ASA network/service object-group module (#52925)

* add asa_og module * add test * fix pep8 * fix some sanity pylint * fix import error order * fix import * replace cmd() method * rename file and class * add mock for connection * fix commands in replace test function * fix lines list * update unit test * fix 'and' logic for port-object command * restore previous unit test; fix pep8 and remove debug * other unit tests * Add state present, absent, replace * Update doc; add default for state * update unit test with state present/absent * fix typo in unit test * fix pep8 too many blank lines * fix show run for service object ASA Ver 8.x * Add description field; fix bug for state present and absent * Re-designed module structure for network, service and port objects * update integration test for new module structure * fix pep8 * update EXAMPLES and RETURN * update units tests * fix module typos in unit test * removed provider from examples * fix missing comma in replace test * fix module name and remove provider * update license * remove register; update license; change import order; chage def state * remove shebang * fix doc default state * change import order * Update year in banner * fix integration test as set of tasks * remove arg_spec * remove extends_documentation_fragment: asa * Update DOC, remove unused import, change import order
2026-05-06 21:32:49 +00:00 · 2019-04-03 18:52:45 +01:00
parent 56179ad8ef
commit 48e83c39ba
9 changed files with 1556 additions and 0 deletions
--- a/test/integration/targets/asa_og/defaults/main.yaml
+++ b/test/integration/targets/asa_og/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+testcase: "*"
--- a/test/integration/targets/asa_og/tasks/cli.yaml
+++ b/test/integration/targets/asa_og/tasks/cli.yaml
@@ -0,0 +1,22 @@
+---
+- name: collect all cli test cases
+  find:
+    paths: "{{ role_path }}/tests/cli"
+    patterns: "{{ testcase }}.yaml"
+  register: test_cases
+  delegate_to: localhost
+
+- name: set test_items
+  set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}"
+
+- name: run test cases (connection=network_cli)
+  include: "{{ test_case_to_run }}"
+  with_items: "{{ test_items }}"
+  loop_control:
+    loop_var: test_case_to_run
+
+- name: run test case (connection=local)
+  include: "{{ test_case_to_run }} ansible_connection=local"
+  with_first_found: "{{ test_items }}"
+  loop_control:
+    loop_var: test_case_to_run
--- a/test/integration/targets/asa_og/tasks/main.yaml
+++ b/test/integration/targets/asa_og/tasks/main.yaml
@@ -0,0 +1,2 @@
+---
+- { include: cli.yaml, tags: ['cli'] }
--- a/test/integration/targets/asa_og/tests/cli/asa_og.yaml
+++ b/test/integration/targets/asa_og/tests/cli/asa_og.yaml
@@ -0,0 +1,541 @@
+---
+- name: remove test config if any
+  asa_config:
+    lines:
+      - no object-group network ansible_test_0
+      - no object-group network ansible_test_1
+      - no object-group network ansible_test_2
+      - no object-group service ansible_test_3 tcp-udp
+      - no object-group service ansible_test_4
+      - no object-group service ansible_test_5
+  ignore_errors: true
+
+- block:
+
+  - set_fact:
+      name: ansible_test_0
+      host_ip:
+        - 8.8.8.8
+        - 8.8.4.4
+      address:
+        - 10.0.0.0 255.0.0.0
+        - 192.168.0.0 255.255.0.0
+        - 172.16.0.0 255.255.0.0
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      group_object:
+        - aws_commonservices_eu_ie_pci_prv
+        - aws_commonservices_eu_ie_pci_elb_prv
+
+  - name: STAGE 0
+    asa_og: &config
+      name: "{{ name }}"
+      group_type: network-object
+      state: present
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      description: "{{ description }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: &true
+      that:
+        - "result.changed == true"
+
+  - name: idempotence check
+    asa_og: *config
+    register: result
+
+  - assert: &false
+      that:
+        - "result.changed == false"
+
+  - set_fact:
+      name: ansible_test_0
+      host_ip:
+        - 8.8.9.9
+      address:
+        - 8.8.8.0 255.255.255.0
+      group_object:
+        - test_network_object_1
+
+  - name: STAGE 1
+    asa_og: &config1
+      name: "{{ name }}"
+      group_type: network-object
+      state: present
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config1
+    register: result
+
+  - assert: *false
+
+  - name: STAGE 1/B
+    asa_og:
+      name: "{{ name }}"
+      group_type: network-object
+      state: present
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_1
+      host_ip:
+        - 8.8.9.9
+      address:
+        - 8.8.8.0 255.255.255.0
+      group_object:
+        - test_network_object_1
+
+  - name: STAGE 2
+    asa_og: &config2
+      name: "{{ name }}"
+      group_type: network-object
+      state: present
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config2
+    register: result
+
+  - assert: *false
+
+  - name: STAGE 2b
+    asa_og: &config2b
+      name: "{{ name }}"
+      group_type: network-object
+      state: present
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config2b
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_0
+      host_ip:
+        - 8.8.8.8
+        - 8.8.4.4
+      address:
+        - 10.0.0.0 255.0.0.0
+        - 192.168.0.0 255.255.0.0
+        - 172.16.0.0 255.255.0.0
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      group_object:
+        - aws_commonservices_eu_ie_pci_prv
+        - aws_commonservices_eu_ie_pci_elb_prv
+
+  - name: STAGE 3
+    asa_og: &config3
+      name: "{{ name }}"
+      group_type: network-object
+      state: absent
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      description: "{{ description }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config3
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_2
+      host_ip:
+        - 8.8.8.8
+        - 8.8.4.4
+      address:
+        - 10.0.0.0 255.0.0.0
+        - 192.168.0.0 255.255.0.0
+        - 172.16.0.0 255.255.0.0
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      group_object:
+        - aws_commonservices_eu_ie_pci_prv
+        - aws_commonservices_eu_ie_pci_elb_prv
+
+  - name: STAGE 4
+    asa_og: &config4
+      name: "{{ name }}"
+      group_type: network-object
+      state: replace
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      description: "{{ description }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config4
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_2
+      host_ip:
+        - 8.8.8.8
+      address:
+        - 10.0.0.0 255.0.0.0
+        - 1.0.0.0 255.255.0.0
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      group_object:
+        - aws_commonservices_eu_ie_pci_prv
+
+  - name: STAGE 5
+    asa_og: &config5
+      name: "{{ name }}"
+      group_type: network-object
+      state: replace
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      description: "{{ description }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config5
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_2
+      host_ip:
+        - 9.9.9.9
+        - 8.8.8.8
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      group_object:
+        - test_network_object_1
+
+  - name: STAGE 6
+    asa_og: &config6
+      name: "{{ name }}"
+      group_type: network-object
+      state: replace
+      host_ip: "{{ host_ip }}"
+      ip_mask: "{{ address }}"
+      description: "{{ description }}"
+      group_object: "{{ group_object }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config6
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_3
+      port_eq:
+        - www
+        - '1024'
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      port_range:
+        - '1024 10024'
+
+  - name: STAGE 7
+    asa_og: &config7
+      name: "{{ name }}"
+      protocol: tcp-udp
+      port_eq: "{{ port_eq }}"
+      port_range: "{{ port_range }}"
+      group_type: port-object
+      state: present
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config7
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_3
+      port_eq:
+        - talk
+        - '65535'
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      port_range:
+        - '1 100'
+
+  - name: STAGE 8
+    asa_og: &config8
+      name: "{{ name }}"
+      protocol: tcp-udp
+      port_eq: "{{ port_eq }}"
+      port_range: "{{ port_range }}"
+      group_type: port-object
+      state: present
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config8
+    register: result
+
+  - assert: *false
+
+
+  - name: STAGE 9
+    asa_og: &config9
+      name: "{{ name }}"
+      protocol: tcp-udp
+      port_eq: "{{ port_eq }}"
+      port_range: "{{ port_range }}"
+      group_type: port-object
+      state: absent
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config9
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_3
+      port_eq:
+        - talk
+        - '65535'
+      description: th1s_IS-a_D3scrIPt10n_3xaMple-
+      port_range:
+        - '1 100'
+
+  - name: STAGE 10
+    asa_og: &config10
+      name: "{{ name }}"
+      protocol: tcp-udp
+      port_eq: "{{ port_eq }}"
+      port_range: "{{ port_range }}"
+      group_type: port-object
+      state: replace
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config10
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_3
+      port_eq:
+        - talk
+        - www
+        - kerberos
+      description: th1s_ISWhatitIS
+      port_range:
+        - '1024 1234'
+
+  - name: STAGE 11
+    asa_og: &config11
+      name: "{{ name }}"
+      protocol: tcp-udp
+      port_eq: "{{ port_eq }}"
+      port_range: "{{ port_range }}"
+      group_type: port-object
+      state: replace
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config11
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_4
+      service_cfg:
+        - tcp destination eq 8080
+        - tcp destination eq www
+      description: th1s_ISWhatitIS
+
+  - name: STAGE 12
+    asa_og: &config12
+      name: "{{ name }}"
+      service_cfg: "{{ service_cfg }}"
+      group_type: service-object
+      state: present
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config12
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_4
+      service_cfg:
+        - tcp destination range 1234 5678
+        - tcp destination range 5678 6789
+      description: th1s_ISWhatitIS
+
+  - name: STAGE 13
+    asa_og: &config13
+      name: "{{ name }}"
+      service_cfg: "{{ service_cfg }}"
+      group_type: service-object
+      state: present
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config13
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_4
+      service_cfg:
+        - tcp destination range 1234 5678
+        - tcp destination range 5678 6789
+      description: th1s_ISWhatitIS
+
+  - name: STAGE 14
+    asa_og: &config14
+      name: "{{ name }}"
+      service_cfg: "{{ service_cfg }}"
+      group_type: service-object
+      state: absent
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config14
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_5
+      service_cfg:
+        - tcp destination range 1234 5678
+        - tcp destination range 5678 6789
+      description: th1s_ISWhatitIS
+
+  - name: STAGE 15
+    asa_og: &config15
+      name: "{{ name }}"
+      service_cfg: "{{ service_cfg }}"
+      group_type: service-object
+      state: replace
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config15
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_5
+      service_cfg:
+        - tcp destination range 1234 5678
+        - tcp destination range 5678 6789
+        - tcp destination eq www
+      description: th1s_ISWhatitIS
+
+  - name: STAGE 16
+    asa_og: &config16
+      name: "{{ name }}"
+      service_cfg: "{{ service_cfg }}"
+      group_type: service-object
+      state: replace
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config16
+    register: result
+
+  - assert: *false
+
+  - set_fact:
+      name: ansible_test_5
+      service_cfg:
+        - tcp destination eq 8080
+      description: th1s_ISWhatitIS
+
+  - name: STAGE 17
+    asa_og: &config17
+      name: "{{ name }}"
+      service_cfg: "{{ service_cfg }}"
+      group_type: service-object
+      state: replace
+      description: "{{ description }}"
+    register: result
+
+  - assert: *true
+
+  - name: idempotence check
+    asa_og: *config17
+    register: result
+
+  - assert: *false
+
+  always:
+    - name: remove test config if any
+      asa_config:
+        lines:
+          - no object-group network ansible_test_0
+          - no object-group network ansible_test_1
+          - no object-group network ansible_test_2
+          - no object-group service ansible_test_3 tcp-udp
+          - no object-group service ansible_test_4
+          - no object-group service ansible_test_5
+      ignore_errors: true
--- a/test/units/modules/network/asa/init.py
+++ b/test/units/modules/network/asa/init.py
--- a/test/units/modules/network/asa/asa_module.py
+++ b/test/units/modules/network/asa/asa_module.py
@@ -0,0 +1,76 @@
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Ansible by Red Hat, inc
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+import os
+import json
+
+from units.modules.utils import AnsibleExitJson, AnsibleFailJson, ModuleTestCase
+
+
+fixture_path = os.path.join(os.path.dirname(__file__), 'fixtures')
+fixture_data = {}
+
+
+def load_fixture(name):
+    path = os.path.join(fixture_path, name)
+
+    if path in fixture_data:
+        return fixture_data[path]
+
+    with open(path) as f:
+        data = f.read()
+
+    try:
+        data = json.loads(data)
+    except Exception:
+        pass
+
+    fixture_data[path] = data
+    return data
+
+
+class TestAsaModule(ModuleTestCase):
+
+    def execute_module(self, failed=False, changed=False, commands=None, sort=True, defaults=False):
+
+        self.load_fixtures(commands)
+
+        if failed:
+            result = self.failed()
+            self.assertTrue(result['failed'], result)
+        else:
+            result = self.changed(changed)
+            self.assertEqual(result['changed'], changed, result)
+
+        if commands is not None:
+            if sort:
+                self.assertEqual(sorted(commands), sorted(result['commands']), result['commands'])
+            else:
+                self.assertEqual(commands, result['commands'], result['commands'])
+
+        return result
+
+    def failed(self):
+        with self.assertRaises(AnsibleFailJson) as exc:
+            self.module.main()
+
+        result = exc.exception.args[0]
+        self.assertTrue(result['failed'], result)
+        return result
+
+    def changed(self, changed=False):
+        with self.assertRaises(AnsibleExitJson) as exc:
+            self.module.main()
+
+        result = exc.exception.args[0]
+        self.assertEqual(result['changed'], changed, result)
+        return result
+
+    def load_fixtures(self, commands=None):
+        pass
--- a/test/units/modules/network/asa/fixtures/asa_og_config.cfg
+++ b/test/units/modules/network/asa/fixtures/asa_og_config.cfg
@@ -0,0 +1,5 @@
+object-group network test_nets
+description ansible_test object-group description
+network-object host 8.8.8.8
+network-object 192.168.0.0 255.255.0.0
+group-object awx_lon
--- a/test/units/modules/network/asa/test_asa_og.py
+++ b/test/units/modules/network/asa/test_asa_og.py
@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+
+# (c) 2019, Ansible by Red Hat, inc
+# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
+
+# Make coding more python3-ish
+from __future__ import (absolute_import, division, print_function)
+__metaclass__ = type
+
+from units.compat.mock import patch
+from ansible.modules.network.asa import asa_og
+from units.modules.utils import set_module_args
+from .asa_module import TestAsaModule, load_fixture
+
+
+class TestAsaOgModule(TestAsaModule):
+
+    module = asa_og
+
+    def setUp(self):
+        super(TestAsaOgModule, self).setUp()
+
+        self.mock_get_config = patch('ansible.modules.network.asa.asa_og.get_config')
+        self.get_config = self.mock_get_config.start()
+
+        self.mock_load_config = patch('ansible.modules.network.asa.asa_og.load_config')
+        self.load_config = self.mock_load_config.start()
+
+        self.mock_get_connection = patch('ansible.module_utils.network.asa.asa.get_connection')
+        self.get_connection = self.mock_get_connection.start()
+
+    def tearDown(self):
+        super(TestAsaOgModule, self).tearDown()
+        self.mock_get_config.stop()
+        self.mock_load_config.stop()
+
+    def load_fixtures(self, commands=None):
+        self.get_config.return_value = load_fixture('asa_og_config.cfg').strip()
+        self.load_config.return_value = dict(diff=None, session='session')
+
+    def test_asa_og_idempotent(self):
+        set_module_args(dict(
+            name='test_nets',
+            group_type='network-object',
+            host_ip=['8.8.8.8'],
+            ip_mask=['192.168.0.0 255.255.0.0'],
+            group_object=['awx_lon'],
+            description='ansible_test object-group description',
+            state='present'
+        ))
+        commands = []
+        self.execute_module(changed=False, commands=commands)
+
+    def test_asa_og_add(self):
+        set_module_args(dict(
+            name='test_nets',
+            group_type='network-object',
+            host_ip=['8.8.8.8', '8.8.4.4'],
+            ip_mask=['192.168.0.0 255.255.0.0', '10.0.0.0 255.255.255.0'],
+            group_object=['awx_lon', 'awx_ams'],
+            description='ansible_test object-group description',
+            state='present'
+        ))
+        commands = [
+            'object-group network test_nets',
+            'network-object host 8.8.4.4',
+            'network-object 10.0.0.0 255.255.255.0',
+            'group-object awx_ams'
+        ]
+        self.execute_module(changed=True, commands=commands)
+
+    def test_asa_og_replace(self):
+        set_module_args(dict(
+            name='test_nets',
+            group_type='network-object',
+            host_ip=['8.8.4.4'],
+            ip_mask=['10.0.0.0 255.255.255.0'],
+            group_object=['awx_ams'],
+            description='ansible_test custom description',
+            state='replace'
+        ))
+        commands = [
+            'object-group network test_nets',
+            'description ansible_test custom description',
+            'no network-object host 8.8.8.8',
+            'network-object host 8.8.4.4',
+            'no network-object 192.168.0.0 255.255.0.0',
+            'network-object 10.0.0.0 255.255.255.0',
+            'no group-object awx_lon',
+            'group-object awx_ams'
+        ]
+        self.execute_module(changed=True, commands=commands)
+
+    def test_asa_og_remove(self):
+        set_module_args(dict(
+            name='test_nets',
+            group_type='network-object',
+            host_ip=['8.8.8.8'],
+            group_object=['awx_lon'],
+            state='absent'
+        ))
+        commands = [
+            'object-group network test_nets',
+            'no network-object host 8.8.8.8',
+            'no group-object awx_lon'
+        ]
+        self.execute_module(changed=True, commands=commands)