diff options
Diffstat (limited to 'test/integration/targets/vyos_firewall_rules/tests')
15 files changed, 0 insertions, 743 deletions
diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg b/test/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg deleted file mode 100644 index b54c10948c..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/_parsed_config.cfg +++ /dev/null @@ -1,25 +0,0 @@ -set firewall group address-group 'inbound' -set firewall ipv6-name UPLINK default-action 'accept' -set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' -set firewall ipv6-name UPLINK rule 1 action 'accept' -set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' -set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' -set firewall ipv6-name UPLINK rule 2 action 'accept' -set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' -set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' -set firewall name INBOUND default-action 'accept' -set firewall name INBOUND description 'IPv4 INBOUND rule set' -set firewall name INBOUND rule 101 action 'accept' -set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' -set firewall name INBOUND rule 101 ipsec 'match-ipsec' -set firewall name INBOUND rule 102 action 'reject' -set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' -set firewall name INBOUND rule 102 ipsec 'match-ipsec' -set firewall name INBOUND rule 103 action 'accept' -set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' -set firewall name INBOUND rule 103 destination group address-group 'inbound' -set firewall name INBOUND rule 103 source address '192.0.2.0' -set firewall name INBOUND rule 103 state established 'enable' -set firewall name INBOUND rule 103 state invalid 'disable' -set firewall name INBOUND rule 103 state new 'disable' -set firewall name INBOUND rule 103 state related 'enable' diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml deleted file mode 100644 index ae6e17a188..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/_populate.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- name: Setup - cli_config: - config: "{{ lines }}" - vars: - lines: | - set firewall group address-group 'inbound' - set firewall ipv6-name UPLINK default-action 'accept' - set firewall ipv6-name UPLINK description 'This is ipv6 specific rule-set' - set firewall ipv6-name UPLINK rule 1 action 'accept' - set firewall ipv6-name UPLINK rule 1 description 'Fwipv6-Rule 1 is configured by Ansible' - set firewall ipv6-name UPLINK rule 1 ipsec 'match-ipsec' - set firewall ipv6-name UPLINK rule 2 action 'accept' - set firewall ipv6-name UPLINK rule 2 description 'Fwipv6-Rule 2 is configured by Ansible' - set firewall ipv6-name UPLINK rule 2 ipsec 'match-ipsec' - set firewall name INBOUND default-action 'accept' - set firewall name INBOUND description 'IPv4 INBOUND rule set' - set firewall name INBOUND rule 101 action 'accept' - set firewall name INBOUND rule 101 description 'Rule 101 is configured by Ansible' - set firewall name INBOUND rule 101 ipsec 'match-ipsec' - set firewall name INBOUND rule 102 action 'reject' - set firewall name INBOUND rule 102 description 'Rule 102 is configured by Ansible' - set firewall name INBOUND rule 102 ipsec 'match-ipsec' - set firewall name INBOUND rule 103 action 'accept' - set firewall name INBOUND rule 103 description 'Rule 103 is configured by Ansible' - set firewall name INBOUND rule 103 destination group address-group 'inbound' - set firewall name INBOUND rule 103 source address '192.0.2.0' - set firewall name INBOUND rule 103 state established 'enable' - set firewall name INBOUND rule 103 state invalid 'disable' - set firewall name INBOUND rule 103 state new 'disable' - set firewall name INBOUND rule 103 state related 'enable' diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml deleted file mode 100644 index 9a9aff9103..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/_remove_config.yaml +++ /dev/null @@ -1,8 +0,0 @@ ---- -- name: Remove Config - cli_config: - config: "{{ lines }}" - vars: - lines: | - delete firewall ipv6-name - delete firewall name diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml deleted file mode 100644 index 881c19349b..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted.yaml +++ /dev/null @@ -1,50 +0,0 @@ ---- -- debug: - msg: "Start vyos_firewall_rules deleted integration tests ansible_connection={{ ansible_connection }}" - -- include_tasks: _populate.yaml - -- block: - - name: Delete firewall rule set. - vyos_firewall_rules: &deleted_rs - config: - - afi: 'ipv6' - rule_sets: - - name: 'UPLINK' - - afi: 'ipv4' - rule_sets: - - name: 'INBOUND' - state: deleted - register: result - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that the correct set of commands were generated - assert: - that: - - "{{ deleted_rs['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that the after dicts were correctly generated - assert: - that: - - "{{ deleted_rs['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Delete attributes of given interfaces (IDEMPOTENT) - vyos_firewall_rules: *deleted_rs - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result.changed == false" - - "result.commands|length == 0" - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ deleted_rs['after'] | symmetric_difference(result['before']) |length == 0 }}" - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml deleted file mode 100644 index 1502e86bf4..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_afi.yaml +++ /dev/null @@ -1,46 +0,0 @@ ---- -- debug: - msg: "Start vyos_firewall_rules deleted integration tests ansible_connection={{ ansible_connection }}" - -- include_tasks: _populate.yaml - -- block: - - name: Delete firewall rule. - vyos_firewall_rules: &deleted_afi - config: - - afi: 'ipv6' - - afi: 'ipv4' - state: deleted - register: result - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that the correct set of commands were generated - assert: - that: - - "{{ deleted_afi_all['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that the after dicts were correctly generated - assert: - that: - - "{{ deleted_afi_all['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Delete attributes of given interfaces (IDEMPOTENT) - vyos_firewall_rules: *deleted_afi - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result.changed == false" - - "result.commands|length == 0" - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ deleted_afi_all['after'] | symmetric_difference(result['before']) |length == 0 }}" - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml deleted file mode 100644 index 60c7a67284..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_all.yaml +++ /dev/null @@ -1,44 +0,0 @@ ---- -- debug: - msg: "Start vyos_firewall_rules deleted integration tests ansible_connection={{ ansible_connection }}" - -- include_tasks: _populate.yaml - -- block: - - name: Delete all the firewall rules. - vyos_firewall_rules: &deleted_all - config: - state: deleted - register: result - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that the correct set of commands were generated - assert: - that: - - "{{ deleted_afi_all['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that the after dicts were correctly generated - assert: - that: - - "{{ deleted_afi_all['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Delete attributes of given interfaces (IDEMPOTENT) - vyos_firewall_rules: *deleted_all - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result.changed == false" - - "result.commands|length == 0" - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ deleted_afi_all['after'] | symmetric_difference(result['before']) |length == 0 }}" - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml deleted file mode 100644 index 7ecdcb380c..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/deleted_rule.yaml +++ /dev/null @@ -1,49 +0,0 @@ ---- -- debug: - msg: "Start vyos_firewall_rules deleted integration tests ansible_connection={{ ansible_connection }}" - -- include_tasks: _populate.yaml - -- block: - - name: Delete firewall rule. - vyos_firewall_rules: &deleted_r - config: - - afi: 'ipv6' - rule_sets: - - name: 'UPLINK' - rules: - - number: 1 - state: deleted - register: result - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that the correct set of commands were generated - assert: - that: - - "{{ deleted_r['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that the after dicts were correctly generated - assert: - that: - - "{{ deleted_r['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Delete attributes of given interfaces (IDEMPOTENT) - vyos_firewall_rules: *deleted_r - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result.changed == false" - - "result.commands|length == 0" - - - name: Assert that the before dicts were correctly generated - assert: - that: - - "{{ deleted_r['after'] | symmetric_difference(result['before']) |length == 0 }}" - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/empty_config.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/empty_config.yaml deleted file mode 100644 index 262b3059e5..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/empty_config.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules empty_config integration tests on connection={{ ansible_connection }}" - -- name: Merged with empty config should give appropriate error message - vyos_firewall_rules: - config: - state: merged - register: result - ignore_errors: true - -- assert: - that: - - result.msg == 'value of config parameter must not be empty for state merged' - -- name: Replaced with empty config should give appropriate error message - vyos_firewall_rules: - config: - state: replaced - register: result - ignore_errors: true - -- assert: - that: - - result.msg == 'value of config parameter must not be empty for state replaced' - -- name: Overridden with empty config should give appropriate error message - vyos_firewall_rules: - config: - state: overridden - register: result - ignore_errors: true - -- assert: - that: - - result.msg == 'value of config parameter must not be empty for state overridden' - -- name: Parsed with empty running_config should give appropriate error message - vyos_firewall_rules: - running_config: - state: parsed - register: result - ignore_errors: true - -- assert: - that: - - result.msg == 'value of running_config parameter must not be empty for state parsed' - -- name: Rendered with empty config should give appropriate error message - vyos_firewall_rules: - config: - state: rendered - register: result - ignore_errors: true - -- assert: - that: - - result.msg == 'value of config parameter must not be empty for state rendered' diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml deleted file mode 100644 index 5a0bac753b..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/gathered.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules gathered integration tests on connection={{ ansible_connection }}" - -- include_tasks: _remove_config.yaml - -- include_tasks: _populate.yaml - -- block: - - name: Merge the provided configuration with the exisiting running configuration - vyos_firewall_rules: &gathered - config: - state: gathered - register: result - - - name: Assert that gathered dicts was correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['gathered']) |length == 0 }}" - - - name: Gather the existing running configuration (IDEMPOTENT) - vyos_firewall_rules: *gathered - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result['changed'] == false" - - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml deleted file mode 100644 index 596f4a143d..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/merged.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules merged integration tests on connection={{ ansible_connection }}" - -- include_tasks: _populate.yaml - -- include_tasks: _remove_config.yaml - -- block: - - name: Merge the provided configuration with the exisiting running configuration - vyos_firewall_rules: &merged - config: - - afi: 'ipv6' - rule_sets: - - name: 'UPLINK' - description: 'This is ipv6 specific rule-set' - default_action: 'accept' - rules: - - number: 1 - action: 'accept' - description: 'Fwipv6-Rule 1 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 2 - action: 'accept' - description: 'Fwipv6-Rule 2 is configured by Ansible' - ipsec: 'match-ipsec' - - - afi: 'ipv4' - rule_sets: - - name: 'INBOUND' - description: 'IPv4 INBOUND rule set' - default_action: 'accept' - rules: - - number: 101 - action: 'accept' - description: 'Rule 101 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 102 - action: 'reject' - description: 'Rule 102 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 103 - action: 'accept' - description: 'Rule 103 is configured by Ansible' - destination: - group: - address_group: 'inbound' - source: - address: '192.0.2.0' - state: - established: true - new: false - invalid: false - related: true - state: merged - register: result - - - name: Assert that before dicts were correctly generated - assert: - that: "{{ merged['before'] | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that correct set of commands were generated - assert: - that: - - "{{ merged['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that after dicts was correctly generated - assert: - that: - - "{{ merged['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Merge the provided configuration with the existing running configuration (IDEMPOTENT) - vyos_firewall_rules: *merged - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result['changed'] == false" - - - name: Assert that before dicts were correctly generated - assert: - that: - - "{{ merged['after'] | symmetric_difference(result['before']) |length == 0 }}" - - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml deleted file mode 100644 index d902f4791e..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/overridden.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules overridden integration tests on connection={{ ansible_connection }}" - -- include_tasks: _remove_config.yaml - -- include_tasks: _populate.yaml - -- block: - - name: Overrides all device configuration with provided configuration - vyos_firewall_rules: &overridden - config: - - afi: 'ipv4' - rule_sets: - - name: 'Downlink' - description: 'IPv4 INBOUND rule set' - default_action: 'accept' - rules: - - number: 501 - action: 'accept' - description: 'Rule 501 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 502 - action: 'reject' - description: 'Rule 502 is configured by Ansible' - ipsec: 'match-ipsec' - state: overridden - register: result - - - name: Assert that before dicts were correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that correct commands were generated - assert: - that: - - "{{ overridden['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that after dicts were correctly generated - assert: - that: - - "{{ overridden['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Overrides all device configuration with provided configurations (IDEMPOTENT) - vyos_firewall_rules: *overridden - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result['changed'] == false" - - - name: Assert that before dicts were correctly generated - assert: - that: - - "{{ overridden['after'] | symmetric_difference(result['before']) |length == 0 }}" - - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml deleted file mode 100644 index 7fb066da00..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/parsed.yaml +++ /dev/null @@ -1,39 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules parsed integration tests on connection={{ ansible_connection }}" - -- include_tasks: _remove_config.yaml - -- include_tasks: _populate.yaml - -- block: - - name: Gather firewall_rules facts - vyos_facts: - gather_subset: - - default - gather_network_resources: - - firewall_rules - register: firewall_rules_facts - - - name: Provide the running configuration for parsing (config to be parsed) - vyos_firewall_rules: &parsed - running_config: - "{{ lookup('file', '_parsed_config.cfg') }}" - state: parsed - register: result - - - name: Assert that correct parsing done - assert: - that: "{{ ansible_facts['network_resources']['firewall_rules'] | symmetric_difference(result['parsed']) |length == 0 }}" - - - name: Gather the existing running configuration (IDEMPOTENT) - vyos_firewall_rules: *parsed - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result['changed'] == false" - - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml deleted file mode 100644 index 958550e211..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/rendered.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules rendered integration tests on connection={{ ansible_connection }}" - -- include_tasks: _remove_config.yaml - -- include_tasks: _populate.yaml - -- block: - - name: Structure provided configuration into device specific commands - vyos_firewall_rules: &rendered - config: - - afi: 'ipv6' - rule_sets: - - name: 'UPLINK' - description: 'This is ipv6 specific rule-set' - default_action: 'accept' - - afi: 'ipv4' - rule_sets: - - name: 'INBOUND' - description: 'IPv4 INBOUND rule set' - default_action: 'accept' - rules: - - number: 101 - action: 'accept' - description: 'Rule 101 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 102 - action: 'reject' - description: 'Rule 102 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 103 - action: 'accept' - description: 'Rule 103 is configured by Ansible' - destination: - group: - address_group: 'inbound' - source: - address: '192.0.2.0' - state: - established: true - new: false - invalid: false - related: true - state: rendered - register: result - - - name: Assert that correct set of commands were generated - assert: - that: - - "{{ rendered['commands'] | symmetric_difference(result['rendered']) |length == 0 }}" - - - name: Structure provided configuration into device specific commands (IDEMPOTENT) - vyos_firewall_rules: *rendered - register: result - - - name: Assert that the previous task was idempotent - assert: - that: - - "result['changed'] == false" - - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml deleted file mode 100644 index 164ff18707..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/replaced.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules replaced integration tests on connection={{ ansible_connection }}" - -- include_tasks: _remove_config.yaml - -- include_tasks: _populate.yaml - -- block: - - name: Replace device configurations of listed firewall rules with provided configurations - vyos_firewall_rules: &replaced - config: - - afi: 'ipv6' - rule_sets: - - name: 'UPLINK' - description: 'This is ipv6 specific rule-set' - default_action: 'accept' - - afi: 'ipv4' - rule_sets: - - name: 'INBOUND' - description: 'IPv4 INBOUND rule set' - default_action: 'accept' - rules: - - number: 101 - action: 'accept' - description: 'Rule 101 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 104 - action: 'reject' - description: 'Rule 104 is configured by Ansible' - ipsec: 'match-none' - state: replaced - register: result - - - name: Assert that correct set of commands were generated - assert: - that: - - "{{ replaced['commands'] | symmetric_difference(result['commands']) |length == 0 }}" - - - name: Assert that before dicts are correctly generated - assert: - that: - - "{{ populate | symmetric_difference(result['before']) |length == 0 }}" - - - name: Assert that after dict is correctly generated - assert: - that: - - "{{ replaced['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Replace device configurations of listed firewall rules with provided configurarions (IDEMPOTENT) - vyos_firewall_rules: *replaced - register: result - - - name: Assert that task was idempotent - assert: - that: - - "result['changed'] == false" - - - name: Assert that before dict is correctly generated - assert: - that: - - "{{ replaced['after'] | symmetric_difference(result['before']) |length == 0 }}" - - always: - - include_tasks: _remove_config.yaml diff --git a/test/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml b/test/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml deleted file mode 100644 index 921defb9d6..0000000000 --- a/test/integration/targets/vyos_firewall_rules/tests/cli/rtt.yaml +++ /dev/null @@ -1,87 +0,0 @@ ---- -- debug: - msg: "START vyos_firewall_rules round trip integration tests on connection={{ ansible_connection }}" - -- include_tasks: _remove_config.yaml - -- block: - - name: Apply the provided configuration (base config) - vyos_firewall_rules: - config: - - afi: 'ipv6' - rule_sets: - - name: 'UPLINK' - description: 'This is ipv6 specific rule-set' - default_action: 'accept' - rules: - - number: 1 - action: 'accept' - description: 'Fwipv6-Rule 1 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 2 - action: 'accept' - description: 'Fwipv6-Rule 2 is configured by Ansible' - ipsec: 'match-ipsec' - - - afi: 'ipv4' - rule_sets: - - name: 'INBOUND' - description: 'IPv4 INBOUND rule set' - default_action: 'accept' - rules: - - number: 101 - action: 'accept' - description: 'Rule 101 is configured by Ansible' - ipsec: 'match-ipsec' - - number: 102 - action: 'reject' - description: 'Rule 102 is configured by Ansible' - ipsec: 'match-ipsec' - state: merged - register: base_config - - - name: Gather firewall_rules facts - vyos_facts: - gather_subset: - - default - gather_network_resources: - - firewall_rules - - - name: Apply the provided configuration (config to be reverted) - vyos_firewall_rules: - config: - - afi: 'ipv4' - rule_sets: - - name: 'INBOUND' - description: 'IPv4 INBOUND rule set' - default_action: 'accept' - rules: - - number: 103 - action: 'accept' - description: 'Rule 103 is configured by Ansible' - source: - address: '192.0.2.0' - state: - established: true - new: false - invalid: false - related: true - state: merged - register: result - - - name: Assert that changes were applied - assert: - that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length == 0 }}" - - - name: Revert back to base config using facts round trip - vyos_firewall_rules: - config: "{{ ansible_facts['network_resources']['firewall_rules'] }}" - state: overridden - register: revert - - - name: Assert that config was reverted - assert: - that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length == 0 }}" - - always: - - include_tasks: _remove_config.yaml |