""" + + +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common import ( + utils, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.rm_templates.prefix_lists import ( + Prefix_listsTemplate, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.prefix_lists.prefix_lists import ( + Prefix_listsArgs, +) + + +class Prefix_listsFacts(object): + """The vyos prefix_lists facts class""" + + def __init__(self, module, subspec="config", options="options"): + self._module = module + self.argument_spec = Prefix_listsArgs.argument_spec + + def get_config(self, connection): + return connection.get("show configuration commands | grep prefix-list") + + def populate_facts(self, connection, ansible_facts, data=None): + """Populate the facts for Prefix_lists network resource + + :param connection: the device connection + :param ansible_facts: Facts dictionary + :param data: previously collected conf + + :rtype: dictionary + :returns: facts + """ + facts = {} + objs = [] + + if not data: + data = self.get_config(connection) + + # parse native config using the Prefix_lists template + prefix_lists_parser = Prefix_listsTemplate( + lines=data.splitlines(), module=self._module + ) + + objs = prefix_lists_parser.parse() + objs = sorted( + list(objs.values()), + key=lambda k: k["afi"], + ) + + if objs: + for item in objs: + item["prefix_lists"] = sorted( + list(item["prefix_lists"].values()), + key=lambda k: k["name"], + ) + for pl in item["prefix_lists"]: + if "entries" in pl: + pl["entries"] = sorted( + list(pl["entries"].values()), + key=lambda k: k["sequence"], + ) + + ansible_facts["ansible_network_resources"].pop("prefix_lists", None) + + params = utils.remove_empties( + prefix_lists_parser.validate_config( + self.argument_spec, {"config": objs}, redact=True + ) + ) + + if params.get("config"): + facts["prefix_lists"] = params["config"] + else: + facts["prefix_lists"] = [] + ansible_facts["ansible_network_resources"].update(facts) + + return ansible_facts diff --git a/plugins/module_utils/network/vyos/rm_templates/prefix_lists.py b/plugins/module_utils/network/vyos/rm_templates/prefix_lists.py new file mode 100644 index 0000000..9a66a8d --- /dev/null +++ b/plugins/module_utils/network/vyos/rm_templates/prefix_lists.py @@ -0,0 +1,265 @@ +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +""" +The Prefix_lists parser templates file. This contains +a list of parser definitions and associated functions that +facilitates both facts gathering and native command generation for +the given network resource. +""" + +import re +from ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.network_template import ( + NetworkTemplate, +) + + +class Prefix_listsTemplate(NetworkTemplate): + def __init__(self, lines=None, module=None): + prefix = {"set": "set", "remove": "delete"} + super(Prefix_listsTemplate, self).__init__( + lines=lines, tmplt=self, module=module, prefix=prefix + ) + + # fmt: off + PARSERS = [ + # policy prefix-list + { + "name": "name", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }}", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + } + } + } + }, + }, + + # policy prefix-list description + { + "name": "description", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \sdescription\s'(?P.+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} description '{{ description }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "description": "{{ description }}" + } + } + } + }, + }, + + # policy prefix-list rule + { + "name": "sequence", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \srule\s(?P\d+) + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }}", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}" + } + } + } + } + } + }, + }, + + # policy prefix-list rule action + { + "name": "action", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \srule\s(?P\d+) + \saction\s'(?Ppermit|deny)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} action '{{ action }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "action": "{{ action }}" + } + } + } + } + } + }, + }, + + # policy prefix-list rule description + { + "name": "rule_description", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \srule\s(?P\d+) + \sdescription\s'(?P.+)' + $""", re.VERBOSE), + "compval": "description", + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} description '{{ description }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "description": "{{ rule_description }}" + } + } + } + } + } + }, + }, + + # policy prefix-list rule ge + { + "name": "ge", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \srule\s(?P\d+) + \sge\s'(?P\d+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} ge '{{ ge }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "ge": "{{ ge }}" + } + } + } + } + } + }, + }, + + # policy prefix-list rule le + { + "name": "le", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \srule\s(?P\d+) + \sle\s'(?P\d+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} le '{{ le }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "le": "{{ le }}" + } + } + } + } + } + }, + }, + + # policy prefix-list rule prefix + { + "name": "prefix", + "getval": re.compile( + r""" + ^set + \spolicy + \sprefix-(?P\S+) + \s(?P\S+) + \srule\s(?P\d+) + \sprefix\s'(?P\S+)' + $""", re.VERBOSE), + "setval": "policy prefix-{{ 'list' if afi == 'ipv4' else 'list6' }} {{ name }} rule {{ sequence }} prefix '{{ prefix }}'", + "result": { + "{{ 'ipv4' if afi == 'list' else 'ipv6' }}": { + "afi": "{{ 'ipv4' if afi == 'list' else 'ipv6' }}", + "prefix_lists": { + "{{ name }}": { + "name": "{{ name }}", + "entries": { + "{{ sequence }}": { + "sequence": "{{ sequence }}", + "prefix": "{{ prefix }}" + } + } + } + } + } + }, + }, + ] + # fmt: on diff --git a/plugins/modules/vyos_prefix_lists.py b/plugins/modules/vyos_prefix_lists.py new file mode 100644 index 0000000..8b67caf --- /dev/null +++ b/plugins/modules/vyos_prefix_lists.py @@ -0,0 +1,1329 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +# Copyright 2021 Red Hat +# GNU General Public License v3.0+ +# (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) + +""" +The module file for vyos_prefix_lists +""" + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = """ +module: vyos_prefix_lists +short_description: Prefix-Lists resource module for VyOS +description: + - This module manages prefix-lists configuration on devices running VyOS +version_added: 2.4.0 +author: Priyam Sahoo (@priyamsahoo) +notes: + - Tested against VyOS 1.1.8 (helium) + - This module works with connection C(network_cli) +options: + config: + description: A list of prefix-list options + type: list + elements: dict + suboptions: + afi: + description: The Address Family Indicator (AFI) for the prefix-lists + type: str + choices: ["ipv4", "ipv6"] + required: true + prefix_lists: + description: A list of prefix-list configurations + type: list + elements: dict + suboptions: + name: + description: The name of a defined prefix-list + type: str + required: true + description: + description: A brief text description for the prefix-list + type: str + entries: + description: Rule configurations for the prefix-list + type: list + elements: dict + suboptions: + sequence: + description: A numeric identifier for the rule + type: int + required: true + description: + description: A brief text description for the prefix list rule + type: str + action: + description: The action to be taken for packets matching a prefix list rule + type: str + choices: ["permit", "deny"] + ge: + description: Minimum prefix length to be matched + type: int + le: + description: Maximum prefix list length to be matched + type: int + prefix: + description: IPv4 or IPv6 prefix in A.B.C.D/LEN or A:B::C:D/LEN format + type: str + running_config: + description: + - This option is used only with state I(parsed). + - The value of this option should be the output received from the VyOS device + by executing the command B(show configuration commands | grep prefix-list). + - The state I(parsed) reads the configuration from C(running_config) option and + transforms it into Ansible structured data as per the resource module's argspec + and the value is then returned in the I(parsed) key within the result. + type: str + state: + description: + - The state the configuration should be left in + type: str + choices: + - merged + - replaced + - overridden + - deleted + - gathered + - rendered + - parsed + default: merged +""" + +EXAMPLES = """ +# # ------------------- +# # 1. Using merged +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# vyos@vyos:~$ + +# # Task +# # ------------- +# - name: Merge the provided configuration with the existing running configuration +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: "PL configured by ansible" +# entries: +# - sequence: 2 +# description: "Rule 2 given by ansible" +# action: "permit" +# prefix: "92.168.10.0/26" +# le: 32 + +# - sequence: 3 +# description: "Rule 3" +# action: "deny" +# prefix: "72.168.2.0/24" +# ge: 26 + +# - afi: "ipv6" +# prefix_lists: +# - name: "AllowIPv6Prefix" +# description: "Configured by ansible for allowing IPv6 networks" +# entries: +# - sequence: 5 +# description: "Permit rule" +# action: "permit" +# prefix: "2001:db8:8000::/35" +# le: 37 + +# - name: DenyIPv6Prefix +# description: "Configured by ansible for disallowing IPv6 networks" +# entries: +# - sequence: 8 +# action: deny +# prefix: "2001:db8:2000::/35" +# le: 37 +# state: merged + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "before": [], +# "changed": true, +# "commands": [ +# "set policy prefix-list AnsibleIPv4PrefixList", +# "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", +# "set policy prefix-list6 AllowIPv6Prefix", +# "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", +# "set policy prefix-list6 DenyIPv6Prefix", +# "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" +# ] + +# After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + + +# # ------------------- +# # 2. Using replaced +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: "Configuration replaced by ansible" +# entries: +# - sequence: 3 +# description: "Rule 3 replaced by ansible" +# action: "permit" +# prefix: "82.168.2.0/24" +# ge: 26 +# state: replaced + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "Configuration replaced by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 3 replaced by ansible", +# "ge": 26, +# "sequence": 3, +# "prefix": "82.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 2" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + + +# # ------------------- +# # 3. Using overridden +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Override all prefix-lists configuration with provided configuration +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: Rule 2 overridden by ansible +# entries: +# - sequence: 2 +# action: "deny" +# ge: 26 +# prefix: "82.168.2.0/24" + +# - name: "OverriddenPrefixList" +# description: Configuration overridden by ansible +# entries: +# - sequence: 10 +# action: permit +# prefix: "203.0.113.96/27" +# le: 32 +# state: overridden + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "Rule 2 overridden by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "deny", +# "ge": 26, +# "sequence": 2, +# "prefix": "82.168.2.0/24" +# } +# ] +# }, +# { +# "description": "Configuration overridden by ansible", +# "name": "OverriddenPrefixList", +# "entries": [ +# { +# "action": "permit", +# "sequence": 10, +# "le": 32, +# "prefix": "203.0.113.96/27" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list6 AllowIPv6Prefix", +# "delete policy prefix-list6 DenyIPv6Prefix", +# "set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24'", +# "delete policy prefix-list AnsibleIPv4PrefixList rule 3", +# "set policy prefix-list OverriddenPrefixList", +# "set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible'", +# "set policy prefix-list OverriddenPrefixList rule 10", +# "set policy prefix-list OverriddenPrefixList rule 10 action 'permit'", +# "set policy prefix-list OverriddenPrefixList rule 10 le '32'", +# "set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27'" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'Rule 2 overridden by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24' +# set policy prefix-list OverriddenPrefixList description 'Configuration overridden by ansible' +# set policy prefix-list OverriddenPrefixList rule 10 action 'permit' +# set policy prefix-list OverriddenPrefixList rule 10 le '32' +# set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27' +# vyos@vyos:~$ + + +# # ------------------- +# # 4(i). Using deleted (to delete all prefix lists from the device) +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Delete all prefix-lists +# vyos.vyos.vyos_prefix_lists: +# config: +# state: deleted + +# # Task output: +# # ------------- +# "after": [], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list AnsibleIPv4PrefixList", +# "delete policy prefix-list6 AllowIPv6Prefix", +# "delete policy prefix-list6 DenyIPv6Prefix" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# vyos@vyos:~$ + + +# # ------------------- +# # 4(ii). Using deleted (to delete all prefix lists for an AFI) +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Delete all prefix-lists for IPv6 AFI +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv6" +# state: deleted + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list6 AllowIPv6Prefix", +# "delete policy prefix-list6 DenyIPv6Prefix" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# vyos@vyos:~$ + + +# # ------------------- +# # 4(iii). Using deleted (to delete single prefix list by name in different AFIs) +# # ------------------- + +# # Before state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' +# vyos@vyos:~$ + +# # Task: +# # ------------- +# - name: Delete a single prefix-list from different AFIs +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# - afi: "ipv6" +# prefix_lists: +# - name: "DenyIPv6Prefix" +# state: deleted + +# # Task output: +# # ------------- +# "after": [ +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# } +# ] +# } +# ], +# "before": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ], +# "changed": true, +# "commands": [ +# "delete policy prefix-list AnsibleIPv4PrefixList", +# "delete policy prefix-list6 DenyIPv6Prefix" +# ] + +# # After state: +# # ------------- +# vyos@vyos:~$ show configuration commands | grep prefix-list +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# vyos@vyos:~$ + + +# # ------------------- +# # 5. Using gathered +# # ------------------- + +# # Task: +# # ------------- +# - name: Gather prefix-lists configurations +# vyos.vyos.vyos_prefix_lists: +# config: +# state: gathered + +# # Task output: +# # ------------- +# "gathered": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ] + + +# # ------------------- +# # 6. Using rendered +# # ------------------- + +# # Task: +# # ------------- +# - name: Render commands externally for the described prefix-list configurations +# vyos.vyos.vyos_prefix_lists: +# config: +# - afi: "ipv4" +# prefix_lists: +# - name: "AnsibleIPv4PrefixList" +# description: "PL configured by ansible" +# entries: +# - sequence: 2 +# description: "Rule 2 given by ansible" +# action: "permit" +# prefix: "92.168.10.0/26" +# le: 32 + +# - sequence: 3 +# description: "Rule 3" +# action: "deny" +# prefix: "72.168.2.0/24" +# ge: 26 + +# - afi: "ipv6" +# prefix_lists: +# - name: "AllowIPv6Prefix" +# description: "Configured by ansible for allowing IPv6 networks" +# entries: +# - sequence: 5 +# description: "Permit rule" +# action: "permit" +# prefix: "2001:db8:8000::/35" +# le: 37 + +# - name: DenyIPv6Prefix +# description: "Configured by ansible for disallowing IPv6 networks" +# entries: +# - sequence: 8 +# action: deny +# prefix: "2001:db8:2000::/35" +# le: 37 +# state: rendered + +# # Task output: +# # ------------- +# "rendered": [ +# "set policy prefix-list AnsibleIPv4PrefixList", +# "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'", +# "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'", +# "set policy prefix-list6 AllowIPv6Prefix", +# "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'", +# "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'", +# "set policy prefix-list6 DenyIPv6Prefix", +# "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'", +# "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" +# ] + + +# # ------------------- +# # 7. Using parsed +# # ------------------- + +# # sample_config.cfg: +# # ------------- +# set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +# set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +# set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +# set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +# set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +# set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +# set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +# set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +# set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +# set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +# set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +# set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + +# # Task: +# # ------------- +# - name: Parse externally provided prefix-lists configuration +# vyos.vyos.vyos_prefix_lists: +# running_config: "{{ lookup('file', './sample_config.cfg') }}" +# state: parsed + +# # Task output: +# # ------------- +# "parsed": [ +# { +# "afi": "ipv4", +# "prefix_lists": [ +# { +# "description": "PL configured by ansible", +# "name": "AnsibleIPv4PrefixList", +# "entries": [ +# { +# "action": "permit", +# "description": "Rule 2 given by ansible", +# "sequence": 2, +# "le": 32, +# "prefix": "92.168.10.0/26" +# }, +# { +# "action": "deny", +# "description": "Rule 3", +# "ge": 26, +# "sequence": 3, +# "prefix": "72.168.2.0/24" +# } +# ] +# } +# ] +# }, +# { +# "afi": "ipv6", +# "prefix_lists": [ +# { +# "description": "Configured by ansible for allowing IPv6 networks", +# "name": "AllowIPv6Prefix", +# "entries": [ +# { +# "action": "permit", +# "description": "Permit rule", +# "sequence": 5, +# "le": 37, +# "prefix": "2001:db8:8000::/35" +# } +# ] +# }, +# { +# "description": "Configured by ansible for disallowing IPv6 networks", +# "name": "DenyIPv6Prefix", +# "entries": [ +# { +# "action": "deny", +# "sequence": 8, +# "le": 37, +# "prefix": "2001:db8:2000::/35" +# } +# ] +# } +# ] +# } +# ] + +""" + +RETURN = """ + +before: + description: The configuration prior to the module invocation. + returned: when state is I(merged), I(replaced), I(overridden) or I(deleted) + type: list + sample: > + This output will always be in the same format as the + module argspec. +after: + description: The resulting configuration after the module invocation. + returned: when changed + type: list + sample: > + This output will always be in the same format as the + module argspec. +commands: + description: The set of commands pushed to the remote device for the required configurations to take place. + returned: when state is I(merged), I(replaced), I(overridden) or I(deleted) + type: list + sample: + - set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + - set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +rendered: + description: The provided configuration in the task rendered in device-native format (offline). + returned: when state is I(rendered) + type: list + sample: + - set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + - set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +gathered: + description: Facts about the network resource gathered from the remote device as structured data. + returned: when state is I(gathered) + type: list + sample: > + This output will always be in the same format as the + module argspec. +parsed: + description: The device native config provided in I(running_config) option parsed into structured data as per module argspec. + returned: when state is I(parsed) + type: list + sample: > + This output will always be in the same format as the + module argspec. + +""" + + +from ansible.module_utils.basic import AnsibleModule +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.argspec.prefix_lists.prefix_lists import ( + Prefix_listsArgs, +) +from ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.config.prefix_lists.prefix_lists import ( + Prefix_lists, +) + + +def main(): + """ + Main entry point for module execution + + :returns: the result form module invocation + """ + module = AnsibleModule( + argument_spec=Prefix_listsArgs.argument_spec, + mutually_exclusive=[["config", "running_config"]], + required_if=[ + ["state", "merged", ["config"]], + ["state", "replaced", ["config"]], + ["state", "overridden", ["config"]], + ["state", "rendered", ["config"]], + ["state", "parsed", ["running_config"]], + ], + supports_check_mode=True, + ) + + result = Prefix_lists(module).execute_module() + module.exit_json(**result) + + +if __name__ == "__main__": + main() diff --git a/tests/integration/targets/vyos_prefix_lists/defaults/main.yaml b/tests/integration/targets/vyos_prefix_lists/defaults/main.yaml new file mode 100644 index 0000000..164afea --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "[^_].*" +test_items: [] diff --git a/tests/integration/targets/vyos_prefix_lists/tasks/cli.yaml b/tests/integration/targets/vyos_prefix_lists/tasks/cli.yaml new file mode 100644 index 0000000..93eb2fe --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + find: + paths: '{{ role_path }}/tests/cli' + patterns: '{{ testcase }}.yaml' + use_regex: true + register: test_cases + delegate_to: localhost + +- name: Set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) + include: '{{ test_case_to_run }}' + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: '{{ test_items }}' + loop_control: + loop_var: test_case_to_run diff --git a/tests/integration/targets/vyos_prefix_lists/tasks/main.yaml b/tests/integration/targets/vyos_prefix_lists/tasks/main.yaml new file mode 100644 index 0000000..b957d2f --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tasks/main.yaml @@ -0,0 +1,4 @@ +--- +- include: cli.yaml + tags: + - network_cli diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/_parsed.cfg b/tests/integration/targets/vyos_prefix_lists/tests/cli/_parsed.cfg new file mode 100644 index 0000000..25744b3 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/_parsed.cfg @@ -0,0 +1,18 @@ +set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' +set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' +set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' +set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' +set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' +set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' +set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' +set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' +set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' +set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' +set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' +set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' +set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' +set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' +set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' +set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' +set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' +set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' \ No newline at end of file diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/_populate_config.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/_populate_config.yaml new file mode 100644 index 0000000..9be477d --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/_populate_config.yaml @@ -0,0 +1,22 @@ +--- +- name: Populate config + vyos.vyos.vyos_config: + lines: + - "set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26'" + - "set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24'" + - "set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 le '37'" + - "set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35'" + - "set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks'" + - "set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny'" + - "set policy prefix-list6 DenyIPv6Prefix rule 8 le '37'" + - "set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35'" diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/_remove_config.yaml new file mode 100644 index 0000000..f0777b6 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/_remove_config.yaml @@ -0,0 +1,11 @@ +--- +- name: Remove pre-existing prefix-list configurations + vyos.vyos.vyos_config: + lines: + - delete policy prefix-list AnsibleIPv4PrefixList + - delete policy prefix-list OverriddenPrefixList + - delete policy prefix-list6 AllowIPv6Prefix + - delete policy prefix-list6 DenyIPv6Prefix + ignore_errors: true + vars: + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/deleted.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/deleted.yaml new file mode 100644 index 0000000..9209fad --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/deleted.yaml @@ -0,0 +1,108 @@ +--- +- debug: + msg: START vyos_prefix_lists deleted integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + # Delete all prefix-lists + - name: Delete all prefix-lists + register: result + vyos.vyos.vyos_prefix_lists: &id006 + config: + state: deleted + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ deleted['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dict is correctly generated + assert: + that: + - result["after"] == [] + + - name: Delete all prefix-lists (IDEMPOTENT) + register: result + vyos.vyos.vyos_prefix_lists: *id006 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + + - include_tasks: _remove_config.yaml + + - include_tasks: _populate_config.yaml + + # Delete all prefix-lists for an AFI + - name: Delete all prefix-lists for IPv6 AFI + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv6" + state: deleted + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - '"delete policy prefix-list6 AllowIPv6Prefix" in result.commands' + - '"delete policy prefix-list6 DenyIPv6Prefix" in result.commands' + - result.commands|length == 2 + + - name: Assert that after dict is correctly generated + assert: + that: + - result["after"][0] == merged["after"][0] + - result["after"]|length == 1 + + - include_tasks: _remove_config.yaml + + - include_tasks: _populate_config.yaml + + # Delete single prefix-list from different AFIs + - name: Delete a single prefix-list from different AFIs + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + - afi: "ipv6" + prefix_lists: + - name: "DenyIPv6Prefix" + state: deleted + + - name: Assert that before dicts are correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - '"delete policy prefix-list AnsibleIPv4PrefixList" in result.commands' + - '"delete policy prefix-list6 DenyIPv6Prefix" in result.commands' + - result.commands|length == 2 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/empty_config.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/empty_config.yaml new file mode 100644 index 0000000..70ac937 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/empty_config.yaml @@ -0,0 +1,58 @@ +--- +- debug: + msg: START vyos_prefix_lists empty_config integration tests on connection={{ ansible_connection }} + +- name: Merged with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: merged + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: replaced + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Overridden with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: overridden + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state overridden' + +- name: Rendered with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + config: + state: rendered + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state rendered' + +- name: Parsed with empty config should give appropriate error message + register: result + ignore_errors: true + vyos.vyos.vyos_prefix_lists: + running_config: + state: parsed + +- assert: + that: + - result.msg == 'value of running_config parameter must not be empty for state parsed' diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/gathered.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/gathered.yaml new file mode 100644 index 0000000..ef23bcc --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/gathered.yaml @@ -0,0 +1,24 @@ +--- +- debug: + msg: START vyos_prefix_lists gathered integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Gather prefix-lists configurations + register: result + vyos.vyos.vyos_prefix_lists: + config: + state: gathered + + - name: Assert that facts are correctly generated + assert: + that: + - result["gathered"][0] == merged["after"][0] + - result["gathered"][1] == merged["after"][1] + - result['gathered']|length == 2 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/merged.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/merged.yaml new file mode 100644 index 0000000..ef94743 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/merged.yaml @@ -0,0 +1,77 @@ +--- +- debug: + msg: START vyos_prefix_lists merged integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + - name: Merge the provided configuration with the existing running configuration + register: result + vyos.vyos.vyos_prefix_lists: &id001 + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "PL configured by ansible" + entries: + - sequence: 2 + description: "Rule 2 given by ansible" + action: "permit" + prefix: "92.168.10.0/26" + le: 32 + + - sequence: 3 + description: "Rule 3" + action: "deny" + prefix: "72.168.2.0/24" + ge: 26 + + - afi: "ipv6" + prefix_lists: + - name: "AllowIPv6Prefix" + description: "Configured by ansible for allowing IPv6 networks" + entries: + - sequence: 5 + description: "Permit rule" + action: "permit" + prefix: "2001:db8:8000::/35" + le: 37 + + - name: DenyIPv6Prefix + description: "Configured by ansible for disallowing IPv6 networks" + entries: + - sequence: 8 + action: deny + prefix: "2001:db8:2000::/35" + le: 37 + state: merged + + - name: Assert that before dicts were correctly generated + assert: + that: "{{ result['before'] == [] }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ merged['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts were correctly generated + assert: + that: + - "{{ result['after'][0] == merged['after'][0] }}" + - "{{ result['after'][1] == merged['after'][1] }}" + - "{{ result['after']|length == 2 }}" + + - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) + vyos.vyos.vyos_prefix_lists: *id001 + register: result + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/overridden.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/overridden.yaml new file mode 100644 index 0000000..7bcd26b --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/overridden.yaml @@ -0,0 +1,61 @@ +--- +- debug: + msg: START vyos_prefix_lists overridden integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Override all prefix-lists configuration with provided configuration + register: result + vyos.vyos.vyos_prefix_lists: &id003 + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: Rule 3 overridden by ansible + entries: + - sequence: 2 + action: "deny" + ge: 26 + prefix: "82.168.2.0/24" + + - name: "OverriddenPrefixList" + description: Configuration overridden by ansible + entries: + - sequence: 10 + action: permit + prefix: "203.0.113.96/27" + le: 32 + state: overridden + + - name: Assert that before dicts were correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ overridden['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts were correctly generated + assert: + that: + - "{{ overridden['after'][0] == result['after'][0] }}" + + - name: Override all prefix-lists configuration with provided configuration (IDEMPOTENT) + register: result + vyos.vyos.vyos_prefix_lists: *id003 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/parsed.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/parsed.yaml new file mode 100644 index 0000000..86772ef --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/parsed.yaml @@ -0,0 +1,16 @@ +--- +- debug: + msg: START vyos_prefix_lists parsed integration tests on connection={{ ansible_connection }} + +- name: Parse externally provided prefix-lists configuration + register: result + vyos.vyos.vyos_prefix_lists: + running_config: "{{ lookup('file', './_parsed.cfg') }}" + state: parsed + +- name: Assert that config was correctly parsed + assert: + that: + - "{{ result['parsed'][0] == merged['after'][0] }}" + - "{{ result['parsed'][1] == merged['after'][1] }}" + - "{{ result['parsed']|length == 2 }}" diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/rendered.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/rendered.yaml new file mode 100644 index 0000000..12a0deb --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/rendered.yaml @@ -0,0 +1,51 @@ +--- +- debug: + msg: START vyos_prefix_lists rendered integration tests on connection={{ ansible_connection }} + +- name: Render commands externally for the described prefix-list configurations + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "PL configured by ansible" + entries: + - sequence: 2 + description: "Rule 2 given by ansible" + action: "permit" + prefix: "92.168.10.0/26" + le: 32 + + - sequence: 3 + description: "Rule 3" + action: "deny" + prefix: "72.168.2.0/24" + ge: 26 + + - afi: "ipv6" + prefix_lists: + - name: "AllowIPv6Prefix" + description: "Configured by ansible for allowing IPv6 networks" + entries: + - sequence: 5 + description: "Permit rule" + action: "permit" + prefix: "2001:db8:8000::/35" + le: 37 + + - name: DenyIPv6Prefix + description: "Configured by ansible for disallowing IPv6 networks" + entries: + - sequence: 8 + action: deny + prefix: "2001:db8:2000::/35" + le: 37 + state: rendered + +- name: Assert that correct set of commands were rendered + assert: + that: + - "{{ merged['commands'] | symmetric_difference(result['rendered']) |length\ + \ == 0 }}" + - result.changed == False diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/replaced.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/replaced.yaml new file mode 100644 index 0000000..fc9f5da --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/replaced.yaml @@ -0,0 +1,57 @@ +--- +- debug: + msg: START vyos_prefix_lists replaced integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations + register: result + vyos.vyos.vyos_prefix_lists: &id002 + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "Configuration replaced by ansible" + entries: + - sequence: 3 + description: "Rule 3 replaced by ansible" + action: "permit" + prefix: "82.168.2.0/24" + ge: 26 + state: replaced + + - name: Assert that before dicts were correctly generated + assert: + that: + - "{{ result['before'][0] == merged['after'][0] }}" + - "{{ result['before'][1] == merged['after'][1] }}" + - "{{ result['before']|length == 2 }}" + + - name: Assert that correct set of commands were generated + assert: + that: + - "{{ replaced['commands'] | symmetric_difference(result['commands']) |length\ + \ == 0 }}" + + - name: Assert that after dicts were correctly generated + assert: + that: + - "{{ replaced['after'][0] == result['after'][0] }}" + - "{{ replaced['after'][1] == result['after'][1] }}" + - "{{ result['after']|length == 2 }}" + + - name: Replace prefix-lists configurations of listed prefix-lists with provided configurations (IDEMPOTENT) + register: result + vyos.vyos.vyos_prefix_lists: *id002 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + - result.commands|length == 0 + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/tests/cli/rtt.yaml b/tests/integration/targets/vyos_prefix_lists/tests/cli/rtt.yaml new file mode 100644 index 0000000..2be2515 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/tests/cli/rtt.yaml @@ -0,0 +1,87 @@ +--- +- debug: + msg: START vyos_prefix_lists round trip integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "PL configured by ansible" + entries: + - sequence: 2 + description: "Rule 2 given by ansible" + action: "permit" + prefix: "92.168.10.0/26" + le: 32 + + - sequence: 3 + description: "Rule 3" + action: "deny" + prefix: "72.168.2.0/24" + ge: 26 + + - afi: "ipv6" + prefix_lists: + - name: "AllowIPv6Prefix" + description: "Configured by ansible for allowing IPv6 networks" + entries: + - sequence: 5 + description: "Permit rule" + action: "permit" + prefix: "2001:db8:8000::/35" + le: 37 + + - name: DenyIPv6Prefix + description: "Configured by ansible for disallowing IPv6 networks" + entries: + - sequence: 8 + action: deny + prefix: "2001:db8:2000::/35" + le: 37 + state: merged + + - name: Gather prefix-lists facts + vyos.vyos.vyos_facts: + gather_subset: + - default + gather_network_resources: + - prefix_lists + + - name: Update the configuration with the provided one (config to be reverted back) + register: result + vyos.vyos.vyos_prefix_lists: + config: + - afi: "ipv4" + prefix_lists: + - name: "AnsibleIPv4PrefixList" + description: "Configuration replaced by ansible" + entries: + - sequence: 3 + description: "Rule 3 replaced by ansible" + action: "permit" + prefix: "82.168.2.0/24" + ge: 26 + state: replaced + + - name: Assert that changes were applied + assert: + that: "{{ result['after'] == replaced['after'] }}" + + - name: Revert back to base config using facts round trip + register: revert + vyos.vyos.vyos_prefix_lists: + config: "{{ ansible_facts['network_resources']['prefix_lists'] }}" + state: replaced + + - name: Assert that config was reverted + assert: + that: "{{ revert['after'] == base_config['after']}}" + + always: + - include_tasks: _remove_config.yaml diff --git a/tests/integration/targets/vyos_prefix_lists/vars/main.yaml b/tests/integration/targets/vyos_prefix_lists/vars/main.yaml new file mode 100644 index 0000000..3a30342 --- /dev/null +++ b/tests/integration/targets/vyos_prefix_lists/vars/main.yaml @@ -0,0 +1,145 @@ +--- +merged: + before: [] + + commands: + - set policy prefix-list6 AllowIPv6Prefix + - set policy prefix-list6 AllowIPv6Prefix description 'Configured by ansible for allowing IPv6 networks' + - set policy prefix-list6 AllowIPv6Prefix rule 5 + - set policy prefix-list6 AllowIPv6Prefix rule 5 action 'permit' + - set policy prefix-list6 AllowIPv6Prefix rule 5 description 'Permit rule' + - set policy prefix-list6 AllowIPv6Prefix rule 5 le '37' + - set policy prefix-list6 AllowIPv6Prefix rule 5 prefix '2001:db8:8000::/35' + - set policy prefix-list6 DenyIPv6Prefix + - set policy prefix-list6 DenyIPv6Prefix description 'Configured by ansible for disallowing IPv6 networks' + - set policy prefix-list6 DenyIPv6Prefix rule 8 + - set policy prefix-list6 DenyIPv6Prefix rule 8 action 'deny' + - set policy prefix-list6 DenyIPv6Prefix rule 8 le '37' + - set policy prefix-list6 DenyIPv6Prefix rule 8 prefix '2001:db8:2000::/35' + - set policy prefix-list AnsibleIPv4PrefixList + - set policy prefix-list AnsibleIPv4PrefixList description 'PL configured by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'permit' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '92.168.10.0/26' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 + - set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'deny' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 ge '26' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '72.168.2.0/24' + + after: + - afi: ipv4 + prefix_lists: + - description: PL configured by ansible + name: AnsibleIPv4PrefixList + entries: + - action: permit + description: Rule 2 given by ansible + sequence: 2 + le: 32 + prefix: 92.168.10.0/26 + - action: deny + description: Rule 3 + ge: 26 + sequence: 3 + prefix: 72.168.2.0/24 + - afi: ipv6 + prefix_lists: + - description: Configured by ansible for allowing IPv6 networks + name: AllowIPv6Prefix + entries: + - action: permit + description: Permit rule + sequence: 5 + le: 37 + prefix: 2001:db8:8000::/35 + - description: Configured by ansible for disallowing IPv6 networks + name: DenyIPv6Prefix + entries: + - action: deny + sequence: 8 + le: 37 + prefix: 2001:db8:2000::/35 + +replaced: + commands: + - set policy prefix-list AnsibleIPv4PrefixList description 'Configuration replaced by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 action 'permit' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 description 'Rule 3 replaced by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 3 prefix '82.168.2.0/24' + - delete policy prefix-list AnsibleIPv4PrefixList rule 2 + + after: + - afi: ipv4 + prefix_lists: + - description: Configuration replaced by ansible + name: AnsibleIPv4PrefixList + entries: + - action: permit + description: Rule 3 replaced by ansible + ge: 26 + sequence: 3 + prefix: 82.168.2.0/24 + - afi: ipv6 + prefix_lists: + - description: Configured by ansible for allowing IPv6 networks + name: AllowIPv6Prefix + entries: + - action: permit + description: Permit rule + sequence: 5 + le: 37 + prefix: 2001:db8:8000::/35 + - description: Configured by ansible for disallowing IPv6 networks + name: DenyIPv6Prefix + entries: + - action: deny + sequence: 8 + le: 37 + prefix: 2001:db8:2000::/35 + +overridden: + commands: + - delete policy prefix-list6 AllowIPv6Prefix + - delete policy prefix-list6 DenyIPv6Prefix + - set policy prefix-list AnsibleIPv4PrefixList description 'Rule 3 overridden by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 action 'deny' + - delete policy prefix-list AnsibleIPv4PrefixList rule 2 description 'Rule 2 given + by ansible' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 ge '26' + - delete policy prefix-list AnsibleIPv4PrefixList rule 2 le '32' + - set policy prefix-list AnsibleIPv4PrefixList rule 2 prefix '82.168.2.0/24' + - delete policy prefix-list AnsibleIPv4PrefixList rule 3 + - set policy prefix-list OverriddenPrefixList + - set policy prefix-list OverriddenPrefixList description 'Configuration overridden + by ansible' + - set policy prefix-list OverriddenPrefixList rule 10 + - set policy prefix-list OverriddenPrefixList rule 10 action 'permit' + - set policy prefix-list OverriddenPrefixList rule 10 le '32' + - set policy prefix-list OverriddenPrefixList rule 10 prefix '203.0.113.96/27' + + after: + - afi: ipv4 + prefix_lists: + - description: Rule 3 overridden by ansible + name: AnsibleIPv4PrefixList + entries: + - action: deny + ge: 26 + sequence: 2 + prefix: 82.168.2.0/24 + - description: Configuration overridden by ansible + name: OverriddenPrefixList + entries: + - action: permit + sequence: 10 + le: 32 + prefix: 203.0.113.96/27 + +deleted: + commands: + - delete policy prefix-list AnsibleIPv4PrefixList + - delete policy prefix-list6 AllowIPv6Prefix + - delete policy prefix-list6 DenyIPv6Prefix diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt index 69f4063..967e336 100644 --- a/tests/sanity/ignore-2.10.txt +++ b/tests/sanity/ignore-2.10.txt @@ -1,6 +1,9 @@ plugins/action/vyos.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py compile-2.6!skip plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py import-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt index 69f4063..967e336 100644 --- a/tests/sanity/ignore-2.11.txt +++ b/tests/sanity/ignore-2.11.txt @@ -1,6 +1,9 @@ plugins/action/vyos.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py compile-2.6!skip plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py import-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt index 69f4063..967e336 100644 --- a/tests/sanity/ignore-2.12.txt +++ b/tests/sanity/ignore-2.12.txt @@ -1,6 +1,9 @@ plugins/action/vyos.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py compile-2.6!skip plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py import-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt index 7178a20..aa3ef3f 100644 --- a/tests/sanity/ignore-2.9.txt +++ b/tests/sanity/ignore-2.9.txt @@ -1,18 +1,21 @@ plugins/modules/vyos_interface.py validate-modules:deprecation-mismatch # 2.9 expects METADATA plugins/modules/vyos_interface.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict plugins/modules/vyos_l3_interface.py validate-modules:deprecation-mismatch # 2.9 expects METADATA plugins/modules/vyos_l3_interface.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict plugins/modules/vyos_linkagg.py validate-modules:deprecation-mismatch # 2.9 expects METADATA plugins/modules/vyos_linkagg.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict plugins/modules/vyos_static_route.py validate-modules:deprecation-mismatch # 2.9 expects METADATA plugins/modules/vyos_static_route.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict plugins/modules/vyos_lldp.py validate-modules:deprecation-mismatch # 2.9 expects METADATA plugins/modules/vyos_lldp.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict plugins/modules/vyos_lldp_interface.py validate-modules:deprecation-mismatch # 2.9 expects METADATA plugins/modules/vyos_lldp_interface.py validate-modules:invalid-documentation # removed_at_date not supported in `deprecated` dict plugins/action/vyos.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py compile-2.6!skip plugins/module_utils/network/vyos/config/ospf_interfaces/ospf_interfaces.py import-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py compile-2.6!skip plugins/module_utils/network/vyos/config/route_maps/route_maps.py import-2.6!skip plugins/modules/vyos_route_maps.py import-2.6!skip +plugins/modules/vyos_prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py import-2.6!skip +plugins/module_utils/network/vyos/config/prefix_lists/prefix_lists.py compile-2.6!skip diff --git a/tests/unit/modules/network/vyos/test_vyos_prefix_lists.py b/tests/unit/modules/network/vyos/test_vyos_prefix_lists.py new file mode 100644 index 0000000..d1e1a8c --- /dev/null +++ b/tests/unit/modules/network/vyos/test_vyos_prefix_lists.py @@ -0,0 +1,1242 @@ +# (c) 2021 Red Hat Inc. +# +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +# Make coding more python3-ish +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +from textwrap import dedent +from ansible_collections.vyos.vyos.tests.unit.compat.mock import patch +from ansible_collections.vyos.vyos.plugins.modules import vyos_prefix_lists +from ansible_collections.vyos.vyos.tests.unit.modules.utils import ( + set_module_args, +) +from .vyos_module import TestVyosModule + + +class TestVyosPrefixListsModule(TestVyosModule): + + # Testing strategy + # ------------------ + # (a) The unit tests cover `merged` and `replaced` for every attribute. + # Since `overridden` is essentially `replaced` but at a larger + # scale, these indirectly cover `overridden` as well. + # (b) For linear attributes replaced is not valid and hence, those tests + # delete the attributes from the config subsection. + # (c) The argspec for VRFs is same as the top-level spec and the config logic + # is re-used. Hence, those attributes are not explictly covered. However, a + # combination of VRF + top-level spec + AF is tested. + + module = vyos_prefix_lists + + def setUp(self): + super(TestVyosPrefixListsModule, self).setUp() + + self.mock_get_resource_connection = patch( + "ansible_collections.ansible.netcommon.plugins.module_utils.network.common.rm_base.resource_module_base.get_resource_connection" + ) + self.get_resource_connection = ( + self.mock_get_resource_connection.start() + ) + + self.mock_get_config = patch( + "ansible_collections.vyos.vyos.plugins.module_utils.network.vyos.facts.prefix_lists.prefix_lists.Prefix_listsFacts.get_config" + ) + self.get_config = self.mock_get_config.start() + + def tearDown(self): + super(TestVyosPrefixListsModule, self).tearDown() + self.get_resource_connection.stop() + self.get_config.stop() + + # test merged for linear attributes + def test_vyos_prefix_lists_linear_merged(self): + self.get_config.return_value = dedent( + """\ + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + description="Test rule 10", + prefix="92.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ), + dict( + name="plist2", + entries=[ + dict( + sequence=20, + action="permit", + prefix="82.168.10.0/26", + le=32, + ), + dict( + sequence=30, + action="deny", + prefix="62.168.2.0/24", + ge=25, + ), + ], + ), + ], + ), + dict( + afi="ipv6", + prefix_lists=[ + dict( + name="plist3", + description="Test plist3", + entries=[ + dict( + sequence=10, + action="deny", + description="Test rule 10", + prefix="2001:db8:1000::/36", + le=36, + ), + dict( + sequence=20, + action="permit", + description="Test rule 20", + prefix="2001:db8:2000::/36", + ), + ], + ), + dict( + name="plist4", + entries=[ + dict( + sequence=20, + action="permit", + prefix="2001:db8:3000::/36", + ), + dict( + sequence=50, + action="deny", + prefix="2001:db8:4000::/36", + ), + ], + ), + ], + ), + ], + state="merged", + ) + ) + commands = [ + "set policy prefix-list plist1", + "set policy prefix-list plist1 description 'Test plist1'", + "set policy prefix-list plist1 rule 10", + "set policy prefix-list plist1 rule 10 action 'permit'", + "set policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26'", + "set policy prefix-list plist1 rule 20", + "set policy prefix-list plist1 rule 20 action 'deny'", + "set policy prefix-list plist1 rule 20 description 'Test rule 20'", + "set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24'", + "set policy prefix-list plist2", + "set policy prefix-list plist2 rule 20", + "set policy prefix-list plist2 rule 20 action 'permit'", + "set policy prefix-list plist2 rule 20 le '32'", + "set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26'", + "set policy prefix-list plist2 rule 30", + "set policy prefix-list plist2 rule 30 action 'deny'", + "set policy prefix-list plist2 rule 30 ge '25'", + "set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24'", + "set policy prefix-list6 plist3", + "set policy prefix-list6 plist3 description 'Test plist3'", + "set policy prefix-list6 plist3 rule 10", + "set policy prefix-list6 plist3 rule 10 action 'deny'", + "set policy prefix-list6 plist3 rule 10 description 'Test rule 10'", + "set policy prefix-list6 plist3 rule 10 le '36'", + "set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36'", + "set policy prefix-list6 plist3 rule 20", + "set policy prefix-list6 plist3 rule 20 action 'permit'", + "set policy prefix-list6 plist3 rule 20 description 'Test rule 20'", + "set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36'", + "set policy prefix-list6 plist4", + "set policy prefix-list6 plist4 rule 20", + "set policy prefix-list6 plist4 rule 20 action 'permit'", + "set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36'", + "set policy prefix-list6 plist4 rule 50", + "set policy prefix-list6 plist4 rule 50 action 'deny'", + "set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36'", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test merged for linear attributes (idempotent) + def test_vyos_prefix_lists_linear_merged_idempotent(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + description="Test rule 10", + prefix="92.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ), + dict( + name="plist2", + entries=[ + dict( + sequence=20, + action="permit", + prefix="82.168.10.0/26", + le=32, + ), + dict( + sequence=30, + action="deny", + prefix="62.168.2.0/24", + ge=25, + ), + ], + ), + ], + ), + dict( + afi="ipv6", + prefix_lists=[ + dict( + name="plist3", + description="Test plist3", + entries=[ + dict( + sequence=10, + action="deny", + description="Test rule 10", + prefix="2001:db8:1000::/36", + le=36, + ), + dict( + sequence=20, + action="permit", + description="Test rule 20", + prefix="2001:db8:2000::/36", + ), + ], + ), + dict( + name="plist4", + entries=[ + dict( + sequence=20, + action="permit", + prefix="2001:db8:3000::/36", + ), + dict( + sequence=50, + action="deny", + prefix="2001:db8:4000::/36", + ), + ], + ), + ], + ), + ], + state="merged", + ) + ) + result = self.execute_module(changed=False) + self.assertEqual(result["commands"], []) + + # test existing rule with replaced + def test_vyos_prefix_lists_replaced_update(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + prefix="82.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ) + ], + ) + ], + state="replaced", + ) + ) + commands = [ + "delete policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '82.168.10.0/26'", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test replaced + def test_vyos_prefix_lists_replaced(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + entries=[ + dict( + sequence=10, + action="permit", + prefix="82.168.10.0/26", + ) + ], + ) + ], + ) + ], + state="replaced", + ) + ) + commands = [ + "delete policy prefix-list plist1 description 'Test plist1'", + "set policy prefix-list plist1 rule 10 prefix '82.168.10.0/26'", + "delete policy prefix-list plist1 rule 20", + "delete policy prefix-list plist1 rule 10 description 'Test rule 10'", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test update with overridden + def test_vyos_prefix_lists_overridden_update(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + entries=[ + dict( + sequence=10, + action="deny", + prefix="102.168.10.0/26", + ) + ], + ) + ], + ) + ], + state="overridden", + ) + ) + commands = [ + "delete policy prefix-list plist1 description 'Test plist1'", + "delete policy prefix-list6 plist4", + "delete policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '102.168.10.0/26'", + "delete policy prefix-list6 plist3", + "delete policy prefix-list plist1 rule 20", + "set policy prefix-list plist1 rule 10 action 'deny'", + "delete policy prefix-list plist2", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test overridden + def test_vyos_prefix_lists_overridden(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist5", + entries=[ + dict( + sequence=50, + action="permit", + prefix="102.168.10.0/26", + ) + ], + ) + ], + ) + ], + state="overridden", + ) + ) + commands = [ + "set policy prefix-list plist5", + "set policy prefix-list plist5 rule 50", + "set policy prefix-list plist5 rule 50 action 'permit'", + "set policy prefix-list plist5 rule 50 prefix '102.168.10.0/26'", + "delete policy prefix-list plist1", + "delete policy prefix-list plist2", + "delete policy prefix-list6 plist3", + "delete policy prefix-list6 plist4", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (all) + def test_vyos_prefix_lists_deleted_all(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(state="deleted")) + commands = [ + "delete policy prefix-list plist1", + "delete policy prefix-list plist2", + "delete policy prefix-list6 plist3", + "delete policy prefix-list6 plist4", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (AFI) + def test_vyos_prefix_lists_deleted_afi(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(config=[dict(afi="ipv4")], state="deleted")) + commands = [ + "delete policy prefix-list plist1", + "delete policy prefix-list plist2", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (one prefix-list) + def test_vyos_prefix_lists_deleted_one(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[dict(afi="ipv6", prefix_lists=[dict(name="plist3")])], + state="deleted", + ) + ) + commands = ["delete policy prefix-list6 plist3"] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test deleted (one prefix-list from each AFI) + def test_vyos_prefix_lists_deleted_one_from_each_afi(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args( + dict( + config=[ + dict(afi="ipv4", prefix_lists=[dict(name="plist2")]), + dict(afi="ipv6", prefix_lists=[dict(name="plist3")]), + ], + state="deleted", + ) + ) + commands = [ + "delete policy prefix-list plist2", + "delete policy prefix-list6 plist3", + ] + result = self.execute_module(changed=True) + self.assertEqual(set(result["commands"]), set(commands)) + + # test parsed + def test_vyos_prefix_lists_parsed(self): + cfg = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(running_config=cfg, state="parsed")) + parsed = [ + { + "afi": "ipv4", + "prefix_lists": [ + { + "description": "Test plist1", + "name": "plist1", + "entries": [ + { + "action": "permit", + "description": "Test rule 10", + "sequence": 10, + "prefix": "92.168.10.0/26", + }, + { + "action": "deny", + "description": "Test rule 20", + "sequence": 20, + "prefix": "72.168.2.0/24", + }, + ], + }, + { + "name": "plist2", + "entries": [ + { + "action": "permit", + "sequence": 20, + "le": 32, + "prefix": "82.168.10.0/26", + }, + { + "action": "deny", + "ge": 25, + "sequence": 30, + "prefix": "62.168.2.0/24", + }, + ], + }, + ], + }, + { + "afi": "ipv6", + "prefix_lists": [ + { + "description": "Test plist3", + "name": "plist3", + "entries": [ + { + "action": "deny", + "description": "Test rule 10", + "sequence": 10, + "le": 36, + "prefix": "2001:db8:1000::/36", + }, + { + "action": "permit", + "description": "Test rule 20", + "sequence": 20, + "prefix": "2001:db8:2000::/36", + }, + ], + }, + { + "name": "plist4", + "entries": [ + { + "action": "permit", + "sequence": 20, + "prefix": "2001:db8:3000::/36", + }, + { + "action": "deny", + "sequence": 50, + "prefix": "2001:db8:4000::/36", + }, + ], + }, + ], + }, + ] + result = self.execute_module(changed=False) + self.assertEqual(result["parsed"], parsed) + + # test rendered + def test_vyos_prefix_lists_rendered(self): + set_module_args( + dict( + config=[ + dict( + afi="ipv4", + prefix_lists=[ + dict( + name="plist1", + description="Test plist1", + entries=[ + dict( + sequence=10, + action="permit", + description="Test rule 10", + prefix="92.168.10.0/26", + ), + dict( + sequence=20, + action="deny", + description="Test rule 20", + prefix="72.168.2.0/24", + ), + ], + ), + dict( + name="plist2", + entries=[ + dict( + sequence=20, + action="permit", + prefix="82.168.10.0/26", + le=32, + ), + dict( + sequence=30, + action="deny", + prefix="62.168.2.0/24", + ge=25, + ), + ], + ), + ], + ), + dict( + afi="ipv6", + prefix_lists=[ + dict( + name="plist3", + description="Test plist3", + entries=[ + dict( + sequence=10, + action="deny", + description="Test rule 10", + prefix="2001:db8:1000::/36", + le=36, + ), + dict( + sequence=20, + action="permit", + description="Test rule 20", + prefix="2001:db8:2000::/36", + ), + ], + ), + dict( + name="plist4", + entries=[ + dict( + sequence=20, + action="permit", + prefix="2001:db8:3000::/36", + ), + dict( + sequence=50, + action="deny", + prefix="2001:db8:4000::/36", + ), + ], + ), + ], + ), + ], + state="rendered", + ) + ) + rendered = [ + "set policy prefix-list plist1", + "set policy prefix-list plist1 description 'Test plist1'", + "set policy prefix-list plist1 rule 10", + "set policy prefix-list plist1 rule 10 action 'permit'", + "set policy prefix-list plist1 rule 10 description 'Test rule 10'", + "set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26'", + "set policy prefix-list plist1 rule 20", + "set policy prefix-list plist1 rule 20 action 'deny'", + "set policy prefix-list plist1 rule 20 description 'Test rule 20'", + "set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24'", + "set policy prefix-list plist2", + "set policy prefix-list plist2 rule 20", + "set policy prefix-list plist2 rule 20 action 'permit'", + "set policy prefix-list plist2 rule 20 le '32'", + "set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26'", + "set policy prefix-list plist2 rule 30", + "set policy prefix-list plist2 rule 30 action 'deny'", + "set policy prefix-list plist2 rule 30 ge '25'", + "set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24'", + "set policy prefix-list6 plist3", + "set policy prefix-list6 plist3 description 'Test plist3'", + "set policy prefix-list6 plist3 rule 10", + "set policy prefix-list6 plist3 rule 10 action 'deny'", + "set policy prefix-list6 plist3 rule 10 description 'Test rule 10'", + "set policy prefix-list6 plist3 rule 10 le '36'", + "set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36'", + "set policy prefix-list6 plist3 rule 20", + "set policy prefix-list6 plist3 rule 20 action 'permit'", + "set policy prefix-list6 plist3 rule 20 description 'Test rule 20'", + "set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36'", + "set policy prefix-list6 plist4", + "set policy prefix-list6 plist4 rule 20", + "set policy prefix-list6 plist4 rule 20 action 'permit'", + "set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36'", + "set policy prefix-list6 plist4 rule 50", + "set policy prefix-list6 plist4 rule 50 action 'deny'", + "set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36'", + ] + result = self.execute_module(changed=False) + self.assertEqual(set(result["rendered"]), set(rendered)) + + # test gathered + def test_vyos_prefix_lists_gathered(self): + self.get_config.return_value = dedent( + """\ + set policy prefix-list plist1 + set policy prefix-list plist1 description 'Test plist1' + set policy prefix-list plist1 rule 10 + set policy prefix-list plist1 rule 10 action 'permit' + set policy prefix-list plist1 rule 10 description 'Test rule 10' + set policy prefix-list plist1 rule 10 prefix '92.168.10.0/26' + set policy prefix-list plist1 rule 20 + set policy prefix-list plist1 rule 20 action 'deny' + set policy prefix-list plist1 rule 20 description 'Test rule 20' + set policy prefix-list plist1 rule 20 prefix '72.168.2.0/24' + set policy prefix-list plist2 + set policy prefix-list plist2 rule 20 + set policy prefix-list plist2 rule 20 action 'permit' + set policy prefix-list plist2 rule 20 le '32' + set policy prefix-list plist2 rule 20 prefix '82.168.10.0/26' + set policy prefix-list plist2 rule 30 + set policy prefix-list plist2 rule 30 action 'deny' + set policy prefix-list plist2 rule 30 ge '25' + set policy prefix-list plist2 rule 30 prefix '62.168.2.0/24' + set policy prefix-list6 plist3 + set policy prefix-list6 plist3 description 'Test plist3' + set policy prefix-list6 plist3 rule 10 + set policy prefix-list6 plist3 rule 10 action 'deny' + set policy prefix-list6 plist3 rule 10 description 'Test rule 10' + set policy prefix-list6 plist3 rule 10 le '36' + set policy prefix-list6 plist3 rule 10 prefix '2001:db8:1000::/36' + set policy prefix-list6 plist3 rule 20 + set policy prefix-list6 plist3 rule 20 action 'permit' + set policy prefix-list6 plist3 rule 20 description 'Test rule 20' + set policy prefix-list6 plist3 rule 20 prefix '2001:db8:2000::/36' + set policy prefix-list6 plist4 + set policy prefix-list6 plist4 rule 20 + set policy prefix-list6 plist4 rule 20 action 'permit' + set policy prefix-list6 plist4 rule 20 prefix '2001:db8:3000::/36' + set policy prefix-list6 plist4 rule 50 + set policy prefix-list6 plist4 rule 50 action 'deny' + set policy prefix-list6 plist4 rule 50 prefix '2001:db8:4000::/36' + """ + ) + set_module_args(dict(state="gathered")) + gathered = [ + { + "afi": "ipv4", + "prefix_lists": [ + { + "description": "Test plist1", + "name": "plist1", + "entries": [ + { + "action": "permit", + "description": "Test rule 10", + "sequence": 10, + "prefix": "92.168.10.0/26", + }, + { + "action": "deny", + "description": "Test rule 20", + "sequence": 20, + "prefix": "72.168.2.0/24", + }, + ], + }, + { + "name": "plist2", + "entries": [ + { + "action": "permit", + "sequence": 20, + "le": 32, + "prefix": "82.168.10.0/26", + }, + { + "action": "deny", + "ge": 25, + "sequence": 30, + "prefix": "62.168.2.0/24", + }, + ], + }, + ], + }, + { + "afi": "ipv6", + "prefix_lists": [ + { + "description": "Test plist3", + "name": "plist3", + "entries": [ + { + "action": "deny", + "description": "Test rule 10", + "sequence": 10, + "le": 36, + "prefix": "2001:db8:1000::/36", + }, + { + "action": "permit", + "description": "Test rule 20", + "sequence": 20, + "prefix": "2001:db8:2000::/36", + }, + ], + }, + { + "name": "plist4", + "entries": [ + { + "action": "permit", + "sequence": 20, + "prefix": "2001:db8:3000::/36", + }, + { + "action": "deny", + "sequence": 50, + "prefix": "2001:db8:4000::/36", + }, + ], + }, + ], + }, + ] + result = self.execute_module(changed=False) + self.assertEqual(result["gathered"], gathered)