--- - debug: msg: "START vyos_firewall_rules round trip integration tests on connection={{ ansible_connection }}" - include_tasks: _remove_config.yaml - block: - name: Apply the provided configuration (base config) vyos_firewall_rules: config: - afi: 'ipv6' rule_sets: - name: 'UPLINK' description: 'This is ipv6 specific rule-set' default_action: 'accept' rules: - number: 1 action: 'accept' description: 'Fwipv6-Rule 1 is configured by Ansible' ipsec: 'match-ipsec' - number: 2 action: 'accept' description: 'Fwipv6-Rule 2 is configured by Ansible' ipsec: 'match-ipsec' - afi: 'ipv4' rule_sets: - name: 'INBOUND' description: 'IPv4 INBOUND rule set' default_action: 'accept' rules: - number: 101 action: 'accept' description: 'Rule 101 is configured by Ansible' ipsec: 'match-ipsec' - number: 102 action: 'reject' description: 'Rule 102 is configured by Ansible' ipsec: 'match-ipsec' state: merged register: base_config - name: Gather firewall_rules facts vyos_facts: gather_subset: - default gather_network_resources: - firewall_rules - name: Apply the provided configuration (config to be reverted) vyos_firewall_rules: config: - afi: 'ipv4' rule_sets: - name: 'INBOUND' description: 'IPv4 INBOUND rule set' default_action: 'accept' rules: - number: 103 action: 'accept' description: 'Rule 103 is configured by Ansible' source: address: '192.0.2.0' state: established: true new: false invalid: false related: true state: merged register: result - name: Assert that changes were applied assert: that: "{{ round_trip['after'] | symmetric_difference(result['after']) |length == 0 }}" - name: Revert back to base config using facts round trip vyos_firewall_rules: config: "{{ ansible_facts['network_resources']['firewall_rules'] }}" state: overridden register: revert - name: Assert that config was reverted assert: that: "{{ base_config['after'] | symmetric_difference(revert['after']) |length == 0 }}" always: - include_tasks: _remove_config.yaml