Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Add Support for Firewall [Interface] Groups #84

Merged
merged 6 commits into from
Aug 31, 2024
Merged

Feature: Add Support for Firewall [Interface] Groups #84

merged 6 commits into from
Aug 31, 2024

Conversation

jiuka
Copy link
Contributor

@jiuka jiuka commented Aug 15, 2024

Link to API

https://docs.opnsense.org/development/api/core/firewall.html#id7

Description

It would be nice to setup/manage the [Interface] Groups with Ansible

@jiuka
Copy link
Contributor Author

jiuka commented Aug 15, 2024

What would the preferred name for this module be? To follow the example given by rule and aliase and source_nat it should be named group. However this would be a very generic term which could lead to collisions with system user groups. Any preferences?

@ansibleguy ansibleguy self-assigned this Aug 15, 2024
@ansibleguy ansibleguy added the enhancement New feature or request label Aug 15, 2024
@ansibleguy
Copy link
Owner

Nice :D

Have not even had time to look into the new firewall features. Will give it a look the next few days.

I would name it something like rule_interface_group and add an module-alias rule_if_group as the groups are only related to firewall-rules and group interfaces.

@ansibleguy
Copy link
Owner

Greetings!

Just looked into that OPNSense feature - very nice to have.

Fixes:

  • The docs-link in the first line of the docs should be unique. Maybe something like rule_if_group
  • Is there a reason why you added the device alias? Did not find any reference to it.
  • Please add the ints and interfaces aliases to the members argument
  • Please add the seq alias to the sequence argument
  • If the tests work - enable them by adding it to the test.sh

@jiuka
Copy link
Contributor Author

jiuka commented Aug 19, 2024

  • The docs-link has been changed
  • The device alias has been removed as it was a copy&past artifact
  • Other argument aliases have been added.
  • I now got the tests working and added it to the test.sh too.

@ansibleguy
Copy link
Owner

Looks good!

Seems we have a lint error and I can't push to your branch - please fix it so we can continue to merge:
plugins/modules/list.py:26:0: C0301: Line too long (128/120) (line-too-long)

@jiuka jiuka marked this pull request as ready for review August 25, 2024 12:26
@ansibleguy
Copy link
Owner

Found an issue with the test.
On the test-box the only the interfaces 'lan' and 'opt1' exist.

When changing the interface of test opn_fail1 to some random name like abc and setting the other ones to lan they seem to work.
We had a similar problem with the gateway tests where we allowed for an override via env-vars in case some dev wants to run them manually.

@ansibleguy
Copy link
Owner

Will merge and fix it myself afterwards.

Thank you for your contribution!

@ansibleguy ansibleguy merged commit 59bef9b into ansibleguy:latest Aug 31, 2024
1 of 2 checks passed
@ansibleguy
Copy link
Owner

FYI: ee01592

@jiuka jiuka deleted the firewall_group branch October 11, 2024 05:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ansibleguy ansibleguy ansibleguy approved these changes

Assignees

@ansibleguy ansibleguy

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jiuka @ansibleguy