def test_ntp_gathered(self):
set_module_args(dict(state="gathered"))
result = self.execute_module(changed=False)
gathered_list = {
"allow_clients": ["10.1.1.0/24", "10.1.2.0/24"],
"listen_addresses": ["10.2.3.1", "10.4.3.1"],
"servers": [
{
"server": "server1"
},
{
"server": "server3",
"options": ["dynamic", "noselect"]
},
{
"server": "time1.vyos.net"
},
{
"server": "time2.vyos.net"
},
{
"server": "time3.vyos.net"
},
],
}
self.assertEqual(gathered_list, result["gathered"])
def test_vyos_firewall_v6_rule_sets_rule_merged_icmp_01(self):
set_module_args(
dict(
config=[
dict(
afi="ipv6",
rule_sets=[
dict(
name="INBOUND",
rules=[
dict(
number="101",
protocol="icmp",
icmp=dict(
type_name="port-unreachable"
),
)
],
),
],
)
],
state="merged",
)
)
commands = [
"set firewall ipv6-name INBOUND rule 101 icmpv6 type port-unreachable",
"set firewall ipv6-name INBOUND rule 101 protocol 'icmp'",
"set firewall ipv6-name INBOUND rule 101",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_facts_not_all(self):
set_module_args(dict(gather_subset="!all"))
result = self.execute_module()
facts = result.get("ansible_facts")
self.assertEqual(len(facts), 10)
self.assertEqual(facts["ansible_net_hostname"].strip(), "vyos01")
self.assertEqual(facts["ansible_net_version"], "VyOS 1.1.7")
def test_vyos_firewall_rule_set_02_overridden_idem(self):
set_module_args(
dict(config=[
dict(name='eth0',
access_rules=[
dict(afi='ipv4',
rules=[
dict(name='INBOUND', direction='in'),
dict(name='OUTBOUND', direction='out'),
dict(name='LOCAL', direction='local')
]),
dict(afi='ipv6',
rules=[dict(name='V6-LOCAL', direction='local')])
]),
dict(name='eth2',
access_rules=[
dict(afi='ipv4',
rules=[
dict(name='INBOUND', direction='in'),
dict(name='OUTBOUND', direction='out'),
dict(name='LOCAL', direction='local')
]),
dict(afi='ipv6',
rules=[dict(name='V6-LOCAL', direction='local')])
])
],
state="overridden"))
self.execute_module(changed=False, commands=[])
def test_vyos_firewall_global_set_01_replaced_idem(self):
set_module_args(
dict(
config=dict(group=dict(
address_group=[
dict(
name="RND-HOSTS",
description=
"This group has the Management hosts address lists",
members=[
dict(address="192.0.2.1"),
dict(address="192.0.2.3"),
dict(address="192.0.2.5"),
],
)
],
network_group=[
dict(
name="RND",
description=
"This group has the Management network addresses",
members=[dict(address="192.0.2.0/24")],
)
],
)),
state="replaced",
))
self.execute_module(changed=False, commands=[])
def test_vyos_config_lines(self):
commands = ['set system host-name foo']
set_module_args(dict(lines=commands))
candidate = '\n'.join(commands)
self.conn.get_diff = MagicMock(return_value=self.cliconf_obj.get_diff(
candidate, self.running_config))
self.execute_module(changed=True, commands=commands)
def test_vyos_static_routes_overridden_idempotent(self):
set_module_args(
dict(
config=[
dict(address_families=[
dict(
afi="ipv4",
routes=[
dict(
dest="192.0.2.32/28",
next_hops=[
dict(forward_router_address="192.0.2.9"
),
dict(
forward_router_address="192.0.2.10"
),
],
)
],
)
])
],
state="overridden",
))
self.execute_module(changed=False, commands=[])
def test_vyos_firewall_v6_rule_sets_rule_merged_01(self):
set_module_args(
dict(config=[
dict(afi='ipv6',
rule_sets=[
dict(name='INBOUND',
description='This is IPv6 INBOUND rule set',
default_action='accept',
enable_default_log=True,
rules=[
dict(number='101',
action='accept',
description='Rule 101 is configured by Ansible',
ipsec='match-ipsec',
protocol='icmp',
disabled=True)
]),
])
],
state="merged"))
commands = [
"set firewall ipv6-name INBOUND default-action 'accept'",
"set firewall ipv6-name INBOUND description 'This is IPv6 INBOUND rule set'",
'set firewall ipv6-name INBOUND enable-default-log',
"set firewall ipv6-name INBOUND rule 101 protocol 'icmp'",
"set firewall ipv6-name INBOUND rule 101 description 'Rule 101 is configured by Ansible'",
'set firewall ipv6-name INBOUND rule 101',
'set firewall ipv6-name INBOUND rule 101 disabled',
"set firewall ipv6-name INBOUND rule 101 action 'accept'",
"set firewall ipv6-name INBOUND rule 101 ipsec 'match-ipsec'"
]
self.execute_module(changed=True, commands=commands)
def test_vyos_firewall_v6_rule_sets_rule_merged_03(self):
set_module_args(
dict(config=[
dict(afi='ipv6',
rule_sets=[
dict(name='INBOUND',
rules=[
dict(number='101',
destination=dict(group=dict(
address_group='OUT-ADDR-GROUP',
network_group='OUT-NET-GROUP',
port_group='OUT-PORT-GROUP')),
source=dict(group=dict(
address_group='IN-ADDR-GROUP',
network_group='IN-NET-GROUP',
port_group='IN-PORT-GROUP')))
]),
])
],
state="merged"))
commands = [
'set firewall ipv6-name INBOUND rule 101 source group address-group IN-ADDR-GROUP',
'set firewall ipv6-name INBOUND rule 101 source group network-group IN-NET-GROUP',
'set firewall ipv6-name INBOUND rule 101 source group port-group IN-PORT-GROUP',
'set firewall ipv6-name INBOUND rule 101 destination group address-group OUT-ADDR-GROUP',
'set firewall ipv6-name INBOUND rule 101 destination group network-group OUT-NET-GROUP',
'set firewall ipv6-name INBOUND rule 101 destination group port-group OUT-PORT-GROUP',
'set firewall ipv6-name INBOUND rule 101'
]
self.execute_module(changed=True, commands=commands)
def test_vyos_bgp_address_family_deleted(self):
set_module_args(
dict(
state="deleted",
config=dict(
as_number=65536,
address_family=[
dict(afi="ipv4", ),
],
neighbors=[
dict(
neighbor_address="192.0.2.25",
address_family=[
dict(afi="ipv4", ),
],
),
dict(neighbor_address="203.0.113.5", ),
],
),
))
commands = [
"delete protocols bgp 65536 address-family ipv4-unicast",
"delete protocols bgp 65536 neighbor 192.0.2.25 address-family ipv4-unicast",
"delete protocols bgp 65536 neighbor 203.0.113.5 address-family",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_hostname_rendered(self):
set_module_args(
dict(state="rendered", config=dict(hostname="vyos_test")))
commands = ["set system host-name vyos_test"]
result = self.execute_module(changed=False)
self.assertEqual(sorted(result["rendered"]), sorted(commands),
result["rendered"])
def test_vyos_facts_exclude_most(self):
set_module_args(dict(gather_subset=['!neighbors', '!config']))
result = self.execute_module()
facts = result.get('ansible_facts')
self.assertEqual(len(facts), 10)
self.assertEqual(facts['ansible_net_hostname'].strip(), 'vyos01')
self.assertEqual(facts['ansible_net_version'], 'VyOS 1.1.7')
def test_vyos_facts_not_all(self):
set_module_args(dict(gather_subset='!all'))
result = self.execute_module()
facts = result.get('ansible_facts')
self.assertEqual(len(facts), 10)
self.assertEqual(facts['ansible_net_hostname'].strip(), 'vyos01')
self.assertEqual(facts['ansible_net_version'], 'VyOS 1.1.7')
def test_ntp_deleted(self):
set_module_args(
dict(
config=dict(
allow_clients=["10.1.1.0/24"],
listen_addresses=["10.2.3.1"],
servers=[
dict(server="server1"),
dict(server="server3", options=["noselect"]),
dict(server="time1.vyos.net"),
dict(server="time2.vyos.net"),
dict(server="time3.vyos.net"),
],
),
state="deleted",
))
commands = [
"delete system ntp allow-clients",
"delete system ntp listen-address",
"delete system ntp server server1",
"delete system ntp server server3",
"delete system ntp server time1.vyos.net",
"delete system ntp server time2.vyos.net",
"delete system ntp server time3.vyos.net",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_system_no_change(self):
set_module_args(
dict(host_name='router',
domain_name='example.com',
name_server=['8.8.8.8', '8.8.4.4']))
result = self.execute_module()
self.assertEqual([], result['commands'])
def test_vyos_firewall_v6_rule_sets_rule_merged_04(self):
set_module_args(
dict(config=[
dict(afi='ipv6',
rule_sets=[
dict(name='INBOUND',
rules=[
dict(number='101',
time=dict(monthdays='2',
startdate='2020-01-24',
starttime='13:20:00',
stopdate='2020-01-28',
stoptime='13:30:00',
weekdays='!Sat,Sun',
utc=True),
tcp=dict(flags='ALL'))
]),
])
],
state="merged"))
commands = [
'set firewall ipv6-name INBOUND rule 101',
'set firewall ipv6-name INBOUND rule 101 tcp flags ALL',
'set firewall ipv6-name INBOUND rule 101 time utc',
'set firewall ipv6-name INBOUND rule 101 time monthdays 2',
'set firewall ipv6-name INBOUND rule 101 time startdate 2020-01-24',
'set firewall ipv6-name INBOUND rule 101 time stopdate 2020-01-28',
'set firewall ipv6-name INBOUND rule 101 time weekdays !Sat,Sun',
'set firewall ipv6-name INBOUND rule 101 time stoptime 13:30:00',
'set firewall ipv6-name INBOUND rule 101 time starttime 13:20:00'
]
self.execute_module(changed=True, commands=commands)
def test_vyos_ospfv2_merged_update_existing(self):
set_module_args(
dict(
config=dict(areas=[
dict(
area_id="12",
area_type=dict(normal=True),
authentication="plaintext-password",
shortcut="enable",
),
dict(
area_id="14",
area_type=dict(stub=dict(set=False)),
network=[
dict(address="192.0.12.0/24"),
dict(address="192.0.22.0/24"),
],
range=[
dict(address="192.0.13.0/24", cost=10),
dict(address="192.0.14.0/24", cost=12),
],
),
], ),
state="merged",
))
commands = [
"delete protocols ospf area 14 area-type stub",
"set protocols ospf area 14 network 192.0.22.0/24",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_firewall_v4v6_rule_sets_rule_ovr_01(self):
set_module_args(
dict(config=[
dict(afi='ipv4',
rule_sets=[
dict(name='V4-IN',
description='This is IPv4 INGRESS rule set',
default_action='accept',
enable_default_log=True,
rules=[
dict(number='1',
action='reject',
description='Rule 1 is configured by Ansible RM',
ipsec='match-ipsec',
protocol='tcp',
fragment='match-frag',
disabled=False),
dict(number='2',
action='accept',
description='Rule 102 is configured by Ansible RM',
protocol='icmp',
disabled=True)
]),
]),
dict(afi='ipv6',
rule_sets=[
dict(name='V6-IN',
default_action='accept',
description='This rule-set is configured by Ansible RM'),
dict(name='V6-EG',
default_action='reject',
description='This rule-set is configured by Ansible RM')
])
],
state="overridden"))
commands = [
'delete firewall ipv6-name V6-INGRESS',
'delete firewall ipv6-name V6-EGRESS',
'delete firewall name V4-INGRESS',
'delete firewall name V4-EGRESS',
"set firewall name V4-IN default-action 'accept'",
"set firewall name V4-IN description 'This is IPv4 INGRESS rule set'",
'set firewall name V4-IN enable-default-log',
"set firewall name V4-IN rule 1 protocol 'tcp'",
"set firewall name V4-IN rule 1 description 'Rule 1 is configured by Ansible RM'",
"set firewall name V4-IN rule 1 fragment 'match-frag'",
'set firewall name V4-IN rule 1',
"set firewall name V4-IN rule 1 action 'reject'",
"set firewall name V4-IN rule 1 ipsec 'match-ipsec'",
'set firewall name V4-IN rule 2 disabled',
"set firewall name V4-IN rule 2 action 'accept'",
"set firewall name V4-IN rule 2 protocol 'icmp'",
"set firewall name V4-IN rule 2 description 'Rule 102 is configured by Ansible RM'",
'set firewall name V4-IN rule 2',
"set firewall ipv6-name V6-IN default-action 'accept'",
"set firewall ipv6-name V6-IN description 'This rule-set is configured by Ansible RM'",
"set firewall ipv6-name V6-EG default-action 'reject'",
"set firewall ipv6-name V6-EG description 'This rule-set is configured by Ansible RM'"
]
self.execute_module(changed=True, commands=commands)
def test_vyos_static_routes_overridden(self):
set_module_args(
dict(
config=[
dict(address_families=[
dict(
afi="ipv4",
routes=[
dict(
dest="192.0.2.48/28",
next_hops=[
dict(forward_router_address="192.0.2.9"
),
dict(
forward_router_address="192.0.2.10"
),
],
)
],
)
])
],
state="overridden",
))
commands = [
"delete protocols static route 192.0.2.32/28",
"set protocols static route 192.0.2.48/28",
"set protocols static route 192.0.2.48/28 next-hop '192.0.2.9'",
"set protocols static route 192.0.2.48/28 next-hop '192.0.2.10'",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_setup_int_idempotent(self):
set_module_args(dict(
name="eth1",
enabled=True,
state="present",
))
self.execute_module(changed=False, commands=[])
def test_vyos_static_routes_merged(self):
set_module_args(
dict(
config=[
dict(address_families=[
dict(
afi="ipv4",
routes=[
dict(
dest="192.0.2.48/28",
next_hops=[
dict(
forward_router_address="192.0.2.9",
admin_distance=10,
),
dict(
forward_router_address="192.0.2.10"
),
],
)
],
)
])
],
state="merged",
))
commands = [
"set protocols static route 192.0.2.48/28",
"set protocols static route 192.0.2.48/28 next-hop '192.0.2.9'",
"set protocols static route 192.0.2.48/28 next-hop 192.0.2.9 distance '10'",
"set protocols static route 192.0.2.48/28 next-hop '192.0.2.10'",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_disable_int(self):
set_module_args(dict(
name="eth1",
state="absent",
))
commands = ["delete interfaces ethernet eth1"]
self.execute_module(changed=True, commands=commands)
def test_vyos_firewall_global_set_01_replaced(self):
set_module_args(
dict(
config=dict(group=dict(
address_group=[
dict(
name="RND-HOSTS",
description=
"This group has the Management hosts address lists",
members=[
dict(address="192.0.2.1"),
dict(address="192.0.2.7"),
dict(address="192.0.2.9"),
],
)
],
network_group=[
dict(
name="RND",
description=
"This group has the Management network addresses",
members=[dict(address="192.0.2.0/24")],
)
],
)),
state="replaced",
))
commands = [
"delete firewall group address-group RND-HOSTS address 192.0.2.3",
"delete firewall group address-group RND-HOSTS address 192.0.2.5",
"set firewall group address-group RND-HOSTS address 192.0.2.7",
"set firewall group address-group RND-HOSTS address 192.0.2.9",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_setup_int_aggregate(self):
set_module_args(
dict(aggregate=[
dict(
name="eth1",
enabled=True,
state="present",
mtu="512",
duplex="half",
speed="100",
),
dict(
name="eth2",
enabled=True,
state="present",
speed="1000",
duplex="full",
mtu="256",
),
]))
commands = [
"set interfaces ethernet eth1 speed 100",
"set interfaces ethernet eth1 duplex half",
"set interfaces ethernet eth1 mtu 512",
"set interfaces ethernet eth2 speed 1000",
"set interfaces ethernet eth2 duplex full",
"set interfaces ethernet eth2 mtu 256",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_firewall_rule_set_03_deleted_all(self):
set_module_args(dict(config=[], state="deleted"))
commands = [
"delete interfaces ethernet eth0 firewall",
"delete interfaces ethernet eth2 firewall",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_interfaces_overridden_newinterface(self):
set_module_args(
dict(
config=[
dict(
name="eth4",
description="Ethernet 4",
enabled=True,
speed="auto",
duplex="auto",
),
dict(name="eth1", description="Configured by Ansible"),
],
state="overridden",
))
commands = [
"set interfaces ethernet eth1 description 'Configured by Ansible'",
"set interfaces ethernet eth4 description 'Ethernet 4'",
"set interfaces ethernet eth4 duplex 'auto'",
"set interfaces ethernet eth4 speed 'auto'",
"delete interfaces wireguard wg02 description",
"delete interfaces ethernet eth3 description",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_firewall_v4_rule_sets_rule_merged_icmp_02(self):
set_module_args(
dict(
config=[
dict(
afi="ipv4",
rule_sets=[
dict(
name="INBOUND",
rules=[
dict(
number="101",
protocol="icmp",
icmp=dict(type_name="echo-request"),
)
],
),
],
)
],
state="merged",
)
)
commands = [
"set firewall name INBOUND rule 101 icmp type-name echo-request",
"set firewall name INBOUND rule 101 protocol 'icmp'",
"set firewall name INBOUND rule 101",
]
self.execute_module(changed=True, commands=commands)
def test_vyos_system_clear_all(self):
set_module_args(dict(state='absent'))
commands = [
'delete system host-name', 'delete system domain-search domain',
'delete system domain-name', 'delete system name-server'
]
self.execute_module(changed=True, commands=commands)
def test_vyos_facts_exclude_most(self):
set_module_args(dict(gather_subset=["!neighbors", "!config"]))
result = self.execute_module()
facts = result.get("ansible_facts")
self.assertEqual(len(facts), 10)
self.assertEqual(facts["ansible_net_hostname"].strip(), "vyos01")
self.assertEqual(facts["ansible_net_version"], "VyOS 1.1.7")
def test_ntp_rendered(self):
set_module_args(
dict(
config=dict(
allow_clients=["10.7.7.0/24", "10.8.8.0/24"],
listen_addresses=["10.7.9.1"],
servers=[
dict(server="server79"),
dict(server="server46",
options=["noselect", "dynamic"]),
dict(server="time1.vyos.net"),
dict(server="time2.vyos.net"),
dict(server="time3.vyos.net"),
],
),
state="rendered",
))
rendered_commands = [
"set system ntp allow-clients address 10.7.7.0/24",
"set system ntp allow-clients address 10.8.8.0/24",
"set system ntp listen-address 10.7.9.1",
"set system ntp server server79",
"set system ntp server server46 noselect",
"set system ntp server server46 dynamic",
"set system ntp server time1.vyos.net",
"set system ntp server time2.vyos.net",
"set system ntp server time3.vyos.net",
]
result = self.execute_module(changed=False)
self.assertEqual(
sorted(result["rendered"]),
sorted(rendered_commands),
result["rendered"],
)
