search

vyos / vyos.vyos

Ansible Network Collection for VyOS
GNU General Public License v3.0
69 stars 62 forks source link

Module vyos_firewall_rules doesn't delete rules on replaced state #247

Open mlk-89 opened 2 years ago

mlk-89 commented 2 years ago
SUMMARY

I think the module vyos_firewall_rules should delete rules when using replaced.

This bug only affect source and destination.

ISSUE TYPE
COMPONENT NAME

vyos_firewall_rules (replaced state)

ANSIBLE VERSION

ansible [core 2.12.1] configured module search path = ['/home//.ansible/plugins/modules', '/usr/share/ansible/plugins/modules'] ansible python module location = /home//.local/lib/python3.8/site-packages/ansible ansible collection location = /home/maxime/.ansible/collections:/usr/share/ansible/collections executable location = /home/maxime/.local/bin/ansible python version = 3.8.10 (default, Nov 26 2021, 20:14:08) [GCC 9.3.0] jinja version = 2.10.1 libyaml = True


##### COLLECTION VERSION
<!--- Paste verbatim output from "ansible-galaxy collection list <namespace>.<collection>"  between the quotes
for example: ansible-galaxy collection list community.general
-->

Collection Version

vyos.vyos 2.8.0 


##### STEPS TO REPRODUCE
<!--- Describe exactly how to reproduce the problem, using a minimal test-case -->

<!--- Paste example playbooks or commands between quotes below -->
```yaml
  vyos.vyos.vyos_firewall_rules:
    config:
  - afi: ipv4
    rule_sets:
      - name: test4
        description: IPv4 INBOUND rule set
        default_action: accept
        rules:
          - number: 101
            action: reject
            source:
              group:
                network_group: "{{ public_group_ipv4['public']['name'] }}"
  state: replaced
EXPECTED RESULTS
vyos@nf-pont-client1a# show firewall name test4
 default-action accept
 description "IPv4 INBOUND rule set"
 rule 101 {
     action reject
     source {
         group {
             network-group public_group_ipv4
         }
     }
 }
ACTUAL RESULTS
vyos@nf-pont-client1a# show firewall name test4
 default-action accept
 description "IPv4 INBOUND rule set"
 rule 101 {
     action reject
     destination {
         group {
             network-group public_group_ipv4
         }
     }
     source {
         group {
             network-group public_group_ipv4
         }
     }
 }
mlk-89 commented 2 years ago

Hi, I've created a PR for this issue https://github.com/ansible-collections/vyos.vyos/pull/248