nmcli: Add wireguard connection type support (#3985)

* nmcli: add wireguard connection type

* nmcli: fix wireguard unit tests

* nmcli: set ipv4.method to disabled if ip4 not set

Method 'auto' is not supported for WireGuard

* nmcli: add wireguard documentation

* nmcli: clean up wireguard documentation

* nmcli: add wireguard changelog fragment

* nmcli: fix wireguard documentation

* Apply suggestions from code review

Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>

Co-authored-by: Andrew Pantuso <ajpantuso@gmail.com>

tests/unit/plugins/modules/net_tools/test_nmcli.py

@@ -92,6 +92,12 @@ TESTCASE_CONNECTION = [
         'state': 'absent',
         '_ansible_check_mode': True,
     },
+    {
+        'type': 'wireguard',
+        'conn_name': 'non_existent_nw_device',
+        'state': 'absent',
+        '_ansible_check_mode': True,
+    },
 ]
 
 TESTCASE_GENERIC = [
@@ -900,6 +906,49 @@ gsm.sim-operator-id:                    --
 gsm.mtu:                                auto
 """
 
+TESTCASE_WIREGUARD = [
+    {
+        'type': 'wireguard',
+        'conn_name': 'non_existent_nw_device',
+        'ifname': 'wg_non_existant',
+        'wireguard': {
+            'listen-port': '51820',
+            'private-key': '<hidden>',
+        },
+        'method4': 'manual',
+        'ip4': '10.10.10.10/24',
+        'method6': 'manual',
+        'ip6': '2001:db8::1/128',
+        'state': 'present',
+        '_ansible_check_mode': False,
+    }
+]
+
+TESTCASE_WIREGUARD_SHOW_OUTPUT = """\
+connection.id:                          non_existent_nw_device
+connection.type:                        wireguard
+connection.interface-name:              wg_non_existant
+connection.autoconnect:                 yes
+ipv4.method:                            manual
+ipv4.addresses:                         10.10.10.10/24
+ipv4.never-default:                     no
+ipv4.may-fail:                          yes
+ipv4.ignore-auto-dns:                   no
+ipv4.ignore-auto-routes:                no
+ipv6.method:                            manual
+ipv6.addresses:                         2001:db8::1/128
+ipv6.ignore-auto-dns:                   no
+ipv6.ignore-auto-routes:                no
+wireguard.private-key:                  <hidden>
+wireguard.private-key-flags:            0 (none)
+wireguard.listen-port:                  51820
+wireguard.fwmark:                       0x0
+wireguard.peer-routes:                  yes
+wireguard.mtu:                          0
+wireguard.ip4-auto-default-route:       -1 (default)
+wireguard.ip6-auto-default-route:       -1 (default)
+"""
+
 
 def mocker_set(mocker,
                connection_exists=False,
@@ -1201,6 +1250,13 @@ def mocked_gsm_connection_unchanged(mocker):
                execute_return=(0, TESTCASE_GSM_SHOW_OUTPUT, ""))
 
 
+@pytest.fixture
+def mocked_wireguard_connection_unchanged(mocker):
+    mocker_set(mocker,
+               connection_exists=True,
+               execute_return=(0, TESTCASE_WIREGUARD_SHOW_OUTPUT, ""))
+
+
 @pytest.mark.parametrize('patch_ansible_module', TESTCASE_BOND, indirect=['patch_ansible_module'])
 def test_bond_connection_create(mocked_generic_connection_create, capfd):
     """
@@ -2828,3 +2884,81 @@ def test_ethernet_connection_static_with_mulitple_ip4_addresses_unchanged(mocked
     results = json.loads(out)
     assert not results.get('failed')
     assert not results['changed']
+
+
+@pytest.mark.parametrize('patch_ansible_module', TESTCASE_WIREGUARD, indirect=['patch_ansible_module'])
+def test_create_wireguard(mocked_generic_connection_create, capfd):
+    """
+    Test : Create wireguard connection with static IP configuration
+    """
+
+    with pytest.raises(SystemExit):
+        nmcli.main()
+
+    assert nmcli.Nmcli.execute_command.call_count == 1
+    arg_list = nmcli.Nmcli.execute_command.call_args_list
+    add_args, add_kw = arg_list[0]
+
+    assert add_args[0][0] == '/usr/bin/nmcli'
+    assert add_args[0][1] == 'con'
+    assert add_args[0][2] == 'add'
+    assert add_args[0][3] == 'type'
+    assert add_args[0][4] == 'wireguard'
+    assert add_args[0][5] == 'con-name'
+    assert add_args[0][6] == 'non_existent_nw_device'
+
+    add_args_text = list(map(to_text, add_args[0]))
+    for param in ['connection.interface-name', 'wg_non_existant',
+                  'ipv4.method', 'manual',
+                  'ipv4.addresses', '10.10.10.10/24',
+                  'ipv6.method', 'manual',
+                  'ipv6.addresses', '2001:db8::1/128',
+                  'wireguard.listen-port', '51820',
+                  'wireguard.private-key', '<hidden>']:
+        assert param in add_args_text
+
+    out, err = capfd.readouterr()
+    results = json.loads(out)
+    assert not results.get('failed')
+    assert results['changed']
+
+
+@pytest.mark.parametrize('patch_ansible_module', TESTCASE_WIREGUARD, indirect=['patch_ansible_module'])
+def test_wireguard_connection_unchanged(mocked_wireguard_connection_unchanged, capfd):
+    """
+    Test : Wireguard connection with static IP configuration unchanged
+    """
+    with pytest.raises(SystemExit):
+        nmcli.main()
+
+    out, err = capfd.readouterr()
+    results = json.loads(out)
+    assert not results.get('failed')
+    assert not results['changed']
+
+
+@pytest.mark.parametrize('patch_ansible_module', TESTCASE_WIREGUARD, indirect=['patch_ansible_module'])
+def test_wireguard_mod(mocked_generic_connection_modify, capfd):
+    """
+    Test : Modify wireguard connection
+    """
+    with pytest.raises(SystemExit):
+        nmcli.main()
+
+    assert nmcli.Nmcli.execute_command.call_count == 1
+    arg_list = nmcli.Nmcli.execute_command.call_args_list
+    args, kwargs = arg_list[0]
+
+    assert args[0][0] == '/usr/bin/nmcli'
+    assert args[0][1] == 'con'
+    assert args[0][2] == 'modify'
+    assert args[0][3] == 'non_existent_nw_device'
+
+    args_text = list(map(to_text, args[0]))
+    for param in ['wireguard.listen-port', '51820']:
+        assert param in args_text
+
+    out, err = capfd.readouterr()
+    results = json.loads(out)
+    assert not results.get('failed')
+    assert results['changed']