diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..5d838fad --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,3 @@ +--- + +profile: production diff --git a/.flake8 b/.flake8 new file mode 100644 index 00000000..03be6924 --- /dev/null +++ b/.flake8 @@ -0,0 +1,67 @@ +[flake8] + +builtins = _ + +# Print the total number of errors: +count = true + +# Don't even try to analyze these: +extend-exclude = + # No need to traverse egg info dir + *.egg-info, + # tool cache dirs + *_cache + # project env vars + .env, + # GitHub configs + .github, + # Cache files of MyPy + .mypy_cache, + # Cache files of pytest + .pytest_cache, + # Temp dir of pytest-testmon + .tmontmp, + # Occasional virtualenv dir + .venv + # VS Code + .vscode, + # Temporary build dir + build, + # This contains sdists and wheels of ansible-navigator that we don't want to check + dist, + # Metadata of `pip wheel` cmd is autogenerated + pip-wheel-metadata, + # adjacent venv + venv + # ansible won't let me + __init__.py + +# IMPORTANT: avoid using ignore option, always use extend-ignore instead +# Completely and unconditionally ignore the following errors: +extend-ignore = + F841, + # line-length + E501, + # module level import not at top of file + E402 + +# Accessibility/large fonts and PEP8 unfriendly: +max-line-length = 120 + +# Allow certain violations in certain files: +# Please keep both sections of this list sorted, as it will be easier for others to find and add entries in the future +per-file-ignores = + # The following ignores have been researched and should be considered permanent + # each should be preceeded with an explanation of each of the error codes + # If other ignores are added for a specific file in the section following this, + # these will need to be added to that line as well. + + + # S101: Allow the use of assert within the tests directory, since tests require it. + tests/**.py: S101 + + # The following were present during the initial implementation. + # They are expected to be fixed and unignored over time. + +# Count the number of occurrences of each error/warning code and print a report: +statistics = true diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..e69de29b diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5b32d4c1 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily + labels: + - "skip-changelog" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 00000000..e3e5966e --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,3 @@ +--- +# see https://github.com/ansible-community/devtools +_extends: ansible-community/devtools diff --git a/.github/workflows/check_label.yml b/.github/workflows/check_label.yml new file mode 100644 index 00000000..b120bfa3 --- /dev/null +++ b/.github/workflows/check_label.yml @@ -0,0 +1,11 @@ +--- +name: "Check label" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +on: # yamllint disable-line rule:truthy + pull_request_target: + types: [opened, labeled, unlabeled, synchronize] +jobs: + check_label: + uses: ansible/ansible-content-actions/.github/workflows/check_label.yaml@main diff --git a/.github/workflows/codecoverage.yml b/.github/workflows/codecoverage.yml new file mode 100644 index 00000000..7e3ebb5d --- /dev/null +++ b/.github/workflows/codecoverage.yml @@ -0,0 +1,14 @@ +--- +name: "Code coverage" + +on: # yamllint disable-line rule:truthy + pull_request: + branches: [ main ] + +jobs: + codecoverage: + uses: ansible-network/github_actions/.github/workflows/coverage_network_devices.yml@main + with: + collection_pre_install: >- + git+https://github.com/ansible-collections/ansible.utils.git + git+https://github.com/ansible-collections/ansible.netcommon.git diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml new file mode 100644 index 00000000..1170bdbe --- /dev/null +++ b/.github/workflows/draft_release.yml @@ -0,0 +1,18 @@ +--- +name: "Draft release" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +on: # yamllint disable-line rule:truthy + workflow_dispatch: +env: + NAMESPACE: ${{ github.repository_owner }} + COLLECTION_NAME: asa + ANSIBLE_COLLECTIONS_PATHS: ./ +jobs: + update_release_draft: + uses: ansible/ansible-content-actions/.github/workflows/draft_release.yaml@main + with: + repo: ${{ github.event.pull_request.head.repo.full_name }} + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..6dbb1aa3 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,14 @@ +--- +name: "Release collection" +on: # yamllint disable-line rule:truthy + release: + types: [published] + +jobs: + release: + uses: ansible/ansible-content-actions/.github/workflows/release.yaml@main + with: + environment: release + secrets: + ah_token: ${{ secrets.AH_TOKEN }} + ansible_galaxy_api_key: ${{ secrets.ANSIBLE_GALAXY_API_KEY }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 8d6d4ed6..00000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,45 +0,0 @@ ---- -name: Test collection - -concurrency: - group: ${{ github.head_ref }} - cancel-in-progress: true - -on: # yamllint disable-line rule:truthy - pull_request: - branches: [main] - workflow_dispatch: - -jobs: - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main - changelog: - uses: ansible-network/github_actions/.github/workflows/changelog.yml@main - sanity: - uses: ansible-network/github_actions/.github/workflows/sanity.yml@main - unit-galaxy: - uses: ansible-network/github_actions/.github/workflows/unit_galaxy.yml@main - unit-source: - uses: ansible-network/github_actions/.github/workflows/unit_source.yml@main - with: - collection_pre_install: >- - git+https://github.com/ansible-collections/ansible.utils.git - git+https://github.com/ansible-collections/ansible.netcommon.git - all_green: - if: ${{ always() }} - needs: - - ansible-lint - - changelog - - sanity - - unit-galaxy - - unit-source - runs-on: ubuntu-latest - steps: - - run: >- - python -c "assert set([ - '${{ needs.ansible-lint.result }}', - '${{ needs.changelog.result }}', - '${{ needs.sanity.result }}', - '${{ needs.unit-galaxy.result }}', - '${{ needs.unit-source.result }}' - ]) == {'success'}" diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml new file mode 100644 index 00000000..5e8d914d --- /dev/null +++ b/.github/workflows/tests.yml @@ -0,0 +1,52 @@ +--- +name: "CI" + +concurrency: + group: ${{ github.head_ref || github.run_id }} + cancel-in-progress: true + +on: # yamllint disable-line rule:truthy + pull_request: + branches: [main] + workflow_dispatch: + schedule: + - cron: '0 0 * * *' + +jobs: + changelog: + uses: ansible/ansible-content-actions/.github/workflows/changelog.yaml@main + if: github.event_name == 'pull_request' + build-import: + uses: ansible/ansible-content-actions/.github/workflows/build_import.yaml@main + ansible-lint: + uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main + sanity: + uses: ansible/ansible-content-actions/.github/workflows/sanity.yaml@main + unit-galaxy: + uses: ansible/ansible-content-actions/.github/workflows/unit.yaml@main + unit-source: + uses: ansible-network/github_actions/.github/workflows/unit_source.yml@main + with: + collection_pre_install: >- + git+https://github.com/ansible-collections/ansible.utils.git + git+https://github.com/ansible-collections/ansible.netcommon.git + all_green: + if: ${{ always() }} + needs: + - changelog + - build-import + - sanity + - unit-galaxy + - unit-source + - ansible-lint + runs-on: ubuntu-latest + steps: + - run: >- + python -c "assert 'failure' not in + set([ + '${{ needs.changelog.result }}', + '${{ needs.sanity.result }}', + '${{ needs.unit-galaxy.result }}' + '${{ needs.ansible-lint.result }}' + '${{ needs.unit-source.result }}' + ])" diff --git a/.gitignore b/.gitignore index 894a44cc..45d94ba4 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,10 @@ venv.bak/ # mypy .mypy_cache/ + +# ide +*.code-workspace +.vscode/ +.DS_Store + +changelogs/.plugin-cache.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index db0bd29d..357a60aa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,11 +3,11 @@ repos: - repo: https://github.com/ansible-network/collection_prep rev: 1.1.1 hooks: - - id: autoversion + # - id: autoversion # removed as being handled by GHA push and release drafter - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -18,25 +18,34 @@ repos: - id: trailing-whitespace - repo: https://github.com/asottile/add-trailing-comma - rev: v2.2.3 + rev: v3.1.0 hooks: - id: add-trailing-comma - - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v3.0.0-alpha.6" + - repo: https://github.com/pycontribs/mirrors-prettier + rev: "v3.4.2" hooks: - id: prettier + entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" + pass_filenames: false + args: [] additional_dependencies: - prettier - prettier-plugin-toml - repo: https://github.com/PyCQA/isort - rev: 5.12.0 + rev: 5.13.2 hooks: - id: isort name: Sort import statements using isort + args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 22.6.0 + rev: 24.10.0 hooks: - id: black + + - repo: https://github.com/pycqa/flake8 + rev: 7.1.1 + hooks: + - id: flake8 diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 949c7c0a..cdf79c13 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,24 +4,75 @@ Cisco Asa Collection Release Notes .. contents:: Topics +v6.0.0 +====== -v4.0.0 +Release Summary +--------------- + +With this release, the minimum required version of `ansible-core` for this collection is `2.15.0`. The last version known to be compatible with `ansible-core` versions below `2.15` is v5.0.1. + +Major Changes +------------- + +- Bumping `requires_ansible` to `>=2.15.0`, since previous ansible-core versions are EoL now. + +v5.0.1 +====== + +Bugfixes +-------- + +- Prevents module_defaults from were being incorrectly applied to the platform action, instead of the concerned module. + +v5.0.0 ====== Release Summary --------------- -- Releasing 4.0.0 with deprecated older modules removed and GH actions enabled for sanity and unit test over the repo. -- This release drops support for `connection: local` and provider dictionary. +Starting from this release, the minimum `ansible-core` version this collection requires is `2.14.0`. The last known version compatible with ansible-core<2.14 is `v4.0.3`. + +Major Changes +------------- + +- Bumping `requires_ansible` to `>=2.14.0`, since previous ansible-core versions are EoL now. + +v4.0.3 +====== + +Release Summary +--------------- + +Release with updated workflow and lint fixes. + +v4.0.2 +====== + +Documentation Changes +--------------------- + +- Replace all references to non-example address ranges in module documentation and tests. + +v4.0.1 +====== + +Release Summary +--------------- + +Release with bugfix fixing the import path coming from utils and netcommon lib. + +v4.0.0 +====== Major Changes ------------- - Please use either of the following connection types - network_cli, httpapi or netconf. +- This includes the following modules: - This release drops support for `connection: local` and provider dictionary. -- Use of connection: local and the provider option are no longer valid on any modules in this collection. - This release removes all deprecated plugins that have reached their end-of-life. -- This includes the following modules: +- Use of connection: local and the provider option are no longer valid on any modules in this collection. - asa_acl - asa_og @@ -31,7 +82,7 @@ v3.1.0 Release Summary --------------- -- Releasing 3.1.0 with bugfix. +Releasing 3.1.0 with bugfix. Bugfixes -------- @@ -52,7 +103,7 @@ Major Changes Bugfixes -------- -- Fixes asa_ogs services object and port object issue +- Fixes asa_ogs services object and port object issue ((https://github.com/ansible-collections/cisco.asa/issues/152). v2.1.0 ====== @@ -60,7 +111,7 @@ v2.1.0 Release Summary --------------- -- Releasing 2.1.0 with updated readme with changelog link, minor change, and bugfix. +Releasing 2.1.0 with updated readme with changelog link, minor change, and bugfix. Minor Changes ------------- @@ -92,8 +143,8 @@ v2.0.2 Bugfixes -------- -- To fix asa_acls where ipv6 with host wasn't getting rendered as expected and facts was skipping (https://github.com/ansible-collections/cisco.asa/issues/105). -- To fix Cisco ASA network_object object config which wasn't working as expected. (https://github.com/ansible-collections/cisco.asa/issues/99). +- To fix Cisco ASA network_object object config which wasn't working as expected. +- To fix asa_acls where ipv6 with host wasn't getting rendered as expected and facts was skipping. v2.0.1 ====== @@ -101,8 +152,8 @@ v2.0.1 Minor Changes ------------- -- Remove tests/sanity/requirements.txt (https://github.com/ansible-collections/cisco.asa/pull/94). - Add ignore-2.12.txt (https://github.com/ansible-collections/cisco.asa/pull/102). +- Remove tests/sanity/requirements.txt (https://github.com/ansible-collections/cisco.asa/pull/94). Bugfixes -------- @@ -116,8 +167,8 @@ v2.0.0 Major Changes ------------- -- Requires ansible.netcommon v2.0.0+ to support `ansible_network_single_user_mode` and `ansible_network_import_modules`. - Please refer to ansible.netcommon `changelog ` for more details. +- Requires ansible.netcommon v2.0.0+ to support `ansible_network_single_user_mode` and `ansible_network_import_modules`. Minor Changes ------------- @@ -132,26 +183,16 @@ Bugfixes v1.0.4 ====== -Release Summary ---------------- - -- Releasing 1.0.4 with updated readme with changelog link, galaxy description, and bugfix. - Bugfixes -------- -- Update asa acls RM to use newer RM design approach and addeed support for any4/any6 feature (https://github.com/ansible-collections/cisco.asa/pull/64). - Add version key to galaxy.yaml to work around ansible-galaxy bug - To fix ASA OGs module where delete by name was not resulting to an expected behaviour (https://github.com/ansible-collections/cisco.asa/pull/77). +- Update asa acls RM to use newer RM design approach and addeed support for any4/any6 feature (https://github.com/ansible-collections/cisco.asa/pull/64). v1.0.3 ====== -Release Summary ---------------- - -- Releasing 1.0.3 with updated readme with changelog link, galaxy description, and bugfix. - Bugfixes -------- @@ -163,7 +204,7 @@ v1.0.2 Release Summary --------------- -- Re-releasing 1.0.1 with updated changelog. +Re-releasing 1.0.1 with updated changelog. v1.0.1 ====== @@ -193,10 +234,8 @@ Cliconf New Modules ----------- -- asa_acl - (deprecated, removed after 2022-06-01) Manage access-lists on a Cisco ASA - asa_acls - Access-Lists resource module - asa_command - Run arbitrary commands on Cisco ASA devices - asa_config - Manage configuration sections on Cisco ASA devices - asa_facts - Collect facts from remote devices running Cisco ASA -- asa_og - (deprecated, removed after 2022-06-01) Manage object groups on a Cisco ASA - asa_ogs - Object Group resource module diff --git a/README.md b/README.md index 81870ffe..6629b8b2 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,37 @@ # CISCO ASA Ansible Collection [![CI](https://zuul-ci.org/gated.svg)](https://dashboard.zuul.ansible.com/t/ansible/project/github.com/ansible-collections/cisco.asa) +[![CI](https://github.com/ansible-collections/cisco.asa/actions/workflows/tests.yml/badge.svg?branch=main&event=schedule)](https://github.com/ansible-collections/cisco.asa/actions/workflows/tests.yml) The Ansible Cisco ASA collection includes a variety of Ansible content to help automate the management of Cisco ASA firewall appliances. +## Support + +As a Red Hat Ansible [Certified Content](https://catalog.redhat.com/software/search?target_platforms=Red%20Hat%20Ansible%20Automation%20Platform), this collection is entitled to [support](https://access.redhat.com/support/) through [Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible) (AAP). + +If a support case cannot be opened with Red Hat and the collection has been obtained either from [Galaxy](https://galaxy.ansible.com/ui/) or [GitHub](https://github.com/ansible-collections/cisco.asa), there is community support available at no charge. + +You can join us on [#network:ansible.com](https://matrix.to/#/#network:ansible.com) room or the [Ansible Forum Network Working Group](https://forum.ansible.com/g/network-wg). + +For more information you can check the communication section below. + +## Communication + +* Join the Ansible forum: + * [Get Help](https://forum.ansible.com/c/help/6): get help or help others. + * [Posts tagged with 'security'](https://forum.ansible.com/tag/security): subscribe to participate in collection-related conversations. + * [Ansible Network Automation Working Group](https://forum.ansible.com/g/network-wg): by joining the team you will automatically get subscribed to the posts tagged with [your group forum tag here](https://forum.ansible.com/tags/security). + * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts. + * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events. + +* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes. + +For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html). + ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.9.10**. +This collection has been tested against following Ansible versions: **>=2.15.0**. For collections that support Ansible 2.9, please ensure you update your `network_os` to use the fully qualified collection name (for example, `cisco.ios.ios`). @@ -92,7 +116,7 @@ ansible_python_interpreter=python #### Using the modules with Fully Qualified Collection Name (FQCN) -You can either call modules by their Fully Qualified Collection Namespace (FQCN), like `cisco.asa.asa_acls`, or you can call modules by their short name if you list the `cisco.asa` collection in the playbook's `collections`, as follows: +You can either call modules by their Fully Qualified Collection Name (FQCN), like `cisco.asa.asa_acls`, or you can call modules by their short name if you list the `cisco.asa` collection in the playbook's `collections`, as follows: ```yaml --- diff --git a/bindep.txt b/bindep.txt index d2aad375..ba9c980f 100644 --- a/bindep.txt +++ b/bindep.txt @@ -4,9 +4,3 @@ gcc-c++ [doc test platform:rpm] python3-devel [test platform:rpm] python3 [test platform:rpm] - -# ansible-pylibssh -gcc [compile test platform:rpm] -libssh-devel [compile test platform:rpm] -python3-Cython [test platform:fedora-35] -python38-Cython [compile platform:centos-8 platform:rhel-8] diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index c4a6dfb4..f0a26ea4 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -2,11 +2,6 @@ ancestor: null releases: 1.0.0: modules: - - description: - (deprecated, removed after 2022-06-01) Manage access-lists on a - Cisco ASA - name: asa_acl - namespace: "" - description: Access-Lists resource module name: asa_acls namespace: "" @@ -19,11 +14,6 @@ releases: - description: Collect facts from remote devices running Cisco ASA name: asa_facts namespace: "" - - description: - (deprecated, removed after 2022-06-01) Manage object groups on - a Cisco ASA - name: asa_og - namespace: "" - description: Object Group resource module name: asa_ogs namespace: "" @@ -42,8 +32,8 @@ releases: - Removes Cisco ASA sanity ignores and sync for argspec and docstring (https://github.com/ansible-collections/cisco.asa/pull/59). - Updated docs. fragments: - - 48-add-change-log-1.0.0.yaml - 1.1.0_update_docs.yaml + - 48-add-change-log-1.0.0.yaml - fix_config_module_src_backup.yaml - remove_asa_ignore.yaml release_date: "2020-08-03" @@ -71,8 +61,8 @@ releases: any4/any6 feature (https://github.com/ansible-collections/cisco.asa/pull/64). fragments: - 56_acl_any4_ay6_feature_update_use_rm_approach.yaml - - galaxy-version.yaml - 76_asa_og_state_delete_not_working_as_expected.yaml + - galaxy-version.yaml release_date: "2020-11-26" 2.0.0: changes: @@ -135,13 +125,15 @@ releases: release_date: "2021-08-31" 2.1.0: changes: - release_summary: Releasing 2.1.0 with updated readme with changelog link, minor change, and bugfix. bugfixes: - Fixes asa_acls to add the support for service object group under destination option ((https://github.com/ansible-collections/cisco.asa/issues/100). minor_changes: - Fixes asa_ogs service object where complete params were not supported and added with the PR ((https://github.com/ansible-collections/cisco.asa/issues/100). + release_summary: + Releasing 2.1.0 with updated readme with changelog link, minor + change, and bugfix. fragments: - 0-copy_ignore_txt.yml - 100_fix_asa_ogs_services_object_param.yaml @@ -159,12 +151,12 @@ releases: release_date: "2022-05-05" 3.1.0: changes: - release_summary: Releasing 3.1.0 with bugfix. bugfixes: - Fix service-object port range rendering - Fixes asa_ogs port object range issue and duplicate service cmd (https://github.com/ansible-collections/cisco.asa/issues/165, https://github.com/ansible-collections/cisco.asa/issues/166). - Unit TC for svc src/dst port range + release_summary: Releasing 3.1.0 with bugfix. fragments: - fix_asa_ogs_bug_165_166.yaml release_date: "2022-06-28" @@ -173,11 +165,11 @@ releases: major_changes: - Please use either of the following connection types - network_cli, httpapi or netconf. + - "This includes the following modules:" - "This release drops support for `connection: local` and provider dictionary." + - This release removes all deprecated plugins that have reached their end-of-life. - "Use of connection: local and the provider option are no longer valid on any modules in this collection." - - This release removes all deprecated plugins that have reached their end-of-life. - - "This includes the following modules:" - asa_acl - asa_og fragments: @@ -185,3 +177,62 @@ releases: - remove_deprecated_modules.yaml - remove_provider.yaml release_date: "2022-10-13" + 4.0.1: + changes: + release_summary: + Release with bugfix fixing the import path coming from utils + and netcommon lib. + fragments: + - cleanup.yaml + - pre-commit.yaml + - rm_base.yaml + - rm_base_plus.yaml + release_date: "2023-06-13" + 4.0.2: + changes: + doc_changes: + - Replace all references to non-example address ranges in module documentation + and tests. + fragments: + - bindep_fix.yaml + - test-net-2.yaml + release_date: "2023-09-27" + 4.0.3: + changes: + release_summary: Release with updated workflow and lint fixes. + fragments: + - codecov_pr.yml + - lint_fixtures.yaml + release_date: "2023-10-31" + 5.0.0: + changes: + major_changes: + - Bumping `requires_ansible` to `>=2.14.0`, since previous ansible-core versions + are EoL now. + release_summary: + Starting from this release, the minimum `ansible-core` version + this collection requires is `2.14.0`. The last known version compatible with + fragments: + - lint_fixtures.yaml + release_date: "2023-11-30" + 5.0.1: + changes: + bugfixes: + - Prevents module_defaults from were being incorrectly applied to the platform + action, instead of the concerned module. + fragments: + - fix_module_defaults.yaml + release_date: "2024-01-31" + 6.0.0: + changes: + major_changes: + - Bumping `requires_ansible` to `>=2.15.0`, since previous ansible-core versions + are EoL now. + release_summary: + "With this release, the minimum required version of `ansible-core` + for this collection is `2.15.0`. The last version known to be compatible with + `ansible-core` versions below `2.15` is v5.0.1." + fragments: + - add_2.18.yaml + - bump_215.yaml + release_date: "2024-06-11" diff --git a/changelogs/fragments/0-readme.yml b/changelogs/fragments/0-readme.yml new file mode 100644 index 00000000..6ae0307d --- /dev/null +++ b/changelogs/fragments/0-readme.yml @@ -0,0 +1,3 @@ +--- +trivial: + - README.md - Add Communication section with Forum information. diff --git a/changelogs/fragments/239-ace-object-group-fix.yml b/changelogs/fragments/239-ace-object-group-fix.yml new file mode 100644 index 00000000..7cd8e2bb --- /dev/null +++ b/changelogs/fragments/239-ace-object-group-fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - cisco.asa.asa_acls - fixed ace parsing when source is object-group and its name contains dots diff --git a/changelogs/fragments/240-ace-protocol-object-group.yml b/changelogs/fragments/240-ace-protocol-object-group.yml new file mode 100644 index 00000000..cc13ebc7 --- /dev/null +++ b/changelogs/fragments/240-ace-protocol-object-group.yml @@ -0,0 +1,2 @@ +minor_changes: + - cisco.asa.asa_acls - add support for specifying object-group as protocol diff --git a/changelogs/fragments/adds_support.yaml b/changelogs/fragments/adds_support.yaml new file mode 100644 index 00000000..06f93f76 --- /dev/null +++ b/changelogs/fragments/adds_support.yaml @@ -0,0 +1,3 @@ +--- +doc_changes: + - Includes a new support related section in the README. diff --git a/changelogs/fragments/cleanup.yaml b/changelogs/fragments/cleanup.yaml deleted file mode 100644 index 477506e9..00000000 --- a/changelogs/fragments/cleanup.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Update pre-commit and run diff --git a/changelogs/fragments/ignore_219.yaml b/changelogs/fragments/ignore_219.yaml new file mode 100644 index 00000000..d051c421 --- /dev/null +++ b/changelogs/fragments/ignore_219.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Add ignore-2.19.txt. diff --git a/changelogs/fragments/rm_base.yaml b/changelogs/fragments/rm_base.yaml deleted file mode 100644 index eeca679b..00000000 --- a/changelogs/fragments/rm_base.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Move references for ResourceModule to the rm_base package as the non-rm_base path is going away. (https://github.com/ansible-collections/ansible.netcommon/pull/496) diff --git a/changelogs/fragments/rm_base_plus.yaml b/changelogs/fragments/rm_base_plus.yaml deleted file mode 100644 index 00838f41..00000000 --- a/changelogs/fragments/rm_base_plus.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Move remaining references for ResourceModule to the rm_base package as the non-rm_base path is going away. (https://github.com/ansible-collections/ansible.netcommon/pull/496) diff --git a/codecov.yml b/codecov.yml new file mode 100644 index 00000000..c77c91a9 --- /dev/null +++ b/codecov.yml @@ -0,0 +1,15 @@ +--- +codecov: + require_ci_to_pass: true +comment: + layout: " diff, flags, files" + behavior: default + require_changes: false + require_base: false + require_head: true +coverage: + status: + patch: false + project: + default: + threshold: 0.3% diff --git a/docs/cisco.asa.asa_acls_module.rst b/docs/cisco.asa.asa_acls_module.rst index 4ab131ec..8fb386c7 100644 --- a/docs/cisco.asa.asa_acls_module.rst +++ b/docs/cisco.asa.asa_acls_module.rst @@ -2416,85 +2416,85 @@ Examples - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 192.0.3.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp - - grant: deny - line: 3 - protocol_options: - tcp: true - source: - interface: management - destination: - interface: management - port_protocol: - eq: www - log: warnings - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - object_group: test_og_network - destination: - object_group: test_network_og - port_protocol: - eq: www - log: default + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp + - grant: deny + line: 3 + protocol_options: + tcp: true + source: + interface: management + destination: + interface: management + port_protocol: + eq: www + log: warnings + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default - name: global_access acl_type: extended aces: - - line: 3 - remark: test global access - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - any: true - destination: - any: true - port_protocol: - eq: www - log: errors + - line: 3 + remark: test global access + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors - name: R1_traffic aces: - - line: 1 - remark: test_v6_acls - - grant: deny - line: 2 - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - line: 1 + remark: test_v6_acls + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: merged # Commands fired: @@ -2503,7 +2503,7 @@ Examples # access-list global_access line 4 extended deny tcp any any eq www log errors interval 300 # access-list R1_traffic line 1 remark test_v6_acls # access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - # access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive # access-list temp_access line 2 extended deny tcp interface management interface management @@ -2527,7 +2527,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2537,9 +2537,9 @@ Examples # interval 300 (hitcnt=0) 0x78aa233d # access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og # eq www log default (hitcnt=0) 0x477aec1e - # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.1 eq www + # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.1 eq www # log default (hitcnt=0) 0xdc7edff8 - # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.2 eq www + # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.2 eq www # log default (hitcnt=0) 0x7b0e9fde # access-list test_access line 2 extended deny tcp 198.51.100.0 255.255.255.0 2001:db8:3::/64 eq www # log default (hitcnt=0) 0x97c75adc @@ -2604,7 +2604,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2617,20 +2617,20 @@ Examples - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: replaced # Commands fired: @@ -2656,7 +2656,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2681,7 +2681,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2695,20 +2695,20 @@ Examples - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: overridden # Commands fired: @@ -2716,7 +2716,7 @@ Examples # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 time-range temp # no access-list temp_access line 1 - # extended grant deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # extended grant deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list R1_traffic line 2 # extended grant deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive # no access-list R1_traffic line 1 @@ -2752,7 +2752,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2770,7 +2770,7 @@ Examples # --------------- # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive - # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default # no access-list global_access line 3 extended deny tcp any any eq www log errors interval 300 # no access-list global_access line 2 extended deny tcp any any eq telnet @@ -2789,7 +2789,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # Using Deleted without any config passed - #"(NOTE: This will delete all of configured resource module attributes)" + # "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -2808,7 +2808,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2826,7 +2826,7 @@ Examples # no access-list R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq telnet 2001:fc8:0:4::/64 eq www # log errors interval 300 # no access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive @@ -2853,7 +2853,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2958,7 +2958,7 @@ Examples # "aces": [ # { # "destination": { - # "address": "192.0.3.0", + # "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" @@ -3011,44 +3011,44 @@ Examples - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 192.0.3.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp - name: R1_traffic aces: - - grant: deny - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - grant: deny + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: rendered # Module Execution Result: @@ -3056,7 +3056,7 @@ Examples # # "rendered": [ # "access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 # eq www log default" # "access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -3070,7 +3070,7 @@ Examples # parsed.cfg # # access-list test_access; 2 elements; name hash: 0xaf1b712e - # access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors # access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 # access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive @@ -3090,7 +3090,7 @@ Examples # "aces": [ # { # "destination": { - # "address": "192.0.3.0", + # "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" diff --git a/docs/cisco.asa.asa_command_module.rst b/docs/cisco.asa.asa_command_module.rst index 41642641..b8a92091 100644 --- a/docs/cisco.asa.asa_command_module.rst +++ b/docs/cisco.asa.asa_command_module.rst @@ -173,20 +173,20 @@ Examples - name: Show the ASA version cisco.asa.asa_command: commands: - - show version + - show version - name: Show ASA drops and memory cisco.asa.asa_command: commands: - - show asp drop - - show memory + - show asp drop + - show memory - name: Send repeat pings and wait for the result to pass 100% cisco.asa.asa_command: commands: - - ping 8.8.8.8 repeat 20 size 350 + - ping 8.8.8.8 repeat 20 size 350 wait_for: - - result[0] contains 100 + - result[0] contains 100 retries: 2 diff --git a/docs/cisco.asa.asa_config_module.rst b/docs/cisco.asa.asa_config_module.rst index 3933190d..61a2551a 100644 --- a/docs/cisco.asa.asa_config_module.rst +++ b/docs/cisco.asa.asa_config_module.rst @@ -80,7 +80,7 @@ Parameters -
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to yes, if backup is set to no this option will be silently ignored.
+
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to true, if backup is set to no this option will be silently ignored.
@@ -348,19 +348,18 @@ Examples - cisco.asa.asa_config: lines: - - network-object host 10.80.30.18 - - network-object host 10.80.30.19 - - network-object host 10.80.30.20 + - network-object host 10.80.30.18 + - network-object host 10.80.30.19 + - network-object host 10.80.30.20 parents: [object-group network OG-MONITORED-SERVERS] - cisco.asa.asa_config: host: '{{ inventory_hostname }}' lines: - - message-length maximum client auto - - message-length maximum 512 + - message-length maximum client auto + - message-length maximum 512 match: line parents: [policy-map type inspect dns PM-DNS, parameters] - authorize: yes auth_pass: cisco username: admin password: cisco @@ -368,42 +367,42 @@ Examples - cisco.asa.asa_config: lines: - - ikev1 pre-shared-key MyS3cretVPNK3y + - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes - passwords: yes + passwords: true - name: attach ASA acl on interface vlan13/nameif cloud13 cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 + - access-group cloud-acl_access_in in interface cloud13 - name: configure ASA (>=9.2) default BGP cisco.asa.asa_config: lines: - - bgp log-neighbor-changes - - bgp bestpath compare-routerid + - bgp log-neighbor-changes + - bgp bestpath compare-routerid parents: - - router bgp 65002 + - router bgp 65002 register: bgp when: bgp_default_config is defined - name: configure ASA (>=9.2) BGP neighbor in default/single context mode cisco.asa.asa_config: lines: - - bgp router-id {{ bgp_router_id }} - - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} - - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} + - bgp router-id {{ bgp_router_id }} + - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} + - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} parents: - - router bgp 65002 - - address-family ipv4 unicast + - router bgp 65002 + - address-family ipv4 unicast register: bgp when: bgp_neighbor_as is defined - name: configure ASA interface with standby cisco.asa.asa_config: lines: - - description my cloud interface - - nameif cloud13 - - security-level 50 - - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 + - description my cloud interface + - nameif cloud13 + - security-level 50 + - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 parents: [interface Vlan13] register: interface - name: Show changes to interface from task above @@ -413,8 +412,8 @@ Examples - name: configurable backup path cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 - backup: yes + - access-group cloud-acl_access_in in interface cloud13 + backup: true backup_options: filename: backup.cfg dir_path: /home/user @@ -446,7 +445,7 @@ Common return values are documented `here string - when backup is yes + when backup is true
The full path to the backup file

diff --git a/docs/cisco.asa.asa_facts_module.rst b/docs/cisco.asa.asa_facts_module.rst index 345c2e22..e6750767 100644 --- a/docs/cisco.asa.asa_facts_module.rst +++ b/docs/cisco.asa.asa_facts_module.rst @@ -129,12 +129,12 @@ Examples - name: Gather only the config and default facts cisco.asa.asa_facts: gather_subset: - - config + - config - name: Do not gather hardware facts cisco.asa.asa_facts: gather_subset: - - '!hardware' + - '!hardware' - name: Gather legacy and resource facts cisco.asa.asa_facts: diff --git a/docs/cisco.asa.asa_ogs_module.rst b/docs/cisco.asa.asa_ogs_module.rst index 1a5d3083..1d07f3ec 100644 --- a/docs/cisco.asa.asa_ogs_module.rst +++ b/docs/cisco.asa.asa_ogs_module.rst @@ -1158,75 +1158,75 @@ Examples # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_network_og - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: config: - - object_type: network - object_groups: - - name: group_network_obj - group_object: - - test_og_network - - name: test_og_network - description: test_og_network - network_object: - host: - - 192.0.2.1 - - 192.0.2.2 - address: - - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 - - name: test_network_og - description: test_network_og - network_object: - host: - - 192.0.3.1 - - 192.0.3.2 - ipv6_address: - - 2001:db8:3::/64 - - object_type: security - object_groups: - - name: test_og_security - description: test_security - security_group: - sec_name: - - test_1 - - test_2 - tag: - - 10 - - 20 - - object_type: service - object_groups: - - name: O-Worker - services_object: - - protocol: tcp - destination_port: - range: + - object_type: network + object_groups: + - name: group_network_obj + group_object: + - test_og_network + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 198.51.100.1 + - 198.51.100.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: service + object_groups: + - name: O-Worker + services_object: + - protocol: tcp + destination_port: + range: + start: 100 + end: 200 + - protocol: tcp-udp + source_port: + eq: 1234 + destination_port: + gt: nfs + - name: O-UNIX-TCP + protocol: tcp + port_object: + - eq: https + - range: start: 100 - end: 200 - - protocol: tcp-udp - source_port: - eq: 1234 - destination_port: - gt: nfs - - name: O-UNIX-TCP - protocol: tcp - port_object: - - eq: https - - range: - start: 100 - end: 400 - - object_type: user - object_groups: - - name: test_og_user - description: test_user - user_object: - user: - - name: new_user_1 - domain: LOCAL - - name: new_user_2 - domain: LOCAL + end: 400 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL state: merged # Commands fired: @@ -1247,8 +1247,8 @@ Examples # network-object host 192.0.2.1 # network-object host 192.0.2.2 # object-group network test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:3::/64 # object-group service O-Worker # service-object tcp destination range 100 200 @@ -1273,11 +1273,11 @@ Examples # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1310,8 +1310,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1338,9 +1338,9 @@ Examples description: test_og_network_replace network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol @@ -1362,10 +1362,10 @@ Examples # description test_og_network_replace # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 - # network-object 192.0.3.0 255.255.255.0 + # network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 # After state: # ------------- @@ -1373,12 +1373,12 @@ Examples # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_replace - # network-object host 192.0.3.1 - # network-object 192.0.3.0 255.255.255.0 + # network-object host 198.51.100.1 + # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1413,8 +1413,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1441,9 +1441,9 @@ Examples description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - name: ANSIBLE_TEST network_object: object: @@ -1474,10 +1474,10 @@ Examples # description test_og_network_override # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 - # network-object 192.0.3.0 255.255.255.0 + # network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 # no object-group network test_network_og # object-group network ANSIBLE_TEST # network-object object TEST1 @@ -1489,8 +1489,8 @@ Examples # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_override - # network-object host 192.0.3.1 - # network-object 192.0.3.0 255.255.255.0 + # network-object host 198.51.100.1 + # network-object 198.51.100.0 255.255.255.0 # object-group network ANSIBLE_TEST # network-object object TEST1 # network-object object TEST2 @@ -1512,8 +1512,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1566,7 +1566,7 @@ Examples # service-object tcp source eq 1234 destination gt nfs # Using DELETED without any config passed - #"(NOTE: This will delete all of configured resource module attributes)" + # "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -1580,8 +1580,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1625,8 +1625,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1673,8 +1673,8 @@ Examples # "name": "test_network_og", # "network_object": { # "host": [ - # "192.0.3.1", - # "192.0.3.2" + # "198.51.100.1", + # "198.51.100.2" # ], # "ipv6_address": [ # "2001:db8:3::/64" @@ -1733,8 +1733,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1766,8 +1766,8 @@ Examples description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -1811,8 +1811,8 @@ Examples # "network-object host 192.0.2.2", # "object-group network test_network_og", # "description test_network_og", - # "network-object host 192.0.3.1", - # "network-object host 192.0.3.2", + # "network-object host 198.51.100.1", + # "network-object host 198.51.100.2", # "network-object 2001:db8:3::/64", # "object-group user test_og_user", # "description test_user", diff --git a/galaxy.yml b/galaxy.yml index 6a0a6e26..6b978e87 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -2,7 +2,7 @@ authors: - Ansible Security Community (ansible-security) dependencies: - "ansible.netcommon": ">=2.5.1" + "ansible.netcommon": ">=6.0.0" license_file: LICENSE name: asa namespace: cisco @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 4.0.1-dev +version: 6.0.0 diff --git a/meta/runtime.yml b/meta/runtime.yml index 35f1e5f9..ff7a7589 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,27 +1,6 @@ --- -requires_ansible: ">=2.9.10" +requires_ansible: ">=2.15.0" plugin_routing: - action: - asa_acls: - redirect: cisco.asa.asa - acls: - redirect: cisco.asa.asa - asa_command: - redirect: cisco.asa.asa - command: - redirect: cisco.asa.asa - asa_config: - redirect: cisco.asa.asa - config: - redirect: cisco.asa.asa - asa_facts: - redirect: cisco.asa.asa - facts: - redirect: cisco.asa.asa - asa_ogs: - redirect: cisco.asa.asa - ogs: - redirect: cisco.asa.asa modules: acls: redirect: cisco.asa.asa_acls diff --git a/plugins/action/acls.py b/plugins/action/acls.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/acls.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/command.py b/plugins/action/command.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/command.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/config.py b/plugins/action/config.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/config.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/facts.py b/plugins/action/facts.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/facts.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/ogs.py b/plugins/action/ogs.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/ogs.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/doc_fragments/asa.py b/plugins/doc_fragments/asa.py index 25b2043f..b084d517 100644 --- a/plugins/doc_fragments/asa.py +++ b/plugins/doc_fragments/asa.py @@ -10,7 +10,6 @@ class ModuleDocFragment(object): - # Standard files documentation fragment DOCUMENTATION = r"""options: context: diff --git a/plugins/module_utils/network/asa/facts/acls/acls.py b/plugins/module_utils/network/asa/facts/acls/acls.py index c1af428d..d3b24a2c 100644 --- a/plugins/module_utils/network/asa/facts/acls/acls.py +++ b/plugins/module_utils/network/asa/facts/acls/acls.py @@ -36,7 +36,6 @@ class AclsFacts(object): """The asa_acls fact class""" def __init__(self, module, subspec="config", options="options"): - self._module = module self.argument_spec = AclsArgs.argument_spec spec = deepcopy(self.argument_spec) @@ -91,6 +90,7 @@ def populate_facts(self, connection, ansible_facts, data=None): each.get("protocol") and each.get("protocol") != "icmp" and each.get("protocol") != "icmp6" + and "object-group" not in each.get("protocol") ): each["protocol_options"] = {each.get("protocol"): True} acls.append(val) diff --git a/plugins/module_utils/network/asa/facts/legacy/base.py b/plugins/module_utils/network/asa/facts/legacy/base.py index 1c1ec7b1..d256229b 100644 --- a/plugins/module_utils/network/asa/facts/legacy/base.py +++ b/plugins/module_utils/network/asa/facts/legacy/base.py @@ -26,7 +26,6 @@ class FactsBase(object): - COMMANDS = list() def __init__(self, module): @@ -47,7 +46,6 @@ def run(self, cmd): class Default(FactsBase): - COMMANDS = ["show version"] def populate(self): @@ -109,7 +107,6 @@ def platform_facts(self): class Hardware(FactsBase): - COMMANDS = ["dir", "show memory"] def populate(self): @@ -173,7 +170,6 @@ def parse_filesystems_info(self, data): class Config(FactsBase): - COMMANDS = ["show running-config"] def populate(self): diff --git a/plugins/module_utils/network/asa/facts/ogs/ogs.py b/plugins/module_utils/network/asa/facts/ogs/ogs.py index caa094c8..41821d4c 100644 --- a/plugins/module_utils/network/asa/facts/ogs/ogs.py +++ b/plugins/module_utils/network/asa/facts/ogs/ogs.py @@ -31,7 +31,6 @@ class OGsFacts(object): """The asa_ogs fact class""" def __init__(self, module, subspec="config", options="options"): - self._module = module self.argument_spec = OGsArgs.argument_spec diff --git a/plugins/module_utils/network/asa/providers/module.py b/plugins/module_utils/network/asa/providers/module.py index d188ed7c..ca76966f 100644 --- a/plugins/module_utils/network/asa/providers/module.py +++ b/plugins/module_utils/network/asa/providers/module.py @@ -15,7 +15,6 @@ class NetworkModule(AnsibleModule): - fail_on_missing_provider = True def __init__(self, connection=None, *args, **kwargs): diff --git a/plugins/module_utils/network/asa/providers/providers.py b/plugins/module_utils/network/asa/providers/providers.py index 97584d1f..ad956ea6 100644 --- a/plugins/module_utils/network/asa/providers/providers.py +++ b/plugins/module_utils/network/asa/providers/providers.py @@ -53,7 +53,6 @@ def get(network_os, module_name, connection_type): class ProviderBase(object): - supported_connections = () def __init__(self, params, connection=None, check_mode=False): @@ -82,7 +81,6 @@ def edit_config(self): class CliProvider(ProviderBase): - supported_connections = ("network_cli",) @property diff --git a/plugins/module_utils/network/asa/rm_templates/acls.py b/plugins/module_utils/network/asa/rm_templates/acls.py index b9715102..bc702b4e 100644 --- a/plugins/module_utils/network/asa/rm_templates/acls.py +++ b/plugins/module_utils/network/asa/rm_templates/acls.py @@ -153,7 +153,7 @@ def __init__(self, lines=None): \s*(?Pdeny|permit)* \s*(?P(dsap\s\S+)|bpdu|eii-ipx|ipx|mpls-unicast|mpls-multicast|isis|any\s)* \s*(?P(host\s\S+)|any4|(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s(?:[0-9]{1,3}\.){3}[0-9]{1,3})* - \s*(?Pah|eigrp|esp|gre|icmp|icmp6|igmp|igrp|ip|ipinip|ipsec|nos|ospf|pcp|pim|pptp|sctp|snp|tcp|udp)* + \s*(?Pah|eigrp|esp|gre|icmp|icmp6|igmp|igrp|ip|ipinip|ipsec|nos|ospf|pcp|pim|pptp|sctp|snp|tcp|udp|object-group\s\S+)* \s*(?P\d+\s)* \s*(?Pany4|any6|any|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})|(([a-f0-9:]+:+)+[a-f0-9]+\S+|host\s(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})|(([a-f0-9:]+:+)+[a-f0-9]+)\S+)|interface\s\S+|object-group\s\S+))* \s*(?P(eq|gts|lt|neq)\s(\S+|\d+)|range\s\S+\s\S+)* @@ -186,7 +186,7 @@ def __init__(self, lines=None): not in source and 'object-group' not in source %}{{ source.split(' ')[0] }}{% elif source is defined and\ '::' in source and 'host' not in source %}{{ source }}{% endif %}", "netmask": "{{ source.split(' ')[1] if source\ - is defined and '.' in source and 'host' not in source else None and 'object-group' not in source }}", + is defined and '.' in source and 'host' not in source and 'object-group' not in source else None }}", "any4": "{{ True if source is defined and source == 'any4' else None }}", "any6": "{{ True if source is defined and source == 'any6' else None }}", "any": "{{ True if source is defined and source == 'any' else None }}", diff --git a/plugins/module_utils/network/asa/rm_templates/ogs.py b/plugins/module_utils/network/asa/rm_templates/ogs.py index 26a03247..d79d3dd1 100644 --- a/plugins/module_utils/network/asa/rm_templates/ogs.py +++ b/plugins/module_utils/network/asa/rm_templates/ogs.py @@ -93,7 +93,7 @@ def _tmplt_services_object(config_data): if config_data["services_object"].get("source_port"): if config_data["services_object"]["source_port"].get("range"): cmd += " source range {start} {end}".format( - **config_data["services_object"]["source_port"]["range"] + **config_data["services_object"]["source_port"]["range"], ) else: key = list(config_data["services_object"]["source_port"])[0] @@ -104,7 +104,7 @@ def _tmplt_services_object(config_data): if config_data["services_object"].get("destination_port"): if config_data["services_object"]["destination_port"].get("range"): cmd += " destination range {start} {end}".format( - **config_data["services_object"]["destination_port"]["range"] + **config_data["services_object"]["destination_port"]["range"], ) else: key = list(config_data["services_object"]["destination_port"])[0] diff --git a/plugins/module_utils/network/asa/utils/utils.py b/plugins/module_utils/network/asa/utils/utils.py index c5399db0..89fcd4ef 100644 --- a/plugins/module_utils/network/asa/utils/utils.py +++ b/plugins/module_utils/network/asa/utils/utils.py @@ -70,7 +70,7 @@ def new_dict_to_set(input_dict, temp_list, test_set, count=0): temp_list.append(k) for each in v: if isinstance(each, dict): - if [True for i in each.values() if type(i) == list]: + if [True for i in each.values() if isinstance(i, list)]: new_dict_to_set(each, temp_list, test_set, count) else: new_dict_to_set(each, temp_list, test_set, 0) diff --git a/plugins/modules/asa_acls.py b/plugins/modules/asa_acls.py index e5330fae..38fc89d1 100644 --- a/plugins/modules/asa_acls.py +++ b/plugins/modules/asa_acls.py @@ -460,85 +460,85 @@ - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 192.0.3.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp - - grant: deny - line: 3 - protocol_options: - tcp: true - source: - interface: management - destination: - interface: management - port_protocol: - eq: www - log: warnings - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - object_group: test_og_network - destination: - object_group: test_network_og - port_protocol: - eq: www - log: default + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp + - grant: deny + line: 3 + protocol_options: + tcp: true + source: + interface: management + destination: + interface: management + port_protocol: + eq: www + log: warnings + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default - name: global_access acl_type: extended aces: - - line: 3 - remark: test global access - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - any: true - destination: - any: true - port_protocol: - eq: www - log: errors + - line: 3 + remark: test global access + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors - name: R1_traffic aces: - - line: 1 - remark: test_v6_acls - - grant: deny - line: 2 - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - line: 1 + remark: test_v6_acls + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: merged # Commands fired: @@ -547,7 +547,7 @@ # access-list global_access line 4 extended deny tcp any any eq www log errors interval 300 # access-list R1_traffic line 1 remark test_v6_acls # access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive -# access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive # access-list temp_access line 2 extended deny tcp interface management interface management @@ -571,7 +571,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -581,9 +581,9 @@ # interval 300 (hitcnt=0) 0x78aa233d # access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og # eq www log default (hitcnt=0) 0x477aec1e -# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.1 eq www +# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.1 eq www # log default (hitcnt=0) 0xdc7edff8 -# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.2 eq www +# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.2 eq www # log default (hitcnt=0) 0x7b0e9fde # access-list test_access line 2 extended deny tcp 198.51.100.0 255.255.255.0 2001:db8:3::/64 eq www # log default (hitcnt=0) 0x97c75adc @@ -648,7 +648,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -661,20 +661,20 @@ - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: replaced # Commands fired: @@ -700,7 +700,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -725,7 +725,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -739,20 +739,20 @@ - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: overridden # Commands fired: @@ -760,7 +760,7 @@ # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 time-range temp # no access-list temp_access line 1 -# extended grant deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# extended grant deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list R1_traffic line 2 # extended grant deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive # no access-list R1_traffic line 1 @@ -796,7 +796,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -814,7 +814,7 @@ # --------------- # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive -# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default # no access-list global_access line 3 extended deny tcp any any eq www log errors interval 300 # no access-list global_access line 2 extended deny tcp any any eq telnet @@ -833,7 +833,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # Using Deleted without any config passed -#"(NOTE: This will delete all of configured resource module attributes)" +# "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -852,7 +852,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -870,7 +870,7 @@ # no access-list R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq telnet 2001:fc8:0:4::/64 eq www # log errors interval 300 # no access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive -# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive @@ -897,7 +897,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -1002,7 +1002,7 @@ # "aces": [ # { # "destination": { -# "address": "192.0.3.0", +# "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" @@ -1055,44 +1055,44 @@ - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 192.0.3.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp - name: R1_traffic aces: - - grant: deny - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - grant: deny + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: rendered # Module Execution Result: @@ -1100,7 +1100,7 @@ # # "rendered": [ # "access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 # eq www log default" # "access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -1114,7 +1114,7 @@ # parsed.cfg # # access-list test_access; 2 elements; name hash: 0xaf1b712e -# access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors # access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 # access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive @@ -1134,7 +1134,7 @@ # "aces": [ # { # "destination": { -# "address": "192.0.3.0", +# "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" @@ -1203,7 +1203,6 @@ # ] # } # ] - """ RETURN = """ diff --git a/plugins/modules/asa_command.py b/plugins/modules/asa_command.py index 51a6c74b..4191a9d3 100644 --- a/plugins/modules/asa_command.py +++ b/plugins/modules/asa_command.py @@ -78,20 +78,20 @@ - name: Show the ASA version cisco.asa.asa_command: commands: - - show version + - show version - name: Show ASA drops and memory cisco.asa.asa_command: commands: - - show asp drop - - show memory + - show asp drop + - show memory - name: Send repeat pings and wait for the result to pass 100% cisco.asa.asa_command: commands: - - ping 8.8.8.8 repeat 20 size 350 + - ping 8.8.8.8 repeat 20 size 350 wait_for: - - result[0] contains 100 + - result[0] contains 100 retries: 2 """ diff --git a/plugins/modules/asa_config.py b/plugins/modules/asa_config.py index 76a8ca26..0430a0fd 100644 --- a/plugins/modules/asa_config.py +++ b/plugins/modules/asa_config.py @@ -95,7 +95,7 @@ value is not given, the backup file is written to the C(backup) folder in the playbook root directory. If the directory does not exist, it is created. type: bool - default: no + default: false config: description: - The C(config) argument allows the playbook designer to supply the base configuration @@ -125,7 +125,7 @@ backup_options: description: - This is a dict object containing configurable options related to backup file - path. The value of this option is read only when C(backup) is set to I(yes), + path. The value of this option is read only when C(backup) is set to I(true), if C(backup) is set to I(no) this option will be silently ignored. suboptions: filename: @@ -170,19 +170,18 @@ EXAMPLES = """ - cisco.asa.asa_config: lines: - - network-object host 10.80.30.18 - - network-object host 10.80.30.19 - - network-object host 10.80.30.20 + - network-object host 10.80.30.18 + - network-object host 10.80.30.19 + - network-object host 10.80.30.20 parents: [object-group network OG-MONITORED-SERVERS] - cisco.asa.asa_config: host: '{{ inventory_hostname }}' lines: - - message-length maximum client auto - - message-length maximum 512 + - message-length maximum client auto + - message-length maximum 512 match: line parents: [policy-map type inspect dns PM-DNS, parameters] - authorize: yes auth_pass: cisco username: admin password: cisco @@ -190,42 +189,42 @@ - cisco.asa.asa_config: lines: - - ikev1 pre-shared-key MyS3cretVPNK3y + - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes - passwords: yes + passwords: true - name: attach ASA acl on interface vlan13/nameif cloud13 cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 + - access-group cloud-acl_access_in in interface cloud13 - name: configure ASA (>=9.2) default BGP cisco.asa.asa_config: lines: - - bgp log-neighbor-changes - - bgp bestpath compare-routerid + - bgp log-neighbor-changes + - bgp bestpath compare-routerid parents: - - router bgp 65002 + - router bgp 65002 register: bgp when: bgp_default_config is defined - name: configure ASA (>=9.2) BGP neighbor in default/single context mode cisco.asa.asa_config: lines: - - bgp router-id {{ bgp_router_id }} - - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} - - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} + - bgp router-id {{ bgp_router_id }} + - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} + - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} parents: - - router bgp 65002 - - address-family ipv4 unicast + - router bgp 65002 + - address-family ipv4 unicast register: bgp when: bgp_neighbor_as is defined - name: configure ASA interface with standby cisco.asa.asa_config: lines: - - description my cloud interface - - nameif cloud13 - - security-level 50 - - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 + - description my cloud interface + - nameif cloud13 + - security-level 50 + - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 parents: [interface Vlan13] register: interface - name: Show changes to interface from task above @@ -235,8 +234,8 @@ - name: configurable backup path cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 - backup: yes + - access-group cloud-acl_access_in in interface cloud13 + backup: true backup_options: filename: backup.cfg dir_path: /home/user @@ -254,7 +253,7 @@ sample: ['...', '...'] backup_path: description: The full path to the backup file - returned: when backup is yes + returned: when backup is true type: str sample: /playbooks/ansible/backup/asa_config.2016-07-16@22:28:34 """ diff --git a/plugins/modules/asa_facts.py b/plugins/modules/asa_facts.py index cec957e9..a0585260 100644 --- a/plugins/modules/asa_facts.py +++ b/plugins/modules/asa_facts.py @@ -70,12 +70,12 @@ - name: Gather only the config and default facts cisco.asa.asa_facts: gather_subset: - - config + - config - name: Do not gather hardware facts cisco.asa.asa_facts: gather_subset: - - '!hardware' + - '!hardware' - name: Gather legacy and resource facts cisco.asa.asa_facts: diff --git a/plugins/modules/asa_ogs.py b/plugins/modules/asa_ogs.py index c51cae34..80ee453c 100644 --- a/plugins/modules/asa_ogs.py +++ b/plugins/modules/asa_ogs.py @@ -303,75 +303,75 @@ # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_network_og -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: config: - - object_type: network - object_groups: - - name: group_network_obj - group_object: - - test_og_network - - name: test_og_network - description: test_og_network - network_object: - host: - - 192.0.2.1 - - 192.0.2.2 - address: - - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 - - name: test_network_og - description: test_network_og - network_object: - host: - - 192.0.3.1 - - 192.0.3.2 - ipv6_address: - - 2001:db8:3::/64 - - object_type: security - object_groups: - - name: test_og_security - description: test_security - security_group: - sec_name: - - test_1 - - test_2 - tag: - - 10 - - 20 - - object_type: service - object_groups: - - name: O-Worker - services_object: - - protocol: tcp - destination_port: - range: + - object_type: network + object_groups: + - name: group_network_obj + group_object: + - test_og_network + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 198.51.100.1 + - 198.51.100.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: service + object_groups: + - name: O-Worker + services_object: + - protocol: tcp + destination_port: + range: + start: 100 + end: 200 + - protocol: tcp-udp + source_port: + eq: 1234 + destination_port: + gt: nfs + - name: O-UNIX-TCP + protocol: tcp + port_object: + - eq: https + - range: start: 100 - end: 200 - - protocol: tcp-udp - source_port: - eq: 1234 - destination_port: - gt: nfs - - name: O-UNIX-TCP - protocol: tcp - port_object: - - eq: https - - range: - start: 100 - end: 400 - - object_type: user - object_groups: - - name: test_og_user - description: test_user - user_object: - user: - - name: new_user_1 - domain: LOCAL - - name: new_user_2 - domain: LOCAL + end: 400 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL state: merged # Commands fired: @@ -392,8 +392,8 @@ # network-object host 192.0.2.1 # network-object host 192.0.2.2 # object-group network test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:3::/64 # object-group service O-Worker # service-object tcp destination range 100 200 @@ -418,11 +418,11 @@ # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -455,8 +455,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -483,9 +483,9 @@ description: test_og_network_replace network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol @@ -507,10 +507,10 @@ # description test_og_network_replace # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 -# network-object 192.0.3.0 255.255.255.0 +# network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 # After state: # ------------- @@ -518,12 +518,12 @@ # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_replace -# network-object host 192.0.3.1 -# network-object 192.0.3.0 255.255.255.0 +# network-object host 198.51.100.1 +# network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -558,8 +558,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -586,9 +586,9 @@ description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - name: ANSIBLE_TEST network_object: object: @@ -619,10 +619,10 @@ # description test_og_network_override # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 -# network-object 192.0.3.0 255.255.255.0 +# network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 # no object-group network test_network_og # object-group network ANSIBLE_TEST # network-object object TEST1 @@ -634,8 +634,8 @@ # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_override -# network-object host 192.0.3.1 -# network-object 192.0.3.0 255.255.255.0 +# network-object host 198.51.100.1 +# network-object 198.51.100.0 255.255.255.0 # object-group network ANSIBLE_TEST # network-object object TEST1 # network-object object TEST2 @@ -657,8 +657,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -711,7 +711,7 @@ # service-object tcp source eq 1234 destination gt nfs # Using DELETED without any config passed -#"(NOTE: This will delete all of configured resource module attributes)" +# "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -725,8 +725,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -770,8 +770,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -818,8 +818,8 @@ # "name": "test_network_og", # "network_object": { # "host": [ -# "192.0.3.1", -# "192.0.3.2" +# "198.51.100.1", +# "198.51.100.2" # ], # "ipv6_address": [ # "2001:db8:3::/64" @@ -878,8 +878,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -911,8 +911,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -956,8 +956,8 @@ # "network-object host 192.0.2.2", # "object-group network test_network_og", # "description test_network_og", -# "network-object host 192.0.3.1", -# "network-object host 192.0.3.2", +# "network-object host 198.51.100.1", +# "network-object host 198.51.100.2", # "network-object 2001:db8:3::/64", # "object-group user test_og_user", # "description test_user", @@ -1019,7 +1019,6 @@ # "object_type": "service" # } # ] - """ RETURN = """ diff --git a/plugins/terminal/asa.py b/plugins/terminal/asa.py index 94c3d284..0b24018b 100644 --- a/plugins/terminal/asa.py +++ b/plugins/terminal/asa.py @@ -30,7 +30,6 @@ class TerminalModule(TerminalBase): - terminal_stdout_re = [ re.compile(rb"[\r\n]?[\w+\-\.:\/\[\]]+(?:\([^\)]+\)){,3}(?:>|#) ?$"), re.compile(rb"\[\w+\@[\w\-\.]+(?: [^\]])\] ?[>#\$] ?$"), diff --git a/test-requirements.txt b/test-requirements.txt index 8002336b..5a90586f 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,8 +1,9 @@ -black==22.3.0 ; python_version > '3.5' +# For ansible-tox-linters +black==23.3.0 flake8 -mock ; python_version < '3.5' -pexpect -pytest-xdist yamllint -coverage==4.5.4 -git+https://github.com/ansible-community/pytest-ansible-units.git + +# Unit test runner +pytest-ansible +pytest-xdist +pytest-cov diff --git a/tests/config.yml b/tests/config.yml new file mode 100644 index 00000000..c26ea596 --- /dev/null +++ b/tests/config.yml @@ -0,0 +1,3 @@ +--- +modules: + python_requires: ">=3.9" diff --git a/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg b/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg index 82c5e778..7d909c71 100644 --- a/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg +++ b/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg @@ -1,5 +1,5 @@ access-list test_access; 2 elements; name hash: 0xaf1b712e -access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive diff --git a/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml b/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml index dafe55db..594b1721 100644 --- a/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml @@ -14,7 +14,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml b/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml index 74e21f61..1710c9e7 100644 --- a/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml @@ -15,7 +15,7 @@ - name: test_network_og network_object: host: - - 192.0.3.1 + - 198.51.100.1 ipv6_address: - 2001:db8:3::/64 state: merged diff --git a/tests/integration/targets/asa_acls/tests/cli/merged.yaml b/tests/integration/targets/asa_acls/tests/cli/merged.yaml index cf443df0..db3a4913 100644 --- a/tests/integration/targets/asa_acls/tests/cli/merged.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/merged.yaml @@ -24,7 +24,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/tests/cli/rendered.yaml b/tests/integration/targets/asa_acls/tests/cli/rendered.yaml index 62e1c255..5f3b05cb 100644 --- a/tests/integration/targets/asa_acls/tests/cli/rendered.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/rendered.yaml @@ -21,7 +21,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/tests/cli/replaced.yaml b/tests/integration/targets/asa_acls/tests/cli/replaced.yaml index 85e7d2dc..b437d2d2 100644 --- a/tests/integration/targets/asa_acls/tests/cli/replaced.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/replaced.yaml @@ -23,7 +23,7 @@ protocol_options: tcp: true source: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 destination: address: 192.0.4.0 diff --git a/tests/integration/targets/asa_acls/tests/cli/rtt.yaml b/tests/integration/targets/asa_acls/tests/cli/rtt.yaml index 1c77c281..bee557e0 100644 --- a/tests/integration/targets/asa_acls/tests/cli/rtt.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/rtt.yaml @@ -25,7 +25,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/vars/main.yaml b/tests/integration/targets/asa_acls/vars/main.yaml index 281cb8d6..77432818 100644 --- a/tests/integration/targets/asa_acls/vars/main.yaml +++ b/tests/integration/targets/asa_acls/vars/main.yaml @@ -3,16 +3,16 @@ deleted: commands: - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default delete_all: commands: - no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default merged: commands: - - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default - access-list test_access line 2 extended deny icmp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 alternate-address log errors - access-list test_access line 3 extended deny tcp host 198.51.110.0 any eq www log default - access-list test_access line 4 extended deny tcp object-group test_og_network object-group test_network_og eq www log default @@ -23,8 +23,8 @@ replaced: commands: - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default - - access-list test_access line 1 extended deny tcp 192.0.3.0 255.255.255.0 192.0.4.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 198.51.100.0 255.255.255.0 192.0.4.0 255.255.255.0 eq www log default - access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default - access-list test_global_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www overridden: @@ -32,7 +32,7 @@ overridden: - no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default - access-list test_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www - access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default gathered: @@ -40,7 +40,7 @@ gathered: acls: - aces: - destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -104,7 +104,7 @@ parsed: acls: - aces: - destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -152,7 +152,7 @@ rtt: commands: - no access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default - no access-list test_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www - - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - access-list test_global_access line 1 extended deny tcp any any eq www log errors - access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive diff --git a/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml b/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml index ec02e549..89e3e569 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml @@ -12,13 +12,13 @@ - 192.0.2.2 address: - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 + - 203.0.113.0 255.255.255.0 - name: test_network_og description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml b/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml index d37fcbae..c2ad2aa9 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml @@ -23,7 +23,7 @@ description: test_network_og network_object: host: - - 192.0.3.1 + - 198.51.100.1 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/merged.yaml b/tests/integration/targets/asa_ogs/tests/cli/merged.yaml index c2ba8d63..beb1ff19 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/merged.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/merged.yaml @@ -25,8 +25,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml b/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml index 9b10c1ed..018e577a 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml @@ -18,9 +18,9 @@ description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol diff --git a/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml b/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml index ec74691d..a0a2c5ad 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml @@ -24,8 +24,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml b/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml index 91e25a55..adc223e3 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml @@ -18,9 +18,9 @@ description: test_og_network_replace network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol diff --git a/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml b/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml index f3b99ea5..7fbfa6b9 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml @@ -20,13 +20,13 @@ - 192.0.2.2 address: - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 + - 203.0.113.0 255.255.255.0 - name: test_network_og description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -70,9 +70,9 @@ description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol diff --git a/tests/integration/targets/asa_ogs/vars/main.yaml b/tests/integration/targets/asa_ogs/vars/main.yaml index b5a8e30f..dad48fef 100644 --- a/tests/integration/targets/asa_ogs/vars/main.yaml +++ b/tests/integration/targets/asa_ogs/vars/main.yaml @@ -25,8 +25,8 @@ merged: - network-object host 192.0.2.2 - object-group network test_network_og - description test_network_og - - network-object host 192.0.3.1 - - network-object host 192.0.3.2 + - network-object host 198.51.100.1 + - network-object host 198.51.100.2 - network-object 2001:db8:3::/64 - object-group user test_og_user - description test_user @@ -41,11 +41,11 @@ replaced: - object-group network test_og_network - description test_og_network_replace - no network-object 192.0.2.0 255.255.255.0 - - no network-object 198.51.100.0 255.255.255.0 - - network-object 192.0.3.0 255.255.255.0 + - no network-object 203.0.113.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 - no network-object host 192.0.2.1 - no network-object host 192.0.2.2 - - network-object host 192.0.3.1 + - network-object host 198.51.100.1 overridden: commands: - no object-group security test_og_security @@ -57,11 +57,11 @@ overridden: - object-group network test_og_network - description test_og_network_override - no network-object 192.0.2.0 255.255.255.0 - - no network-object 198.51.100.0 255.255.255.0 - - network-object 192.0.3.0 255.255.255.0 + - no network-object 203.0.113.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 - no network-object host 192.0.2.1 - no network-object host 192.0.2.2 - - network-object host 192.0.3.1 + - network-object host 198.51.100.1 - no object-group network test_network_og gathered: config: @@ -70,7 +70,7 @@ gathered: name: test_network_og network_object: host: - - 192.0.3.1 + - 198.51.100.1 ipv6_address: - 2001:db8:3::/64 - description: test_og_network @@ -131,16 +131,16 @@ rtt: - security-group tag 20 - object-group network test_og_network - description test_og_network - - no network-object 192.0.3.0 255.255.255.0 + - no network-object 198.51.100.0 255.255.255.0 - network-object 192.0.2.0 255.255.255.0 - - network-object 198.51.100.0 255.255.255.0 - - no network-object host 192.0.3.1 + - network-object 203.0.113.0 255.255.255.0 + - no network-object host 198.51.100.1 - network-object host 192.0.2.1 - network-object host 192.0.2.2 - object-group network test_network_og - description test_network_og - - network-object host 192.0.3.1 - - network-object host 192.0.3.2 + - network-object host 198.51.100.1 + - network-object host 198.51.100.2 - network-object 2001:db8:3::/64 - object-group user test_og_user - description test_user diff --git a/tests/integration/targets/asa_smoke/tests/caching.yaml b/tests/integration/targets/asa_smoke/tests/caching.yaml index a2f91807..97f94943 100644 --- a/tests/integration/targets/asa_smoke/tests/caching.yaml +++ b/tests/integration/targets/asa_smoke/tests/caching.yaml @@ -19,8 +19,8 @@ - network-object host 192.0.2.2 - object-group network test_network_og - description test_network_og - - network-object host 192.0.3.1 - - network-object host 192.0.3.2 + - network-object host 198.51.100.1 + - network-object host 198.51.100.2 - network-object 2001:db8:3::/64 - object-group user test_og_user - description test_user @@ -50,8 +50,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt deleted file mode 100644 index 65598cad..00000000 --- a/tests/sanity/ignore-2.10.txt +++ /dev/null @@ -1,7 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt deleted file mode 100644 index 5f802771..00000000 --- a/tests/sanity/ignore-2.11.txt +++ /dev/null @@ -1,8 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/terminal/asa.py import-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt deleted file mode 100644 index 85ed7df5..00000000 --- a/tests/sanity/ignore-2.12.txt +++ /dev/null @@ -1,5 +0,0 @@ -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.17.txt similarity index 100% rename from tests/sanity/ignore-2.13.txt rename to tests/sanity/ignore-2.17.txt diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt new file mode 100644 index 00000000..3d2a4f58 --- /dev/null +++ b/tests/sanity/ignore-2.18.txt @@ -0,0 +1 @@ +plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt new file mode 100644 index 00000000..3d2a4f58 --- /dev/null +++ b/tests/sanity/ignore-2.19.txt @@ -0,0 +1 @@ +plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt deleted file mode 100644 index 65598cad..00000000 --- a/tests/sanity/ignore-2.9.txt +++ /dev/null @@ -1,7 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/unit/mock/loader.py b/tests/unit/mock/loader.py index e707365f..195746ad 100644 --- a/tests/unit/mock/loader.py +++ b/tests/unit/mock/loader.py @@ -31,7 +31,7 @@ class DictDataLoader(DataLoader): def __init__(self, file_mapping=None): file_mapping = {} if file_mapping is None else file_mapping - assert type(file_mapping) == dict + assert isinstance(file_mapping, dict) super(DictDataLoader, self).__init__() diff --git a/tests/unit/modules/network/asa/asa_module.py b/tests/unit/modules/network/asa/asa_module.py index b2b36ed2..56029cb7 100644 --- a/tests/unit/modules/network/asa/asa_module.py +++ b/tests/unit/modules/network/asa/asa_module.py @@ -50,7 +50,6 @@ def execute_module( sort=True, defaults=False, ): - self.load_fixtures(commands) if failed: diff --git a/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg b/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg index 7a0fb66c..43812860 100644 --- a/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg +++ b/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg @@ -4,7 +4,7 @@ access-list test_global_access; 1 elements; name hash: 0xaa83124c access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b -access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e +access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c diff --git a/tests/unit/modules/network/asa/test_asa_acls.py b/tests/unit/modules/network/asa/test_asa_acls.py index 30195225..5f97a697 100644 --- a/tests/unit/modules/network/asa/test_asa_acls.py +++ b/tests/unit/modules/network/asa/test_asa_acls.py @@ -21,11 +21,13 @@ reason="Tests and/or module are unstable on Python 3.5.", ) +from textwrap import dedent +from unittest.mock import patch + from ansible_collections.cisco.asa.plugins.modules import asa_acls -from ansible_collections.cisco.asa.tests.unit.compat.mock import patch from ansible_collections.cisco.asa.tests.unit.modules.utils import set_module_args -from .asa_module import TestAsaModule, load_fixture +from .asa_module import TestAsaModule class TestAsaAclsModule(TestAsaModule): @@ -76,13 +78,35 @@ def tearDown(self): self.mock_load_config.stop() self.mock_execute_show_command.stop() - def load_fixtures(self, commands=None): - def load_from_file(*args, **kwargs): - return load_fixture("asa_acls_config.cfg") - - self.execute_show_command.side_effect = load_from_file - def test_asa_acls_merged(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -137,6 +161,34 @@ def test_asa_acls_merged(self): self.assertEqual(result["commands"], commands) def test_asa_acls_merged_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -179,7 +231,7 @@ def test_asa_acls_merged_idempotent(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), @@ -319,6 +371,34 @@ def test_asa_acls_merged_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_replaced(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -370,13 +450,41 @@ def test_asa_acls_replaced(self): "no access-list ansible_test line 1 remark HostA", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", - "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", + "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default", "access-list test_access line 1 extended deny igrp 198.51.101.0 255.255.255.0 198.51.102.0 255.255.255.0 log default time-range temp", "access-list ansible_test line 1 remark HostA0", ] self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_replaced_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -419,7 +527,7 @@ def test_asa_acls_replaced_idempotent(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), @@ -559,6 +667,34 @@ def test_asa_acls_replaced_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_overridden(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -598,7 +734,7 @@ def test_asa_acls_overridden(self): "no access-list ansible_test line 1 remark HostA", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", - "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", + "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default", "no access-list management_in line 3 extended permit ip any4 host 192.0.2.1", "no access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389", "no access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100", @@ -610,6 +746,34 @@ def test_asa_acls_overridden(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_overridden_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -652,7 +816,7 @@ def test_asa_acls_overridden_idempotent(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), @@ -792,6 +956,34 @@ def test_asa_acls_overridden_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_delete_by_acl(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -813,6 +1005,34 @@ def test_asa_acls_delete_by_acl(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_deleted_all(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ @@ -820,7 +1040,7 @@ def test_asa_acls_deleted_all(self): "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", - "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", + "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default", "no access-list management_in line 3 extended permit ip any4 host 192.0.2.1", "no access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389", "no access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100", @@ -833,6 +1053,34 @@ def test_asa_acls_deleted_all(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_rendered(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -843,7 +1091,7 @@ def test_asa_acls_rendered(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", ), grant="deny", @@ -864,7 +1112,196 @@ def test_asa_acls_rendered(self): ), ) commands = [ - "access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 log default", + "access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 log default", ] result = self.execute_module(changed=False) self.assertEqual(result["rendered"], commands) + + def test_asa_acls_gathered(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit object-group MYSERV.11 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) + set_module_args( + dict( + state="gathered", + ), + ) + facts = { + "acls": [ + { + "name": "test_global_access", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": {"any": True}, + "destination": {"any": True, "port_protocol": {"eq": "www"}}, + "log": "errors", + "protocol_options": {"tcp": True}, + }, + {"line": 2, "remark": "test global remark"}, + ], + }, + { + "name": "test_access", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": {"address": "192.0.2.0", "netmask": "255.255.255.0"}, + "destination": { + "address": "198.51.100.0", + "netmask": "255.255.255.0", + "port_protocol": {"eq": "www"}, + }, + "log": "default", + "protocol_options": {"tcp": True}, + }, + { + "grant": "deny", + "line": 2, + "protocol": "igrp", + "source": {"address": "198.51.100.0", "netmask": "255.255.255.0"}, + "destination": {"address": "198.51.110.0", "netmask": "255.255.255.0"}, + "log": "errors", + "protocol_options": {"igrp": True}, + }, + { + "grant": "permit", + "line": 3, + "protocol": "ip", + "source": {"host": "192.0.2.2"}, + "destination": {"any": True}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "test_R1_traffic", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": { + "address": "2001:db8:0:3::/64", + "port_protocol": {"eq": "www"}, + }, + "destination": { + "address": "2001:fc8:0:4::/64", + "port_protocol": {"eq": "telnet"}, + }, + "inactive": True, + "protocol_options": {"tcp": True}, + }, + { + "grant": "permit", + "line": 2, + "protocol": "ip", + "source": {"host": "2001:db8::1"}, + "destination": {"any6": True}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "ansible_test", + "aces": [ + {"line": 1, "remark": "HostA"}, + { + "grant": "deny", + "line": 2, + "protocol": "ip", + "source": {"host": "192.0.5.1"}, + "destination": {"any4": True}, + "protocol_options": {"ip": True}, + }, + ], + "acl_type": "extended", + }, + { + "name": "management_in", + "acl_type": "extended", + "aces": [ + { + "grant": "permit", + "line": 1, + "protocol": "tcp", + "source": { + "host": "198.51.100.5", + "port_protocol": {"range": {"start": 49152, "end": 65535}}, + }, + "destination": { + "address": "198.51.100.0", + "netmask": "255.255.255.0", + "port_protocol": {"eq": "100"}, + }, + "protocol_options": {"tcp": True}, + }, + { + "grant": "permit", + "line": 2, + "protocol": "object-group MYSERV.11", + "source": { + "object_group": "ALLSERV.12", + "port_protocol": {"eq": "9389"}, + }, + }, + { + "grant": "permit", + "line": 3, + "protocol": "ip", + "source": {"any4": True}, + "destination": {"host": "192.0.2.1"}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "MyACL", + "acl_type": "extended", + "aces": [ + { + "grant": "permit", + "line": 1, + "protocol": "tcp", + "source": {"object_group": "O-Environments"}, + "destination": {"any": True, "service_object_group": "O-Windows-TCP"}, + "protocol_options": {"tcp": True}, + }, + ], + }, + ], + } + result = self.execute_module(changed=False) + self.assertEqual(result["gathered"], facts) diff --git a/tests/unit/modules/network/asa/test_asa_facts.py b/tests/unit/modules/network/asa/test_asa_facts.py index d4424dd7..75b3d064 100644 --- a/tests/unit/modules/network/asa/test_asa_facts.py +++ b/tests/unit/modules/network/asa/test_asa_facts.py @@ -27,7 +27,6 @@ class TestAsaFactsModule(TestAsaModule): - module = asa_facts def setUp(self): diff --git a/tests/unit/modules/network/asa/test_asa_ogs.py b/tests/unit/modules/network/asa/test_asa_ogs.py index 15c03fc1..83d2a9c0 100644 --- a/tests/unit/modules/network/asa/test_asa_ogs.py +++ b/tests/unit/modules/network/asa/test_asa_ogs.py @@ -96,7 +96,7 @@ def test_asa_ogs_merged(self): name="test_network_og", description="test network og", network_object=dict( - host=["192.0.3.1", "192.0.3.2"], + host=["198.51.100.1", "198.51.100.2"], ipv6_address=["2001:db8:0:3::/64"], ), ), @@ -181,8 +181,8 @@ def test_asa_ogs_merged(self): "group-object test_network_og", "object-group network test_network_og", "description test network og", - "network-object host 192.0.3.1", - "network-object host 192.0.3.2", + "network-object host 198.51.100.1", + "network-object host 198.51.100.2", "network-object 2001:db8:0:3::/64", "object-group network ANSIBLE_TEST", "network-object object NEW_TEST", @@ -319,8 +319,8 @@ def test_asa_ogs_replaced(self): name="test_og_network", description="test_og_network_replace", network_object=dict( - host=["192.0.3.1"], - address=["192.0.3.0 255.255.255.0"], + host=["198.51.100.1"], + address=["198.51.100.0 255.255.255.0"], ), ), ], @@ -335,10 +335,10 @@ def test_asa_ogs_replaced(self): "object-group network test_og_network", "description test_og_network_replace", "no network-object 192.0.2.0 255.255.255.0", - "network-object 192.0.3.0 255.255.255.0", + "network-object 198.51.100.0 255.255.255.0", "no network-object host 192.0.2.1", "no network-object host 2001:db8::1", - "network-object host 192.0.3.1", + "network-object host 198.51.100.1", ] self.assertEqual(sorted(result["commands"]), sorted(commands)) @@ -459,8 +459,8 @@ def test_asa_ogs_overridden(self): name="test_og_network", description="test_og_network_override", network_object=dict( - host=["192.0.3.1"], - address=["192.0.3.0 255.255.255.0"], + host=["198.51.100.1"], + address=["198.51.100.0 255.255.255.0"], ), ), ], @@ -481,10 +481,10 @@ def test_asa_ogs_overridden(self): "object-group network test_og_network", "description test_og_network_override", "no network-object 192.0.2.0 255.255.255.0", - "network-object 192.0.3.0 255.255.255.0", + "network-object 198.51.100.0 255.255.255.0", "no network-object host 192.0.2.1", "no network-object host 2001:db8::1", - "network-object host 192.0.3.1", + "network-object host 198.51.100.1", "no object-group network ANSIBLE_TEST", "no object-group network bug_test_obj", "no object-group user group_user_obj", diff --git a/tox-ansible.ini b/tox-ansible.ini new file mode 100644 index 00000000..b49a359f --- /dev/null +++ b/tox-ansible.ini @@ -0,0 +1,3 @@ +[ansible] + +skip = "" diff --git a/tox.ini b/tox.ini deleted file mode 100644 index c5b846a3..00000000 --- a/tox.ini +++ /dev/null @@ -1,33 +0,0 @@ -[tox] -minversion = 1.4.2 -envlist = linters -skipsdist = True - -[testenv] -basepython = python3 -deps = -r{toxinidir}/requirements.txt - -r{toxinidir}/test-requirements.txt -commands = find {toxinidir} -type f -name "*.py[c|o]" -delete - -[testenv:black] -install_command = pip install {opts} {packages} -commands = - black -v {toxinidir} - -[testenv:linters] -install_command = pip install {opts} {packages} -commands = - black -v --diff --check {toxinidir} - flake8 {posargs} - -[testenv:venv] -commands = {posargs} - -[flake8] -# E123, E125 skipped as they are invalid PEP-8. - -show-source = True -ignore = E123,E125,E203,E402,E501,E741,W503 -max-line-length = 160 -builtins = _ -exclude = .git,.tox,tests/unit/compat/