From 9c2cdd71b2ec908d2ae18c8ecf7ca141c2e91c70 Mon Sep 17 00:00:00 2001 From: rulev <49680309+rulev@users.noreply.github.com> Date: Fri, 3 Jan 2025 21:12:58 +0200 Subject: [PATCH] ACE dotted object-group parsing fixed (#239) * ACE dotted object-group parsing fixed * changelog fragment added * add gathered tests * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * update pending files * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * fix * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * sanity * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci * check * [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --------- Co-authored-by: Vladimir Rulev Co-authored-by: Sagar Paul Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com> --- .ansible-lint | 1 + .flake8 | 67 +++ .pre-commit-config.yaml | 9 +- bindep.txt | 8 +- .../fragments/239-ace-object-group-fix.yml | 2 + .../network/asa/rm_templates/acls.py | 2 +- test-requirements.txt | 10 +- tests/sanity/ignore-2.10.txt | 7 - tests/sanity/ignore-2.11.txt | 8 - tests/sanity/ignore-2.12.txt | 5 - tests/sanity/ignore-2.13.txt | 1 - tests/sanity/ignore-2.15.txt | 10 + tests/sanity/ignore-2.16.txt | 10 + tests/sanity/ignore-2.17.txt | 10 + tests/sanity/ignore-2.18.txt | 10 + tests/sanity/ignore-2.19.txt | 10 + tests/sanity/ignore-2.9.txt | 7 - .../unit/modules/network/asa/test_asa_acls.py | 453 +++++++++++++++++- tox-ansible.ini | 9 +- tox.ini | 33 -- 20 files changed, 582 insertions(+), 90 deletions(-) create mode 100644 .flake8 create mode 100644 changelogs/fragments/239-ace-object-group-fix.yml delete mode 100644 tests/sanity/ignore-2.10.txt delete mode 100644 tests/sanity/ignore-2.11.txt delete mode 100644 tests/sanity/ignore-2.12.txt delete mode 100644 tests/sanity/ignore-2.13.txt delete mode 100644 tests/sanity/ignore-2.9.txt delete mode 100644 tox.ini diff --git a/.ansible-lint b/.ansible-lint index 9cd26302..5d838fad 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,2 +1,3 @@ --- + profile: production diff --git a/.flake8 b/.flake8 new file mode 100644 index 00000000..03be6924 --- /dev/null +++ b/.flake8 @@ -0,0 +1,67 @@ +[flake8] + +builtins = _ + +# Print the total number of errors: +count = true + +# Don't even try to analyze these: +extend-exclude = + # No need to traverse egg info dir + *.egg-info, + # tool cache dirs + *_cache + # project env vars + .env, + # GitHub configs + .github, + # Cache files of MyPy + .mypy_cache, + # Cache files of pytest + .pytest_cache, + # Temp dir of pytest-testmon + .tmontmp, + # Occasional virtualenv dir + .venv + # VS Code + .vscode, + # Temporary build dir + build, + # This contains sdists and wheels of ansible-navigator that we don't want to check + dist, + # Metadata of `pip wheel` cmd is autogenerated + pip-wheel-metadata, + # adjacent venv + venv + # ansible won't let me + __init__.py + +# IMPORTANT: avoid using ignore option, always use extend-ignore instead +# Completely and unconditionally ignore the following errors: +extend-ignore = + F841, + # line-length + E501, + # module level import not at top of file + E402 + +# Accessibility/large fonts and PEP8 unfriendly: +max-line-length = 120 + +# Allow certain violations in certain files: +# Please keep both sections of this list sorted, as it will be easier for others to find and add entries in the future +per-file-ignores = + # The following ignores have been researched and should be considered permanent + # each should be preceeded with an explanation of each of the error codes + # If other ignores are added for a specific file in the section following this, + # these will need to be added to that line as well. + + + # S101: Allow the use of assert within the tests directory, since tests require it. + tests/**.py: S101 + + # The following were present during the initial implementation. + # They are expected to be fixed and unignored over time. + +# Count the number of occurrences of each error/warning code and print a report: +statistics = true diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 054a7b45..357a60aa 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -22,8 +22,8 @@ repos: hooks: - id: add-trailing-comma - - repo: https://github.com/pre-commit/mirrors-prettier - rev: "v4.0.0-alpha.8" + - repo: https://github.com/pycontribs/mirrors-prettier + rev: "v3.4.2" hooks: - id: prettier entry: env CI=1 bash -c "prettier --list-different . || ec=$? && prettier --loglevel=error --write . && exit $ec" @@ -44,3 +44,8 @@ repos: rev: 24.10.0 hooks: - id: black + + - repo: https://github.com/pycqa/flake8 + rev: 7.1.1 + hooks: + - id: flake8 diff --git a/bindep.txt b/bindep.txt index eec29ecd..ba9c980f 100644 --- a/bindep.txt +++ b/bindep.txt @@ -2,9 +2,5 @@ # see https://docs.openstack.org/infra/bindep/ for additional information. gcc-c++ [doc test platform:rpm] - -# ansible-pylibssh -gcc [compile test platform:rpm] -libssh-devel [compile test platform:rpm] -python3-Cython [test platform:fedora-35] -python3-Cython [compile platform:centos-8 platform:rhel-8] +python3-devel [test platform:rpm] +python3 [test platform:rpm] diff --git a/changelogs/fragments/239-ace-object-group-fix.yml b/changelogs/fragments/239-ace-object-group-fix.yml new file mode 100644 index 00000000..7cd8e2bb --- /dev/null +++ b/changelogs/fragments/239-ace-object-group-fix.yml @@ -0,0 +1,2 @@ +bugfixes: + - cisco.asa.asa_acls - fixed ace parsing when source is object-group and its name contains dots diff --git a/plugins/module_utils/network/asa/rm_templates/acls.py b/plugins/module_utils/network/asa/rm_templates/acls.py index b9715102..cd8647f4 100644 --- a/plugins/module_utils/network/asa/rm_templates/acls.py +++ b/plugins/module_utils/network/asa/rm_templates/acls.py @@ -186,7 +186,7 @@ def __init__(self, lines=None): not in source and 'object-group' not in source %}{{ source.split(' ')[0] }}{% elif source is defined and\ '::' in source and 'host' not in source %}{{ source }}{% endif %}", "netmask": "{{ source.split(' ')[1] if source\ - is defined and '.' in source and 'host' not in source else None and 'object-group' not in source }}", + is defined and '.' in source and 'host' not in source and 'object-group' not in source else None }}", "any4": "{{ True if source is defined and source == 'any4' else None }}", "any6": "{{ True if source is defined and source == 'any6' else None }}", "any": "{{ True if source is defined and source == 'any' else None }}", diff --git a/test-requirements.txt b/test-requirements.txt index c5c26842..5a90586f 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,7 +1,9 @@ -black==23.3.0 ; python_version >= '3.7' +# For ansible-tox-linters +black==23.3.0 flake8 -pexpect -pytest-xdist yamllint + +# Unit test runner +pytest-ansible pytest-xdist -pytest-ansible ; python_version >= '3.9' +pytest-cov diff --git a/tests/sanity/ignore-2.10.txt b/tests/sanity/ignore-2.10.txt deleted file mode 100644 index 65598cad..00000000 --- a/tests/sanity/ignore-2.10.txt +++ /dev/null @@ -1,7 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.11.txt b/tests/sanity/ignore-2.11.txt deleted file mode 100644 index 5f802771..00000000 --- a/tests/sanity/ignore-2.11.txt +++ /dev/null @@ -1,8 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/terminal/asa.py import-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.12.txt b/tests/sanity/ignore-2.12.txt deleted file mode 100644 index 85ed7df5..00000000 --- a/tests/sanity/ignore-2.12.txt +++ /dev/null @@ -1,5 +0,0 @@ -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/sanity/ignore-2.13.txt b/tests/sanity/ignore-2.13.txt deleted file mode 100644 index 3d2a4f58..00000000 --- a/tests/sanity/ignore-2.13.txt +++ /dev/null @@ -1 +0,0 @@ -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` diff --git a/tests/sanity/ignore-2.15.txt b/tests/sanity/ignore-2.15.txt index 3d2a4f58..aa7c4506 100644 --- a/tests/sanity/ignore-2.15.txt +++ b/tests/sanity/ignore-2.15.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.16.txt b/tests/sanity/ignore-2.16.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.16.txt +++ b/tests/sanity/ignore-2.16.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.17.txt b/tests/sanity/ignore-2.17.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.17.txt +++ b/tests/sanity/ignore-2.17.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.18.txt b/tests/sanity/ignore-2.18.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.18.txt +++ b/tests/sanity/ignore-2.18.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.19.txt b/tests/sanity/ignore-2.19.txt index 3d2a4f58..6ccd8eb8 100644 --- a/tests/sanity/ignore-2.19.txt +++ b/tests/sanity/ignore-2.19.txt @@ -1 +1,11 @@ plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` +tests/unit/modules/network/asa/test_asa_acls.py:91:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:173:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:383:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:469:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:679:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:758:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:968:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1017:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1065:161: E501: line too long (161 > 160 characters) +tests/unit/modules/network/asa/test_asa_acls.py:1130:161: E501: line too long (161 > 160 characters) diff --git a/tests/sanity/ignore-2.9.txt b/tests/sanity/ignore-2.9.txt deleted file mode 100644 index 65598cad..00000000 --- a/tests/sanity/ignore-2.9.txt +++ /dev/null @@ -1,7 +0,0 @@ -plugins/terminal/asa.py compile-2.6!skip -plugins/terminal/asa.py compile-2.7!skip -plugins/action/asa.py action-plugin-docs # base class for deprecated network platform modules using `connection: local` -plugins/module_utils/network/asa/config/acls/acls.py compile-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py compile-2.6!skip -plugins/module_utils/network/asa/config/acls/acls.py import-2.6!skip -plugins/module_utils/network/asa/config/ogs/ogs.py import-2.6!skip diff --git a/tests/unit/modules/network/asa/test_asa_acls.py b/tests/unit/modules/network/asa/test_asa_acls.py index 31aea5d6..7e7e0956 100644 --- a/tests/unit/modules/network/asa/test_asa_acls.py +++ b/tests/unit/modules/network/asa/test_asa_acls.py @@ -21,11 +21,13 @@ reason="Tests and/or module are unstable on Python 3.5.", ) +from textwrap import dedent +from unittest.mock import patch + from ansible_collections.cisco.asa.plugins.modules import asa_acls -from ansible_collections.cisco.asa.tests.unit.compat.mock import patch from ansible_collections.cisco.asa.tests.unit.modules.utils import set_module_args -from .asa_module import TestAsaModule, load_fixture +from .asa_module import TestAsaModule class TestAsaAclsModule(TestAsaModule): @@ -76,13 +78,35 @@ def tearDown(self): self.mock_load_config.stop() self.mock_execute_show_command.stop() - def load_fixtures(self, commands=None): - def load_from_file(*args, **kwargs): - return load_fixture("asa_acls_config.cfg") - - self.execute_show_command.side_effect = load_from_file - def test_asa_acls_merged(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -137,6 +161,34 @@ def test_asa_acls_merged(self): self.assertEqual(result["commands"], commands) def test_asa_acls_merged_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -319,6 +371,34 @@ def test_asa_acls_merged_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_replaced(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -377,6 +457,34 @@ def test_asa_acls_replaced(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_replaced_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -559,6 +667,34 @@ def test_asa_acls_replaced_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_overridden(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -610,6 +746,34 @@ def test_asa_acls_overridden(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_overridden_idempotent(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -792,6 +956,34 @@ def test_asa_acls_overridden_idempotent(self): self.execute_module(changed=False, commands=[], sort=True) def test_asa_acls_delete_by_acl(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -813,6 +1005,34 @@ def test_asa_acls_delete_by_acl(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_deleted_all(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ @@ -833,6 +1053,34 @@ def test_asa_acls_deleted_all(self): self.assertEqual(sorted(result["commands"]), sorted(commands)) def test_asa_acls_rendered(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) set_module_args( dict( config=dict( @@ -868,3 +1116,192 @@ def test_asa_acls_rendered(self): ] result = self.execute_module(changed=False) self.assertEqual(result["rendered"], commands) + + def test_asa_acls_gathered(self): + self.execute_show_command.return_value = dedent( + """\ + access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 4096) + alert-interval 300 + access-list test_global_access; 1 elements; name hash: 0xaa83124c + access-list test_global_access line 1 extended deny tcp any any eq www log errors interval 300 (hitcnt=0) 0x849e9e8f + access-list test_global_access line 2 remark test global remark + access-list test_access; 2 elements; name hash: 0x96b5d78b + access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 198.51.100.0 255.255.255.0 eq www log default (hitcnt=0) 0xdc46eb6e + access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors interval 300 (hitcnt=0) 0x831d8948 + access-list test_access line 3 extended permit ip host 192.0.2.2 any interval 300 (hitcnt=0) 0x831d897d + access-list test_R1_traffic; 1 elements; name hash: 0x2c20a0c + access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive (hitcnt=0) (inactive) 0x11821a52 + access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6 (hitcnt=0) 0x82a59c34 + access-list ansible_test; 1 elements; name hash: 0x1b2b1138 + access-list ansible_test line 1 remark HostA + access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4 + access-list management_in; 2 elements; name hash: 0x4acd1688 + access-list management_in line 1 extended permit tcp host 198.51.100.5 range 49152 65535 198.51.100.0 255.255.255.0 eq 100 (hitcnt=0) 0x53ec762f + access-list management_in line 2 extended permit object-group MYSERV.11 object-group ALLSERV.12 eq 9389 (hitcnt=0) 0xc8881c8c + access-list management_in line 2 extended permit tcp 198.51.101.0 255.255.255.0 1.1.1.1 1.1.1.1 eq 9389 (hitcnt=0) 0xd39d4f42 + access-list management_in line 3 extended permit ip any4 host 192.0.2.1 + access-list MyACL; 10 elements; name hash: 0x436611e8 + access-list MyACL line 1 extended permit tcp object-group O-Environments any object-group O-Windows-TCP (hitcnt=0) 0x61fe98bb + access-list MyACL line 1 extended permit tcp 10.20.30.0 255.255.255.0 any eq 3389 (hitcnt=0) 0x69856097 + access-list MyACL line 1 extended permit tcp 10.20.31.0 255.255.255.0 any eq 3389 (hitcnt=0) 0xca48629c + """, + ) + set_module_args( + dict( + state="gathered", + ), + ) + facts = { + "acls": [ + { + "name": "test_global_access", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": {"any": True}, + "destination": {"any": True, "port_protocol": {"eq": "www"}}, + "log": "errors", + "protocol_options": {"tcp": True}, + }, + {"line": 2, "remark": "test global remark"}, + ], + }, + { + "name": "test_access", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": {"address": "192.0.2.0", "netmask": "255.255.255.0"}, + "destination": { + "address": "198.51.100.0", + "netmask": "255.255.255.0", + "port_protocol": {"eq": "www"}, + }, + "log": "default", + "protocol_options": {"tcp": True}, + }, + { + "grant": "deny", + "line": 2, + "protocol": "igrp", + "source": {"address": "198.51.100.0", "netmask": "255.255.255.0"}, + "destination": {"address": "198.51.110.0", "netmask": "255.255.255.0"}, + "log": "errors", + "protocol_options": {"igrp": True}, + }, + { + "grant": "permit", + "line": 3, + "protocol": "ip", + "source": {"host": "192.0.2.2"}, + "destination": {"any": True}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "test_R1_traffic", + "acl_type": "extended", + "aces": [ + { + "grant": "deny", + "line": 1, + "protocol": "tcp", + "source": { + "address": "2001:db8:0:3::/64", + "port_protocol": {"eq": "www"}, + }, + "destination": { + "address": "2001:fc8:0:4::/64", + "port_protocol": {"eq": "telnet"}, + }, + "inactive": True, + "protocol_options": {"tcp": True}, + }, + { + "grant": "permit", + "line": 2, + "protocol": "ip", + "source": {"host": "2001:db8::1"}, + "destination": {"any6": True}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "ansible_test", + "aces": [ + {"line": 1, "remark": "HostA"}, + { + "grant": "deny", + "line": 2, + "protocol": "ip", + "source": {"host": "192.0.5.1"}, + "destination": {"any4": True}, + "protocol_options": {"ip": True}, + }, + ], + "acl_type": "extended", + }, + { + "name": "management_in", + "acl_type": "extended", + "aces": [ + { + "grant": "permit", + "line": 1, + "protocol": "tcp", + "source": { + "host": "198.51.100.5", + "port_protocol": {"range": {"start": 49152, "end": 65535}}, + }, + "destination": { + "address": "198.51.100.0", + "netmask": "255.255.255.0", + "port_protocol": {"eq": "100"}, + }, + "protocol_options": {"tcp": True}, + }, + { + "grant": "permit", + "line": 2, + "source": {"object_group": "MYSERV.11"}, + "destination": { + "object_group": "ALLSERV.12", + "port_protocol": {"eq": "9389"}, + }, + }, + { + "grant": "permit", + "line": 3, + "protocol": "ip", + "source": {"any4": True}, + "destination": {"host": "192.0.2.1"}, + "protocol_options": {"ip": True}, + }, + ], + }, + { + "name": "MyACL", + "acl_type": "extended", + "aces": [ + { + "grant": "permit", + "line": 1, + "protocol": "tcp", + "source": {"object_group": "O-Environments"}, + "destination": {"any": True, "service_object_group": "O-Windows-TCP"}, + "protocol_options": {"tcp": True}, + }, + ], + }, + ], + } + result = self.execute_module(changed=False) + self.assertEqual(result["gathered"], facts) diff --git a/tox-ansible.ini b/tox-ansible.ini index 5e1f4b36..b49a359f 100644 --- a/tox-ansible.ini +++ b/tox-ansible.ini @@ -1,10 +1,3 @@ [ansible] -skip = - py3.7 - py3.8 - 2.9 - 2.10 - 2.11 - 2.12 - 2.13 +skip = "" diff --git a/tox.ini b/tox.ini deleted file mode 100644 index c5b846a3..00000000 --- a/tox.ini +++ /dev/null @@ -1,33 +0,0 @@ -[tox] -minversion = 1.4.2 -envlist = linters -skipsdist = True - -[testenv] -basepython = python3 -deps = -r{toxinidir}/requirements.txt - -r{toxinidir}/test-requirements.txt -commands = find {toxinidir} -type f -name "*.py[c|o]" -delete - -[testenv:black] -install_command = pip install {opts} {packages} -commands = - black -v {toxinidir} - -[testenv:linters] -install_command = pip install {opts} {packages} -commands = - black -v --diff --check {toxinidir} - flake8 {posargs} - -[testenv:venv] -commands = {posargs} - -[flake8] -# E123, E125 skipped as they are invalid PEP-8. - -show-source = True -ignore = E123,E125,E203,E402,E501,E741,W503 -max-line-length = 160 -builtins = _ -exclude = .git,.tox,tests/unit/compat/