diff options
author | Sumit Jaiswal <sjaiswal@redhat.com> | 2020-02-28 17:36:38 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-28 17:36:38 +0100 |
commit | 9392912608f82ed2a38ab4abc6e3b4db0a61d637 (patch) | |
tree | a47cbf47b92b5a54f72cddf687a3d60d9e2775f3 /test/units | |
parent | Add 'OperationAborted' to the list of S3 error codes where we'll retry (#67811) (diff) | |
download | ansible-9392912608f82ed2a38ab4abc6e3b4db0a61d637.tar.xz ansible-9392912608f82ed2a38ab4abc6e3b4db0a61d637.zip |
Resource module for IOS ACL (#66629)
* fix ios_acl
Diffstat (limited to 'test/units')
-rw-r--r-- | test/units/modules/network/ios/fixtures/ios_acls_config.cfg | 4 | ||||
-rw-r--r-- | test/units/modules/network/ios/test_ios_acls.py | 442 |
2 files changed, 446 insertions, 0 deletions
diff --git a/test/units/modules/network/ios/fixtures/ios_acls_config.cfg b/test/units/modules/network/ios/fixtures/ios_acls_config.cfg new file mode 100644 index 0000000000..c90c8db909 --- /dev/null +++ b/test/units/modules/network/ios/fixtures/ios_acls_config.cfg @@ -0,0 +1,4 @@ +ip access-list extended 110 +deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10 +ipv6 access-list R1_TRAFFIC +deny tcp any eq www any eq telnet ack dscp af11
\ No newline at end of file diff --git a/test/units/modules/network/ios/test_ios_acls.py b/test/units/modules/network/ios/test_ios_acls.py new file mode 100644 index 0000000000..e1d7fad642 --- /dev/null +++ b/test/units/modules/network/ios/test_ios_acls.py @@ -0,0 +1,442 @@ +# +# (c) 2019, Ansible by Red Hat, inc +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# + +from __future__ import (absolute_import, division, print_function) +__metaclass__ = type + +from units.compat.mock import patch +from ansible.modules.network.ios import ios_acls +from units.modules.utils import set_module_args +from .ios_module import TestIosModule, load_fixture + + +class TestIosAclsModule(TestIosModule): + module = ios_acls + + def setUp(self): + super(TestIosAclsModule, self).setUp() + + self.mock_get_config = patch('ansible.module_utils.network.common.network.Config.get_config') + self.get_config = self.mock_get_config.start() + + self.mock_load_config = patch('ansible.module_utils.network.common.network.Config.load_config') + self.load_config = self.mock_load_config.start() + + self.mock_get_resource_connection_config = patch('ansible.module_utils.network.common.cfg.base.' + 'get_resource_connection') + self.get_resource_connection_config = self.mock_get_resource_connection_config.start() + + self.mock_get_resource_connection_facts = patch('ansible.module_utils.network.common.facts.facts.' + 'get_resource_connection') + self.get_resource_connection_facts = self.mock_get_resource_connection_facts.start() + + self.mock_edit_config = patch('ansible.module_utils.network.ios.providers.providers.CliProvider.edit_config') + self.edit_config = self.mock_edit_config.start() + + self.mock_execute_show_command = patch('ansible.module_utils.network.ios.facts.acls.acls.' + 'AclsFacts.get_acl_data') + self.execute_show_command = self.mock_execute_show_command.start() + + def tearDown(self): + super(TestIosAclsModule, self).tearDown() + self.mock_get_resource_connection_config.stop() + self.mock_get_resource_connection_facts.stop() + self.mock_edit_config.stop() + self.mock_get_config.stop() + self.mock_load_config.stop() + self.mock_execute_show_command.stop() + + def load_fixtures(self, commands=None, transport='cli'): + def load_from_file(*args, **kwargs): + return load_fixture('ios_acls_config.cfg') + self.execute_show_command.side_effect = load_from_file + + def test_ios_acls_merged(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="std_acl", + acl_type="standard", + aces=[ + dict( + grant="deny", + source=dict( + address="192.0.2.0", + wildcard_bits="0.0.0.255" + ) + ) + ]) + ]), + dict(afi="ipv6", + acls=[ + dict(name="merge_v6_acl", + aces=[ + dict( + grant="deny", + protocol_options=dict( + tcp=dict(ack="true") + ), + source=dict( + any="true", + port_protocol=dict(eq="www") + ), + destination=dict( + any="true", + port_protocol=dict(eq="telnet")), + dscp="af11" + ) + ]) + ]) + ], state="merged" + ) + ) + result = self.execute_module(changed=True) + commands = [ + 'ip access-list standard std_acl', + 'deny 192.0.2.0 0.0.0.255', + 'ipv6 access-list merge_v6_acl', + 'deny tcp any eq www any eq telnet ack dscp af11' + ] + self.assertEqual(result['commands'], commands) + + def test_ios_acls_merged_idempotent(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="110", + aces=[ + dict( + grant="deny", + protocol_options=dict( + icmp=dict(echo="true") + ), + source=dict( + address="192.0.2.0", + wildcard_bits="0.0.0.255" + ), + destination=dict( + address="192.0.3.0", + wildcard_bits="0.0.0.255" + ), + dscp="ef", + ttl=dict(eq=10) + ) + ]) + ]), + dict(afi="ipv6", + acls=[ + dict(name="R1_TRAFFIC", + aces=[ + dict( + grant="deny", + protocol_options=dict(tcp=dict(ack="true")), + source=dict( + any="true", + port_protocol=dict(eq="www") + ), + destination=dict( + any="true", + port_protocol=dict(eq="telnet") + ), + dscp="af11" + ) + ]) + ]) + ], state="merged" + )) + self.execute_module(changed=False, commands=[], sort=True) + + def test_ios_acls_replaced(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="replace_acl", + acl_type="extended", + aces=[ + dict( + grant="deny", + protocol_options=dict( + tcp=dict(ack="true") + ), + source=dict( + address="198.51.100.0", + wildcard_bits="0.0.0.255" + ), + destination=dict( + address="198.51.101.0", + wildcard_bits="0.0.0.255", + port_protocol=dict(eq="telnet") + ), + tos=dict(service_value=12) + ) + ]) + ]) + ], state="replaced" + )) + result = self.execute_module(changed=True) + commands = [ + 'ip access-list extended replace_acl', + 'deny tcp 198.51.100.0 0.0.0.255 198.51.101.0 0.0.0.255 eq telnet ack tos 12' + ] + self.assertEqual(result['commands'], commands) + + def test_ios_acls_replaced_idempotent(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="110", + aces=[ + dict( + grant="deny", + protocol_options=dict( + icmp=dict(echo="true") + ), + source=dict( + address="192.0.2.0", + wildcard_bits="0.0.0.255" + ), + destination=dict( + address="192.0.3.0", + wildcard_bits="0.0.0.255" + ), + dscp="ef", + ttl=dict(eq=10) + ) + ]) + ]) + ], state="replaced" + )) + self.execute_module(changed=False, commands=[], sort=True) + + def test_ios_acls_overridden(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="150", + aces=[ + dict( + grant="deny", + protocol_options=dict( + tcp=dict(syn="true") + ), + source=dict( + address="198.51.100.0", + wildcard_bits="0.0.0.255", + port_protocol=dict(eq="telnet") + ), + destination=dict( + address="198.51.110.0", + wildcard_bits="0.0.0.255", + port_protocol=dict(eq="telnet") + ), + dscp="ef", + ttl=dict(eq=10) + ) + ]) + ]) + ], state="overridden" + )) + result = self.execute_module(changed=True) + commands = [ + 'no ip access-list extended 110', + 'no ipv6 access-list R1_TRAFFIC', + 'ip access-list extended 150', + 'deny tcp 198.51.100.0 0.0.0.255 eq telnet 198.51.110.0 0.0.0.255 eq telnet syn dscp ef ttl eq 10' + ] + self.assertEqual(result['commands'], commands) + + def test_ios_acls_overridden_idempotent(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="110", + aces=[ + dict( + grant="deny", + protocol_options=dict( + icmp=dict(echo="true") + ), + source=dict( + address="192.0.2.0", + wildcard_bits="0.0.0.255" + ), + destination=dict( + address="192.0.3.0", + wildcard_bits="0.0.0.255" + ), + dscp="ef", + ttl=dict(eq=10) + ) + ]) + ]), + dict(afi="ipv6", + acls=[ + dict(name="R1_TRAFFIC", + aces=[ + dict( + grant="deny", + protocol_options=dict(tcp=dict(ack="true")), + source=dict( + any="true", + port_protocol=dict(eq="www") + ), + destination=dict( + any="true", + port_protocol=dict(eq="telnet") + ), + dscp="af11" + ) + ]) + ]) + ], state="overridden" + )) + self.execute_module(changed=False, commands=[], sort=True) + + def test_ios_acls_deleted_afi_based(self): + set_module_args( + dict(config=[ + dict(afi="ipv4") + ], state="deleted" + )) + result = self.execute_module(changed=True) + commands = [ + 'no ip access-list extended 110' + ] + self.assertEqual(result['commands'], commands) + + def test_ios_acls_deleted_acl_based(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="110", + aces=[ + dict( + grant="deny", + protocol_options=dict( + icmp=dict(echo="true") + ), + source=dict( + address="192.0.2.0", + wildcard_bits="0.0.0.255" + ), + destination=dict( + address="192.0.3.0", + wildcard_bits="0.0.0.255" + ), + dscp="ef", + ttl=dict(eq=10) + ) + ]) + ]), + dict(afi="ipv6", + acls=[ + dict(name="R1_TRAFFIC", + aces=[ + dict( + grant="deny", + protocol_options=dict(tcp=dict(ack="true")), + source=dict( + any="true", + port_protocol=dict(eq="www") + ), + destination=dict( + any="true", + port_protocol=dict(eq="telnet") + ), + dscp="af11" + ) + ]) + ]) + ], state="deleted" + )) + result = self.execute_module(changed=True) + commands = [ + 'no ip access-list extended 110', + 'no ipv6 access-list R1_TRAFFIC', + ] + self.assertEqual(result['commands'], commands) + + def test_ios_acls_rendered(self): + set_module_args( + dict(config=[ + dict(afi="ipv4", + acls=[ + dict(name="110", + aces=[ + dict( + grant="deny", + sequence="10", + protocol_options=dict( + tcp=dict(syn="true") + ), + source=dict( + address="192.0.2.0", + wildcard_bits="0.0.0.255" + ), + destination=dict( + address="192.0.3.0", + wildcard_bits="0.0.0.255", + port_protocol=dict(eq="www") + ), + dscp="ef", + ttl=dict(eq=10) + ) + ]) + ]) + ], state="rendered")) + commands = [ + 'ip access-list extended 110', + '10 deny tcp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 eq www syn dscp ef ttl eq 10' + ] + result = self.execute_module(changed=False) + self.assertEqual(result['rendered'], commands) + + def test_ios_acls_parsed(self): + set_module_args( + dict(running_config="ipv6 access-list R1_TRAFFIC\ndeny tcp any eq www any eq telnet ack dscp af11", + state="parsed")) + result = self.execute_module(changed=False) + parsed_list = [ + { + "acls": [ + { + "aces": [ + { + "destination": { + "any": True, + "port_protocol": { + "eq": "telnet" + } + }, + "dscp": "af11", + "grant": "deny", + "protocol": "tcp", + "protocol_options": { + "tcp": { + "ack": True + } + }, + "source": { + "any": True, + "port_protocol": { + "eq": "www" + } + } + } + ], + "name": "R1_TRAFFIC" + } + ], + "afi": "ipv6" + } + ] + self.assertEqual(parsed_list, result['parsed']) |