new_module proxmox_firewall #183
Conversation
- Added method to get FW rules at cluster, node, vm, vnet levels
- Fix Sanity issues
|
I am neither Collaborator nor Maintainer, but I think you will need to provide Unit Tests as well. Additionally, there is an integration test for several functions, which probably would be well suited for this module. :) |
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #183 +/- ##
==========================================
+ Coverage 63.57% 64.86% +1.28%
==========================================
Files 60 69 +9
Lines 6315 6941 +626
Branches 1235 1326 +91
==========================================
+ Hits 4015 4502 +487
- Misses 2128 2223 +95
- Partials 172 216 +44 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
aah I hate writing unit tests.... But let me try...... |
- state=present:
+ check if fw rules already exists and if needed update them instead of creating
+ check if group exists and if so don't do anything
- state=update:
+ check if fw rules don't existsand if needed create them instead of updating
- make rules.pos as required this is to handle above conditions
- add method to get security groups and list them with firewall rules when state is not provided
- add proxmox_firewall in meta/runtime.yml
JanaHoch
force-pushed
the
feature/firewall
branch
from
79eefe7 to
b480c59
Compare
|
Hi I've added unit test for this module. can you trigger the checks again. I'm working on others but it'll take some time.... |
|
Hi @IamLunchbox , Hold off on reviewing this. I'm adding way to create aliases and update firewall level options. |
- Earlier it was only checking if rule at pos already exists - If it did it would update it given force was true. - But it means if we ran same pipeline twice without force it would fail - To fix it Checking the entier rule
- Move check_rules() to proxmox module_utils and rename to compare_list_of_dicts() - Generalize the implemnetation as this is usefull in multiple places. - e.g. filtering out which fw rules, aliases, etc needs to be created/updated
JanaHoch
force-pushed
the
feature/firewall
branch
from
b480c59 to
11a3a19
Compare
- Also add get methods in module_utils.
|
Hi @Thulium-Drake / @IamLunchbox please review this also. |
|
I will check it out. |
|
Sorry I just added 1 more small change with 0b01684 which i needed for another PR. |
|
Please ping me when you are happy with the results @IamLunchbox :-) I will merge it and re-start the CI on #182 Thanks for the work! Also @JanaHoch, I think it's a good moment to do a new release after #181 is merged. Is that PR also ready for prime time? |
There was a problem hiding this comment.
Thank you for your extensive work! @JanaHoch A nice PR, I mostly annotated grammar errors and such.
The only think I would like to discuss is, if the level option is actually needed, when there are implicit arguments, which define the desired level already. E.g. vmid or node.
@Thulium-Drake, what do you think?
| params_to_ignore=['digest', 'ipversion'] | ||
| ) | ||
|
|
||
| if len(rules_to_create) == 0 and len(rules_to_update) == 0: |
There was a problem hiding this comment.
Just a note :)
len(emtpy_list) == 0 is the same as not emtpy_list. Evaluating an empty list with bool() returns False, otherwise True.
#181 will need some time. I need to write unit tests and a way to compare subnets. But I think I can finish it over the weekend. Thanks. |
Yeah, I'm also not sure. I used it so that it'll be clear where this is getting applied. but i guess same can be done with clear docs. also @IamLunchbox Thanks for review. I'm just little packed for the week. I'll make changes over the weekend. Thanks. |
I think it's good to make them explicit, so people using this know what they are doing. And who knows what the implications of Proxmox Datacenter Manager's "let's stretch your SDN over all your clusters" feature will bring to the table. (https://pve.proxmox.com/wiki/Proxmox_Datacenter_Manager_Roadmap) That said, if there is a reason to assume that the option is either redundant or not actually needed, it could be left out. |
Added suggestions from @IamLunchbox Co-authored-by: IamLunchbox <[email protected]>
I also vote for keeping it explicit so that there is no confusion. And yes the level is part of the API endpoint we are calling but also that it can be easily inferred based on other parameters. |
JanaHoch
force-pushed
the
feature/firewall
branch
from
54d7085 to
fd0d2ab
Compare
- When state is absent and pos is 0 if condition with pos was failing. to fix it explicitly check if pos is not None.
JanaHoch
force-pushed
the
feature/firewall
branch
from
fd0d2ab to
508e616
Compare
|
@JanaHoch thanks for updating the PR with the fixes proposed! 🚀 @IamLunchbox Are you happy with the end-result? ;-) |
|
Lgtm :) |
SUMMARY
ISSUE TYPE
COMPONENT NAME
proxmox_firewall
proxmox_firewall_info
ADDITIONAL INFORMATION
This is part of #30