generated from ansible-collections/collection_template
-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introducing module firewall_alias (#137)
* created molecule file * created verify file * renaming aliases to alias * renaming aliases to alias * first draft of test_firewall_alias * removed unused file test_firewall_aliases * renaming * finished test_firewall_alias_from_xml unit test * added test_firewall_rule_alias_to_etree unit test * added to_etree function * finished test_firewall_alias_from_ansible_module_params_simple unit test * added from_ansible_module_params classmethod * added FirewallAliasSet unit test * added FirewallAliasSet class * updated tests in order to support new listenum and added xml-data * added FirewallAliasType * updated class FirewallAliasType values * added content list handling * added content unit tests * updated tests to accept new bool counter value * updated tests to accept new bool counter value * updated updatefreq default values * added tests to test updatefreq * added firewall_alias module * first working draft * first working draft firewall_alias * implemented remove function * added content as list handling * updated tests * started implementing content_validation * added host and network type validation unit tests * added content_types host and network * added validation functions * added multiple tests * enabled tests * added interface validation checks * added interface validation function * updated module_incex to support new module * updated tests * added converge file for module firewall_alias * removed unused imports * minor updated * updated documentation * updated return * fixed linter errors * fixed linter errors * finished documentation * fixed typing * removed unwanted file * pylint errors * fixed pylinter errors * added pylint skip-file to test_system_access_users_utils * fixed typos * fixed type asn * added test to verify type asn fix * fixed authgroup type * fixed setting of authgroup * added two new test cases * added toetree tests to check asn protocol * added tests to fix protocol assignment * added MaximumTableEntries validation * fixed hostname validation * updated converage * fixed linter errors * added molcue instance * updated module_index to support version 24.7 of the alias module * added missing maximumtableentries entry * Update plugins/module_utils/firewall_alias_utils.py Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com> * Update plugins/module_utils/firewall_alias_utils.py Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com> * Update plugins/module_utils/firewall_alias_utils.py Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com> * Update plugins/module_utils/firewall_alias_utils.py Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com> * applied @dongovanni's requests * restructred firewall_alias * restructred firewall_alias_utils version compatibility checks * removed unused import * updated version_added entry --------- Co-authored-by: Fabio Bertagna <33524186+DonGiovanni83@users.noreply.github.com>
- Loading branch information
1 parent
6e9025f
commit 0416c70
Showing
7 changed files
with
3,171 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,314 @@ | ||
--- | ||
- name: converge | ||
hosts: all | ||
become: true | ||
tasks: | ||
|
||
- name: Converge - Get OPNsense version | ||
ansible.builtin.command: opnsense-version -O | ||
register: opnsense_version_cmd | ||
changed_when: false | ||
|
||
- name: Converge - Set OPNsense version fact | ||
ansible.builtin.set_fact: | ||
opnsense_version: "{{ opnsense_version_cmd.stdout | from_json }}" | ||
|
||
- name: Create a Host Alias with the content 10.0.0.1 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeHost | ||
type: host | ||
statistics: false | ||
description: Test Alias with type Host | ||
content: 10.0.0.1 | ||
state: present | ||
|
||
- name: Create a Host Alias with an unsupported content 192.168.0.0/24 | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeHost | ||
type: host | ||
statistics: false | ||
description: Test Alias with type Host | ||
content: 192.168.0.0/24 | ||
state: present | ||
register: unsupported_content_for_type_host_result | ||
ignore_errors: yes | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type host | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_host_result is failed | ||
fail_msg: "Content 192.168.0.0/24 for type host should fail" | ||
success_msg: "Content 192.168.0.0/24 failed as expected due to unsupported content for type host" | ||
|
||
|
||
- name: Create a Host Alias with the content 10.0.0.1, 10.0.0.2 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeHostList | ||
type: host | ||
statistics: false | ||
description: Test Alias with type Host | ||
content: | ||
- 10.0.0.1 | ||
- 10.0.0.2 | ||
|
||
- name: Create a Network Alias with the content 192.168.0.0/24 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeNetwork | ||
type: network | ||
statistics: false | ||
description: Test Alias with type Network | ||
content: 192.168.0.0/24 | ||
|
||
- name: Create a Network Alias with an unsupported content test_content | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeNetwork | ||
type: network | ||
statistics: false | ||
description: Test Alias with type Network | ||
content: test_content | ||
state: present | ||
register: unsupported_content_for_type_network_result | ||
ignore_errors: yes | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type network | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_network_result is failed | ||
fail_msg: "Content test_content for type network should fail" | ||
success_msg: "Content test_content failed as expected due to unsupported content for type network" | ||
|
||
- name: Create a NetworkGroup Alias with the content TestAliasTypeNetwork | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeNetworkGroup | ||
type: networkgroup | ||
description: Test Alias with type NetworkGroup | ||
content: | ||
- TestAliasTypeNetwork | ||
|
||
- name: Create a NetworkGroup Alias with an unsupported content test_content | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeNetworkGroup | ||
type: networkgroup | ||
statistics: false | ||
description: Test Alias with type NetworkGroup | ||
content: test_content | ||
state: present | ||
register: unsupported_content_for_type_networkgroup_result | ||
ignore_errors: yes | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type networkgroup | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_networkgroup_result is failed | ||
fail_msg: "Content test_content for type networkgroup should fail" | ||
success_msg: "Content test_content failed as expected due to unsupported content for type networkgroup" | ||
|
||
- name: Create a Port Alias with the content 80 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypePort | ||
type: port | ||
statistics: false | ||
description: Test Alias with type Port | ||
content: 80 | ||
|
||
- name: Create a Port Alias with an unsupported content !30 | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypePort | ||
type: port | ||
statistics: false | ||
description: Test Alias with type Port | ||
content: "!30" | ||
state: present | ||
register: unsupported_content_for_type_port_result | ||
ignore_errors: yes | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type port | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_port_result is failed | ||
fail_msg: "Content test_content for type port should fail" | ||
success_msg: "Content !30 failed as expected due to unsupported content for type port" | ||
|
||
- name: Create an MAC Alias with the content FF:FF:FF:FF:FF | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeMAC | ||
type: macaddress | ||
statistics: false | ||
description: Test Alias with type MAC | ||
content: FF:FF:FF:FF:FF:FF | ||
|
||
- name: Create a MACAddress Alias with an unsupported content 11:AA:22:BB:33 | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeMACAddress | ||
type: macaddress | ||
statistics: false | ||
description: Test Alias with type MACAddress | ||
content: 11:AA:22:BB:33 | ||
state: present | ||
register: unsupported_content_for_type_macaddress_result | ||
ignore_errors: yes | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type macaddress | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_macaddress_result is failed | ||
fail_msg: "Content 11:AA:22:BB:33 for type macaddress should fail" | ||
success_msg: "Content 11:AA:22:BB:33 failed as expected due to unsupported content for type macaddress" | ||
|
||
- name: Create an URL Alias with the content www.puzzle.ch | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeURL | ||
type: url | ||
statistics: false | ||
description: Test Alias with type URL | ||
content: www.puzzle.ch | ||
|
||
- name: Create a URLTable Alias with the content www.google.ch, www.puzzle.ch | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeURLTable | ||
type: urltable | ||
refreshfrequency: | ||
days: 1 | ||
hours: 2 | ||
description: Test Alias with type URLTable | ||
content: | ||
- www.google.ch | ||
- www.puzzle.ch | ||
|
||
- name: Create a GeoIP Alias with the content CH, DE | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeGeoIP | ||
type: geoip | ||
description: Test Alias with type GeoIP | ||
content: | ||
- CH | ||
- DE | ||
ignore_errors: yes | ||
register: unconfigured_geoip_result | ||
|
||
- name: Verify that the creation failed, since the GeoIP settings are not configured | ||
ansible.builtin.assert: | ||
that: | ||
- unconfigured_geoip_result is failed | ||
fail_msg: "Setting of GeoIP should fail" | ||
success_msg: "Setting of GeoIP should fail as expected due to unconfigured GeoIP settings" | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create an BGPASN Alias with the content 65000 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeBGPASN | ||
type: bgpasn | ||
statistics: false | ||
description: Test Alias with type BGPASN | ||
content: 65000 | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create an BGPASN Alias with the content 65001 and protocol ipv4 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeBGPASN_ipv4 | ||
type: bgpasn | ||
statistics: false | ||
description: Test Alias with type BGPASN with the content 65001 and protocol ipv4 | ||
content: 65001 | ||
protocol: IPv4 | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create an BGPASN Alias with the content 65002 and protocol ipv6 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeBGPASN_ipv6 | ||
type: bgpasn | ||
statistics: false | ||
description: Test Alias with type BGPASN with the content 65002 and protocol ipv6 | ||
content: 65002 | ||
protocol: IPv6 | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create an BGPASN Alias with the content 65003 and protocol ipv4,ipv6 | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeBGPASN_ipv4_ipv6 | ||
type: bgpasn | ||
statistics: false | ||
description: Test Alias with type BGPASN with the content 65003 and protocol ipv4,ipv6 | ||
content: 65003 | ||
protocol: | ||
- IPv4 | ||
- IPv6 | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create a BGPASN Alias with an unsupported content test_asn | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeBGPASN | ||
type: bgpasn | ||
statistics: false | ||
description: Test Alias with type BGPASN | ||
content: test_asn | ||
state: present | ||
register: unsupported_content_for_type_bgpasn_result | ||
ignore_errors: yes | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type bgpasn | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_bgpasn_result is failed | ||
fail_msg: "Content test_asn for type bgpasn should fail" | ||
success_msg: "Content test_asn failed as expected due to unsupported content for type bgpasn" | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create an DYNAMICIPV6HOST Alias with the content ::abcd:1234:5678:abcd | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeDYNAMICIPV6HOST | ||
type: dynamicipv6host | ||
statistics: false | ||
description: Test Alias with type DYNAMICIPV6HOST | ||
content: ::abcd:1234:5678:abcd | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create a DYNAMICIPV6HOST Alias with an unsupported content 2001::10 | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeDYNAMICIPV6HOST | ||
type: dynamicipv6host | ||
statistics: false | ||
description: Test Alias with type DYNAMICIPV6HOST | ||
content: 2001::10 | ||
state: present | ||
register: unsupported_content_for_type_dynamicipv6host_result | ||
ignore_errors: yes | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type dynamicipv6host | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_dynamicipv6host_result is failed | ||
fail_msg: "Content 2001::10 for type dynamicipv6host should fail" | ||
success_msg: "Content 2001::10 failed as expected due to unsupported content for type dynamicipv6host" | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create an OPNVPNGROUP Alias with the content admins | ||
puzzle.opnsense.firewall_alias: | ||
name: TestAliasTypeOPNVPNGROUP | ||
type: opnvpngroup | ||
statistics: false | ||
description: Test Alias with type OPNVPNGROUP | ||
content: admins | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Create a OPNVPNGROUP Alias with an unsupported content test_group | ||
puzzle.opnsense.firewall_alias: | ||
name: UnsupportedTestAliasTypeOPNVPNGROUP | ||
type: opnvpngroup | ||
statistics: false | ||
description: Test Alias with type OPNVPNGROUP | ||
content: test_group | ||
state: present | ||
ignore_errors: yes | ||
register: unsupported_content_for_type_opnvpngroup_result | ||
when: opnsense_version["product_version"] is version('23.7', '>=') | ||
|
||
- name: Verify that the alias update failed since the defined content is not supported for type opnvpngroup | ||
ansible.builtin.assert: | ||
that: | ||
- unsupported_content_for_type_opnvpngroup_result is failed | ||
fail_msg: "Content test_group for type opnvpngroup should fail" | ||
success_msg: "Content test_group failed as expected due to unsupported content for type opnvpngroup" | ||
when: opnsense_version["product_version"] is version('23.7', '>=') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
--- | ||
scenario: | ||
name: firewall_alias | ||
test_sequence: | ||
# - dependency not relevant unless we have requirements | ||
- destroy | ||
- syntax | ||
- create | ||
- converge | ||
- idempotence | ||
- verify | ||
- destroy | ||
|
||
driver: | ||
name: vagrant | ||
parallel: true | ||
|
||
platforms: | ||
- name: "22.7" | ||
hostname: false | ||
box: puzzle/opnsense | ||
box_version: "22.7" | ||
memory: 1024 | ||
cpus: 2 | ||
instance_raw_config_args: | ||
- 'vm.guest = :freebsd' | ||
- 'ssh.sudo_command = "%c"' | ||
- 'ssh.shell = "/bin/sh"' | ||
- name: "23.1" | ||
box: puzzle/opnsense | ||
hostname: false | ||
box_version: "23.1" | ||
memory: 1024 | ||
cpus: 2 | ||
instance_raw_config_args: | ||
- 'vm.guest = :freebsd' | ||
- 'ssh.sudo_command = "%c"' | ||
- 'ssh.shell = "/bin/sh"' | ||
- name: "23.7" | ||
box: puzzle/opnsense | ||
hostname: false | ||
box_version: "23.7" | ||
memory: 1024 | ||
cpus: 2 | ||
instance_raw_config_args: | ||
- 'vm.guest = :freebsd' | ||
- 'ssh.sudo_command = "%c"' | ||
- 'ssh.shell = "/bin/sh"' | ||
- name: "24.1" | ||
box: puzzle/opnsense | ||
hostname: false | ||
box_version: "24.1" | ||
memory: 1024 | ||
cpus: 2 | ||
instance_raw_config_args: | ||
- 'vm.guest = :freebsd' | ||
- 'ssh.sudo_command = "%c"' | ||
- 'ssh.shell = "/bin/sh"' | ||
- name: "24.7" | ||
box: puzzle/opnsense | ||
hostname: false | ||
box_version: "24.7" | ||
memory: 1024 | ||
cpus: 2 | ||
instance_raw_config_args: | ||
- 'vm.guest = :freebsd' | ||
- 'ssh.sudo_command = "%c"' | ||
- 'ssh.shell = "/bin/sh"' | ||
|
||
provisioner: | ||
name: ansible | ||
env: | ||
ANSIBLE_VERBOSITY: 3 | ||
verifier: | ||
name: ansible | ||
options: | ||
become: true |
Oops, something went wrong.