diff options
author | Adharsh Srivats R <adharshsrivats@gmail.com> | 2020-03-01 23:22:32 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-02 09:52:32 +0530 |
commit | f3ddf1bc95af28a140f23b2b3f85078f8bd864c6 (patch) | |
tree | c486acc26a99f59181e875311b733c6bebdd5910 /test/integration | |
parent | 42eba3ce257002378d630f8d608dd9c69e60cc66 (diff) | |
download | ansible-f3ddf1bc95af28a140f23b2b3f85078f8bd864c6.tar.gz |
NX-OS ACL interfaces module (#67505)
* Rebase
* Completed integration tests
* Added unit tests
* Added warning detection
* Updated tests
* Completed tests
* Linting
Linting II
YAML Lint
Linting
* Updated review changes
* Updated examples, fixed reviews
* Added failure condition
* Resolved merge conflict
Diffstat (limited to 'test/integration')
16 files changed, 594 insertions, 0 deletions
diff --git a/test/integration/targets/nxos_acl_interfaces/defaults/main.yaml b/test/integration/targets/nxos_acl_interfaces/defaults/main.yaml new file mode 100644 index 0000000000..5f709c5aac --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: "*" diff --git a/test/integration/targets/nxos_acl_interfaces/meta/main.yml b/test/integration/targets/nxos_acl_interfaces/meta/main.yml new file mode 100644 index 0000000000..ae741cbdc7 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - prepare_nxos_tests diff --git a/test/integration/targets/nxos_acl_interfaces/tasks/cli.yaml b/test/integration/targets/nxos_acl_interfaces/tasks/cli.yaml new file mode 100644 index 0000000000..f1c20c1b78 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tasks/cli.yaml @@ -0,0 +1,20 @@ +--- +- name: collect cli test cases + find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yml" + connection: local + register: test_cases + +- set_fact: + test_cases: + files: "{{ test_cases.files }}" + +- name: set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: run test cases (connection=network_cli) + include: "{{ test_case_to_run }} ansible_connection=network_cli connection={{ cli }}" + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run diff --git a/test/integration/targets/nxos_acl_interfaces/tasks/main.yaml b/test/integration/targets/nxos_acl_interfaces/tasks/main.yaml new file mode 100644 index 0000000000..415c99d8b1 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tasks/main.yaml @@ -0,0 +1,2 @@ +--- +- { include: cli.yaml, tags: ['cli'] } diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/deleted.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/deleted.yml new file mode 100644 index 0000000000..b935df541e --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/deleted.yml @@ -0,0 +1,90 @@ +--- +- debug: + msg: "Start nxos_acl_interfaces deleted integration tests connection = {{ansible_connection}}" + +- include_tasks: populate_config.yaml + +- block: + - name: Delete single ACL from an interface + nxos_acl_interfaces: + config: + - name: Ethernet1/5 + access_groups: + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + state: deleted + register: result + + - assert: + that: + - "result.changed == true" + - "'interface Ethernet1/5' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "result.commands | length ==2" + + - name: Delete all ACLs of given AFI from an interface + nxos_acl_interfaces: + config: + - name: Ethernet1/5 + access_groups: + - afi: ipv4 + state: deleted + register: result + + - assert: + that: + - "result.changed == true" + - "'interface Ethernet1/5' in result.commands" + - "'no ip port access-group PortACL in' in result.commands" + - "'no ip access-group ACL1v4 out' in result.commands" + - "result.commands | length ==3" + + - name: Delete all ACLs configuration from given interface + nxos_acl_interfaces: &deleted + config: + - name: Ethernet1/2 + state: deleted + register: result + + - assert: + that: + - "result.changed == True" + - "'interface Ethernet1/2' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "result.commands | length == 2" + + - include_tasks: populate_config.yaml + + - name: Delete all ACLs from all interfaces (from all interfaces) + nxos_acl_interfaces: + config: + state: deleted + register: result + + - name: Gather acl interfaces facts + nxos_facts: &facts + gather_subset: + - "!all" + - "!min" + gather_network_resources: acl_interfaces + + - assert: + that: + - "result.changed == True" + - "ansible_facts.network_resources.acl_interfaces == result.after" + + - name: Gather acls facts + nxos_facts: *facts + + - name: Idempotence - deleted + nxos_acl_interfaces: *deleted + register: result + + - assert: + that: + - "result.changed == false" + + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/gathered.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/gathered.yml new file mode 100644 index 0000000000..b3ae8b36c8 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/gathered.yml @@ -0,0 +1,34 @@ +--- +- debug: + msg: Start nxos_acl_interfaces gathered integration tests connection={{ansible_connection}}" + +- include_tasks: populate_config.yaml + +- block: + - name: Gather acl interfaces facts + nxos_facts: &facts + gather_subset: + - "!all" + - "!min" + gather_network_resources: acl_interfaces + + - name: Gathered + nxos_acl_interfaces: &gathered + state: gathered + register: result + + - assert: + that: + - "result.changed == false" + - "ansible_facts.network_resources.acl_interfaces == result.gathered" + + - name: Idempotence - Gathered + nxos_acl_interfaces: *gathered + register: result + + - assert: + that: + - "result.changed == false" + + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/merged.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/merged.yml new file mode 100644 index 0000000000..b468e47d7c --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/merged.yml @@ -0,0 +1,63 @@ +--- +- debug: + msg: "Start nxos_acl_interfaces merged integration tests connection = {{ansible_connection}}" + +- include_tasks: populate_acl.yaml + +- block: + - name: Gather acl interfaces facts + nxos_facts: + gather_subset: + - "!all" + - "!min" + gather_network_resources: acl_interfaces + + - name: Merged + nxos_acl_interfaces: &merged + config: + - name: Ethernet1/2 + access_groups: + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + + - name: Eth1/5 + access_groups: + - afi: ipv4 + acls: + - name: PortACL + direction: in + port: True + + - name: ACL1v4 + direction: out + + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + state: merged + register: result + + - assert: + that: + - "result.changed == True" + - "'interface Ethernet1/2' in result.commands" + - "'ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'interface Ethernet1/5' in result.commands" + - "'ip port access-group PortACL in' in result.commands" + - "'ip access-group ACL1v4 out' in result.commands" + - "'ipv6 traffic-filter ACL1v6 in' in result.commands" + - "result.commands | length == 6 " + + - name: Idempotence - Merged + nxos_acl_interfaces: *merged + register: result + + - assert: + that: + - "result.changed == false" + + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/overridden.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/overridden.yml new file mode 100644 index 0000000000..d990c2a098 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/overridden.yml @@ -0,0 +1,68 @@ +--- +- debug: + msg: "Start nxos_acl_interfaces overridden integration tests connection = {{ansible_connection}}" + +- include_tasks: populate_config.yaml + +- block: + - name: Overridden + nxos_acl_interfaces: &overridden + config: + - name: Ethernet1/3 + access_groups: + - afi: ipv4 + acls: + - name: ACL1v4 + direction: out + + - name: PortACL + port: true + direction: in + + - afi: ipv6 + acls: + - name: NewACLv6 + direction: in + port: true + state: overridden + register: result + + - assert: + that: + - "result.changed == True" + - "'interface Ethernet1/2' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'interface Ethernet1/5' in result.commands" + - "'no ip access-group ACL1v4 out' in result.commands" + - "'no ip port access-group PortACL in' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'interface Ethernet1/3' in result.commands" + - "'ip access-group ACL1v4 out' in result.commands" + - "'ip port access-group PortACL in' in result.commands" + - "'ipv6 port traffic-filter NewACLv6 in' in result.commands" + - "result.commands | length == 10" + + - name: Gather acl_interfaces post facts + nxos_facts: &facts + gather_subset: + - "!all" + - "!min" + gather_network_resources: acl_interfaces + + - name: Gather acls post facts + nxos_facts: *facts + + - assert: + that: + - "ansible_facts.network_resources.acl_interfaces == result.after" + + - name: Idempotence - overridden + nxos_acl_interfaces: *overridden + register: result + + - assert: + that: + - "result.changed == false" + + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/parsed.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/parsed.yml new file mode 100644 index 0000000000..a54fc83ab0 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/parsed.yml @@ -0,0 +1,40 @@ +--- +- debug: + msg: Start nxos_acl_interfaces parsed integration tests connection={{ansible_connection}}" + +- include_tasks: populate_config.yaml + +- block: + - name: Gather acl interfaces facts + nxos_facts: &facts + gather_subset: + - "!all" + - "!min" + gather_network_resources: acl_interfaces + + - name: Parsed + nxos_acl_interfaces: &parsed + running_config: | + interface Ethernet1/2 + ipv6 traffic-filter ACL1v6 in + interface Ethernet1/5 + ipv6 traffic-filter ACL1v6 in + ip access-group ACL1v4 out + ip port access-group PortACL in + state: parsed + register: result + + - assert: + that: + - "result.changed == false" + - "result.parsed == parsed" + + - name: Idempotence - Parsed + nxos_acl_interfaces: *parsed + register: result + + - assert: + that: "result.changed == false" + + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/populate_acl.yaml b/test/integration/targets/nxos_acl_interfaces/tests/cli/populate_acl.yaml new file mode 100644 index 0000000000..157781558b --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/populate_acl.yaml @@ -0,0 +1,9 @@ +--- +- name: Adding base configuration + cli_config: + config: | + ip access-list ACL1v4 + ip access-list NewACLv4 + ipv6 access-list ACL1v6 + ipv6 access-list NewACLv6 + ip access-list PortACL diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/populate_config.yaml b/test/integration/targets/nxos_acl_interfaces/tests/cli/populate_config.yaml new file mode 100644 index 0000000000..9ce0295eeb --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/populate_config.yaml @@ -0,0 +1,15 @@ +--- +- name: Adding base configuration + cli_config: + config: | + ip access-list ACL1v4 + ip access-list NewACLv4 + ipv6 access-list ACL1v6 + ipv6 access-list NewACLv6 + ip access-list PortACL + interface Ethernet1/2 + ipv6 traffic-filter ACL1v6 in + interface Ethernet1/5 + ip port access-group PortACL in + ip access-group ACL1v4 out + ipv6 traffic-filter ACL1v6 in diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/remove_config.yaml b/test/integration/targets/nxos_acl_interfaces/tests/cli/remove_config.yaml new file mode 100644 index 0000000000..d0a9f9f9bb --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/remove_config.yaml @@ -0,0 +1,21 @@ +--- +- name: Remove config + cli_config: + config: | + no ip access-list ACL1v4 + no ip access-list NewACLv4 + no ip access-list PortACL + no ipv6 access-list ACL1v6 + no ipv6 access-list ACL1v6 + interface Ethernet1/2 + no ipv6 traffic-filter ACL1v6 in + interface Ethernet1/5 + no ip access-group ACL1v4 out + no ip port access-group PortACL in + no ipv6 traffic-filter ACL1v6 in + interface Ethernet1/3 + no ipv6 port traffic-filter NewACLv6 in + no ip access-group ACL1v4 out + no ip port access-group PortACL in + interface Ethernet1/4 + no ip access-group NewACLv4 out diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/rendered.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/rendered.yml new file mode 100644 index 0000000000..125cc60192 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/rendered.yml @@ -0,0 +1,48 @@ +--- +- debug: + msg: "Start nxos_acl_interfaces rendered tests connection={{ ansible_connection }}" + +- name: Rendered + nxos_acl_interfaces: &rendered + config: + - name: Ethernet1/2 + access_groups: + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + + - name: Ethernet1/5 + access_groups: + - afi: ipv4 + acls: + - name: PortACL + direction: in + port: True + - name: ACL1v4 + direction: out + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + state: rendered + register: result + +- assert: + that: + - "result.changed == false" + - "'interface Ethernet1/2' in result.rendered" + - "'ipv6 traffic-filter ACL1v6 in' in result.rendered" + - "'interface Ethernet1/5' in result.rendered" + - "'ipv6 traffic-filter ACL1v6 in' in result.rendered" + - "'ip access-group ACL1v4 out' in result.rendered" + - "'ip port access-group PortACL in' in result.rendered" + - "result.rendered | length == 6" + +- name: Idempotence - Rendered + nxos_acl_interfaces: *rendered + register: result + +- assert: + that: + - "result.changed == false" diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/replaced.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/replaced.yml new file mode 100644 index 0000000000..b2844e119d --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/replaced.yml @@ -0,0 +1,60 @@ +--- +- debug: + msg: "Start nxos_acl_interfaces replaced integration tests connection = {{ansible_connection}}" + +- include_tasks: populate_config.yaml + +- block: + - name: Replaced + nxos_acl_interfaces: &replaced + config: + - name: Eth1/5 + access_groups: + - afi: ipv4 + acls: + - name: NewACLv4 + direction: out + + - name: Ethernet1/3 + access_groups: + - afi: ipv6 + acls: + - name: NewACLv6 + direction: in + port: true + state: replaced + register: result + + - assert: + that: + - "result.changed==True" + - "'interface Ethernet1/5' in result.commands" + - "'no ip access-group ACL1v4 out' in result.commands" + - "'no ip port access-group PortACL in' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'ip access-group NewACLv4 out' in result.commands" + - "'interface Ethernet1/3' in result.commands" + - "'ipv6 port traffic-filter NewACLv6 in' in result.commands" + - "result.commands|length==7" + + - name: Gather acl_interfaces post facts + nxos_facts: + gather_subset: + - "!all" + - "!min" + gather_network_resources: acl_interfaces + + - assert: + that: + - "ansible_facts.network_resources.acl_interfaces == result.after" + + - name: Idempotence - Replaced + nxos_acl_interfaces: *replaced + register: result + + - assert: + that: + - "result.changed == false" + + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/tests/cli/rtt.yml b/test/integration/targets/nxos_acl_interfaces/tests/cli/rtt.yml new file mode 100644 index 0000000000..0cd7a1c236 --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/tests/cli/rtt.yml @@ -0,0 +1,99 @@ +--- +- debug: + msg: "Start nxos_acl_interfaces round trip integration tests connection = {{ansible_connection}}" + +- include_tasks: populate_config.yaml + +- block: + - name: RTT- Apply provided configuration + nxos_acl_interfaces: + config: + - name: Ethernet1/2 + access_groups: + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + + - name: Eth1/5 + access_groups: + - afi: ipv4 + acls: + - name: PortACL + direction: in + port: True + + - name: ACL1v4 + direction: out + + - afi: ipv6 + acls: + - name: ACL1v6 + direction: in + state: merged + + - name: Gather interfaces facts + nxos_facts: + gather_subset: + - "!all" + - "!min" + gather_network_resources: + - acl_interfaces + + - name: Apply configuration to be reverted + nxos_acl_interfaces: + config: + - name: Eth1/4 + access_groups: + - afi: ipv4 + acls: + - name: NewACLv4 + direction: out + + - name: Ethernet1/3 + access_groups: + - afi: ipv6 + acls: + - name: NewACLv6 + direction: in + port: true + state: overridden + register: result + + - name: Assert that changes were applied + assert: + that: + - "result.changed==True" + - "'interface Ethernet1/2' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'interface Ethernet1/5' in result.commands" + - "'no ip access-group ACL1v4 out' in result.commands" + - "'no ip port access-group PortACL in' in result.commands" + - "'no ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'interface Ethernet1/4' in result.commands" + - "'ip access-group NewACLv4 out' in result.commands" + - "'interface Ethernet1/3' in result.commands" + - "'ipv6 port traffic-filter NewACLv6 in' in result.commands" + + - name: Revert back to base configuration using facts round trip + nxos_acl_interfaces: + config: "{{ ansible_facts['network_resources']['acl_interfaces'] }}" + state: overridden + register: result + + - name: Assert that config was reverted + assert: + that: + - "result.changed==True" + - "'interface Ethernet1/2' in result.commands" + - "'ipv6 traffic-filter ACL1v6 in' in result.commands" + - "'interface Ethernet1/3' in result.commands" + - "'no ipv6 port traffic-filter NewACLv6 in' in result.commands" + - "'interface Ethernet1/4' in result.commands" + - "'no ip access-group NewACLv4 out' in result.commands" + - "'interface Ethernet1/5' in result.commands" + - "'ip access-group ACL1v4 out' in result.commands" + - "'ip port access-group PortACL in' in result.commands" + - "'ipv6 traffic-filter ACL1v6 in' in result.commands" + always: + - include_tasks: remove_config.yaml diff --git a/test/integration/targets/nxos_acl_interfaces/vars/main.yml b/test/integration/targets/nxos_acl_interfaces/vars/main.yml new file mode 100644 index 0000000000..0d9ed68e9f --- /dev/null +++ b/test/integration/targets/nxos_acl_interfaces/vars/main.yml @@ -0,0 +1,21 @@ +--- +parsed: + - access_groups: + - acls: + - direction: in + name: ACL1v6 + afi: ipv6 + name: Ethernet1/2 + - access_groups: + - acls: + - direction: out + name: ACL1v4 + - direction: in + name: PortACL + port: true + afi: ipv4 + - acls: + - direction: in + name: ACL1v6 + afi: ipv6 + name: Ethernet1/5
\ No newline at end of file |