diff --git a/changelogs/fragments/T7003-firewall-interface-integration-tests.yml b/changelogs/fragments/T7003-firewall-interface-integration-tests.yml new file mode 100644 index 00000000..1f834b44 --- /dev/null +++ b/changelogs/fragments/T7003-firewall-interface-integration-tests.yml @@ -0,0 +1,6 @@ +--- +minor_changes: + - fix integration tests for `firewall_interfaces` for v1.3- + +known_issues: + - integration tests for `firewall_interfaces` are failing for v1.4+ as the module is deprecated in favour of firewall_rules diff --git a/tests/integration/targets/vyos_firewall_interfaces/1 b/tests/integration/targets/vyos_firewall_interfaces/1 deleted file mode 100644 index 628ada57..00000000 --- a/tests/integration/targets/vyos_firewall_interfaces/1 +++ /dev/null @@ -1,120 +0,0 @@ ---- -merged: - before: [] - - - commands: - - "set interfaces ethernet eth1 firewall in name 'INBOUND'" - - "set interfaces ethernet eth1 firewall out name 'OUTBOUND'" - - "set interfaces ethernet eth1 firewall local name 'LOCAL'" - - "set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL'" - - "set interfaces ethernet eth3 firewall in name 'INBOUND'" - - "set interfaces ethernet eth3 firewall out name 'OUTBOUND'" - - "set interfaces ethernet eth3 firewall local name 'LOCAL'" - - "set interfaces ethernet eth3 firewall local ipv6-name 'V6-LOCAL'" - - after: - - name: 'eth1' - access_rules: - - afi: 'ipv4' - rules: - - name: 'INBOUND' - direction: 'in' - - name: 'OUBOUND' - direction: 'out' - - afi: 'ipv6' - rules: - - name: 'V6-LOCAL' - direction: 'local' - -populate: - - name: 'eth1' - access_rules: - - afi: 'ipv4' - rules: - - name: 'INBOUND' - direction: 'in' - - name: 'OUBOUND' - direction: 'out' - - afi: 'ipv6' - rules: - - name: 'LOCAL' - direction: 'local' - -replaced: - commands: - - "delete service lldp interface eth2 location" - - "set service lldp interface eth2 'disable'" - - "set service lldp interface eth2 location civic-based country-code 'US'" - - "set service lldp interface eth2 location civic-based ca-type 0 ca-value 'ENGLISH'" - - "delete service lldp interface eth1 location" - - "set service lldp interface eth1 'disable'" - - "set service lldp interface eth1 location coordinate-based latitude '33.524449N'" - - "set service lldp interface eth1 location coordinate-based altitude '2200'" - - "set service lldp interface eth1 location coordinate-based datum 'WGS84'" - - "set service lldp interface eth1 location coordinate-based longitude '222.267255W'" - - after: - - name: 'eth2' - enable: false - location: - civic_based: - country_code: 'US' - ca_info: - - ca_type: 0 - ca_value: 'ENGLISH' - - - name: 'eth1' - enable: false - location: - coordinate_based: - altitude: 2200 - datum: 'WGS84' - longitude: '222.267255W' - latitude: '33.524449N' - -populate_intf: - - name: 'eth2' - enable: false - location: - civic_based: - country_code: 'US' - ca_info: - - ca_type: 0 - ca_value: 'ENGLISH' - -overridden: - commands: - - "delete service lldp interface eth2 location" - - "delete service lldp interface eth2 'disable'" - - "set service lldp interface eth2 location elin '0000000911'" - - after: - - name: 'eth2' - location: - elin: 0000000911 - -deleted: - commands: - - "delete service lldp interface eth1" - - "delete service lldp interface eth2" - - after: [] - -round_trip: - after: - - name: 'eth1' - location: - civic_based: - country_code: 'US' - ca_info: - - ca_type: 0 - ca_value: 'ENGLISH' - - - name: 'eth2' - location: - coordinate_based: - altitude: 2200 - datum: 'WGS84' - longitude: '222.267255W' - latitude: '33.524449N' diff --git a/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml b/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml index daccf720..aaac7c90 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tasks/cli.yaml @@ -1,20 +1,42 @@ --- +- name: Make sure to get facts + vyos.vyos.vyos_facts: + vars: + ansible_connection: ansible.netcommon.network_cli + register: vyos_facts + when: vyos_version is not defined + +- name: Debug vyos_facts + ansible.builtin.debug: + var: vyos_facts + +- name: Pull version from facts + ansible.builtin.set_fact: + vyos_version: "{{ vyos_facts.ansible_facts.ansible_net_version.split('-')[0].split(' ')[-1] }}" + when: vyos_version is not defined + +- name: Fix '.0' versions + ansible.builtin.set_fact: + vyos_version: "{{ vyos_version }}.0" + when: vyos_version.count('.') == 1 + - name: Collect all cli test cases ansible.builtin.find: paths: "{{ role_path }}/tests/cli" patterns: "{{ testcase }}.yaml" use_regex: true register: test_cases delegate_to: localhost - name: Set test_items ansible.builtin.set_fact: test_items: "{{ test_cases.files | map(attribute='path') | list }}" - name: Run test case (connection=ansible.netcommon.network_cli) ansible.builtin.include_tasks: "{{ test_case_to_run }}" vars: ansible_connection: ansible.netcommon.network_cli with_items: "{{ test_items }}" loop_control: loop_var: test_case_to_run + when: vyos_version is version('1.4.0', '<', version_type='semver') diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_get_version.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_get_version.yaml new file mode 100644 index 00000000..90aeef26 --- /dev/null +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_get_version.yaml @@ -0,0 +1,24 @@ +- name: make sure to get facts + vyos.vyos.vyos_facts: + vars: + ansible_connection: ansible.netcommon.network_cli + register: vyos_facts + when: vyos_version is not defined + +- name: debug vyos_facts + debug: + var: vyos_facts + +- name: pull version from facts + set_fact: + vyos_version: "{{ vyos_facts.ansible_facts.ansible_net_version.split('-')[0].split(' ')[-1] }}" + when: vyos_version is not defined + +- name: fix '.0' versions + set_fact: + vyos_version: "{{ vyos_version }}.0" + when: vyos_version.count('.') == 1 + +- name: include correct vars + include_vars: pre-v1_4.yaml + when: vyos_version is version('1.4.0', '<', version_type='semver') diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config_1_3.cfg similarity index 100% rename from tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config.cfg rename to tests/integration/targets/vyos_firewall_interfaces/tests/cli/_parsed_config_1_3.cfg diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml index c5e2f4f7..6c235be3 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate.yaml @@ -1,16 +1,11 @@ --- - ansible.builtin.include_tasks: _remove_config.yaml -- name: Setup +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Setup {{ vyos_version }} + vyos.vyos.vyos_config: + lines: "{{ populate_config }}" vars: - lines: |- - set interfaces ethernet eth1 firewall in name 'INBOUND' - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - set interfaces ethernet eth1 firewall local name 'LOCAL' - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - set interfaces ethernet eth2 firewall in name 'INBOUND' - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - set interfaces ethernet eth2 firewall local name 'LOCAL' - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml index b1e9425d..6a544333 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_populate_rule_sets.yaml @@ -1,6 +1,9 @@ --- -- name: Setup +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Setup Rule Sets {{ vyos_version }} + vyos.vyos.vyos_config: + lines: "{{ populate_rs }}" vars: - lines: "set firewall name 'INBOUND'\nset firewall name 'OUTBOUND'\nset firewall name 'LOCAL'\nset firewall ipv6-name 'V6-LOCAL'\n" - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml index 6074960a..9144919d 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_config.yaml @@ -1,6 +1,11 @@ --- -- name: Remove Config + +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Remove pre-existing firewall rules + vyos.vyos.vyos_config: + lines: "{{ remove_config }}" + ignore_errors: true vars: - lines: "delete interfaces ethernet eth1 firewall\ndelete interfaces ethernet eth2 firewall\n" - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml index f77e6b74..1cd452b7 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/_remove_firewall_config.yaml @@ -1,6 +1,11 @@ --- -- name: Remove Config + +- name: ensure facts + include_tasks: _get_version.yaml + +- name: Remove pre-existing firewall rules + vyos.vyos.vyos_config: + lines: "{{ remove_firewall_config }}" + ignore_errors: true vars: - lines: "delete firewall name INBOUND\ndelete firewall name OUTBOUND\ndelete firewall name LOCAL\ndelete firewall ipv6-name V6-LOCAL\n" - ansible.netcommon.cli_config: - config: "{{ lines }}" + ansible_connection: ansible.netcommon.network_cli diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml index 065fcf22..48561cfc 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/deleted_afi.yaml @@ -1,59 +1,56 @@ --- - debug: msg: START vyos_firewall_interfaces deleted integration tests ansible_connection={{ ansible_connection }} - include_tasks: _populate_rule_sets.yaml - include_tasks: _populate.yaml - block: - name: Delete firewall interfaces based on IP address type provided. register: result vyos.vyos.vyos_firewall_interfaces: &id001 config: - name: eth1 access_rules: - afi: ipv4 - - afi: ipv6 - - name: eth2 access_rules: - afi: ipv4 - - afi: ipv6 state: deleted - name: Assert that the before dicts were correctly generated assert: that: - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - name: Assert that the correct set of commands were generated assert: that: - "{{ deleted_afi['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - name: Assert that the after dicts were correctly generated assert: that: - "{{ deleted_afi['after'] | symmetric_difference(result['after']) |length == 0 }}" - name: Delete attributes of given interfaces (IDEMPOTENT) register: result vyos.vyos.vyos_firewall_interfaces: *id001 - name: Assert that the previous task was idempotent assert: that: - result.changed == false - result.commands|length == 0 - name: Assert that the before dicts were correctly generated assert: that: - "{{ deleted_afi['after'] | symmetric_difference(result['before']) |length == 0 }}" always: - include_tasks: _remove_config.yaml - include_tasks: _remove_firewall_config.yaml diff --git a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml index 339e64ed..4cfc0011 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/tests/cli/parsed.yaml @@ -1,43 +1,43 @@ --- - debug: msg: START vyos_firewall_interfaces parsed integration tests on connection={{ ansible_connection }} - include_tasks: _remove_config.yaml - include_tasks: _remove_firewall_config.yaml - include_tasks: _populate_rule_sets.yaml - include_tasks: _populate.yaml - block: - name: Gather firewall_interfaces facts register: firewall_interfaces_facts vyos.vyos.vyos_facts: gather_subset: - default gather_network_resources: - firewall_interfaces - name: Provide the running configuration for parsing (config to be parsed) register: result vyos.vyos.vyos_firewall_interfaces: &id001 - running_config: "{{ lookup('file', '_parsed_config.cfg') }}" + running_config: "{{ lookup('file', parsed_config_file ) }}" state: parsed - name: Assert that correct parsing done assert: that: "{{ ansible_facts['network_resources']['firewall_interfaces'] | symmetric_difference(result['parsed']) |length == 0 }}" - name: Gather the existing running configuration (IDEMPOTENT) register: result vyos.vyos.vyos_firewall_interfaces: *id001 - name: Assert that the previous task was idempotent assert: that: - result['changed'] == false always: - include_tasks: _remove_config.yaml - include_tasks: _remove_firewall_config.yaml diff --git a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml index 45be6dbb..ed97d539 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml @@ -1,279 +1 @@ --- -merged: - before: - - name: eth0 - - name: eth1 - - name: eth2 - commands: - - set interfaces ethernet eth1 firewall in name 'INBOUND' - - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - - set interfaces ethernet eth1 firewall local name 'LOCAL' - - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - - set interfaces ethernet eth2 firewall in name 'INBOUND' - - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - - set interfaces ethernet eth2 firewall local name 'LOCAL' - - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -populate: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -merged_edit: - commands: - - set interfaces ethernet eth1 firewall in name 'OUTBOUND' - - set interfaces ethernet eth1 firewall out name 'INBOUND' - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: OUTBOUND - - direction: local - name: LOCAL - - direction: out - name: INBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -replaced: - commands: - - delete interfaces ethernet eth2 firewall out name - - delete interfaces ethernet eth2 firewall local name - - delete interfaces ethernet eth2 firewall local ipv6-name - - delete interfaces ethernet eth1 firewall local name - - delete interfaces ethernet eth1 firewall in name - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - name: eth2 -overridden: - before: - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - name: INBOUND - direction: in - - name: LOCAL - direction: local - - name: OUTBOUND - direction: out - - afi: ipv6 - rules: - - name: V6-LOCAL - direction: local - name: eth2 - commands: - - delete interfaces ethernet eth1 firewall - - delete interfaces ethernet eth2 firewall in name - - delete interfaces ethernet eth2 firewall local name - - delete interfaces ethernet eth2 firewall local ipv6-name - - set interfaces ethernet eth2 firewall out name 'INBOUND' - after: - - name: eth0 - - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - name: INBOUND - direction: out - name: eth2 -deleted: - commands: - - delete interfaces ethernet eth1 firewall - - delete interfaces ethernet eth2 firewall - after: - - name: eth0 - - name: eth1 - - name: eth2 -deleted_afi: - commands: - - delete interfaces ethernet eth1 firewall in name - - delete interfaces ethernet eth1 firewall local name - - delete interfaces ethernet eth1 firewall out name - - delete interfaces ethernet eth1 firewall local ipv6-name - - delete interfaces ethernet eth2 firewall in name - - delete interfaces ethernet eth2 firewall local name - - delete interfaces ethernet eth2 firewall out name - - delete interfaces ethernet eth2 firewall local ipv6-name - after: - - name: eth0 - - access_rules: - - afi: ipv4 - - afi: ipv6 - name: eth1 - - access_rules: - - afi: ipv4 - - afi: ipv6 - name: eth2 -deleted_single: - commands: - - delete interfaces ethernet eth1 firewall in name 'INBOUND' - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth2 -rendered: - commands: - - set interfaces ethernet eth1 firewall in name 'INBOUND' - - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - - set interfaces ethernet eth1 firewall local name 'LOCAL' - - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - - set interfaces ethernet eth2 firewall in name 'INBOUND' - - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - - set interfaces ethernet eth2 firewall local name 'LOCAL' - - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' -round_trip: - after: - - name: eth0 - - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL - name: eth1 - - name: eth2 - access_rules: - - afi: ipv4 - rules: - - direction: in - name: INBOUND - - direction: local - name: LOCAL - - direction: out - name: OUTBOUND - - afi: ipv6 - rules: - - direction: local - name: V6-LOCAL diff --git a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml b/tests/integration/targets/vyos_firewall_interfaces/vars/pre-v1_4.yaml similarity index 86% copy from tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml copy to tests/integration/targets/vyos_firewall_interfaces/vars/pre-v1_4.yaml index 45be6dbb..67b04751 100644 --- a/tests/integration/targets/vyos_firewall_interfaces/vars/main.yaml +++ b/tests/integration/targets/vyos_firewall_interfaces/vars/pre-v1_4.yaml @@ -1,279 +1,296 @@ --- merged: - before: - - name: eth0 - - name: eth1 - - name: eth2 + before: [] commands: - set interfaces ethernet eth1 firewall in name 'INBOUND' - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - set interfaces ethernet eth1 firewall local name 'LOCAL' - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - set interfaces ethernet eth2 firewall in name 'INBOUND' - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - set interfaces ethernet eth2 firewall local name 'LOCAL' - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' after: - - name: eth0 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth1 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth2 + +populate_config: + - set interfaces ethernet eth1 firewall in name 'INBOUND' + - set interfaces ethernet eth1 firewall out name 'OUTBOUND' + - set interfaces ethernet eth1 firewall local name 'LOCAL' + - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' + - set interfaces ethernet eth2 firewall in name 'INBOUND' + - set interfaces ethernet eth2 firewall out name 'OUTBOUND' + - set interfaces ethernet eth2 firewall local name 'LOCAL' + - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' + +populate_rs: + - set firewall name 'INBOUND' + - set firewall name 'OUTBOUND' + - set firewall name 'LOCAL' + - set firewall ipv6-name 'V6-LOCAL' + +remove_config: + - delete interfaces ethernet eth1 firewall + - delete interfaces ethernet eth2 firewall + +remove_firewall_config: + - delete firewall name INBOUND + - delete firewall name OUTBOUND + - delete firewall name LOCAL + - delete firewall ipv6-name V6-LOCAL + +parsed_config_file: "_parsed_config_1_3.cfg" + populate: - - name: eth0 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth1 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth2 merged_edit: commands: - set interfaces ethernet eth1 firewall in name 'OUTBOUND' - set interfaces ethernet eth1 firewall out name 'INBOUND' after: - - name: eth0 - access_rules: - afi: ipv4 rules: - direction: in name: OUTBOUND - direction: local name: LOCAL - direction: out name: INBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth1 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth2 replaced: commands: - delete interfaces ethernet eth2 firewall out name - delete interfaces ethernet eth2 firewall local name - delete interfaces ethernet eth2 firewall local ipv6-name - delete interfaces ethernet eth1 firewall local name - delete interfaces ethernet eth1 firewall in name after: - - name: eth0 - access_rules: - afi: ipv4 rules: - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth1 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND name: eth2 overridden: before: - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth1 - access_rules: - afi: ipv4 rules: - name: INBOUND direction: in - name: LOCAL direction: local - name: OUTBOUND direction: out - afi: ipv6 rules: - name: V6-LOCAL direction: local name: eth2 commands: - delete interfaces ethernet eth1 firewall - delete interfaces ethernet eth2 firewall in name - delete interfaces ethernet eth2 firewall local name - delete interfaces ethernet eth2 firewall local ipv6-name - set interfaces ethernet eth2 firewall out name 'INBOUND' after: - - name: eth0 - - name: eth1 - - access_rules: + - name: eth2 + access_rules: - afi: ipv4 rules: - name: INBOUND direction: out - name: eth2 deleted: commands: - delete interfaces ethernet eth1 firewall - delete interfaces ethernet eth2 firewall - after: - - name: eth0 - - name: eth1 - - name: eth2 + # after: + # - name: eth1 + # - name: eth2 + after: [] deleted_afi: commands: - delete interfaces ethernet eth1 firewall in name - delete interfaces ethernet eth1 firewall local name - delete interfaces ethernet eth1 firewall out name - delete interfaces ethernet eth1 firewall local ipv6-name - delete interfaces ethernet eth2 firewall in name - delete interfaces ethernet eth2 firewall local name - delete interfaces ethernet eth2 firewall out name - delete interfaces ethernet eth2 firewall local ipv6-name after: - - name: eth0 - access_rules: - afi: ipv4 - afi: ipv6 name: eth1 - access_rules: - afi: ipv4 - afi: ipv6 name: eth2 deleted_single: commands: - delete interfaces ethernet eth1 firewall in name 'INBOUND' after: - - name: eth0 - access_rules: - afi: ipv4 rules: - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth1 - access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL name: eth2 rendered: commands: - set interfaces ethernet eth1 firewall in name 'INBOUND' - set interfaces ethernet eth1 firewall out name 'OUTBOUND' - set interfaces ethernet eth1 firewall local name 'LOCAL' - set interfaces ethernet eth1 firewall local ipv6-name 'V6-LOCAL' - set interfaces ethernet eth2 firewall in name 'INBOUND' - set interfaces ethernet eth2 firewall out name 'OUTBOUND' - set interfaces ethernet eth2 firewall local name 'LOCAL' - set interfaces ethernet eth2 firewall local ipv6-name 'V6-LOCAL' round_trip: after: - - name: eth0 - - access_rules: + - name: eth1 + access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL - name: eth1 - name: eth2 access_rules: - afi: ipv4 rules: - direction: in name: INBOUND - direction: local name: LOCAL - direction: out name: OUTBOUND - afi: ipv6 rules: - direction: local name: V6-LOCAL