Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add object-group service support #1148

Open
wants to merge 15 commits into
base: main
Choose a base branch
from
Open

Add object-group service support #1148

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
0eae9cf
feature/Add-OG-service-support
Dec 12, 2024
6209e6e
Merge pull request #1 from ArchelonU/feature/Add-OG-service-support
ArchelonU Dec 12, 2024
744ee87
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Dec 12, 2024
21bad17
Add description for service_object_group
Dec 19, 2024
68fe5f1
Merge pull request #2 from ArchelonU/feature/Add-OG-service-support
ArchelonU Dec 19, 2024
77e318a
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Dec 19, 2024
ad4738b
feature/Add-OG-service-support add changelog yaml
ArchelonU Dec 27, 2024
c4be1b4
Merge pull request #3 from ArchelonU/feature/Add-OG-service-support
ArchelonU Dec 27, 2024
4ba8f8c
Merge branch 'main' into main
roverflow Dec 31, 2024
aef63c6
Merge branch 'ansible-collections:main' into feature/Add-OG-service-s…
ArchelonU Jan 2, 2025
729b1c6
Merge pull request #4 from ArchelonU/feature/Add-OG-service-support
ArchelonU Jan 2, 2025
86c8c01
Add tests service object-group
ArchelonU Jan 2, 2025
ef9f60b
Merge pull request #5 from ArchelonU/feature/Add-OG-service-support
ArchelonU Jan 2, 2025
de2e40e
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jan 2, 2025
3df7d46
Merge pull request #6 from ansible-collections/main
ArchelonU Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions changelogs/fragments/add_og_service_support.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
---
minor_changes:
- Added object-group service support for ios_acls module
18 changes: 18 additions & 0 deletions docs/cisco.ios.ios_acls_module.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3149,6 +3149,24 @@ Parameters
<div>Refer to vendor documentation for valid values.</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder"></td>
<td class="elbow-placeholder"></td>
<td class="elbow-placeholder"></td>
<td colspan="4">
<div class="ansibleOptionAnchor" id="parameter-"></div>
<b>service_object_group</b>
<a class="ansibleOptionLink" href="#parameter-" title="Permalink to this option"></a>
<div style="font-size: small">
<span style="color: purple">string</span>
</div>
</td>
<td>
</td>
<td>
<div>Service object-group for destination port.</div>
</td>
</tr>
<tr>
<td class="elbow-placeholder"></td>
<td class="elbow-placeholder"></td>
Expand Down
1 change: 1 addition & 0 deletions plugins/module_utils/network/ios/argspec/acls/acls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ class AclsArgs(object): # pylint: disable=R0903
},
"remarks": {"elements": "str", "type": "list"},
"sequence": {"type": "int"},
"service_object_group": {"type": "str"},
"source": {
"options": {
"address": {"type": "str"},
Expand Down
4 changes: 4 additions & 0 deletions plugins/module_utils/network/ios/rm_templates/acls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,8 @@ def source_destination_common_config(config_data, command, attr):
)
elif aces.get("protocol"):
command += " {protocol}".format(**aces)
if aces.get("service_object_group"):
command += " object-group {service_object_group}".format(**aces)
if aces.get("source"):
command = source_destination_common_config(aces, command, "source")
if aces.get("destination"):
Expand Down Expand Up @@ -286,6 +288,7 @@ def __init__(self, lines=None):
(\s(?P<grant>deny|permit))
(\sevaluate\s(?P<evaluate>\S+))?
(\s(?P<protocol_num>\d+)\s)?
(\sobject-group\s(?P<service_obj_grp>\S+))?
(\s*(?P<protocol>ahp|eigrp|esp|gre|icmp|igmp|ipinip|ipv6|ip|nos|ospf|pcp|pim|sctp|tcp|ip|udp))?
((\s*(?P<source_any>any))|
(\s*object-group\s(?P<source_obj_grp>\S+))|
Expand Down Expand Up @@ -340,6 +343,7 @@ def __init__(self, lines=None):
"protocol": "{{ protocol }}",
"protocol_number": "{{ protocol_num }}",
"icmp_igmp_tcp_protocol": "{{ icmp_igmp_tcp_protocol }}",
"service_object_group": "{{ service_obj_grp }}",
"source": {
"address": "{{ source_address }}",
"ipv6_address": "{{ ipv6_source_address }}",
Expand Down
4 changes: 4 additions & 0 deletions plugins/modules/ios_acls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -477,6 +477,10 @@
- Sequence Number for the Access Control Entry(ACE).
- Refer to vendor documentation for valid values.
type: int
service_object_group:
description:
- Service object-group for destination port.
type: str
source:
description: Specify the packet source.
suboptions:
Expand Down
40 changes: 40 additions & 0 deletions tests/unit/modules/network/ios/test_ios_acls.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ def test_ios_acls_merged(self):
sequence 10 deny tcp any eq www any eq telnet ack dscp af11
ip access-list extended test_pre
10 permit ip any any precedence internet
ip access-list extended test_service_og
20 deny object-group test_service_og object-group test_src_network_og any
""",
)
self.execute_show_command_name.return_value = dedent(
Expand Down Expand Up @@ -147,6 +149,26 @@ def test_ios_acls_merged(self):
),
],
),
dict(
acl_type="extended",
name="test_service_og",
aces=[
dict(
sequence=10,
grant="permit",
service_object_group="test_service_og",
source=dict(object_group="test_src_network_og"),
destination=dict(object_group="test_dst_network_og"),
),
dict(
sequence=20,
grant="deny",
service_object_group="test_service_og",
source=dict(object_group="test_src_network_og"),
destination=dict(any=True),
),
],
),
],
),
],
Expand All @@ -165,6 +187,8 @@ def test_ios_acls_merged(self):
"deny ip any any log-input test_logInput",
"ip access-list extended test_pre",
"20 permit ip any any precedence immediate",
"ip access-list extended test_service_og",
"10 permit object-group test_service_og object-group test_src_network_og object-group test_dst_network_og",
]
self.assertEqual(sorted(result["commands"]), sorted(commands))

Expand Down Expand Up @@ -698,6 +722,8 @@ def test_ios_acls_replaced_idempotent(self):
10 permit tcp 198.51.100.0 0.0.0.255 any eq 22 log (tag = testLog)
20 deny icmp 192.0.2.0 0.0.0.255 192.0.3.0 0.0.0.255 echo dscp ef ttl eq 10
30 deny icmp object-group test_network_og any dscp ef ttl eq 10
40 permit object-group test_service_og object-group test_src_network_og object-group test_dst_network_og
50 deny object-group test_service_og object-group test_src_network_og any
ipv6 access-list R1_TRAFFIC
sequence 10 deny tcp any eq www any eq telnet ack dscp af11
ip access-list extended test_pre
Expand Down Expand Up @@ -769,6 +795,20 @@ def test_ios_acls_replaced_idempotent(self):
"dscp": "ef",
"ttl": {"eq": 10},
},
{
"sequence": 40,
"grant": "permit",
"service_object_group": "test_service_og",
"source": {"object_group": "test_src_network_og"},
"destination": {"object_group": "test_dst_network_og"},
},
{
"sequence": 50,
"grant": "deny",
"service_object_group": "test_service_og",
"source": {"object_group": "test_src_network_og"},
"destination": {"any": True},
},
],
},
{"name": "test_acl", "acl_type": "standard"},
Expand Down
Loading