From 20a708cf90363b7d19f1f6b7a4abefb1a8ad0af6 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 00:23:14 +0530 Subject: [PATCH 01/36] [pre-commit.ci] pre-commit autoupdate (#203) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [pre-commit.ci] pre-commit autoupdate updates: - [github.com/pre-commit/pre-commit-hooks: v4.3.0 → v4.4.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.3.0...v4.4.0) - [github.com/asottile/add-trailing-comma: v2.2.3 → v2.4.0](https://github.com/asottile/add-trailing-comma/compare/v2.2.3...v2.4.0) - [github.com/psf/black: 22.6.0 → 23.3.0](https://github.com/psf/black/compare/22.6.0...23.3.0) - [github.com/PyCQA/isort: 5.10.1 → 5.12.0](https://github.com/PyCQA/isort/compare/5.10.1...5.12.0) - [github.com/ansible-network/collection_prep: 1.0.0 → 1.1.1](https://github.com/ansible-network/collection_prep/compare/1.0.0...1.1.1) * Pre-commit updates --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Kate Case --- .pre-commit-config.yaml | 6 +++--- changelogs/fragments/pre-commit.yaml | 3 +++ plugins/doc_fragments/asa.py | 1 - plugins/module_utils/network/asa/facts/acls/acls.py | 1 - plugins/module_utils/network/asa/facts/legacy/base.py | 4 ---- plugins/module_utils/network/asa/facts/ogs/ogs.py | 1 - plugins/module_utils/network/asa/providers/module.py | 1 - plugins/module_utils/network/asa/providers/providers.py | 2 -- plugins/terminal/asa.py | 1 - tests/unit/modules/network/asa/asa_module.py | 1 - tests/unit/modules/network/asa/test_asa_facts.py | 1 - 11 files changed, 6 insertions(+), 16 deletions(-) create mode 100644 changelogs/fragments/pre-commit.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index db0bd29d..dd623dda 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.3.0 + rev: v4.4.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -18,7 +18,7 @@ repos: - id: trailing-whitespace - repo: https://github.com/asottile/add-trailing-comma - rev: v2.2.3 + rev: v2.4.0 hooks: - id: add-trailing-comma @@ -37,6 +37,6 @@ repos: name: Sort import statements using isort - repo: https://github.com/psf/black - rev: 22.6.0 + rev: 23.3.0 hooks: - id: black diff --git a/changelogs/fragments/pre-commit.yaml b/changelogs/fragments/pre-commit.yaml new file mode 100644 index 00000000..8fc29415 --- /dev/null +++ b/changelogs/fragments/pre-commit.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - pre-commit updates reformatted some files. diff --git a/plugins/doc_fragments/asa.py b/plugins/doc_fragments/asa.py index 25b2043f..b084d517 100644 --- a/plugins/doc_fragments/asa.py +++ b/plugins/doc_fragments/asa.py @@ -10,7 +10,6 @@ class ModuleDocFragment(object): - # Standard files documentation fragment DOCUMENTATION = r"""options: context: diff --git a/plugins/module_utils/network/asa/facts/acls/acls.py b/plugins/module_utils/network/asa/facts/acls/acls.py index c1af428d..b624a055 100644 --- a/plugins/module_utils/network/asa/facts/acls/acls.py +++ b/plugins/module_utils/network/asa/facts/acls/acls.py @@ -36,7 +36,6 @@ class AclsFacts(object): """The asa_acls fact class""" def __init__(self, module, subspec="config", options="options"): - self._module = module self.argument_spec = AclsArgs.argument_spec spec = deepcopy(self.argument_spec) diff --git a/plugins/module_utils/network/asa/facts/legacy/base.py b/plugins/module_utils/network/asa/facts/legacy/base.py index 1c1ec7b1..d256229b 100644 --- a/plugins/module_utils/network/asa/facts/legacy/base.py +++ b/plugins/module_utils/network/asa/facts/legacy/base.py @@ -26,7 +26,6 @@ class FactsBase(object): - COMMANDS = list() def __init__(self, module): @@ -47,7 +46,6 @@ def run(self, cmd): class Default(FactsBase): - COMMANDS = ["show version"] def populate(self): @@ -109,7 +107,6 @@ def platform_facts(self): class Hardware(FactsBase): - COMMANDS = ["dir", "show memory"] def populate(self): @@ -173,7 +170,6 @@ def parse_filesystems_info(self, data): class Config(FactsBase): - COMMANDS = ["show running-config"] def populate(self): diff --git a/plugins/module_utils/network/asa/facts/ogs/ogs.py b/plugins/module_utils/network/asa/facts/ogs/ogs.py index caa094c8..41821d4c 100644 --- a/plugins/module_utils/network/asa/facts/ogs/ogs.py +++ b/plugins/module_utils/network/asa/facts/ogs/ogs.py @@ -31,7 +31,6 @@ class OGsFacts(object): """The asa_ogs fact class""" def __init__(self, module, subspec="config", options="options"): - self._module = module self.argument_spec = OGsArgs.argument_spec diff --git a/plugins/module_utils/network/asa/providers/module.py b/plugins/module_utils/network/asa/providers/module.py index d188ed7c..ca76966f 100644 --- a/plugins/module_utils/network/asa/providers/module.py +++ b/plugins/module_utils/network/asa/providers/module.py @@ -15,7 +15,6 @@ class NetworkModule(AnsibleModule): - fail_on_missing_provider = True def __init__(self, connection=None, *args, **kwargs): diff --git a/plugins/module_utils/network/asa/providers/providers.py b/plugins/module_utils/network/asa/providers/providers.py index 97584d1f..ad956ea6 100644 --- a/plugins/module_utils/network/asa/providers/providers.py +++ b/plugins/module_utils/network/asa/providers/providers.py @@ -53,7 +53,6 @@ def get(network_os, module_name, connection_type): class ProviderBase(object): - supported_connections = () def __init__(self, params, connection=None, check_mode=False): @@ -82,7 +81,6 @@ def edit_config(self): class CliProvider(ProviderBase): - supported_connections = ("network_cli",) @property diff --git a/plugins/terminal/asa.py b/plugins/terminal/asa.py index 94c3d284..0b24018b 100644 --- a/plugins/terminal/asa.py +++ b/plugins/terminal/asa.py @@ -30,7 +30,6 @@ class TerminalModule(TerminalBase): - terminal_stdout_re = [ re.compile(rb"[\r\n]?[\w+\-\.:\/\[\]]+(?:\([^\)]+\)){,3}(?:>|#) ?$"), re.compile(rb"\[\w+\@[\w\-\.]+(?: [^\]])\] ?[>#\$] ?$"), diff --git a/tests/unit/modules/network/asa/asa_module.py b/tests/unit/modules/network/asa/asa_module.py index b2b36ed2..56029cb7 100644 --- a/tests/unit/modules/network/asa/asa_module.py +++ b/tests/unit/modules/network/asa/asa_module.py @@ -50,7 +50,6 @@ def execute_module( sort=True, defaults=False, ): - self.load_fixtures(commands) if failed: diff --git a/tests/unit/modules/network/asa/test_asa_facts.py b/tests/unit/modules/network/asa/test_asa_facts.py index d4424dd7..75b3d064 100644 --- a/tests/unit/modules/network/asa/test_asa_facts.py +++ b/tests/unit/modules/network/asa/test_asa_facts.py @@ -27,7 +27,6 @@ class TestAsaFactsModule(TestAsaModule): - module = asa_facts def setUp(self): From 381d4330014f308e3829fd3b69d9ed8fc0564bc3 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 13 Jun 2023 11:14:06 +0530 Subject: [PATCH 02/36] [pre-commit.ci] pre-commit autoupdate (#208) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/asottile/add-trailing-comma: v2.4.0 → v2.5.1](https://github.com/asottile/add-trailing-comma/compare/v2.4.0...v2.5.1) - [github.com/pre-commit/mirrors-prettier: v3.0.0-alpha.6 → v3.0.0-alpha.9-for-vscode](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.0-alpha.6...v3.0.0-alpha.9-for-vscode) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index dd623dda..bf907dc4 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -18,12 +18,12 @@ repos: - id: trailing-whitespace - repo: https://github.com/asottile/add-trailing-comma - rev: v2.4.0 + rev: v2.5.1 hooks: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v3.0.0-alpha.6" + rev: "v3.0.0-alpha.9-for-vscode" hooks: - id: prettier additional_dependencies: From 50c2faed61e46b5d380d6c8df2c4fadb01105e6b Mon Sep 17 00:00:00 2001 From: Sumit Jaiswal Date: Tue, 13 Jun 2023 13:25:30 +0530 Subject: [PATCH 03/36] For the release prep of Cisco ASA collection with version 4.0.1 (#209) * release prep 401 Signed-off-by: Sumit Jaiswal * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: Sumit Jaiswal Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- CHANGELOG.rst | 8 ++++++++ changelogs/changelog.yaml | 9 +++++++++ changelogs/fragments/cleanup.yaml | 3 --- changelogs/fragments/pre-commit.yaml | 3 --- changelogs/fragments/rm_base.yaml | 3 --- changelogs/fragments/rm_base_plus.yaml | 3 --- galaxy.yml | 2 +- 7 files changed, 18 insertions(+), 13 deletions(-) delete mode 100644 changelogs/fragments/cleanup.yaml delete mode 100644 changelogs/fragments/pre-commit.yaml delete mode 100644 changelogs/fragments/rm_base.yaml delete mode 100644 changelogs/fragments/rm_base_plus.yaml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 949c7c0a..c7c81dd0 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,14 @@ Cisco Asa Collection Release Notes .. contents:: Topics +v4.0.1 +====== + +Release Summary +--------------- + +- Release with bugfix fixing the import path coming from `utils` and `netcommon` lib. + v4.0.0 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index c4a6dfb4..f77c9eb0 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -185,3 +185,12 @@ releases: - remove_deprecated_modules.yaml - remove_provider.yaml release_date: "2022-10-13" + 4.0.1: + changes: + release_summary: Release with bugfix fixing the import path coming from utils and netcommon lib. + fragments: + - cleanup.yaml + - pre-commit.yaml + - rm_base.yaml + - rm_base_plus.yaml + release_date: "2023-06-13" diff --git a/changelogs/fragments/cleanup.yaml b/changelogs/fragments/cleanup.yaml deleted file mode 100644 index 477506e9..00000000 --- a/changelogs/fragments/cleanup.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Update pre-commit and run diff --git a/changelogs/fragments/pre-commit.yaml b/changelogs/fragments/pre-commit.yaml deleted file mode 100644 index 8fc29415..00000000 --- a/changelogs/fragments/pre-commit.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - pre-commit updates reformatted some files. diff --git a/changelogs/fragments/rm_base.yaml b/changelogs/fragments/rm_base.yaml deleted file mode 100644 index eeca679b..00000000 --- a/changelogs/fragments/rm_base.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Move references for ResourceModule to the rm_base package as the non-rm_base path is going away. (https://github.com/ansible-collections/ansible.netcommon/pull/496) diff --git a/changelogs/fragments/rm_base_plus.yaml b/changelogs/fragments/rm_base_plus.yaml deleted file mode 100644 index 00838f41..00000000 --- a/changelogs/fragments/rm_base_plus.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Move remaining references for ResourceModule to the rm_base package as the non-rm_base path is going away. (https://github.com/ansible-collections/ansible.netcommon/pull/496) diff --git a/galaxy.yml b/galaxy.yml index 6a0a6e26..96d0a7fe 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 4.0.1-dev +version: 4.0.1 From bc560f2b75983682860e93ae800050e6399a76b5 Mon Sep 17 00:00:00 2001 From: Kate Case Date: Wed, 14 Jun 2023 01:32:55 -0400 Subject: [PATCH 04/36] Replace uses of 192.0.3.0/24 with 198.51.100.0/24 (TEST-NET-2) (#130) * Replace uses of 192.0.3.0/24 with 198.51.100.0/24 (TEST-NET-2) See https://datatracker.ietf.org/doc/html/rfc5737#section-3 for more on why this particular block should be used instead * Add changelog * Swap one with TEST-NET-3 for coverage --- changelogs/fragments/test-net-2.yaml | 3 + docs/cisco.asa.asa_acls_module.rst | 38 ++++----- docs/cisco.asa.asa_ogs_module.rst | 80 +++++++++---------- plugins/modules/asa_acls.py | 38 ++++----- plugins/modules/asa_ogs.py | 80 +++++++++---------- .../targets/asa_acls/tests/cli/_parsed.cfg | 2 +- .../asa_acls/tests/cli/_populate_config.yaml | 2 +- .../tests/cli/_populate_network_og.yaml | 2 +- .../targets/asa_acls/tests/cli/merged.yaml | 2 +- .../targets/asa_acls/tests/cli/rendered.yaml | 2 +- .../targets/asa_acls/tests/cli/replaced.yaml | 2 +- .../targets/asa_acls/tests/cli/rtt.yaml | 2 +- .../targets/asa_acls/vars/main.yaml | 18 ++--- .../asa_ogs/tests/cli/_populate_config.yaml | 6 +- .../targets/asa_ogs/tests/cli/gathered.yaml | 2 +- .../targets/asa_ogs/tests/cli/merged.yaml | 4 +- .../targets/asa_ogs/tests/cli/overridden.yaml | 4 +- .../targets/asa_ogs/tests/cli/rendered.yaml | 4 +- .../targets/asa_ogs/tests/cli/replaced.yaml | 4 +- .../targets/asa_ogs/tests/cli/rtt.yaml | 10 +-- .../targets/asa_ogs/vars/main.yaml | 28 +++---- .../targets/asa_smoke/tests/caching.yaml | 8 +- .../network/asa/fixtures/asa_acls_config.cfg | 2 +- .../unit/modules/network/asa/test_asa_acls.py | 16 ++-- .../unit/modules/network/asa/test_asa_ogs.py | 22 ++--- 25 files changed, 192 insertions(+), 189 deletions(-) create mode 100644 changelogs/fragments/test-net-2.yaml diff --git a/changelogs/fragments/test-net-2.yaml b/changelogs/fragments/test-net-2.yaml new file mode 100644 index 00000000..f0a5a23a --- /dev/null +++ b/changelogs/fragments/test-net-2.yaml @@ -0,0 +1,3 @@ +--- +doc_changes: + - Replace all references to non-example address ranges in module documentation and tests. diff --git a/docs/cisco.asa.asa_acls_module.rst b/docs/cisco.asa.asa_acls_module.rst index 4ab131ec..d991daa6 100644 --- a/docs/cisco.asa.asa_acls_module.rst +++ b/docs/cisco.asa.asa_acls_module.rst @@ -2424,7 +2424,7 @@ Examples address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -2503,7 +2503,7 @@ Examples # access-list global_access line 4 extended deny tcp any any eq www log errors interval 300 # access-list R1_traffic line 1 remark test_v6_acls # access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - # access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive # access-list temp_access line 2 extended deny tcp interface management interface management @@ -2527,7 +2527,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2537,9 +2537,9 @@ Examples # interval 300 (hitcnt=0) 0x78aa233d # access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og # eq www log default (hitcnt=0) 0x477aec1e - # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.1 eq www + # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.1 eq www # log default (hitcnt=0) 0xdc7edff8 - # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.2 eq www + # access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.2 eq www # log default (hitcnt=0) 0x7b0e9fde # access-list test_access line 2 extended deny tcp 198.51.100.0 255.255.255.0 2001:db8:3::/64 eq www # log default (hitcnt=0) 0x97c75adc @@ -2604,7 +2604,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2656,7 +2656,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2681,7 +2681,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2716,7 +2716,7 @@ Examples # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 time-range temp # no access-list temp_access line 1 - # extended grant deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # extended grant deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list R1_traffic line 2 # extended grant deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive # no access-list R1_traffic line 1 @@ -2752,7 +2752,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2770,7 +2770,7 @@ Examples # --------------- # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive - # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default # no access-list global_access line 3 extended deny tcp any any eq www log errors interval 300 # no access-list global_access line 2 extended deny tcp any any eq telnet @@ -2808,7 +2808,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2826,7 +2826,7 @@ Examples # no access-list R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq telnet 2001:fc8:0:4::/64 eq www # log errors interval 300 # no access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive @@ -2853,7 +2853,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -2958,7 +2958,7 @@ Examples # "aces": [ # { # "destination": { - # "address": "192.0.3.0", + # "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" @@ -3019,7 +3019,7 @@ Examples address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -3056,7 +3056,7 @@ Examples # # "rendered": [ # "access-list temp_access line 1 - # extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 + # extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 # eq www log default" # "access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -3070,7 +3070,7 @@ Examples # parsed.cfg # # access-list test_access; 2 elements; name hash: 0xaf1b712e - # access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + # access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors # access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 # access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive @@ -3090,7 +3090,7 @@ Examples # "aces": [ # { # "destination": { - # "address": "192.0.3.0", + # "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" diff --git a/docs/cisco.asa.asa_ogs_module.rst b/docs/cisco.asa.asa_ogs_module.rst index 1a5d3083..80a46332 100644 --- a/docs/cisco.asa.asa_ogs_module.rst +++ b/docs/cisco.asa.asa_ogs_module.rst @@ -1158,7 +1158,7 @@ Examples # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_network_og - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: @@ -1181,8 +1181,8 @@ Examples description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -1247,8 +1247,8 @@ Examples # network-object host 192.0.2.1 # network-object host 192.0.2.2 # object-group network test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:3::/64 # object-group service O-Worker # service-object tcp destination range 100 200 @@ -1273,11 +1273,11 @@ Examples # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1310,8 +1310,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1338,9 +1338,9 @@ Examples description: test_og_network_replace network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol @@ -1362,10 +1362,10 @@ Examples # description test_og_network_replace # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 - # network-object 192.0.3.0 255.255.255.0 + # network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 # After state: # ------------- @@ -1373,12 +1373,12 @@ Examples # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_replace - # network-object host 192.0.3.1 - # network-object 192.0.3.0 255.255.255.0 + # network-object host 198.51.100.1 + # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1413,8 +1413,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1441,9 +1441,9 @@ Examples description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - name: ANSIBLE_TEST network_object: object: @@ -1474,10 +1474,10 @@ Examples # description test_og_network_override # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 - # network-object 192.0.3.0 255.255.255.0 + # network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 - # network-object host 192.0.3.1 + # network-object host 198.51.100.1 # no object-group network test_network_og # object-group network ANSIBLE_TEST # network-object object TEST1 @@ -1489,8 +1489,8 @@ Examples # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_override - # network-object host 192.0.3.1 - # network-object 192.0.3.0 255.255.255.0 + # network-object host 198.51.100.1 + # network-object 198.51.100.0 255.255.255.0 # object-group network ANSIBLE_TEST # network-object object TEST1 # network-object object TEST2 @@ -1512,8 +1512,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1580,8 +1580,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1625,8 +1625,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1673,8 +1673,8 @@ Examples # "name": "test_network_og", # "network_object": { # "host": [ - # "192.0.3.1", - # "192.0.3.2" + # "198.51.100.1", + # "198.51.100.2" # ], # "ipv6_address": [ # "2001:db8:3::/64" @@ -1733,8 +1733,8 @@ Examples # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og - # network-object host 192.0.3.1 - # network-object host 192.0.3.2 + # network-object host 198.51.100.1 + # network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -1766,8 +1766,8 @@ Examples description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -1811,8 +1811,8 @@ Examples # "network-object host 192.0.2.2", # "object-group network test_network_og", # "description test_network_og", - # "network-object host 192.0.3.1", - # "network-object host 192.0.3.2", + # "network-object host 198.51.100.1", + # "network-object host 198.51.100.2", # "network-object 2001:db8:3::/64", # "object-group user test_og_user", # "description test_user", diff --git a/plugins/modules/asa_acls.py b/plugins/modules/asa_acls.py index e5330fae..701af955 100644 --- a/plugins/modules/asa_acls.py +++ b/plugins/modules/asa_acls.py @@ -468,7 +468,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -547,7 +547,7 @@ # access-list global_access line 4 extended deny tcp any any eq www log errors interval 300 # access-list R1_traffic line 1 remark test_v6_acls # access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive -# access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive # access-list temp_access line 2 extended deny tcp interface management interface management @@ -571,7 +571,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -581,9 +581,9 @@ # interval 300 (hitcnt=0) 0x78aa233d # access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og # eq www log default (hitcnt=0) 0x477aec1e -# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.1 eq www +# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.1 eq www # log default (hitcnt=0) 0xdc7edff8 -# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 192.0.3.2 eq www +# access-list test_access line 2 extended deny tcp 192.0.2.0 255.255.255.0 host 198.51.100.2 eq www # log default (hitcnt=0) 0x7b0e9fde # access-list test_access line 2 extended deny tcp 198.51.100.0 255.255.255.0 2001:db8:3::/64 eq www # log default (hitcnt=0) 0x97c75adc @@ -648,7 +648,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -700,7 +700,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -725,7 +725,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -760,7 +760,7 @@ # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 time-range temp # no access-list temp_access line 1 -# extended grant deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# extended grant deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list R1_traffic line 2 # extended grant deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive # no access-list R1_traffic line 1 @@ -796,7 +796,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -814,7 +814,7 @@ # --------------- # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive -# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default # no access-list global_access line 3 extended deny tcp any any eq www log errors interval 300 # no access-list global_access line 2 extended deny tcp any any eq telnet @@ -852,7 +852,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -870,7 +870,7 @@ # no access-list R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq telnet 2001:fc8:0:4::/64 eq www # log errors interval 300 # no access-list R1_traffic line 2 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive -# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# no access-list temp_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # no access-list temp_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 # time-range temp inactive @@ -897,7 +897,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # access-list temp_access; 2 elements; name hash: 0xaf1b712e # access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www # log default (hitcnt=0) 0xb58abb0d # access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -1002,7 +1002,7 @@ # "aces": [ # { # "destination": { -# "address": "192.0.3.0", +# "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" @@ -1063,7 +1063,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -1100,7 +1100,7 @@ # # "rendered": [ # "access-list temp_access line 1 -# extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 +# extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 # eq www log default" # "access-list temp_access line 2 # extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 @@ -1114,7 +1114,7 @@ # parsed.cfg # # access-list test_access; 2 elements; name hash: 0xaf1b712e -# access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +# access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default # access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors # access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 # access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive @@ -1134,7 +1134,7 @@ # "aces": [ # { # "destination": { -# "address": "192.0.3.0", +# "address": "198.51.100.0", # "netmask": "255.255.255.0", # "port_protocol": { # "eq": "www" diff --git a/plugins/modules/asa_ogs.py b/plugins/modules/asa_ogs.py index c51cae34..c9b7a409 100644 --- a/plugins/modules/asa_ogs.py +++ b/plugins/modules/asa_ogs.py @@ -303,7 +303,7 @@ # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_network_og -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: @@ -326,8 +326,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -392,8 +392,8 @@ # network-object host 192.0.2.1 # network-object host 192.0.2.2 # object-group network test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:3::/64 # object-group service O-Worker # service-object tcp destination range 100 200 @@ -418,11 +418,11 @@ # network-object host 192.0.2.2 # network-object 192.0.2.0 255.255.255.0 # network-object 198.51.100.0 255.255.255.0 -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -455,8 +455,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -483,9 +483,9 @@ description: test_og_network_replace network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol @@ -507,10 +507,10 @@ # description test_og_network_replace # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 -# network-object 192.0.3.0 255.255.255.0 +# network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 # After state: # ------------- @@ -518,12 +518,12 @@ # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_replace -# network-object host 192.0.3.1 -# network-object 192.0.3.0 255.255.255.0 +# network-object host 198.51.100.1 +# network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -558,8 +558,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -586,9 +586,9 @@ description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - name: ANSIBLE_TEST network_object: object: @@ -619,10 +619,10 @@ # description test_og_network_override # no network-object 192.0.2.0 255.255.255.0 # no network-object 198.51.100.0 255.255.255.0 -# network-object 192.0.3.0 255.255.255.0 +# network-object 198.51.100.0 255.255.255.0 # no network-object host 192.0.2.1 # no network-object host 192.0.2.2 -# network-object host 192.0.3.1 +# network-object host 198.51.100.1 # no object-group network test_network_og # object-group network ANSIBLE_TEST # network-object object TEST1 @@ -634,8 +634,8 @@ # ciscoasa# sh running-config object-group # object-group network test_og_network # description test_og_network_override -# network-object host 192.0.3.1 -# network-object 192.0.3.0 255.255.255.0 +# network-object host 198.51.100.1 +# network-object 198.51.100.0 255.255.255.0 # object-group network ANSIBLE_TEST # network-object object TEST1 # network-object object TEST2 @@ -657,8 +657,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -725,8 +725,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -770,8 +770,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -818,8 +818,8 @@ # "name": "test_network_og", # "network_object": { # "host": [ -# "192.0.3.1", -# "192.0.3.2" +# "198.51.100.1", +# "198.51.100.2" # ], # "ipv6_address": [ # "2001:db8:3::/64" @@ -878,8 +878,8 @@ # network-object 198.51.100.0 255.255.255.0 # object-group network test_network_og # description test_network_og -# network-object host 192.0.3.1 -# network-object host 192.0.3.2 +# network-object host 198.51.100.1 +# network-object host 198.51.100.2 # network-object 2001:db8:0:3::/64 # group-object test_og_network # object-group security test_og_security @@ -911,8 +911,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -956,8 +956,8 @@ # "network-object host 192.0.2.2", # "object-group network test_network_og", # "description test_network_og", -# "network-object host 192.0.3.1", -# "network-object host 192.0.3.2", +# "network-object host 198.51.100.1", +# "network-object host 198.51.100.2", # "network-object 2001:db8:3::/64", # "object-group user test_og_user", # "description test_user", diff --git a/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg b/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg index 82c5e778..7d909c71 100644 --- a/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg +++ b/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg @@ -1,5 +1,5 @@ access-list test_access; 2 elements; name hash: 0xaf1b712e -access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive diff --git a/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml b/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml index dafe55db..594b1721 100644 --- a/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml @@ -14,7 +14,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml b/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml index 74e21f61..1710c9e7 100644 --- a/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml @@ -15,7 +15,7 @@ - name: test_network_og network_object: host: - - 192.0.3.1 + - 198.51.100.1 ipv6_address: - 2001:db8:3::/64 state: merged diff --git a/tests/integration/targets/asa_acls/tests/cli/merged.yaml b/tests/integration/targets/asa_acls/tests/cli/merged.yaml index cf443df0..db3a4913 100644 --- a/tests/integration/targets/asa_acls/tests/cli/merged.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/merged.yaml @@ -24,7 +24,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/tests/cli/rendered.yaml b/tests/integration/targets/asa_acls/tests/cli/rendered.yaml index 62e1c255..5f3b05cb 100644 --- a/tests/integration/targets/asa_acls/tests/cli/rendered.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/rendered.yaml @@ -21,7 +21,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/tests/cli/replaced.yaml b/tests/integration/targets/asa_acls/tests/cli/replaced.yaml index 85e7d2dc..b437d2d2 100644 --- a/tests/integration/targets/asa_acls/tests/cli/replaced.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/replaced.yaml @@ -23,7 +23,7 @@ protocol_options: tcp: true source: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 destination: address: 192.0.4.0 diff --git a/tests/integration/targets/asa_acls/tests/cli/rtt.yaml b/tests/integration/targets/asa_acls/tests/cli/rtt.yaml index 1c77c281..bee557e0 100644 --- a/tests/integration/targets/asa_acls/tests/cli/rtt.yaml +++ b/tests/integration/targets/asa_acls/tests/cli/rtt.yaml @@ -25,7 +25,7 @@ address: 192.0.2.0 netmask: 255.255.255.0 destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www diff --git a/tests/integration/targets/asa_acls/vars/main.yaml b/tests/integration/targets/asa_acls/vars/main.yaml index 281cb8d6..77432818 100644 --- a/tests/integration/targets/asa_acls/vars/main.yaml +++ b/tests/integration/targets/asa_acls/vars/main.yaml @@ -3,16 +3,16 @@ deleted: commands: - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default delete_all: commands: - no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default merged: commands: - - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default - access-list test_access line 2 extended deny icmp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 alternate-address log errors - access-list test_access line 3 extended deny tcp host 198.51.110.0 any eq www log default - access-list test_access line 4 extended deny tcp object-group test_og_network object-group test_network_og eq www log default @@ -23,8 +23,8 @@ replaced: commands: - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default - - access-list test_access line 1 extended deny tcp 192.0.3.0 255.255.255.0 192.0.4.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 198.51.100.0 255.255.255.0 192.0.4.0 255.255.255.0 eq www log default - access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default - access-list test_global_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www overridden: @@ -32,7 +32,7 @@ overridden: - no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive - no access-list test_global_access line 1 extended deny tcp any any eq www log errors - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default - access-list test_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www - access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default gathered: @@ -40,7 +40,7 @@ gathered: acls: - aces: - destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -104,7 +104,7 @@ parsed: acls: - aces: - destination: - address: 192.0.3.0 + address: 198.51.100.0 netmask: 255.255.255.0 port_protocol: eq: www @@ -152,7 +152,7 @@ rtt: commands: - no access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default - no access-list test_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www - - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors - access-list test_global_access line 1 extended deny tcp any any eq www log errors - access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive diff --git a/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml b/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml index ec02e549..89e3e569 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml @@ -12,13 +12,13 @@ - 192.0.2.2 address: - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 + - 203.0.113.0 255.255.255.0 - name: test_network_og description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml b/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml index d37fcbae..c2ad2aa9 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml @@ -23,7 +23,7 @@ description: test_network_og network_object: host: - - 192.0.3.1 + - 198.51.100.1 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/merged.yaml b/tests/integration/targets/asa_ogs/tests/cli/merged.yaml index c2ba8d63..beb1ff19 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/merged.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/merged.yaml @@ -25,8 +25,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml b/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml index 9b10c1ed..018e577a 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml @@ -18,9 +18,9 @@ description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol diff --git a/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml b/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml index ec74691d..a0a2c5ad 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml @@ -24,8 +24,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml b/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml index 91e25a55..adc223e3 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml @@ -18,9 +18,9 @@ description: test_og_network_replace network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol diff --git a/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml b/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml index f3b99ea5..7fbfa6b9 100644 --- a/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml +++ b/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml @@ -20,13 +20,13 @@ - 192.0.2.2 address: - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 + - 203.0.113.0 255.255.255.0 - name: test_network_og description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security @@ -70,9 +70,9 @@ description: test_og_network_override network_object: host: - - 192.0.3.1 + - 198.51.100.1 address: - - 192.0.3.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 - object_type: protocol object_groups: - name: test_og_protocol diff --git a/tests/integration/targets/asa_ogs/vars/main.yaml b/tests/integration/targets/asa_ogs/vars/main.yaml index b5a8e30f..dad48fef 100644 --- a/tests/integration/targets/asa_ogs/vars/main.yaml +++ b/tests/integration/targets/asa_ogs/vars/main.yaml @@ -25,8 +25,8 @@ merged: - network-object host 192.0.2.2 - object-group network test_network_og - description test_network_og - - network-object host 192.0.3.1 - - network-object host 192.0.3.2 + - network-object host 198.51.100.1 + - network-object host 198.51.100.2 - network-object 2001:db8:3::/64 - object-group user test_og_user - description test_user @@ -41,11 +41,11 @@ replaced: - object-group network test_og_network - description test_og_network_replace - no network-object 192.0.2.0 255.255.255.0 - - no network-object 198.51.100.0 255.255.255.0 - - network-object 192.0.3.0 255.255.255.0 + - no network-object 203.0.113.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 - no network-object host 192.0.2.1 - no network-object host 192.0.2.2 - - network-object host 192.0.3.1 + - network-object host 198.51.100.1 overridden: commands: - no object-group security test_og_security @@ -57,11 +57,11 @@ overridden: - object-group network test_og_network - description test_og_network_override - no network-object 192.0.2.0 255.255.255.0 - - no network-object 198.51.100.0 255.255.255.0 - - network-object 192.0.3.0 255.255.255.0 + - no network-object 203.0.113.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 - no network-object host 192.0.2.1 - no network-object host 192.0.2.2 - - network-object host 192.0.3.1 + - network-object host 198.51.100.1 - no object-group network test_network_og gathered: config: @@ -70,7 +70,7 @@ gathered: name: test_network_og network_object: host: - - 192.0.3.1 + - 198.51.100.1 ipv6_address: - 2001:db8:3::/64 - description: test_og_network @@ -131,16 +131,16 @@ rtt: - security-group tag 20 - object-group network test_og_network - description test_og_network - - no network-object 192.0.3.0 255.255.255.0 + - no network-object 198.51.100.0 255.255.255.0 - network-object 192.0.2.0 255.255.255.0 - - network-object 198.51.100.0 255.255.255.0 - - no network-object host 192.0.3.1 + - network-object 203.0.113.0 255.255.255.0 + - no network-object host 198.51.100.1 - network-object host 192.0.2.1 - network-object host 192.0.2.2 - object-group network test_network_og - description test_network_og - - network-object host 192.0.3.1 - - network-object host 192.0.3.2 + - network-object host 198.51.100.1 + - network-object host 198.51.100.2 - network-object 2001:db8:3::/64 - object-group user test_og_user - description test_user diff --git a/tests/integration/targets/asa_smoke/tests/caching.yaml b/tests/integration/targets/asa_smoke/tests/caching.yaml index a2f91807..97f94943 100644 --- a/tests/integration/targets/asa_smoke/tests/caching.yaml +++ b/tests/integration/targets/asa_smoke/tests/caching.yaml @@ -19,8 +19,8 @@ - network-object host 192.0.2.2 - object-group network test_network_og - description test_network_og - - network-object host 192.0.3.1 - - network-object host 192.0.3.2 + - network-object host 198.51.100.1 + - network-object host 198.51.100.2 - network-object 2001:db8:3::/64 - object-group user test_og_user - description test_user @@ -50,8 +50,8 @@ description: test_network_og network_object: host: - - 192.0.3.1 - - 192.0.3.2 + - 198.51.100.1 + - 198.51.100.2 ipv6_address: - 2001:db8:3::/64 - object_type: security diff --git a/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg b/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg index 7a0fb66c..43812860 100644 --- a/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg +++ b/tests/unit/modules/network/asa/fixtures/asa_acls_config.cfg @@ -4,7 +4,7 @@ access-list test_global_access; 1 elements; name hash: 0xaa83124c access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b -access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e +access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c diff --git a/tests/unit/modules/network/asa/test_asa_acls.py b/tests/unit/modules/network/asa/test_asa_acls.py index 30195225..31aea5d6 100644 --- a/tests/unit/modules/network/asa/test_asa_acls.py +++ b/tests/unit/modules/network/asa/test_asa_acls.py @@ -179,7 +179,7 @@ def test_asa_acls_merged_idempotent(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), @@ -370,7 +370,7 @@ def test_asa_acls_replaced(self): "no access-list ansible_test line 1 remark HostA", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", - "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", + "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default", "access-list test_access line 1 extended deny igrp 198.51.101.0 255.255.255.0 198.51.102.0 255.255.255.0 log default time-range temp", "access-list ansible_test line 1 remark HostA0", ] @@ -419,7 +419,7 @@ def test_asa_acls_replaced_idempotent(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), @@ -598,7 +598,7 @@ def test_asa_acls_overridden(self): "no access-list ansible_test line 1 remark HostA", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", - "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", + "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default", "no access-list management_in line 3 extended permit ip any4 host 192.0.2.1", "no access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389", "no access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100", @@ -652,7 +652,7 @@ def test_asa_acls_overridden_idempotent(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), @@ -820,7 +820,7 @@ def test_asa_acls_deleted_all(self): "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", - "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", + "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default", "no access-list management_in line 3 extended permit ip any4 host 192.0.2.1", "no access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389", "no access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100", @@ -843,7 +843,7 @@ def test_asa_acls_rendered(self): aces=[ dict( destination=dict( - address="192.0.3.0", + address="198.51.100.0", netmask="255.255.255.0", ), grant="deny", @@ -864,7 +864,7 @@ def test_asa_acls_rendered(self): ), ) commands = [ - "access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 log default", + "access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 log default", ] result = self.execute_module(changed=False) self.assertEqual(result["rendered"], commands) diff --git a/tests/unit/modules/network/asa/test_asa_ogs.py b/tests/unit/modules/network/asa/test_asa_ogs.py index 15c03fc1..83d2a9c0 100644 --- a/tests/unit/modules/network/asa/test_asa_ogs.py +++ b/tests/unit/modules/network/asa/test_asa_ogs.py @@ -96,7 +96,7 @@ def test_asa_ogs_merged(self): name="test_network_og", description="test network og", network_object=dict( - host=["192.0.3.1", "192.0.3.2"], + host=["198.51.100.1", "198.51.100.2"], ipv6_address=["2001:db8:0:3::/64"], ), ), @@ -181,8 +181,8 @@ def test_asa_ogs_merged(self): "group-object test_network_og", "object-group network test_network_og", "description test network og", - "network-object host 192.0.3.1", - "network-object host 192.0.3.2", + "network-object host 198.51.100.1", + "network-object host 198.51.100.2", "network-object 2001:db8:0:3::/64", "object-group network ANSIBLE_TEST", "network-object object NEW_TEST", @@ -319,8 +319,8 @@ def test_asa_ogs_replaced(self): name="test_og_network", description="test_og_network_replace", network_object=dict( - host=["192.0.3.1"], - address=["192.0.3.0 255.255.255.0"], + host=["198.51.100.1"], + address=["198.51.100.0 255.255.255.0"], ), ), ], @@ -335,10 +335,10 @@ def test_asa_ogs_replaced(self): "object-group network test_og_network", "description test_og_network_replace", "no network-object 192.0.2.0 255.255.255.0", - "network-object 192.0.3.0 255.255.255.0", + "network-object 198.51.100.0 255.255.255.0", "no network-object host 192.0.2.1", "no network-object host 2001:db8::1", - "network-object host 192.0.3.1", + "network-object host 198.51.100.1", ] self.assertEqual(sorted(result["commands"]), sorted(commands)) @@ -459,8 +459,8 @@ def test_asa_ogs_overridden(self): name="test_og_network", description="test_og_network_override", network_object=dict( - host=["192.0.3.1"], - address=["192.0.3.0 255.255.255.0"], + host=["198.51.100.1"], + address=["198.51.100.0 255.255.255.0"], ), ), ], @@ -481,10 +481,10 @@ def test_asa_ogs_overridden(self): "object-group network test_og_network", "description test_og_network_override", "no network-object 192.0.2.0 255.255.255.0", - "network-object 192.0.3.0 255.255.255.0", + "network-object 198.51.100.0 255.255.255.0", "no network-object host 192.0.2.1", "no network-object host 2001:db8::1", - "network-object host 192.0.3.1", + "network-object host 198.51.100.1", "no object-group network ANSIBLE_TEST", "no object-group network bug_test_obj", "no object-group user group_user_obj", From e69e507a9e108bd67c5858be880004cb3c9c9a78 Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Tue, 26 Sep 2023 14:45:43 +0530 Subject: [PATCH 05/36] Fix python3-Cython dependency (#212) * fix sanity pep8 Signed-off-by: rohitthakur2590 * fix sanity Signed-off-by: rohitthakur2590 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: rohitthakur2590 Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .github/workflows/test.yml | 2 +- bindep.txt | 4 +--- changelogs/fragments/bindep_fix.yaml | 3 +++ galaxy.yml | 2 +- plugins/module_utils/network/asa/utils/utils.py | 2 +- tests/sanity/ignore-2.17.txt | 1 + tests/unit/mock/loader.py | 2 +- 7 files changed, 9 insertions(+), 7 deletions(-) create mode 100644 changelogs/fragments/bindep_fix.yaml create mode 100644 tests/sanity/ignore-2.17.txt diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 8d6d4ed6..e77967b3 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,7 +5,7 @@ concurrency: group: ${{ github.head_ref }} cancel-in-progress: true -on: # yamllint disable-line rule:truthy +on: # yamllint disable-line rule:truthy pull_request: branches: [main] workflow_dispatch: diff --git a/bindep.txt b/bindep.txt index d2aad375..eec29ecd 100644 --- a/bindep.txt +++ b/bindep.txt @@ -2,11 +2,9 @@ # see https://docs.openstack.org/infra/bindep/ for additional information. gcc-c++ [doc test platform:rpm] -python3-devel [test platform:rpm] -python3 [test platform:rpm] # ansible-pylibssh gcc [compile test platform:rpm] libssh-devel [compile test platform:rpm] python3-Cython [test platform:fedora-35] -python38-Cython [compile platform:centos-8 platform:rhel-8] +python3-Cython [compile platform:centos-8 platform:rhel-8] diff --git a/changelogs/fragments/bindep_fix.yaml b/changelogs/fragments/bindep_fix.yaml new file mode 100644 index 00000000..0b7be9eb --- /dev/null +++ b/changelogs/fragments/bindep_fix.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Fix 'python3-Cython' dependency in bindep.txt. diff --git a/galaxy.yml b/galaxy.yml index 96d0a7fe..648e3611 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 4.0.1 +version: 4.0.2-dev diff --git a/plugins/module_utils/network/asa/utils/utils.py b/plugins/module_utils/network/asa/utils/utils.py index c5399db0..89fcd4ef 100644 --- a/plugins/module_utils/network/asa/utils/utils.py +++ b/plugins/module_utils/network/asa/utils/utils.py @@ -70,7 +70,7 @@ def new_dict_to_set(input_dict, temp_list, test_set, count=0): temp_list.append(k) for each in v: if isinstance(each, dict): - if [True for i in each.values() if type(i) == list]: + if [True for i in each.values() if isinstance(i, list)]: new_dict_to_set(each, temp_list, test_set, count) else: new_dict_to_set(each, temp_list, test_set, 0) diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt new file mode 100644 index 00000000..3d2a4f58 --- /dev/null +++ b/tests/sanity/ignore-2.17.txt @@ -0,0 +1 @@ +plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` diff --git a/tests/unit/mock/loader.py b/tests/unit/mock/loader.py index e707365f..195746ad 100644 --- a/tests/unit/mock/loader.py +++ b/tests/unit/mock/loader.py @@ -31,7 +31,7 @@ class DictDataLoader(DataLoader): def __init__(self, file_mapping=None): file_mapping = {} if file_mapping is None else file_mapping - assert type(file_mapping) == dict + assert isinstance(file_mapping, dict) super(DictDataLoader, self).__init__() From 4c10d22a4970fafe1376ddf5377ba7b4813ac15e Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Wed, 27 Sep 2023 22:32:07 +0530 Subject: [PATCH 06/36] Prepare release 4.0.2 (#214) * Prepare release 4.0.2 Signed-off-by: rohitthakur2590 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: rohitthakur2590 Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- CHANGELOG.rst | 50 +++++++++++----------------- changelogs/changelog.yaml | 37 ++++++++++---------- changelogs/fragments/bindep_fix.yaml | 3 -- changelogs/fragments/test-net-2.yaml | 3 -- galaxy.yml | 2 +- 5 files changed, 41 insertions(+), 54 deletions(-) delete mode 100644 changelogs/fragments/bindep_fix.yaml delete mode 100644 changelogs/fragments/test-net-2.yaml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index c7c81dd0..9ec27bac 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,31 +5,33 @@ Cisco Asa Collection Release Notes .. contents:: Topics -v4.0.1 +v4.0.2 ====== -Release Summary ---------------- +Documentation Changes +--------------------- -- Release with bugfix fixing the import path coming from `utils` and `netcommon` lib. +- Replace all references to non-example address ranges in module documentation and tests. -v4.0.0 +v4.0.1 ====== Release Summary --------------- -- Releasing 4.0.0 with deprecated older modules removed and GH actions enabled for sanity and unit test over the repo. -- This release drops support for `connection: local` and provider dictionary. +Release with bugfix fixing the import path coming from utils and netcommon lib. + +v4.0.0 +====== Major Changes ------------- - Please use either of the following connection types - network_cli, httpapi or netconf. +- This includes the following modules: - This release drops support for `connection: local` and provider dictionary. -- Use of connection: local and the provider option are no longer valid on any modules in this collection. - This release removes all deprecated plugins that have reached their end-of-life. -- This includes the following modules: +- Use of connection: local and the provider option are no longer valid on any modules in this collection. - asa_acl - asa_og @@ -39,7 +41,7 @@ v3.1.0 Release Summary --------------- -- Releasing 3.1.0 with bugfix. +Releasing 3.1.0 with bugfix. Bugfixes -------- @@ -60,7 +62,7 @@ Major Changes Bugfixes -------- -- Fixes asa_ogs services object and port object issue +- Fixes asa_ogs services object and port object issue ((https://github.com/ansible-collections/cisco.asa/issues/152). v2.1.0 ====== @@ -68,7 +70,7 @@ v2.1.0 Release Summary --------------- -- Releasing 2.1.0 with updated readme with changelog link, minor change, and bugfix. +Releasing 2.1.0 with updated readme with changelog link, minor change, and bugfix. Minor Changes ------------- @@ -100,8 +102,8 @@ v2.0.2 Bugfixes -------- -- To fix asa_acls where ipv6 with host wasn't getting rendered as expected and facts was skipping (https://github.com/ansible-collections/cisco.asa/issues/105). -- To fix Cisco ASA network_object object config which wasn't working as expected. (https://github.com/ansible-collections/cisco.asa/issues/99). +- To fix Cisco ASA network_object object config which wasn't working as expected. +- To fix asa_acls where ipv6 with host wasn't getting rendered as expected and facts was skipping. v2.0.1 ====== @@ -109,8 +111,8 @@ v2.0.1 Minor Changes ------------- -- Remove tests/sanity/requirements.txt (https://github.com/ansible-collections/cisco.asa/pull/94). - Add ignore-2.12.txt (https://github.com/ansible-collections/cisco.asa/pull/102). +- Remove tests/sanity/requirements.txt (https://github.com/ansible-collections/cisco.asa/pull/94). Bugfixes -------- @@ -124,8 +126,8 @@ v2.0.0 Major Changes ------------- -- Requires ansible.netcommon v2.0.0+ to support `ansible_network_single_user_mode` and `ansible_network_import_modules`. - Please refer to ansible.netcommon `changelog ` for more details. +- Requires ansible.netcommon v2.0.0+ to support `ansible_network_single_user_mode` and `ansible_network_import_modules`. Minor Changes ------------- @@ -140,26 +142,16 @@ Bugfixes v1.0.4 ====== -Release Summary ---------------- - -- Releasing 1.0.4 with updated readme with changelog link, galaxy description, and bugfix. - Bugfixes -------- -- Update asa acls RM to use newer RM design approach and addeed support for any4/any6 feature (https://github.com/ansible-collections/cisco.asa/pull/64). - Add version key to galaxy.yaml to work around ansible-galaxy bug - To fix ASA OGs module where delete by name was not resulting to an expected behaviour (https://github.com/ansible-collections/cisco.asa/pull/77). +- Update asa acls RM to use newer RM design approach and addeed support for any4/any6 feature (https://github.com/ansible-collections/cisco.asa/pull/64). v1.0.3 ====== -Release Summary ---------------- - -- Releasing 1.0.3 with updated readme with changelog link, galaxy description, and bugfix. - Bugfixes -------- @@ -171,7 +163,7 @@ v1.0.2 Release Summary --------------- -- Re-releasing 1.0.1 with updated changelog. +Re-releasing 1.0.1 with updated changelog. v1.0.1 ====== @@ -201,10 +193,8 @@ Cliconf New Modules ----------- -- asa_acl - (deprecated, removed after 2022-06-01) Manage access-lists on a Cisco ASA - asa_acls - Access-Lists resource module - asa_command - Run arbitrary commands on Cisco ASA devices - asa_config - Manage configuration sections on Cisco ASA devices - asa_facts - Collect facts from remote devices running Cisco ASA -- asa_og - (deprecated, removed after 2022-06-01) Manage object groups on a Cisco ASA - asa_ogs - Object Group resource module diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index f77c9eb0..f8219211 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -2,11 +2,6 @@ ancestor: null releases: 1.0.0: modules: - - description: - (deprecated, removed after 2022-06-01) Manage access-lists on a - Cisco ASA - name: asa_acl - namespace: "" - description: Access-Lists resource module name: asa_acls namespace: "" @@ -19,11 +14,6 @@ releases: - description: Collect facts from remote devices running Cisco ASA name: asa_facts namespace: "" - - description: - (deprecated, removed after 2022-06-01) Manage object groups on - a Cisco ASA - name: asa_og - namespace: "" - description: Object Group resource module name: asa_ogs namespace: "" @@ -42,8 +32,8 @@ releases: - Removes Cisco ASA sanity ignores and sync for argspec and docstring (https://github.com/ansible-collections/cisco.asa/pull/59). - Updated docs. fragments: - - 48-add-change-log-1.0.0.yaml - 1.1.0_update_docs.yaml + - 48-add-change-log-1.0.0.yaml - fix_config_module_src_backup.yaml - remove_asa_ignore.yaml release_date: "2020-08-03" @@ -71,8 +61,8 @@ releases: any4/any6 feature (https://github.com/ansible-collections/cisco.asa/pull/64). fragments: - 56_acl_any4_ay6_feature_update_use_rm_approach.yaml - - galaxy-version.yaml - 76_asa_og_state_delete_not_working_as_expected.yaml + - galaxy-version.yaml release_date: "2020-11-26" 2.0.0: changes: @@ -135,13 +125,15 @@ releases: release_date: "2021-08-31" 2.1.0: changes: - release_summary: Releasing 2.1.0 with updated readme with changelog link, minor change, and bugfix. bugfixes: - Fixes asa_acls to add the support for service object group under destination option ((https://github.com/ansible-collections/cisco.asa/issues/100). minor_changes: - Fixes asa_ogs service object where complete params were not supported and added with the PR ((https://github.com/ansible-collections/cisco.asa/issues/100). + release_summary: + Releasing 2.1.0 with updated readme with changelog link, minor + change, and bugfix. fragments: - 0-copy_ignore_txt.yml - 100_fix_asa_ogs_services_object_param.yaml @@ -159,12 +151,12 @@ releases: release_date: "2022-05-05" 3.1.0: changes: - release_summary: Releasing 3.1.0 with bugfix. bugfixes: - Fix service-object port range rendering - Fixes asa_ogs port object range issue and duplicate service cmd (https://github.com/ansible-collections/cisco.asa/issues/165, https://github.com/ansible-collections/cisco.asa/issues/166). - Unit TC for svc src/dst port range + release_summary: Releasing 3.1.0 with bugfix. fragments: - fix_asa_ogs_bug_165_166.yaml release_date: "2022-06-28" @@ -173,11 +165,11 @@ releases: major_changes: - Please use either of the following connection types - network_cli, httpapi or netconf. + - "This includes the following modules:" - "This release drops support for `connection: local` and provider dictionary." + - This release removes all deprecated plugins that have reached their end-of-life. - "Use of connection: local and the provider option are no longer valid on any modules in this collection." - - This release removes all deprecated plugins that have reached their end-of-life. - - "This includes the following modules:" - asa_acl - asa_og fragments: @@ -187,10 +179,21 @@ releases: release_date: "2022-10-13" 4.0.1: changes: - release_summary: Release with bugfix fixing the import path coming from utils and netcommon lib. + release_summary: + Release with bugfix fixing the import path coming from utils + and netcommon lib. fragments: - cleanup.yaml - pre-commit.yaml - rm_base.yaml - rm_base_plus.yaml release_date: "2023-06-13" + 4.0.2: + changes: + doc_changes: + - Replace all references to non-example address ranges in module documentation + and tests. + fragments: + - bindep_fix.yaml + - test-net-2.yaml + release_date: "2023-09-27" diff --git a/changelogs/fragments/bindep_fix.yaml b/changelogs/fragments/bindep_fix.yaml deleted file mode 100644 index 0b7be9eb..00000000 --- a/changelogs/fragments/bindep_fix.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Fix 'python3-Cython' dependency in bindep.txt. diff --git a/changelogs/fragments/test-net-2.yaml b/changelogs/fragments/test-net-2.yaml deleted file mode 100644 index f0a5a23a..00000000 --- a/changelogs/fragments/test-net-2.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -doc_changes: - - Replace all references to non-example address ranges in module documentation and tests. diff --git a/galaxy.yml b/galaxy.yml index 648e3611..e05f2576 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 4.0.2-dev +version: 4.0.2 From 18d309303f92076c8e750feacccbdd4bff6c4973 Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Mon, 30 Oct 2023 17:47:20 +0530 Subject: [PATCH 07/36] Maintenance, workflow and lint changes (#215) * Maintenance, workfloe and lint changes Signed-off-by: rohitthakur2590 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: rohitthakur2590 Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .github/CODEOWNERS | 0 .github/dependabot.yml | 9 +++++++ .github/release-drafter.yml | 3 +++ .github/workflows/ack.yml | 15 +++++++++++ .github/workflows/codecoverage.yml | 15 +++++++++++ .github/workflows/lint.yml | 12 +++++++++ .github/workflows/push.yml | 27 +++++++++++++++++++ .github/workflows/release.yml | 14 ++++++++++ .github/workflows/{test.yml => tests.yml} | 19 ++++++------- .gitignore | 7 +++++ .pre-commit-config.yaml | 12 ++++++--- .../network/asa/rm_templates/ogs.py | 4 +-- 12 files changed, 122 insertions(+), 15 deletions(-) create mode 100644 .github/CODEOWNERS create mode 100644 .github/dependabot.yml create mode 100644 .github/release-drafter.yml create mode 100644 .github/workflows/ack.yml create mode 100644 .github/workflows/codecoverage.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/push.yml create mode 100644 .github/workflows/release.yml rename .github/workflows/{test.yml => tests.yml} (77%) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 00000000..e69de29b diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..5b32d4c1 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,9 @@ +--- +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: daily + labels: + - "skip-changelog" diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 00000000..e3e5966e --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,3 @@ +--- +# see https://github.com/ansible-community/devtools +_extends: ansible-community/devtools diff --git a/.github/workflows/ack.yml b/.github/workflows/ack.yml new file mode 100644 index 00000000..fda595dc --- /dev/null +++ b/.github/workflows/ack.yml @@ -0,0 +1,15 @@ +--- +# See https://github.com/ansible-community/devtools/blob/main/.github/workflows/ack.yml +name: ack + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +on: # yamllint disable-line rule:truthy + pull_request_target: + types: [opened, labeled, unlabeled, synchronize] + +jobs: + ack: + uses: ansible/devtools/.github/workflows/ack.yml@main diff --git a/.github/workflows/codecoverage.yml b/.github/workflows/codecoverage.yml new file mode 100644 index 00000000..c2a7ad60 --- /dev/null +++ b/.github/workflows/codecoverage.yml @@ -0,0 +1,15 @@ +--- +name: code_coverage + +on: # yamllint disable-line rule:truthy + push: + pull_request: + branches: [ main ] + +jobs: + codecoverage: + uses: ansible-network/github_actions/.github/workflows/coverage_network_devices.yml@main + with: + collection_pre_install: >- + git+https://github.com/ansible-collections/ansible.utils.git + git+https://github.com/ansible-collections/ansible.netcommon.git diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..853e4b69 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,12 @@ +--- +name: ansible-lint +on: # yamllint disable-line rule:truthy + pull_request: + branches: ["main"] +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 00000000..e82df35c --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,27 @@ +--- +# push workflow is shared and expected to perform actions after a merge happens +# on a maintenance branch (default or release). For example updating the +# draft release-notes. +# based on great work from +# https://github.com/T-Systems-MMS/ansible-collection-icinga-director +name: push + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true + +on: # yamllint disable-line rule:truthy + workflow_dispatch: + +env: + NAMESPACE: cisco + COLLECTION_NAME: asa + ANSIBLE_COLLECTIONS_PATHS: ./ + +jobs: + update_release_draft: + uses: ansible/devtools/.github/workflows/push_network.yml@main + with: + repo: ansible-collections/cisco.asa + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 00000000..eb04259d --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,14 @@ +--- +name: release +on: # yamllint disable-line rule:truthy + release: + types: [published] + +jobs: + release: + uses: ansible/devtools/.github/workflows/release_collection.yml@main + with: + environment: release + secrets: + ah_token: ${{ secrets.AH_TOKEN }} + ansible_galaxy_api_key: ${{ secrets.ANSIBLE_GALAXY_API_KEY }} diff --git a/.github/workflows/test.yml b/.github/workflows/tests.yml similarity index 77% rename from .github/workflows/test.yml rename to .github/workflows/tests.yml index e77967b3..0fb4cc0c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/tests.yml @@ -1,20 +1,22 @@ --- -name: Test collection +name: test_collection concurrency: - group: ${{ github.head_ref }} + group: ${{ github.head_ref || github.run_id }} cancel-in-progress: true on: # yamllint disable-line rule:truthy pull_request: branches: [main] workflow_dispatch: + schedule: + - cron: '0 0 * * *' + jobs: - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main changelog: uses: ansible-network/github_actions/.github/workflows/changelog.yml@main + if: github.event_name != 'schedule' sanity: uses: ansible-network/github_actions/.github/workflows/sanity.yml@main unit-galaxy: @@ -26,9 +28,8 @@ jobs: git+https://github.com/ansible-collections/ansible.utils.git git+https://github.com/ansible-collections/ansible.netcommon.git all_green: - if: ${{ always() }} + if: ${{ always() && (github.event_name != 'schedule') }} needs: - - ansible-lint - changelog - sanity - unit-galaxy @@ -36,10 +37,10 @@ jobs: runs-on: ubuntu-latest steps: - run: >- - python -c "assert set([ - '${{ needs.ansible-lint.result }}', + python -c "assert 'failure' not in + set([ '${{ needs.changelog.result }}', '${{ needs.sanity.result }}', '${{ needs.unit-galaxy.result }}', '${{ needs.unit-source.result }}' - ]) == {'success'}" + ])" diff --git a/.gitignore b/.gitignore index 894a44cc..45d94ba4 100644 --- a/.gitignore +++ b/.gitignore @@ -102,3 +102,10 @@ venv.bak/ # mypy .mypy_cache/ + +# ide +*.code-workspace +.vscode/ +.DS_Store + +changelogs/.plugin-cache.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index bf907dc4..8fdbd4b3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -3,7 +3,7 @@ repos: - repo: https://github.com/ansible-network/collection_prep rev: 1.1.1 hooks: - - id: autoversion + # - id: autoversion # removed as being handled by GHA push and release drafter - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks @@ -18,14 +18,17 @@ repos: - id: trailing-whitespace - repo: https://github.com/asottile/add-trailing-comma - rev: v2.5.1 + rev: v3.1.0 hooks: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v3.0.0-alpha.9-for-vscode" + rev: "v3.0.3" hooks: - id: prettier + entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" + pass_filenames: false + args: [] additional_dependencies: - prettier - prettier-plugin-toml @@ -35,8 +38,9 @@ repos: hooks: - id: isort name: Sort import statements using isort + args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.3.0 + rev: 23.9.1 hooks: - id: black diff --git a/plugins/module_utils/network/asa/rm_templates/ogs.py b/plugins/module_utils/network/asa/rm_templates/ogs.py index 26a03247..d79d3dd1 100644 --- a/plugins/module_utils/network/asa/rm_templates/ogs.py +++ b/plugins/module_utils/network/asa/rm_templates/ogs.py @@ -93,7 +93,7 @@ def _tmplt_services_object(config_data): if config_data["services_object"].get("source_port"): if config_data["services_object"]["source_port"].get("range"): cmd += " source range {start} {end}".format( - **config_data["services_object"]["source_port"]["range"] + **config_data["services_object"]["source_port"]["range"], ) else: key = list(config_data["services_object"]["source_port"])[0] @@ -104,7 +104,7 @@ def _tmplt_services_object(config_data): if config_data["services_object"].get("destination_port"): if config_data["services_object"]["destination_port"].get("range"): cmd += " destination range {start} {end}".format( - **config_data["services_object"]["destination_port"]["range"] + **config_data["services_object"]["destination_port"]["range"], ) else: key = list(config_data["services_object"]["destination_port"])[0] From 6f6a9a1e55c86f60039a6a3fc697f4b8fb3bfaec Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Tue, 31 Oct 2023 15:02:11 +0530 Subject: [PATCH 08/36] Ansible-lint error fixtures (#216) Signed-off-by: rohitthakur2590 --- changelogs/fragments/lint_fixtures.yaml | 3 + docs/cisco.asa.asa_acls_module.rst | 278 +++++++++++------------ docs/cisco.asa.asa_command_module.rst | 10 +- docs/cisco.asa.asa_config_module.rst | 40 ++-- docs/cisco.asa.asa_facts_module.rst | 4 +- docs/cisco.asa.asa_ogs_module.rst | 128 +++++------ plugins/modules/asa_acls.py | 279 ++++++++++++------------ plugins/modules/asa_command.py | 10 +- plugins/modules/asa_config.py | 40 ++-- plugins/modules/asa_facts.py | 4 +- plugins/modules/asa_ogs.py | 129 ++++++----- 11 files changed, 463 insertions(+), 462 deletions(-) create mode 100644 changelogs/fragments/lint_fixtures.yaml diff --git a/changelogs/fragments/lint_fixtures.yaml b/changelogs/fragments/lint_fixtures.yaml new file mode 100644 index 00000000..d55abedd --- /dev/null +++ b/changelogs/fragments/lint_fixtures.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Fix ansible-lint errors. diff --git a/docs/cisco.asa.asa_acls_module.rst b/docs/cisco.asa.asa_acls_module.rst index d991daa6..8fb386c7 100644 --- a/docs/cisco.asa.asa_acls_module.rst +++ b/docs/cisco.asa.asa_acls_module.rst @@ -2416,85 +2416,85 @@ Examples - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 198.51.100.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp - - grant: deny - line: 3 - protocol_options: - tcp: true - source: - interface: management - destination: - interface: management - port_protocol: - eq: www - log: warnings - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - object_group: test_og_network - destination: - object_group: test_network_og - port_protocol: - eq: www - log: default + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp + - grant: deny + line: 3 + protocol_options: + tcp: true + source: + interface: management + destination: + interface: management + port_protocol: + eq: www + log: warnings + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default - name: global_access acl_type: extended aces: - - line: 3 - remark: test global access - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - any: true - destination: - any: true - port_protocol: - eq: www - log: errors + - line: 3 + remark: test global access + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors - name: R1_traffic aces: - - line: 1 - remark: test_v6_acls - - grant: deny - line: 2 - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - line: 1 + remark: test_v6_acls + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: merged # Commands fired: @@ -2617,20 +2617,20 @@ Examples - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: replaced # Commands fired: @@ -2695,20 +2695,20 @@ Examples - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: overridden # Commands fired: @@ -2789,7 +2789,7 @@ Examples # inactive (hitcnt=0) (inactive) 0xe922b432 # Using Deleted without any config passed - #"(NOTE: This will delete all of configured resource module attributes)" + # "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -3011,44 +3011,44 @@ Examples - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 198.51.100.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp - name: R1_traffic aces: - - grant: deny - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - grant: deny + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: rendered # Module Execution Result: diff --git a/docs/cisco.asa.asa_command_module.rst b/docs/cisco.asa.asa_command_module.rst index 41642641..b8a92091 100644 --- a/docs/cisco.asa.asa_command_module.rst +++ b/docs/cisco.asa.asa_command_module.rst @@ -173,20 +173,20 @@ Examples - name: Show the ASA version cisco.asa.asa_command: commands: - - show version + - show version - name: Show ASA drops and memory cisco.asa.asa_command: commands: - - show asp drop - - show memory + - show asp drop + - show memory - name: Send repeat pings and wait for the result to pass 100% cisco.asa.asa_command: commands: - - ping 8.8.8.8 repeat 20 size 350 + - ping 8.8.8.8 repeat 20 size 350 wait_for: - - result[0] contains 100 + - result[0] contains 100 retries: 2 diff --git a/docs/cisco.asa.asa_config_module.rst b/docs/cisco.asa.asa_config_module.rst index 3933190d..c3a2ed10 100644 --- a/docs/cisco.asa.asa_config_module.rst +++ b/docs/cisco.asa.asa_config_module.rst @@ -348,16 +348,16 @@ Examples - cisco.asa.asa_config: lines: - - network-object host 10.80.30.18 - - network-object host 10.80.30.19 - - network-object host 10.80.30.20 + - network-object host 10.80.30.18 + - network-object host 10.80.30.19 + - network-object host 10.80.30.20 parents: [object-group network OG-MONITORED-SERVERS] - cisco.asa.asa_config: host: '{{ inventory_hostname }}' lines: - - message-length maximum client auto - - message-length maximum 512 + - message-length maximum client auto + - message-length maximum 512 match: line parents: [policy-map type inspect dns PM-DNS, parameters] authorize: yes @@ -368,42 +368,42 @@ Examples - cisco.asa.asa_config: lines: - - ikev1 pre-shared-key MyS3cretVPNK3y + - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes passwords: yes - name: attach ASA acl on interface vlan13/nameif cloud13 cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 + - access-group cloud-acl_access_in in interface cloud13 - name: configure ASA (>=9.2) default BGP cisco.asa.asa_config: lines: - - bgp log-neighbor-changes - - bgp bestpath compare-routerid + - bgp log-neighbor-changes + - bgp bestpath compare-routerid parents: - - router bgp 65002 + - router bgp 65002 register: bgp when: bgp_default_config is defined - name: configure ASA (>=9.2) BGP neighbor in default/single context mode cisco.asa.asa_config: lines: - - bgp router-id {{ bgp_router_id }} - - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} - - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} + - bgp router-id {{ bgp_router_id }} + - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} + - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} parents: - - router bgp 65002 - - address-family ipv4 unicast + - router bgp 65002 + - address-family ipv4 unicast register: bgp when: bgp_neighbor_as is defined - name: configure ASA interface with standby cisco.asa.asa_config: lines: - - description my cloud interface - - nameif cloud13 - - security-level 50 - - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 + - description my cloud interface + - nameif cloud13 + - security-level 50 + - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 parents: [interface Vlan13] register: interface - name: Show changes to interface from task above @@ -413,7 +413,7 @@ Examples - name: configurable backup path cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 + - access-group cloud-acl_access_in in interface cloud13 backup: yes backup_options: filename: backup.cfg diff --git a/docs/cisco.asa.asa_facts_module.rst b/docs/cisco.asa.asa_facts_module.rst index 345c2e22..e6750767 100644 --- a/docs/cisco.asa.asa_facts_module.rst +++ b/docs/cisco.asa.asa_facts_module.rst @@ -129,12 +129,12 @@ Examples - name: Gather only the config and default facts cisco.asa.asa_facts: gather_subset: - - config + - config - name: Do not gather hardware facts cisco.asa.asa_facts: gather_subset: - - '!hardware' + - '!hardware' - name: Gather legacy and resource facts cisco.asa.asa_facts: diff --git a/docs/cisco.asa.asa_ogs_module.rst b/docs/cisco.asa.asa_ogs_module.rst index 80a46332..1d07f3ec 100644 --- a/docs/cisco.asa.asa_ogs_module.rst +++ b/docs/cisco.asa.asa_ogs_module.rst @@ -1163,70 +1163,70 @@ Examples - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: config: - - object_type: network - object_groups: - - name: group_network_obj - group_object: - - test_og_network - - name: test_og_network - description: test_og_network - network_object: - host: - - 192.0.2.1 - - 192.0.2.2 - address: - - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 - - name: test_network_og - description: test_network_og - network_object: - host: - - 198.51.100.1 - - 198.51.100.2 - ipv6_address: - - 2001:db8:3::/64 - - object_type: security - object_groups: - - name: test_og_security - description: test_security - security_group: - sec_name: - - test_1 - - test_2 - tag: - - 10 - - 20 - - object_type: service - object_groups: - - name: O-Worker - services_object: - - protocol: tcp - destination_port: - range: + - object_type: network + object_groups: + - name: group_network_obj + group_object: + - test_og_network + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 198.51.100.1 + - 198.51.100.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: service + object_groups: + - name: O-Worker + services_object: + - protocol: tcp + destination_port: + range: + start: 100 + end: 200 + - protocol: tcp-udp + source_port: + eq: 1234 + destination_port: + gt: nfs + - name: O-UNIX-TCP + protocol: tcp + port_object: + - eq: https + - range: start: 100 - end: 200 - - protocol: tcp-udp - source_port: - eq: 1234 - destination_port: - gt: nfs - - name: O-UNIX-TCP - protocol: tcp - port_object: - - eq: https - - range: - start: 100 - end: 400 - - object_type: user - object_groups: - - name: test_og_user - description: test_user - user_object: - user: - - name: new_user_1 - domain: LOCAL - - name: new_user_2 - domain: LOCAL + end: 400 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL state: merged # Commands fired: @@ -1566,7 +1566,7 @@ Examples # service-object tcp source eq 1234 destination gt nfs # Using DELETED without any config passed - #"(NOTE: This will delete all of configured resource module attributes)" + # "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- diff --git a/plugins/modules/asa_acls.py b/plugins/modules/asa_acls.py index 701af955..38fc89d1 100644 --- a/plugins/modules/asa_acls.py +++ b/plugins/modules/asa_acls.py @@ -460,85 +460,85 @@ - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 198.51.100.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp - - grant: deny - line: 3 - protocol_options: - tcp: true - source: - interface: management - destination: - interface: management - port_protocol: - eq: www - log: warnings - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - object_group: test_og_network - destination: - object_group: test_network_og - port_protocol: - eq: www - log: default + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp + - grant: deny + line: 3 + protocol_options: + tcp: true + source: + interface: management + destination: + interface: management + port_protocol: + eq: www + log: warnings + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default - name: global_access acl_type: extended aces: - - line: 3 - remark: test global access - - grant: deny - line: 4 - protocol_options: - tcp: true - source: - any: true - destination: - any: true - port_protocol: - eq: www - log: errors + - line: 3 + remark: test global access + - grant: deny + line: 4 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors - name: R1_traffic aces: - - line: 1 - remark: test_v6_acls - - grant: deny - line: 2 - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - line: 1 + remark: test_v6_acls + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: merged # Commands fired: @@ -661,20 +661,20 @@ - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: replaced # Commands fired: @@ -739,20 +739,20 @@ - name: global_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.4.0 - netmask: 255.255.255.0 - port_protocol: - eq: telnet - destination: - address: 192.0.5.0 - netmask: 255.255.255.0 - port_protocol: - eq: www + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www state: overridden # Commands fired: @@ -833,7 +833,7 @@ # inactive (hitcnt=0) (inactive) 0xe922b432 # Using Deleted without any config passed -#"(NOTE: This will delete all of configured resource module attributes)" +# "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -1055,44 +1055,44 @@ - name: temp_access acl_type: extended aces: - - grant: deny - line: 1 - protocol_options: - tcp: true - source: - address: 192.0.2.0 - netmask: 255.255.255.0 - destination: - address: 198.51.100.0 - netmask: 255.255.255.0 - port_protocol: - eq: www - log: default - - grant: deny - line: 2 - protocol_options: - igrp: true - source: - address: 198.51.100.0 - netmask: 255.255.255.0 - destination: - address: 198.51.110.0 - netmask: 255.255.255.0 - time_range: temp + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 198.51.100.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + time_range: temp - name: R1_traffic aces: - - grant: deny - protocol_options: - tcp: true - source: - address: 2001:db8:0:3::/64 - port_protocol: - eq: www - destination: - address: 2001:fc8:0:4::/64 - port_protocol: - eq: telnet - inactive: true + - grant: deny + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true state: rendered # Module Execution Result: @@ -1203,7 +1203,6 @@ # ] # } # ] - """ RETURN = """ diff --git a/plugins/modules/asa_command.py b/plugins/modules/asa_command.py index 51a6c74b..4191a9d3 100644 --- a/plugins/modules/asa_command.py +++ b/plugins/modules/asa_command.py @@ -78,20 +78,20 @@ - name: Show the ASA version cisco.asa.asa_command: commands: - - show version + - show version - name: Show ASA drops and memory cisco.asa.asa_command: commands: - - show asp drop - - show memory + - show asp drop + - show memory - name: Send repeat pings and wait for the result to pass 100% cisco.asa.asa_command: commands: - - ping 8.8.8.8 repeat 20 size 350 + - ping 8.8.8.8 repeat 20 size 350 wait_for: - - result[0] contains 100 + - result[0] contains 100 retries: 2 """ diff --git a/plugins/modules/asa_config.py b/plugins/modules/asa_config.py index 76a8ca26..793844f8 100644 --- a/plugins/modules/asa_config.py +++ b/plugins/modules/asa_config.py @@ -170,16 +170,16 @@ EXAMPLES = """ - cisco.asa.asa_config: lines: - - network-object host 10.80.30.18 - - network-object host 10.80.30.19 - - network-object host 10.80.30.20 + - network-object host 10.80.30.18 + - network-object host 10.80.30.19 + - network-object host 10.80.30.20 parents: [object-group network OG-MONITORED-SERVERS] - cisco.asa.asa_config: host: '{{ inventory_hostname }}' lines: - - message-length maximum client auto - - message-length maximum 512 + - message-length maximum client auto + - message-length maximum 512 match: line parents: [policy-map type inspect dns PM-DNS, parameters] authorize: yes @@ -190,42 +190,42 @@ - cisco.asa.asa_config: lines: - - ikev1 pre-shared-key MyS3cretVPNK3y + - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes passwords: yes - name: attach ASA acl on interface vlan13/nameif cloud13 cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 + - access-group cloud-acl_access_in in interface cloud13 - name: configure ASA (>=9.2) default BGP cisco.asa.asa_config: lines: - - bgp log-neighbor-changes - - bgp bestpath compare-routerid + - bgp log-neighbor-changes + - bgp bestpath compare-routerid parents: - - router bgp 65002 + - router bgp 65002 register: bgp when: bgp_default_config is defined - name: configure ASA (>=9.2) BGP neighbor in default/single context mode cisco.asa.asa_config: lines: - - bgp router-id {{ bgp_router_id }} - - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} - - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} + - bgp router-id {{ bgp_router_id }} + - neighbor {{ bgp_neighbor_ip }} remote-as {{ bgp_neighbor_as }} + - neighbor {{ bgp_neighbor_ip }} description {{ bgp_neighbor_name }} parents: - - router bgp 65002 - - address-family ipv4 unicast + - router bgp 65002 + - address-family ipv4 unicast register: bgp when: bgp_neighbor_as is defined - name: configure ASA interface with standby cisco.asa.asa_config: lines: - - description my cloud interface - - nameif cloud13 - - security-level 50 - - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 + - description my cloud interface + - nameif cloud13 + - security-level 50 + - ip address 192.168.13.1 255.255.255.0 standby 192.168.13.2 parents: [interface Vlan13] register: interface - name: Show changes to interface from task above @@ -235,7 +235,7 @@ - name: configurable backup path cisco.asa.asa_config: lines: - - access-group cloud-acl_access_in in interface cloud13 + - access-group cloud-acl_access_in in interface cloud13 backup: yes backup_options: filename: backup.cfg diff --git a/plugins/modules/asa_facts.py b/plugins/modules/asa_facts.py index cec957e9..a0585260 100644 --- a/plugins/modules/asa_facts.py +++ b/plugins/modules/asa_facts.py @@ -70,12 +70,12 @@ - name: Gather only the config and default facts cisco.asa.asa_facts: gather_subset: - - config + - config - name: Do not gather hardware facts cisco.asa.asa_facts: gather_subset: - - '!hardware' + - '!hardware' - name: Gather legacy and resource facts cisco.asa.asa_facts: diff --git a/plugins/modules/asa_ogs.py b/plugins/modules/asa_ogs.py index c9b7a409..80ee453c 100644 --- a/plugins/modules/asa_ogs.py +++ b/plugins/modules/asa_ogs.py @@ -308,70 +308,70 @@ - name: "Merge module attributes of given object-group" cisco.asa.asa_ogs: config: - - object_type: network - object_groups: - - name: group_network_obj - group_object: - - test_og_network - - name: test_og_network - description: test_og_network - network_object: - host: - - 192.0.2.1 - - 192.0.2.2 - address: - - 192.0.2.0 255.255.255.0 - - 198.51.100.0 255.255.255.0 - - name: test_network_og - description: test_network_og - network_object: - host: - - 198.51.100.1 - - 198.51.100.2 - ipv6_address: - - 2001:db8:3::/64 - - object_type: security - object_groups: - - name: test_og_security - description: test_security - security_group: - sec_name: - - test_1 - - test_2 - tag: - - 10 - - 20 - - object_type: service - object_groups: - - name: O-Worker - services_object: - - protocol: tcp - destination_port: - range: + - object_type: network + object_groups: + - name: group_network_obj + group_object: + - test_og_network + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 198.51.100.1 + - 198.51.100.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: service + object_groups: + - name: O-Worker + services_object: + - protocol: tcp + destination_port: + range: + start: 100 + end: 200 + - protocol: tcp-udp + source_port: + eq: 1234 + destination_port: + gt: nfs + - name: O-UNIX-TCP + protocol: tcp + port_object: + - eq: https + - range: start: 100 - end: 200 - - protocol: tcp-udp - source_port: - eq: 1234 - destination_port: - gt: nfs - - name: O-UNIX-TCP - protocol: tcp - port_object: - - eq: https - - range: - start: 100 - end: 400 - - object_type: user - object_groups: - - name: test_og_user - description: test_user - user_object: - user: - - name: new_user_1 - domain: LOCAL - - name: new_user_2 - domain: LOCAL + end: 400 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL state: merged # Commands fired: @@ -711,7 +711,7 @@ # service-object tcp source eq 1234 destination gt nfs # Using DELETED without any config passed -#"(NOTE: This will delete all of configured resource module attributes)" +# "(NOTE: This will delete all of configured resource module attributes)" # Before state: # ------------- @@ -1019,7 +1019,6 @@ # "object_type": "service" # } # ] - """ RETURN = """ From f115c2a544ed99c1381d06bfdb026ed4ef387dce Mon Sep 17 00:00:00 2001 From: Vinay M <63404819+roverflow@users.noreply.github.com> Date: Tue, 31 Oct 2023 15:39:58 +0530 Subject: [PATCH 09/36] Added a codecov workflow (#211) * Added a codecov workflwo * added changeloig * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Rohit Thakur --- changelogs/fragments/codecov_pr.yml | 3 +++ codecov.yml | 15 +++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 changelogs/fragments/codecov_pr.yml create mode 100644 codecov.yml diff --git a/changelogs/fragments/codecov_pr.yml b/changelogs/fragments/codecov_pr.yml new file mode 100644 index 00000000..ad3c08ca --- /dev/null +++ b/changelogs/fragments/codecov_pr.yml @@ -0,0 +1,3 @@ +--- +trivial: + - codecov - added a new codecov workflow and changing codecov.yml for added functionality. diff --git a/codecov.yml b/codecov.yml new file mode 100644 index 00000000..c77c91a9 --- /dev/null +++ b/codecov.yml @@ -0,0 +1,15 @@ +--- +codecov: + require_ci_to_pass: true +comment: + layout: " diff, flags, files" + behavior: default + require_changes: false + require_base: false + require_head: true +coverage: + status: + patch: false + project: + default: + threshold: 0.3% From d33c41d1e58f4fe75209f8c504e5e3be9ab55a99 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Tue, 31 Oct 2023 16:45:07 +0530 Subject: [PATCH 10/36] [pre-commit.ci] pre-commit autoupdate (#210) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/pre-commit-hooks: v4.4.0 → v4.5.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.4.0...v4.5.0) - [github.com/psf/black: 23.9.1 → 23.10.1](https://github.com/psf/black/compare/23.9.1...23.10.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Rohit Thakur --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 8fdbd4b3..77ff23f3 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v4.5.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.9.1 + rev: 23.10.1 hooks: - id: black From 911191995e41a82f3075298a79b13851af8817a6 Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Tue, 31 Oct 2023 17:13:03 +0530 Subject: [PATCH 11/36] Prepare release 4.0.3 (#217) * Prepare release 4.0.3 Signed-off-by: rohitthakur2590 * Prepare release 4.0.3 Signed-off-by: rohitthakur2590 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: rohitthakur2590 Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- CHANGELOG.rst | 8 ++++++++ changelogs/changelog.yaml | 7 +++++++ changelogs/fragments/codecov_pr.yml | 3 --- changelogs/fragments/lint_fixtures.yaml | 3 --- galaxy.yml | 2 +- 5 files changed, 16 insertions(+), 7 deletions(-) delete mode 100644 changelogs/fragments/codecov_pr.yml delete mode 100644 changelogs/fragments/lint_fixtures.yaml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 9ec27bac..39bdff83 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,14 @@ Cisco Asa Collection Release Notes .. contents:: Topics +v4.0.3 +====== + +Release Summary +--------------- + +Release with updated workflow and lint fixes. + v4.0.2 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index f8219211..d0f0d4e3 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -197,3 +197,10 @@ releases: - bindep_fix.yaml - test-net-2.yaml release_date: "2023-09-27" + 4.0.3: + changes: + release_summary: Release with updated workflow and lint fixes. + fragments: + - codecov_pr.yml + - lint_fixtures.yaml + release_date: "2023-10-31" diff --git a/changelogs/fragments/codecov_pr.yml b/changelogs/fragments/codecov_pr.yml deleted file mode 100644 index ad3c08ca..00000000 --- a/changelogs/fragments/codecov_pr.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - codecov - added a new codecov workflow and changing codecov.yml for added functionality. diff --git a/changelogs/fragments/lint_fixtures.yaml b/changelogs/fragments/lint_fixtures.yaml deleted file mode 100644 index d55abedd..00000000 --- a/changelogs/fragments/lint_fixtures.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Fix ansible-lint errors. diff --git a/galaxy.yml b/galaxy.yml index e05f2576..45e9ce59 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 4.0.2 +version: 4.0.3 From 4cb1af19d11b52e0b70556800bc27c4b79c3c855 Mon Sep 17 00:00:00 2001 From: Nilashish Chakraborty Date: Fri, 24 Nov 2023 17:15:41 +0530 Subject: [PATCH 12/36] Update tests.yml --- .github/workflows/tests.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 0fb4cc0c..27ea93fa 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,5 +1,5 @@ --- -name: test_collection +name: CI concurrency: group: ${{ github.head_ref || github.run_id }} @@ -16,7 +16,7 @@ on: # yamllint disable-line rule:truthy jobs: changelog: uses: ansible-network/github_actions/.github/workflows/changelog.yml@main - if: github.event_name != 'schedule' + if: github.event_name == 'pull_request' sanity: uses: ansible-network/github_actions/.github/workflows/sanity.yml@main unit-galaxy: From e9897480c549469329d51f529cb8129f3c442ed1 Mon Sep 17 00:00:00 2001 From: Nilashish Chakraborty Date: Fri, 24 Nov 2023 17:16:26 +0530 Subject: [PATCH 13/36] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 81870ffe..7d846945 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # CISCO ASA Ansible Collection [![CI](https://zuul-ci.org/gated.svg)](https://dashboard.zuul.ansible.com/t/ansible/project/github.com/ansible-collections/cisco.asa) +[![CI](https://github.com/ansible-collections/cisco.asa/actions/workflows/tests.yml/badge.svg?branch=main&event=schedule)](https://github.com/ansible-collections/cisco.asa/actions/workflows/tests.yml) The Ansible Cisco ASA collection includes a variety of Ansible content to help automate the management of Cisco ASA firewall appliances. From ff52e6cc4fccd066c30fca93a4e361df657650ec Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Mon, 27 Nov 2023 14:04:17 +0530 Subject: [PATCH 14/36] Fix ansible-lint reported errors and update docs (#218) * Fix ansible-lint reported errors and update docs Signed-off-by: rohitthakur2590 * fix wf Signed-off-by: rohitthakur2590 --------- Signed-off-by: rohitthakur2590 --- .github/workflows/lint.yml | 12 ------------ .github/workflows/tests.yml | 7 +++++-- changelogs/fragments/lint_fixtures.yaml | 3 +++ docs/cisco.asa.asa_config_module.rst | 9 ++++----- plugins/modules/asa_config.py | 11 +++++------ 5 files changed, 17 insertions(+), 25 deletions(-) delete mode 100644 .github/workflows/lint.yml create mode 100644 changelogs/fragments/lint_fixtures.yaml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index 853e4b69..00000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,12 +0,0 @@ ---- -name: ansible-lint -on: # yamllint disable-line rule:truthy - pull_request: - branches: ["main"] -jobs: - build: - name: Ansible Lint - runs-on: ubuntu-latest - steps: - - name: Run ansible-lint - uses: ansible/ansible-lint@main diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 27ea93fa..21f8ea56 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -12,8 +12,9 @@ on: # yamllint disable-line rule:truthy schedule: - cron: '0 0 * * *' - jobs: + ansible-lint: + uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main changelog: uses: ansible-network/github_actions/.github/workflows/changelog.yml@main if: github.event_name == 'pull_request' @@ -28,8 +29,9 @@ jobs: git+https://github.com/ansible-collections/ansible.utils.git git+https://github.com/ansible-collections/ansible.netcommon.git all_green: - if: ${{ always() && (github.event_name != 'schedule') }} + if: ${{ always() }} needs: + - ansible-lint - changelog - sanity - unit-galaxy @@ -39,6 +41,7 @@ jobs: - run: >- python -c "assert 'failure' not in set([ + '${{ needs.ansible-lint.result }}', '${{ needs.changelog.result }}', '${{ needs.sanity.result }}', '${{ needs.unit-galaxy.result }}', diff --git a/changelogs/fragments/lint_fixtures.yaml b/changelogs/fragments/lint_fixtures.yaml new file mode 100644 index 00000000..ed913ff8 --- /dev/null +++ b/changelogs/fragments/lint_fixtures.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Fix ansible lint errors and update docs. diff --git a/docs/cisco.asa.asa_config_module.rst b/docs/cisco.asa.asa_config_module.rst index c3a2ed10..61a2551a 100644 --- a/docs/cisco.asa.asa_config_module.rst +++ b/docs/cisco.asa.asa_config_module.rst @@ -80,7 +80,7 @@ Parameters -
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to yes, if backup is set to no this option will be silently ignored.
+
This is a dict object containing configurable options related to backup file path. The value of this option is read only when backup is set to true, if backup is set to no this option will be silently ignored.
@@ -360,7 +360,6 @@ Examples - message-length maximum 512 match: line parents: [policy-map type inspect dns PM-DNS, parameters] - authorize: yes auth_pass: cisco username: admin password: cisco @@ -370,7 +369,7 @@ Examples lines: - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes - passwords: yes + passwords: true - name: attach ASA acl on interface vlan13/nameif cloud13 cisco.asa.asa_config: @@ -414,7 +413,7 @@ Examples cisco.asa.asa_config: lines: - access-group cloud-acl_access_in in interface cloud13 - backup: yes + backup: true backup_options: filename: backup.cfg dir_path: /home/user @@ -446,7 +445,7 @@ Common return values are documented `here string - when backup is yes + when backup is true
The full path to the backup file

diff --git a/plugins/modules/asa_config.py b/plugins/modules/asa_config.py index 793844f8..0430a0fd 100644 --- a/plugins/modules/asa_config.py +++ b/plugins/modules/asa_config.py @@ -95,7 +95,7 @@ value is not given, the backup file is written to the C(backup) folder in the playbook root directory. If the directory does not exist, it is created. type: bool - default: no + default: false config: description: - The C(config) argument allows the playbook designer to supply the base configuration @@ -125,7 +125,7 @@ backup_options: description: - This is a dict object containing configurable options related to backup file - path. The value of this option is read only when C(backup) is set to I(yes), + path. The value of this option is read only when C(backup) is set to I(true), if C(backup) is set to I(no) this option will be silently ignored. suboptions: filename: @@ -182,7 +182,6 @@ - message-length maximum 512 match: line parents: [policy-map type inspect dns PM-DNS, parameters] - authorize: yes auth_pass: cisco username: admin password: cisco @@ -192,7 +191,7 @@ lines: - ikev1 pre-shared-key MyS3cretVPNK3y parents: tunnel-group 1.1.1.1 ipsec-attributes - passwords: yes + passwords: true - name: attach ASA acl on interface vlan13/nameif cloud13 cisco.asa.asa_config: @@ -236,7 +235,7 @@ cisco.asa.asa_config: lines: - access-group cloud-acl_access_in in interface cloud13 - backup: yes + backup: true backup_options: filename: backup.cfg dir_path: /home/user @@ -254,7 +253,7 @@ sample: ['...', '...'] backup_path: description: The full path to the backup file - returned: when backup is yes + returned: when backup is true type: str sample: /playbooks/ansible/backup/asa_config.2016-07-16@22:28:34 """ From 0101621cb53873335abfe590a92e147972b38dfa Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 27 Nov 2023 14:35:02 +0530 Subject: [PATCH 15/36] [pre-commit.ci] pre-commit autoupdate (#219) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.0.3 → v3.1.0](https://github.com/pre-commit/mirrors-prettier/compare/v3.0.3...v3.1.0) - [github.com/psf/black: 23.10.1 → 23.11.0](https://github.com/psf/black/compare/23.10.1...23.11.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Rohit Thakur --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 77ff23f3..275086d8 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v3.0.3" + rev: "v3.1.0" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.10.1 + rev: 23.11.0 hooks: - id: black From 81fd56eff3cb9a61959d78c6942d7def21e6a56c Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Fri, 1 Dec 2023 12:47:37 +0530 Subject: [PATCH 16/36] [Major] Prepare release 5.0.0 (#220) * [Major] Prepare release 5.0.0 Signed-off-by: rohitthakur2590 * add ansible-lint file Signed-off-by: rohitthakur2590 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update CHANGELOG.rst Co-authored-by: Nilashish Chakraborty * Update changelogs/changelog.yaml --------- Signed-off-by: rohitthakur2590 Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Nilashish Chakraborty --- .ansible-lint | 5 +++++ .github/workflows/lint.yml | 13 +++++++++++++ .github/workflows/tests.yml | 4 ---- CHANGELOG.rst | 13 +++++++++++++ README.md | 2 +- changelogs/changelog.yaml | 11 +++++++++++ changelogs/fragments/lint_fixtures.yaml | 3 --- galaxy.yml | 4 ++-- meta/runtime.yml | 2 +- tests/config.yml | 3 +++ 10 files changed, 49 insertions(+), 11 deletions(-) create mode 100644 .ansible-lint create mode 100644 .github/workflows/lint.yml delete mode 100644 changelogs/fragments/lint_fixtures.yaml create mode 100644 tests/config.yml diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 00000000..8d9bb70b --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,5 @@ +--- +profile: production + +exclude_paths: + - changelogs/changelog.yaml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 00000000..fbac38cb --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,13 @@ +--- +name: ansible-lint +on: # yamllint disable-line rule:truthy + pull_request: + branches: ["main"] +jobs: + build: + name: Ansible Lint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Run ansible-lint + uses: ansible/ansible-lint@main diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 21f8ea56..506c33aa 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -13,8 +13,6 @@ on: # yamllint disable-line rule:truthy - cron: '0 0 * * *' jobs: - ansible-lint: - uses: ansible-network/github_actions/.github/workflows/ansible-lint.yml@main changelog: uses: ansible-network/github_actions/.github/workflows/changelog.yml@main if: github.event_name == 'pull_request' @@ -31,7 +29,6 @@ jobs: all_green: if: ${{ always() }} needs: - - ansible-lint - changelog - sanity - unit-galaxy @@ -41,7 +38,6 @@ jobs: - run: >- python -c "assert 'failure' not in set([ - '${{ needs.ansible-lint.result }}', '${{ needs.changelog.result }}', '${{ needs.sanity.result }}', '${{ needs.unit-galaxy.result }}', diff --git a/CHANGELOG.rst b/CHANGELOG.rst index 39bdff83..e5da703b 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,19 @@ Cisco Asa Collection Release Notes .. contents:: Topics +v5.0.0 +====== + +Release Summary +--------------- + +Starting from this release, the minimum `ansible-core` version this collection requires is `2.14.0`. The last known version compatible with ansible-core<2.14 is `v4.0.3`. + +Major Changes +------------- + +- Bumping `requires_ansible` to `>=2.14.0`, since previous ansible-core versions are EoL now. + v4.0.3 ====== diff --git a/README.md b/README.md index 7d846945..6402ce0f 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ The Ansible Cisco ASA collection includes a variety of Ansible content to help a ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.9.10**. +This collection has been tested against following Ansible versions: **>=2.14.0**. For collections that support Ansible 2.9, please ensure you update your `network_os` to use the fully qualified collection name (for example, `cisco.ios.ios`). diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index d0f0d4e3..6726f770 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -204,3 +204,14 @@ releases: - codecov_pr.yml - lint_fixtures.yaml release_date: "2023-10-31" + 5.0.0: + changes: + major_changes: + - Bumping `requires_ansible` to `>=2.14.0`, since previous ansible-core versions + are EoL now. + release_summary: + Starting from this release, the minimum `ansible-core` version + this collection requires is `2.14.0`. The last known version compatible with + fragments: + - lint_fixtures.yaml + release_date: "2023-11-30" diff --git a/changelogs/fragments/lint_fixtures.yaml b/changelogs/fragments/lint_fixtures.yaml deleted file mode 100644 index ed913ff8..00000000 --- a/changelogs/fragments/lint_fixtures.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Fix ansible lint errors and update docs. diff --git a/galaxy.yml b/galaxy.yml index 45e9ce59..f1f14bda 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -2,7 +2,7 @@ authors: - Ansible Security Community (ansible-security) dependencies: - "ansible.netcommon": ">=2.5.1" + "ansible.netcommon": ">=6.0.0" license_file: LICENSE name: asa namespace: cisco @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 4.0.3 +version: 5.0.0 diff --git a/meta/runtime.yml b/meta/runtime.yml index 35f1e5f9..150efb6d 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,5 +1,5 @@ --- -requires_ansible: ">=2.9.10" +requires_ansible: ">=2.14.0" plugin_routing: action: asa_acls: diff --git a/tests/config.yml b/tests/config.yml new file mode 100644 index 00000000..c26ea596 --- /dev/null +++ b/tests/config.yml @@ -0,0 +1,3 @@ +--- +modules: + python_requires: ">=3.9" From 4f2d9a70dd91b08f416ff7ffa693e80327350885 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 6 Dec 2023 18:38:16 +0530 Subject: [PATCH 17/36] [pre-commit.ci] pre-commit autoupdate (#221) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v3.1.0 → v4.0.0-alpha.3](https://github.com/pre-commit/mirrors-prettier/compare/v3.1.0...v4.0.0-alpha.3) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 275086d8..2dc0f7b1 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v3.1.0" + rev: "v4.0.0-alpha.3" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" From 0633b353287bacb8bcaf26e05f583286db1dbf5d Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 13 Dec 2023 18:35:19 +0530 Subject: [PATCH 18/36] [pre-commit.ci] pre-commit autoupdate (#222) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v4.0.0-alpha.3 → v4.0.0-alpha.4](https://github.com/pre-commit/mirrors-prettier/compare/v4.0.0-alpha.3...v4.0.0-alpha.4) - [github.com/PyCQA/isort: 5.12.0 → 5.13.0](https://github.com/PyCQA/isort/compare/5.12.0...5.13.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 2dc0f7b1..67aad58b 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v4.0.0-alpha.3" + rev: "v4.0.0-alpha.4" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -34,7 +34,7 @@ repos: - prettier-plugin-toml - repo: https://github.com/PyCQA/isort - rev: 5.12.0 + rev: 5.13.0 hooks: - id: isort name: Sort import statements using isort From d116371a76014a56e1b59159448b86c4cbe7f9e2 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 20 Dec 2023 15:21:56 +0530 Subject: [PATCH 19/36] [pre-commit.ci] pre-commit autoupdate (#223) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v4.0.0-alpha.4 → v4.0.0-alpha.7](https://github.com/pre-commit/mirrors-prettier/compare/v4.0.0-alpha.4...v4.0.0-alpha.7) - [github.com/PyCQA/isort: 5.13.0 → 5.13.2](https://github.com/PyCQA/isort/compare/5.13.0...5.13.2) - [github.com/psf/black: 23.11.0 → 23.12.0](https://github.com/psf/black/compare/23.11.0...23.12.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 67aad58b..0583045e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v4.0.0-alpha.4" + rev: "v4.0.0-alpha.7" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -34,13 +34,13 @@ repos: - prettier-plugin-toml - repo: https://github.com/PyCQA/isort - rev: 5.13.0 + rev: 5.13.2 hooks: - id: isort name: Sort import statements using isort args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.11.0 + rev: 23.12.0 hooks: - id: black From 6122e3d6d1ab787fa39979f73643ac413a7d5677 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 27 Dec 2023 14:02:19 +0530 Subject: [PATCH 20/36] [pre-commit.ci] pre-commit autoupdate (#224) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/mirrors-prettier: v4.0.0-alpha.7 → v4.0.0-alpha.8](https://github.com/pre-commit/mirrors-prettier/compare/v4.0.0-alpha.7...v4.0.0-alpha.8) - [github.com/psf/black: 23.12.0 → 23.12.1](https://github.com/psf/black/compare/23.12.0...23.12.1) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 0583045e..fe243a84 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -23,7 +23,7 @@ repos: - id: add-trailing-comma - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v4.0.0-alpha.7" + rev: "v4.0.0-alpha.8" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.12.0 + rev: 23.12.1 hooks: - id: black From 7e082402c41e8528ee13ca177ffe9bcdfdf3f456 Mon Sep 17 00:00:00 2001 From: Nilashish Chakraborty Date: Tue, 30 Jan 2024 18:11:51 +0530 Subject: [PATCH 21/36] Fixes module_defaults being incorrectly applied to platform actions (#227) Signed-off-by: NilashishC --- changelogs/fragments/fix_module_defaults.yaml | 3 +++ meta/runtime.yml | 21 ------------------- plugins/action/acls.py | 1 + plugins/action/command.py | 1 + plugins/action/config.py | 1 + plugins/action/facts.py | 1 + plugins/action/ogs.py | 1 + 7 files changed, 8 insertions(+), 21 deletions(-) create mode 100644 changelogs/fragments/fix_module_defaults.yaml create mode 120000 plugins/action/acls.py create mode 120000 plugins/action/command.py create mode 120000 plugins/action/config.py create mode 120000 plugins/action/facts.py create mode 120000 plugins/action/ogs.py diff --git a/changelogs/fragments/fix_module_defaults.yaml b/changelogs/fragments/fix_module_defaults.yaml new file mode 100644 index 00000000..f1a4bad8 --- /dev/null +++ b/changelogs/fragments/fix_module_defaults.yaml @@ -0,0 +1,3 @@ +--- +bugfixes: + - Prevents module_defaults from were being incorrectly applied to the platform action, instead of the concerned module. diff --git a/meta/runtime.yml b/meta/runtime.yml index 150efb6d..f52e66c0 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,27 +1,6 @@ --- requires_ansible: ">=2.14.0" plugin_routing: - action: - asa_acls: - redirect: cisco.asa.asa - acls: - redirect: cisco.asa.asa - asa_command: - redirect: cisco.asa.asa - command: - redirect: cisco.asa.asa - asa_config: - redirect: cisco.asa.asa - config: - redirect: cisco.asa.asa - asa_facts: - redirect: cisco.asa.asa - facts: - redirect: cisco.asa.asa - asa_ogs: - redirect: cisco.asa.asa - ogs: - redirect: cisco.asa.asa modules: acls: redirect: cisco.asa.asa_acls diff --git a/plugins/action/acls.py b/plugins/action/acls.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/acls.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/command.py b/plugins/action/command.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/command.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/config.py b/plugins/action/config.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/config.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/facts.py b/plugins/action/facts.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/facts.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file diff --git a/plugins/action/ogs.py b/plugins/action/ogs.py new file mode 120000 index 00000000..4d4368d5 --- /dev/null +++ b/plugins/action/ogs.py @@ -0,0 +1 @@ +asa.py \ No newline at end of file From af336eec8621c09ba5561698b5de5ebc6a83217e Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Wed, 31 Jan 2024 17:47:01 +0530 Subject: [PATCH 22/36] Update Requirements (#230) Signed-off-by: rohitthakur2590 --- test-requirements.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test-requirements.txt b/test-requirements.txt index 8002336b..fa1e9fd3 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,8 +1,8 @@ -black==22.3.0 ; python_version > '3.5' +black==23.3.0 ; python_version >= '3.7' flake8 mock ; python_version < '3.5' pexpect pytest-xdist yamllint -coverage==4.5.4 -git+https://github.com/ansible-community/pytest-ansible-units.git +pytest-ansible ; python_version >= '3.9' +git+https://github.com/ansible-community/pytest-ansible-units.git ; python_version < '3.9' From cd51fbe2c918eb2aec6122745e2c1c0ba42c586a Mon Sep 17 00:00:00 2001 From: Akira Yokochi Date: Wed, 31 Jan 2024 21:34:10 +0900 Subject: [PATCH 23/36] fix glossary (#228) Co-authored-by: Rohit Thakur --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6402ce0f..2ca17c68 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,7 @@ ansible_python_interpreter=python #### Using the modules with Fully Qualified Collection Name (FQCN) -You can either call modules by their Fully Qualified Collection Namespace (FQCN), like `cisco.asa.asa_acls`, or you can call modules by their short name if you list the `cisco.asa` collection in the playbook's `collections`, as follows: +You can either call modules by their Fully Qualified Collection Name (FQCN), like `cisco.asa.asa_acls`, or you can call modules by their short name if you list the `cisco.asa` collection in the playbook's `collections`, as follows: ```yaml --- From 4d961426c7035066982cdd8d9067c3829fa5586b Mon Sep 17 00:00:00 2001 From: Rohit Thakur Date: Wed, 31 Jan 2024 19:07:22 +0530 Subject: [PATCH 24/36] Prepare Release 5.0.1 (#231) * Prepare Release 5.0.1 Signed-off-by: rohitthakur2590 * Prepare Release 5.0.1 Signed-off-by: rohitthakur2590 * update galaxy Signed-off-by: rohitthakur2590 * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Signed-off-by: rohitthakur2590 Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- CHANGELOG.rst | 8 ++++++++ changelogs/changelog.yaml | 8 ++++++++ changelogs/fragments/fix_module_defaults.yaml | 3 --- galaxy.yml | 2 +- 4 files changed, 17 insertions(+), 4 deletions(-) delete mode 100644 changelogs/fragments/fix_module_defaults.yaml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index e5da703b..d7fdfb3e 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -5,6 +5,14 @@ Cisco Asa Collection Release Notes .. contents:: Topics +v5.0.1 +====== + +Bugfixes +-------- + +- Prevents module_defaults from were being incorrectly applied to the platform action, instead of the concerned module. + v5.0.0 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 6726f770..9dbfd2c4 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -215,3 +215,11 @@ releases: fragments: - lint_fixtures.yaml release_date: "2023-11-30" + 5.0.1: + changes: + bugfixes: + - Prevents module_defaults from were being incorrectly applied to the platform + action, instead of the concerned module. + fragments: + - fix_module_defaults.yaml + release_date: "2024-01-31" diff --git a/changelogs/fragments/fix_module_defaults.yaml b/changelogs/fragments/fix_module_defaults.yaml deleted file mode 100644 index f1a4bad8..00000000 --- a/changelogs/fragments/fix_module_defaults.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -bugfixes: - - Prevents module_defaults from were being incorrectly applied to the platform action, instead of the concerned module. diff --git a/galaxy.yml b/galaxy.yml index f1f14bda..b99c3099 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 5.0.0 +version: 5.0.1 From bcf5ae4cae52bd3f4358a7864afb1fb068c6af98 Mon Sep 17 00:00:00 2001 From: Ruchi Pakhle <72685035+Ruchip16@users.noreply.github.com> Date: Tue, 26 Mar 2024 17:16:00 +0530 Subject: [PATCH 25/36] Enable content-actions (#232) * maintenance work * yamllint error * enable auto-versioning * disable autoversion --- .ansible-lint | 3 --- .../workflows/{ack.yml => check_label.yml} | 10 +++---- .github/workflows/codecoverage.yml | 3 +-- .github/workflows/draft_release.yml | 18 +++++++++++++ .github/workflows/lint.yml | 13 --------- .github/workflows/push.yml | 27 ------------------- .github/workflows/release.yml | 4 +-- .github/workflows/tests.yml | 14 ++++++---- tox-ansible.ini | 10 +++++++ 9 files changed, 43 insertions(+), 59 deletions(-) rename .github/workflows/{ack.yml => check_label.yml} (60%) create mode 100644 .github/workflows/draft_release.yml delete mode 100644 .github/workflows/lint.yml delete mode 100644 .github/workflows/push.yml create mode 100644 tox-ansible.ini diff --git a/.ansible-lint b/.ansible-lint index 8d9bb70b..9cd26302 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,5 +1,2 @@ --- profile: production - -exclude_paths: - - changelogs/changelog.yaml diff --git a/.github/workflows/ack.yml b/.github/workflows/check_label.yml similarity index 60% rename from .github/workflows/ack.yml rename to .github/workflows/check_label.yml index fda595dc..b120bfa3 100644 --- a/.github/workflows/ack.yml +++ b/.github/workflows/check_label.yml @@ -1,15 +1,11 @@ --- -# See https://github.com/ansible-community/devtools/blob/main/.github/workflows/ack.yml -name: ack - +name: "Check label" concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true - on: # yamllint disable-line rule:truthy pull_request_target: types: [opened, labeled, unlabeled, synchronize] - jobs: - ack: - uses: ansible/devtools/.github/workflows/ack.yml@main + check_label: + uses: ansible/ansible-content-actions/.github/workflows/check_label.yaml@main diff --git a/.github/workflows/codecoverage.yml b/.github/workflows/codecoverage.yml index c2a7ad60..7e3ebb5d 100644 --- a/.github/workflows/codecoverage.yml +++ b/.github/workflows/codecoverage.yml @@ -1,8 +1,7 @@ --- -name: code_coverage +name: "Code coverage" on: # yamllint disable-line rule:truthy - push: pull_request: branches: [ main ] diff --git a/.github/workflows/draft_release.yml b/.github/workflows/draft_release.yml new file mode 100644 index 00000000..1170bdbe --- /dev/null +++ b/.github/workflows/draft_release.yml @@ -0,0 +1,18 @@ +--- +name: "Draft release" +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true +on: # yamllint disable-line rule:truthy + workflow_dispatch: +env: + NAMESPACE: ${{ github.repository_owner }} + COLLECTION_NAME: asa + ANSIBLE_COLLECTIONS_PATHS: ./ +jobs: + update_release_draft: + uses: ansible/ansible-content-actions/.github/workflows/draft_release.yaml@main + with: + repo: ${{ github.event.pull_request.head.repo.full_name }} + secrets: + BOT_PAT: ${{ secrets.BOT_PAT }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml deleted file mode 100644 index fbac38cb..00000000 --- a/.github/workflows/lint.yml +++ /dev/null @@ -1,13 +0,0 @@ ---- -name: ansible-lint -on: # yamllint disable-line rule:truthy - pull_request: - branches: ["main"] -jobs: - build: - name: Ansible Lint - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Run ansible-lint - uses: ansible/ansible-lint@main diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml deleted file mode 100644 index e82df35c..00000000 --- a/.github/workflows/push.yml +++ /dev/null @@ -1,27 +0,0 @@ ---- -# push workflow is shared and expected to perform actions after a merge happens -# on a maintenance branch (default or release). For example updating the -# draft release-notes. -# based on great work from -# https://github.com/T-Systems-MMS/ansible-collection-icinga-director -name: push - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} - cancel-in-progress: true - -on: # yamllint disable-line rule:truthy - workflow_dispatch: - -env: - NAMESPACE: cisco - COLLECTION_NAME: asa - ANSIBLE_COLLECTIONS_PATHS: ./ - -jobs: - update_release_draft: - uses: ansible/devtools/.github/workflows/push_network.yml@main - with: - repo: ansible-collections/cisco.asa - secrets: - BOT_PAT: ${{ secrets.BOT_PAT }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index eb04259d..6dbb1aa3 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,12 +1,12 @@ --- -name: release +name: "Release collection" on: # yamllint disable-line rule:truthy release: types: [published] jobs: release: - uses: ansible/devtools/.github/workflows/release_collection.yml@main + uses: ansible/ansible-content-actions/.github/workflows/release.yaml@main with: environment: release secrets: diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 506c33aa..6b6d2c48 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -1,5 +1,5 @@ --- -name: CI +name: "CI" concurrency: group: ${{ github.head_ref || github.run_id }} @@ -14,12 +14,14 @@ on: # yamllint disable-line rule:truthy jobs: changelog: - uses: ansible-network/github_actions/.github/workflows/changelog.yml@main + uses: ansible/ansible-content-actions/.github/workflows/changelog.yaml@main if: github.event_name == 'pull_request' + ansible-lint: + uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main sanity: - uses: ansible-network/github_actions/.github/workflows/sanity.yml@main + uses: ansible/ansible-content-actions/.github/workflows/sanity.yaml@main unit-galaxy: - uses: ansible-network/github_actions/.github/workflows/unit_galaxy.yml@main + uses: ansible/ansible-content-actions/.github/workflows/unit.yaml@main unit-source: uses: ansible-network/github_actions/.github/workflows/unit_source.yml@main with: @@ -33,6 +35,7 @@ jobs: - sanity - unit-galaxy - unit-source + - ansible-lint runs-on: ubuntu-latest steps: - run: >- @@ -40,6 +43,7 @@ jobs: set([ '${{ needs.changelog.result }}', '${{ needs.sanity.result }}', - '${{ needs.unit-galaxy.result }}', + '${{ needs.unit-galaxy.result }}' + '${{ needs.ansible-lint.result }}' '${{ needs.unit-source.result }}' ])" diff --git a/tox-ansible.ini b/tox-ansible.ini new file mode 100644 index 00000000..5e1f4b36 --- /dev/null +++ b/tox-ansible.ini @@ -0,0 +1,10 @@ +[ansible] + +skip = + py3.7 + py3.8 + 2.9 + 2.10 + 2.11 + 2.12 + 2.13 From c96081985caf983a0c277fd6a26587617a562100 Mon Sep 17 00:00:00 2001 From: Ruchi Pakhle <72685035+Ruchip16@users.noreply.github.com> Date: Thu, 11 Apr 2024 13:19:51 +0530 Subject: [PATCH 26/36] fix nightly runs test failure (#235) * fix nightly runs test failure * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- changelogs/fragments/add_2.18.yaml | 3 +++ tests/sanity/ignore-2.18.txt | 1 + 2 files changed, 4 insertions(+) create mode 100644 changelogs/fragments/add_2.18.yaml create mode 100644 tests/sanity/ignore-2.18.txt diff --git a/changelogs/fragments/add_2.18.yaml b/changelogs/fragments/add_2.18.yaml new file mode 100644 index 00000000..0aaf1f75 --- /dev/null +++ b/changelogs/fragments/add_2.18.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Add ignore-2.18.txt. diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt new file mode 100644 index 00000000..3d2a4f58 --- /dev/null +++ b/tests/sanity/ignore-2.18.txt @@ -0,0 +1 @@ +plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` From 9a1392da87d31360dd55ddf82f9fba1637eb70a9 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 19:31:21 +0530 Subject: [PATCH 27/36] [pre-commit.ci] pre-commit autoupdate (#229) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/pre-commit-hooks: v4.5.0 → v4.6.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.5.0...v4.6.0) - [github.com/psf/black: 23.12.1 → 24.4.2](https://github.com/psf/black/compare/23.12.1...24.4.2) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index fe243a84..66ef66a2 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.5.0 + rev: v4.6.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 23.12.1 + rev: 24.4.2 hooks: - id: black From aa41197a828ad0109d8f92bec429dec73f7e04e9 Mon Sep 17 00:00:00 2001 From: Ruchi Pakhle <72685035+Ruchip16@users.noreply.github.com> Date: Tue, 11 Jun 2024 11:15:15 +0530 Subject: [PATCH 28/36] Update ansible-core to 2.15.0 (#236) * Update ansible-core to 2.15 * Update * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update test-requirements.txt * add build job * add flake8 back --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .github/workflows/tests.yml | 3 +++ README.md | 2 +- changelogs/fragments/bump_215.yaml | 6 ++++++ meta/runtime.yml | 2 +- test-requirements.txt | 3 +-- 5 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 changelogs/fragments/bump_215.yaml diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml index 6b6d2c48..5e8d914d 100644 --- a/.github/workflows/tests.yml +++ b/.github/workflows/tests.yml @@ -16,6 +16,8 @@ jobs: changelog: uses: ansible/ansible-content-actions/.github/workflows/changelog.yaml@main if: github.event_name == 'pull_request' + build-import: + uses: ansible/ansible-content-actions/.github/workflows/build_import.yaml@main ansible-lint: uses: ansible/ansible-content-actions/.github/workflows/ansible_lint.yaml@main sanity: @@ -32,6 +34,7 @@ jobs: if: ${{ always() }} needs: - changelog + - build-import - sanity - unit-galaxy - unit-source diff --git a/README.md b/README.md index 2ca17c68..e78e1557 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ The Ansible Cisco ASA collection includes a variety of Ansible content to help a ## Ansible version compatibility -This collection has been tested against following Ansible versions: **>=2.14.0**. +This collection has been tested against following Ansible versions: **>=2.15.0**. For collections that support Ansible 2.9, please ensure you update your `network_os` to use the fully qualified collection name (for example, `cisco.ios.ios`). diff --git a/changelogs/fragments/bump_215.yaml b/changelogs/fragments/bump_215.yaml new file mode 100644 index 00000000..cdb8f1bd --- /dev/null +++ b/changelogs/fragments/bump_215.yaml @@ -0,0 +1,6 @@ +--- +release_summary: > + With this release, the minimum required version of `ansible-core` for this collection is `2.15.0`. + The last version known to be compatible with `ansible-core` versions below `2.15` is v5.0.1. +major_changes: + - Bumping `requires_ansible` to `>=2.15.0`, since previous ansible-core versions are EoL now. diff --git a/meta/runtime.yml b/meta/runtime.yml index f52e66c0..ff7a7589 100644 --- a/meta/runtime.yml +++ b/meta/runtime.yml @@ -1,5 +1,5 @@ --- -requires_ansible: ">=2.14.0" +requires_ansible: ">=2.15.0" plugin_routing: modules: acls: diff --git a/test-requirements.txt b/test-requirements.txt index fa1e9fd3..c5c26842 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,8 +1,7 @@ black==23.3.0 ; python_version >= '3.7' flake8 -mock ; python_version < '3.5' pexpect pytest-xdist yamllint +pytest-xdist pytest-ansible ; python_version >= '3.9' -git+https://github.com/ansible-community/pytest-ansible-units.git ; python_version < '3.9' From e15101ce24c3e0daec5e46e35543f7bde1a0fd3b Mon Sep 17 00:00:00 2001 From: Ruchi Pakhle <72685035+Ruchip16@users.noreply.github.com> Date: Tue, 11 Jun 2024 11:59:26 +0530 Subject: [PATCH 29/36] Prepare release 6.0.0 (#237) * Prepare release v6.0.0 * antsibull fix * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * Update CHANGELOG.rst --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Rohit Thakur --- CHANGELOG.rst | 12 ++++++++++++ changelogs/changelog.yaml | 13 +++++++++++++ changelogs/fragments/add_2.18.yaml | 3 --- changelogs/fragments/bump_215.yaml | 6 ------ galaxy.yml | 2 +- 5 files changed, 26 insertions(+), 10 deletions(-) delete mode 100644 changelogs/fragments/add_2.18.yaml delete mode 100644 changelogs/fragments/bump_215.yaml diff --git a/CHANGELOG.rst b/CHANGELOG.rst index d7fdfb3e..cdf79c13 100644 --- a/CHANGELOG.rst +++ b/CHANGELOG.rst @@ -4,6 +4,18 @@ Cisco Asa Collection Release Notes .. contents:: Topics +v6.0.0 +====== + +Release Summary +--------------- + +With this release, the minimum required version of `ansible-core` for this collection is `2.15.0`. The last version known to be compatible with `ansible-core` versions below `2.15` is v5.0.1. + +Major Changes +------------- + +- Bumping `requires_ansible` to `>=2.15.0`, since previous ansible-core versions are EoL now. v5.0.1 ====== diff --git a/changelogs/changelog.yaml b/changelogs/changelog.yaml index 9dbfd2c4..f0a26ea4 100644 --- a/changelogs/changelog.yaml +++ b/changelogs/changelog.yaml @@ -223,3 +223,16 @@ releases: fragments: - fix_module_defaults.yaml release_date: "2024-01-31" + 6.0.0: + changes: + major_changes: + - Bumping `requires_ansible` to `>=2.15.0`, since previous ansible-core versions + are EoL now. + release_summary: + "With this release, the minimum required version of `ansible-core` + for this collection is `2.15.0`. The last version known to be compatible with + `ansible-core` versions below `2.15` is v5.0.1." + fragments: + - add_2.18.yaml + - bump_215.yaml + release_date: "2024-06-11" diff --git a/changelogs/fragments/add_2.18.yaml b/changelogs/fragments/add_2.18.yaml deleted file mode 100644 index 0aaf1f75..00000000 --- a/changelogs/fragments/add_2.18.yaml +++ /dev/null @@ -1,3 +0,0 @@ ---- -trivial: - - Add ignore-2.18.txt. diff --git a/changelogs/fragments/bump_215.yaml b/changelogs/fragments/bump_215.yaml deleted file mode 100644 index cdb8f1bd..00000000 --- a/changelogs/fragments/bump_215.yaml +++ /dev/null @@ -1,6 +0,0 @@ ---- -release_summary: > - With this release, the minimum required version of `ansible-core` for this collection is `2.15.0`. - The last version known to be compatible with `ansible-core` versions below `2.15` is v5.0.1. -major_changes: - - Bumping `requires_ansible` to `>=2.15.0`, since previous ansible-core versions are EoL now. diff --git a/galaxy.yml b/galaxy.yml index b99c3099..6b978e87 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -13,4 +13,4 @@ issues: https://github.com/ansible-collections/cisco.asa/issues tags: [cisco, asa, networking, security] # NOTE(pabelanger): We create an empty version key to keep ansible-galaxy # happy. We dynamically inject version info based on git information. -version: 5.0.1 +version: 6.0.0 From d98af47b41a3b2f855869fcbf1cfd212181967ab Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:37:15 +0530 Subject: [PATCH 30/36] [pre-commit.ci] pre-commit autoupdate (#242) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/psf/black: 24.4.2 → 24.8.0](https://github.com/psf/black/compare/24.4.2...24.8.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 66ef66a2..40c9c733 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 24.4.2 + rev: 24.8.0 hooks: - id: black From 3df133ab23f293ffaa054f3cb3a0df690907e536 Mon Sep 17 00:00:00 2001 From: Andrew Klychkov Date: Mon, 19 Aug 2024 10:26:57 +0200 Subject: [PATCH 31/36] README: Add Communication section with Forum information (#243) * README: Add Communication section with Forum information * Update README.md * Update README.md --------- Co-authored-by: Sagar Paul --- README.md | 13 +++++++++++++ changelogs/fragments/0-readme.yml | 3 +++ 2 files changed, 16 insertions(+) create mode 100644 changelogs/fragments/0-readme.yml diff --git a/README.md b/README.md index e78e1557..be9f4438 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,19 @@ The Ansible Cisco ASA collection includes a variety of Ansible content to help automate the management of Cisco ASA firewall appliances. +## Communication + +* Join the Ansible forum: + * [Get Help](https://forum.ansible.com/c/help/6): get help or help others. + * [Posts tagged with 'security'](https://forum.ansible.com/tag/security): subscribe to participate in collection-related conversations. + * [Ansible Network Automation Working Group](https://forum.ansible.com/g/network-wg): by joining the team you will automatically get subscribed to the posts tagged with [your group forum tag here](https://forum.ansible.com/tags/security). + * [Social Spaces](https://forum.ansible.com/c/chat/4): gather and interact with fellow enthusiasts. + * [News & Announcements](https://forum.ansible.com/c/news/5): track project-wide announcements including social events. + +* The Ansible [Bullhorn newsletter](https://docs.ansible.com/ansible/devel/community/communication.html#the-bullhorn): used to announce releases and important changes. + +For more information about communication, see the [Ansible communication guide](https://docs.ansible.com/ansible/devel/community/communication.html). + ## Ansible version compatibility diff --git a/changelogs/fragments/0-readme.yml b/changelogs/fragments/0-readme.yml new file mode 100644 index 00000000..6ae0307d --- /dev/null +++ b/changelogs/fragments/0-readme.yml @@ -0,0 +1,3 @@ +--- +trivial: + - README.md - Add Communication section with Forum information. From aae3640ddf912092ab68a2dd90db3276e3c7101a Mon Sep 17 00:00:00 2001 From: Ruchi Pakhle <72685035+Ruchip16@users.noreply.github.com> Date: Wed, 18 Sep 2024 14:16:34 +0530 Subject: [PATCH 32/36] Add Support section in the README (#244) * Add Support section in the README * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- README.md | 10 ++++++++++ changelogs/fragments/adds_support.yaml | 3 +++ 2 files changed, 13 insertions(+) create mode 100644 changelogs/fragments/adds_support.yaml diff --git a/README.md b/README.md index be9f4438..6629b8b2 100644 --- a/README.md +++ b/README.md @@ -5,6 +5,16 @@ The Ansible Cisco ASA collection includes a variety of Ansible content to help automate the management of Cisco ASA firewall appliances. +## Support + +As a Red Hat Ansible [Certified Content](https://catalog.redhat.com/software/search?target_platforms=Red%20Hat%20Ansible%20Automation%20Platform), this collection is entitled to [support](https://access.redhat.com/support/) through [Ansible Automation Platform](https://www.redhat.com/en/technologies/management/ansible) (AAP). + +If a support case cannot be opened with Red Hat and the collection has been obtained either from [Galaxy](https://galaxy.ansible.com/ui/) or [GitHub](https://github.com/ansible-collections/cisco.asa), there is community support available at no charge. + +You can join us on [#network:ansible.com](https://matrix.to/#/#network:ansible.com) room or the [Ansible Forum Network Working Group](https://forum.ansible.com/g/network-wg). + +For more information you can check the communication section below. + ## Communication * Join the Ansible forum: diff --git a/changelogs/fragments/adds_support.yaml b/changelogs/fragments/adds_support.yaml new file mode 100644 index 00000000..06f93f76 --- /dev/null +++ b/changelogs/fragments/adds_support.yaml @@ -0,0 +1,3 @@ +--- +doc_changes: + - Includes a new support related section in the README. From 0a1f96573eec4790ed471a0dfb0fb722fcc4315f Mon Sep 17 00:00:00 2001 From: Ruchi Pakhle <72685035+Ruchip16@users.noreply.github.com> Date: Thu, 26 Sep 2024 14:23:25 +0530 Subject: [PATCH 33/36] Adds ignore-2.19.txt (#245) --- changelogs/fragments/ignore_219.yaml | 3 +++ tests/sanity/ignore-2.19.txt | 1 + 2 files changed, 4 insertions(+) create mode 100644 changelogs/fragments/ignore_219.yaml create mode 100644 tests/sanity/ignore-2.19.txt diff --git a/changelogs/fragments/ignore_219.yaml b/changelogs/fragments/ignore_219.yaml new file mode 100644 index 00000000..d051c421 --- /dev/null +++ b/changelogs/fragments/ignore_219.yaml @@ -0,0 +1,3 @@ +--- +trivial: + - Add ignore-2.19.txt. diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt new file mode 100644 index 00000000..3d2a4f58 --- /dev/null +++ b/tests/sanity/ignore-2.19.txt @@ -0,0 +1 @@ +plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` From 3ada1f51c5f3d9335d3a133ec6a942d6b08a05e7 Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 15:12:28 +0530 Subject: [PATCH 34/36] [pre-commit.ci] pre-commit autoupdate (#246) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit updates: - [github.com/pre-commit/pre-commit-hooks: v4.6.0 → v5.0.0](https://github.com/pre-commit/pre-commit-hooks/compare/v4.6.0...v5.0.0) - [github.com/psf/black: 24.8.0 → 24.10.0](https://github.com/psf/black/compare/24.8.0...24.10.0) Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 40c9c733..054a7b45 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -7,7 +7,7 @@ repos: - id: update-docs - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.6.0 + rev: v5.0.0 hooks: - id: check-merge-conflict - id: check-symlinks @@ -41,6 +41,6 @@ repos: args: ["--filter-files"] - repo: https://github.com/psf/black - rev: 24.8.0 + rev: 24.10.0 hooks: - id: black From 9c2cdd71b2ec908d2ae18c8ecf7ca141c2e91c70 Mon Sep 17 00:00:00 2001 From: rulev <49680309+rulev@users.noreply.github.com> Date: Fri, 3 Jan 2025 21:12:58 +0200 Subject: [PATCH 35/36] ACE dotted object-group parsing fixed (#239) * ACE dotted object-group parsing fixed * changelog fragment added * add gathered tests * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * update pending files * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * fix * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * sanity * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * check * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: Vladimir Rulev Co-authored-by: Sagar Paul Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .ansible-lint | 1 + .flake8 | 67 +++ .pre-commit-config.yaml | 9 +- bindep.txt | 8 +- .../fragments/239-ace-object-group-fix.yml | 2 + .../network/asa/rm_templates/acls.py | 2 +- test-requirements.txt | 10 +- tests/sanity/ignore-2.10.txt | 7 - tests/sanity/ignore-2.11.txt | 8 - tests/sanity/ignore-2.12.txt | 5 - tests/sanity/ignore-2.13.txt | 1 - tests/sanity/ignore-2.15.txt | 10 + tests/sanity/ignore-2.16.txt | 10 + tests/sanity/ignore-2.17.txt | 10 + tests/sanity/ignore-2.18.txt | 10 + tests/sanity/ignore-2.19.txt | 10 + tests/sanity/ignore-2.9.txt | 7 - .../unit/modules/network/asa/test_asa_acls.py | 453 +++++++++++++++++- tox-ansible.ini | 9 +- tox.ini | 33 -- 20 files changed, 582 insertions(+), 90 deletions(-) create mode 100644 .flake8 create mode 100644 changelogs/fragments/239-ace-object-group-fix.yml delete mode 100644 tests/sanity/ignore-2.10.txt delete mode 100644 tests/sanity/ignore-2.11.txt delete mode 100644 tests/sanity/ignore-2.12.txt delete mode 100644 tests/sanity/ignore-2.13.txt delete mode 100644 tests/sanity/ignore-2.9.txt delete mode 100644 tox.ini diff --git a/.ansible-lint b/.ansible-lint index 9cd26302..5d838fad 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1,3 @@ --- + profile: production diff --git a/.flake8 b/.flake8 new file mode 100644 index 00000000..03be6924 --- /dev/null +++ b/.flake8 @@ -0,0 +1,67 @@ +[flake8] + +builtins = _ + +# Print the total number of errors: +count = true + +# Don't even try to analyze these: +extend-exclude = + # No need to traverse egg info dir + *.egg-info, + # tool cache dirs + *_cache + # project env vars + .env, + # GitHub configs + .github, + # Cache files of MyPy + .mypy_cache, + # Cache files of pytest + .pytest_cache, + # Temp dir of pytest-testmon + .tmontmp, + # Occasional virtualenv dir + .venv + # VS Code + .vscode, + # Temporary build dir + build, + # This contains sdists and wheels of ansible-navigator that we don't want to check + dist, + # Metadata of `pip wheel` cmd is autogenerated + pip-wheel-metadata, + # adjacent venv + venv + # ansible won't let me + __init__.py + +# IMPORTANT: avoid using ignore option, always use extend-ignore instead +# Completely and unconditionally ignore the following errors: +extend-ignore = + F841, + # line-length + E501, + # module level import not at top of file + E402 + +# Accessibility/large fonts and PEP8 unfriendly: +max-line-length = 120 + +# Allow certain violations in certain files: +# Please keep both sections of this list sorted, as it will be easier for others to find and add entries in the future +per-file-ignores = + # The following ignores have been researched and should be considered permanent + # each should be preceeded with an explanation of each of the error codes + # If other ignores are added for a specific file in the section following this, + # these will need to be added to that line as well. + + + # S101: Allow the use of assert within the tests directory, since tests require it. + tests/**.py: S101 + + # The following were present during the initial implementation. + # They are expected to be fixed and unignored over time. + +# Count the number of occurrences of each error/warning code and print a report: +statistics = true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 054a7b45..357a60aa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -22,8 +22,8 @@ repos: hooks: - id: add-trailing-comma - - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v4.0.0-alpha.8" + - repo: https://github.com/pycontribs/mirrors-prettier + rev: "v3.4.2" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -44,3 +44,8 @@ repos: rev: 24.10.0 hooks: - id: black + + - repo: https://github.com/pycqa/flake8 + rev: 7.1.1 + hooks: + - id: flake8 diff --git a/bindep.txt b/bindep.txt index eec29ecd..ba9c980f 100644 --- a/bindep.txt +++ b/bindep.txt @@ -2,9 +2,5 @@ # see https://docs.openstack.org/infra/bindep/ for additional information. gcc-c++ [doc test platform:rpm] - -# ansible-pylibssh -gcc [compile test platform:rpm] -libssh-devel [compile test platform:rpm] -python3-Cython [test platform:fedora-35] -python3-Cython [compile platform:centos-8 platform:rhel-8] +python3-devel [test platform:rpm] +python3 [test platform:rpm] diff --git a/changelogs/fragments/239-ace-object-group-fix.yml b/changelogs/fragments/239-ace-object-group-fix.yml new file mode 100644 index 00000000..7cd8e2bb --- /dev/null +++ b/changelogs/fragments/239-ace-object-group-fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - cisco.asa.asa_acls - fixed ace parsing when source is object-group and its name contains dots diff --git a/plugins/module_utils/network/asa/rm_templates/acls.py b/plugins/module_utils/network/asa/rm_templates/acls.py index b9715102..cd8647f4 100644 --- a/plugins/module_utils/network/asa/rm_templates/acls.py +++ b/plugins/module_utils/network/asa/rm_templates/acls.py @@ -186,7 +186,7 @@ def __init__(self, lines=None): not in source and 'object-group' not in source %}{{ source.split(' ')[0] }}{% elif source is defined and\ '::' in source and 'host' not in source %}{{ source }}{% endif %}", "netmask": "{{ source.split(' ')[1] if source\ - is defined and '.' in source and 'host' not in source else None and 'object-group' not in source }}", + is defined and '.' in source and 'host' not in source and 'object-group' not in source else None }}", "any4": "{{ True if source is defined and source == 'any4' else None }}", "any6": "{{ True if source is defined and source == 'any6' else None }}", "any": "{{ True if source is defined and source == 'any' else None }}", diff --git a/test-requirements.txt b/test-requirements.txt index c5c26842..5a90586f 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,9 @@ -black==23.3.0 ; python_version >= '3.7' +# For ansible-tox-linters +black==23.3.0 flake8 -pexpect -pytest-xdist yamllint + +# Unit test runner +pytest-ansible pytest-xdist -pytest-ansible ; python_version >= '3.9' +pytest-cov diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt deleted file mode 100644 index 65598cad..00000000 --- a/tests/sanity/ignore-2.10.txt +++ /dev/null @@ -1,7 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt deleted file mode 100644 index 5f802771..00000000 --- a/tests/sanity/ignore-2.11.txt +++ /dev/null @@ -1,8 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/terminal/asa.py import-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt deleted file mode 100644 index 85ed7df5..00000000 --- a/tests/sanity/ignore-2.12.txt +++ /dev/null @@ -1,5 +0,0 @@ -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt deleted file mode 100644 index 3d2a4f58..00000000 --- a/tests/sanity/ignore-2.13.txt +++ /dev/null @@ -1 +0,0 @@ -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index 3d2a4f58..aa7c4506 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.16.txt +++ b/tests/sanity/ignore-2.16.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.17.txt +++ b/tests/sanity/ignore-2.17.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.18.txt +++ b/tests/sanity/ignore-2.18.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.19.txt +++ b/tests/sanity/ignore-2.19.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt deleted file mode 100644 index 65598cad..00000000 --- a/tests/sanity/ignore-2.9.txt +++ /dev/null @@ -1,7 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/unit/modules/network/asa/test_asa_acls.py b/tests/unit/modules/network/asa/test_asa_acls.py index 31aea5d6..7e7e0956 100644 --- a/tests/unit/modules/network/asa/test_asa_acls.py +++ b/tests/unit/modules/network/asa/test_asa_acls.py @@ -21,11 +21,13 @@ reason="Tests and/or module are unstable on Python 3.5.", ) +from textwrap import dedent +from unittest.mock import patch + from ansible_collections.cisco.asa.plugins.modules import asa_acls -from ansible_collections.cisco.asa.tests.unit.compat.mock import patch from ansible_collections.cisco.asa.tests.unit.modules.utils import set_module_args -from .asa_module import TestAsaModule, load_fixture +from .asa_module import TestAsaModule class TestAsaAclsModule(TestAsaModule): @@ -76,13 +78,35 @@ def tearDown(self): self.mock_load_config.stop() self.mock_execute_show_command.stop() - def load_fixtures(self, commands=None): - def load_from_file(*args, **kwargs): - return load_fixture("asa_acls_config.cfg") - - self.execute_show_command.side_effect = load_from_file - def test_asa_acls_merged(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -137,6 +161,34 @@ def test_asa_acls_merged(self): self.assertEqual(result["commands"], commands) def test_asa_acls_merged_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -319,6 +371,34 @@ def test_asa_acls_merged_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_replaced(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -377,6 +457,34 @@ def test_asa_acls_replaced(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_replaced_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -559,6 +667,34 @@ def test_asa_acls_replaced_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_overridden(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -610,6 +746,34 @@ def test_asa_acls_overridden(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_overridden_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -792,6 +956,34 @@ def test_asa_acls_overridden_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_delete_by_acl(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -813,6 +1005,34 @@ def test_asa_acls_delete_by_acl(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_deleted_all(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ @@ -833,6 +1053,34 @@ def test_asa_acls_deleted_all(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_rendered(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -868,3 +1116,192 @@ def test_asa_acls_rendered(self): ] result = self.execute_module(changed=False) self.assertEqual(result["rendered"], commands) + + def test_asa_acls_gathered(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit object-group MYSERV.11 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) + set_module_args( + dict( + state="gathered", + ), + ) + facts = { + "acls": [ + { + "name": "test_global_access", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": {"any": True}, + "destination": {"any": True, "port_protocol": {"eq": "www"}}, + "log": "errors", + "protocol_options": {"tcp": True}, + }, + {"line": 2, "remark": "test global remark"}, + ], + }, + { + "name": "test_access", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": {"address": "192.0.2.0", "netmask": "255.255.255.0"}, + "destination": { + "address": "198.51.100.0", + "netmask": "255.255.255.0", + "port_protocol": {"eq": "www"}, + }, + "log": "default", + "protocol_options": {"tcp": True}, + }, + { + "grant": "deny", + "line": 2, + "protocol": "igrp", + "source": {"address": "198.51.100.0", "netmask": "255.255.255.0"}, + "destination": {"address": "198.51.110.0", "netmask": "255.255.255.0"}, + "log": "errors", + "protocol_options": {"igrp": True}, + }, + { + "grant": "permit", + "line": 3, + "protocol": "ip", + "source": {"host": "192.0.2.2"}, + "destination": {"any": True}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "test_R1_traffic", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": { + "address": "2001:db8:0:3::/64", + "port_protocol": {"eq": "www"}, + }, + "destination": { + "address": "2001:fc8:0:4::/64", + "port_protocol": {"eq": "telnet"}, + }, + "inactive": True, + "protocol_options": {"tcp": True}, + }, + { + "grant": "permit", + "line": 2, + "protocol": "ip", + "source": {"host": "2001:db8::1"}, + "destination": {"any6": True}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "ansible_test", + "aces": [ + {"line": 1, "remark": "HostA"}, + { + "grant": "deny", + "line": 2, + "protocol": "ip", + "source": {"host": "192.0.5.1"}, + "destination": {"any4": True}, + "protocol_options": {"ip": True}, + }, + ], + "acl_type": "extended", + }, + { + "name": "management_in", + "acl_type": "extended", + "aces": [ + { + "grant": "permit", + "line": 1, + "protocol": "tcp", + "source": { + "host": "198.51.100.5", + "port_protocol": {"range": {"start": 49152, "end": 65535}}, + }, + "destination": { + "address": "198.51.100.0", + "netmask": "255.255.255.0", + "port_protocol": {"eq": "100"}, + }, + "protocol_options": {"tcp": True}, + }, + { + "grant": "permit", + "line": 2, + "source": {"object_group": "MYSERV.11"}, + "destination": { + "object_group": "ALLSERV.12", + "port_protocol": {"eq": "9389"}, + }, + }, + { + "grant": "permit", + "line": 3, + "protocol": "ip", + "source": {"any4": True}, + "destination": {"host": "192.0.2.1"}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "MyACL", + "acl_type": "extended", + "aces": [ + { + "grant": "permit", + "line": 1, + "protocol": "tcp", + "source": {"object_group": "O-Environments"}, + "destination": {"any": True, "service_object_group": "O-Windows-TCP"}, + "protocol_options": {"tcp": True}, + }, + ], + }, + ], + } + result = self.execute_module(changed=False) + self.assertEqual(result["gathered"], facts) diff --git a/tox-ansible.ini b/tox-ansible.ini index 5e1f4b36..b49a359f 100644 --- a/tox-ansible.ini +++ b/tox-ansible.ini @@ -1,10 +1,3 @@ [ansible] -skip = - py3.7 - py3.8 - 2.9 - 2.10 - 2.11 - 2.12 - 2.13 +skip = "" diff --git a/tox.ini b/tox.ini deleted file mode 100644 index c5b846a3..00000000 --- a/tox.ini +++ /dev/null @@ -1,33 +0,0 @@ -[tox] -minversion = 1.4.2 -envlist = linters -skipsdist = True - -[testenv] -basepython = python3 -deps = -r{toxinidir}/requirements.txt - -r{toxinidir}/test-requirements.txt -commands = find {toxinidir} -type f -name "*.py[c|o]" -delete - -[testenv:black] -install_command = pip install {opts} {packages} -commands = - black -v {toxinidir} - -[testenv:linters] -install_command = pip install {opts} {packages} -commands = - black -v --diff --check {toxinidir} - flake8 {posargs} - -[testenv:venv] -commands = {posargs} - -[flake8] -# E123, E125 skipped as they are invalid PEP-8. - -show-source = True -ignore = E123,E125,E203,E402,E501,E741,W503 -max-line-length = 160 -builtins = _ -exclude = .git,.tox,tests/unit/compat/ From 2e742e53e764f6bcea33444d095a870737abc614 Mon Sep 17 00:00:00 2001 From: rulev <49680309+rulev@users.noreply.github.com> Date: Mon, 6 Jan 2025 14:08:06 +0200 Subject: [PATCH 36/36] ACE object-group as protocol support added (#240) * ACE object-group as protocol support added * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * changelog fragment added * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * fix tests * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: Vladimir Rulev Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> Co-authored-by: Sagar Paul --- .../240-ace-protocol-object-group.yml | 2 ++ .../network/asa/facts/acls/acls.py | 1 + .../network/asa/rm_templates/acls.py | 2 +- tests/sanity/ignore-2.15.txt | 10 -------- tests/sanity/ignore-2.16.txt | 10 -------- tests/sanity/ignore-2.17.txt | 10 -------- tests/sanity/ignore-2.18.txt | 10 -------- tests/sanity/ignore-2.19.txt | 10 -------- .../unit/modules/network/asa/test_asa_acls.py | 24 +++++++++---------- 9 files changed, 16 insertions(+), 63 deletions(-) create mode 100644 changelogs/fragments/240-ace-protocol-object-group.yml diff --git a/changelogs/fragments/240-ace-protocol-object-group.yml b/changelogs/fragments/240-ace-protocol-object-group.yml new file mode 100644 index 00000000..cc13ebc7 --- /dev/null +++ b/changelogs/fragments/240-ace-protocol-object-group.yml @@ -0,0 +1,2 @@ +minor_changes: + - cisco.asa.asa_acls - add support for specifying object-group as protocol diff --git a/plugins/module_utils/network/asa/facts/acls/acls.py b/plugins/module_utils/network/asa/facts/acls/acls.py index b624a055..d3b24a2c 100644 --- a/plugins/module_utils/network/asa/facts/acls/acls.py +++ b/plugins/module_utils/network/asa/facts/acls/acls.py @@ -90,6 +90,7 @@ def populate_facts(self, connection, ansible_facts, data=None): each.get("protocol") and each.get("protocol") != "icmp" and each.get("protocol") != "icmp6" + and "object-group" not in each.get("protocol") ): each["protocol_options"] = {each.get("protocol"): True} acls.append(val) diff --git a/plugins/module_utils/network/asa/rm_templates/acls.py b/plugins/module_utils/network/asa/rm_templates/acls.py index cd8647f4..bc702b4e 100644 --- a/plugins/module_utils/network/asa/rm_templates/acls.py +++ b/plugins/module_utils/network/asa/rm_templates/acls.py @@ -153,7 +153,7 @@ def __init__(self, lines=None): \s*(?Pdeny|permit)* \s*(?P(dsap\s\S+)|bpdu|eii-ipx|ipx|mpls-unicast|mpls-multicast|isis|any\s)* \s*(?P(host\s\S+)|any4|(?:[0-9]{1,3}\.){3}[0-9]{1,3}\s(?:[0-9]{1,3}\.){3}[0-9]{1,3})* - \s*(?Pah|eigrp|esp|gre|icmp|icmp6|igmp|igrp|ip|ipinip|ipsec|nos|ospf|pcp|pim|pptp|sctp|snp|tcp|udp)* + \s*(?Pah|eigrp|esp|gre|icmp|icmp6|igmp|igrp|ip|ipinip|ipsec|nos|ospf|pcp|pim|pptp|sctp|snp|tcp|udp|object-group\s\S+)* \s*(?P\d+\s)* \s*(?Pany4|any6|any|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})|(([a-f0-9:]+:+)+[a-f0-9]+\S+|host\s(([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})|(([a-f0-9:]+:+)+[a-f0-9]+)\S+)|interface\s\S+|object-group\s\S+))* \s*(?P(eq|gts|lt|neq)\s(\S+|\d+)|range\s\S+\s\S+)* diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index aa7c4506..3d2a4f58 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -1,11 +1 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt index 6ccd8eb8..3d2a4f58 100644 --- a/tests/sanity/ignore-2.16.txt +++ b/tests/sanity/ignore-2.16.txt @@ -1,11 +1 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt index 6ccd8eb8..3d2a4f58 100644 --- a/tests/sanity/ignore-2.17.txt +++ b/tests/sanity/ignore-2.17.txt @@ -1,11 +1 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt index 6ccd8eb8..3d2a4f58 100644 --- a/tests/sanity/ignore-2.18.txt +++ b/tests/sanity/ignore-2.18.txt @@ -1,11 +1 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt index 6ccd8eb8..3d2a4f58 100644 --- a/tests/sanity/ignore-2.19.txt +++ b/tests/sanity/ignore-2.19.txt @@ -1,11 +1 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) -tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/unit/modules/network/asa/test_asa_acls.py b/tests/unit/modules/network/asa/test_asa_acls.py index 7e7e0956..5f97a697 100644 --- a/tests/unit/modules/network/asa/test_asa_acls.py +++ b/tests/unit/modules/network/asa/test_asa_acls.py @@ -88,7 +88,7 @@ def test_asa_acls_merged(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -170,7 +170,7 @@ def test_asa_acls_merged_idempotent(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -380,7 +380,7 @@ def test_asa_acls_replaced(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -466,7 +466,7 @@ def test_asa_acls_replaced_idempotent(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -676,7 +676,7 @@ def test_asa_acls_overridden(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -755,7 +755,7 @@ def test_asa_acls_overridden_idempotent(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -965,7 +965,7 @@ def test_asa_acls_delete_by_acl(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -1014,7 +1014,7 @@ def test_asa_acls_deleted_all(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -1062,7 +1062,7 @@ def test_asa_acls_rendered(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -1127,7 +1127,7 @@ def test_asa_acls_gathered(self): access-list test_global_access line 2 remark test global remark access-list test_access; 2 elements; name hash: 0x96b5d78b access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8 access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 @@ -1271,8 +1271,8 @@ def test_asa_acls_gathered(self): { "grant": "permit", "line": 2, - "source": {"object_group": "MYSERV.11"}, - "destination": { + "protocol": "object-group MYSERV.11", + "source": { "object_group": "ALLSERV.12", "port_protocol": {"eq": "9389"}, },