T7282: op-mode: show firewall group filtering and tab completion update #4414
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
markh0338
requested review from
dmbaturin,
sarthurdev,
jestabro,
sever-sever and
c-po
|
👍 |
|
Linting failed in the firewall.py file, but not in the section I modified. I can reformat the file if you’d like, but I wanted to keep the focus on the purpose of the PR instead of linting. |
c-po
requested changes
Mar 27, 2025
There was a problem hiding this comment.
Thank you for the submission. Looks like you are mangling two changes into one commit which is - from a software development and life cycle point - not a good idea.
Can you please split this change into two individual commits?
- Update TAB completion helpers
- Fix the for loop by an early exit in the script showing the firewall rules?
Just to clarify, would you want these completely split with different tasks and PRs? Or just different commits inside this PR? |
markh0338
force-pushed
the
op-fw-dyn-grps
branch
from
436462a to
a961c94
Compare
|
Please use individual commits inside a single PR referencing the same task id. |
12 tasks
markh0338
force-pushed
the
op-fw-dyn-grps
branch
from
a961c94 to
cd6fcb4
Compare
|
Rebased on current to sync up other firewall.py changes for remote-groups |
sever-sever
approved these changes
Apr 7, 2025
|
before this gets merged - I think there is an issue with how the path tab completion works. Admittedly, I don't know how all of that works either currently but there is an issue if a group type isn't found it doesn't continue down the list. so in this commit, if a dynamic group isn't found, the rest won't process. |
markh0338
force-pushed
the
op-fw-dyn-grps
branch
from
cd6fcb4 to
34df2ab
Compare
|
Completely overhauled the path completion logic. Previously, when using multiple entries in the completion help, a series of With the updated approach, each group directory is checked individually and only listed if it exists, ensuring more accurate and complete output. |
dmbaturin
requested changes
Apr 18, 2025
| #!/bin/bash | ||
|
|
||
| group_dirs=( | ||
| "${vyos_configdir}/active/firewall/group/address-group" |
There was a problem hiding this comment.
This approach will break down when we drop the UnionFS-based config trees in favor of in-memory configs. I cannot see why the issue on hand cannot be fixed by adding <path>firewall group dynamic-group address-group </path> and <path>firewall group dynamic-group ipv6-address-group address-group</path> to the list.
Am I missing anything here?
There was a problem hiding this comment.
This was my exact assumption as well, and it was also the basis for my initial commit for this change. However, for reasons I don’t fully understand, when the list of ls commands is executed, as soon as a missing directory is encountered due to an unconfigured group type, any groups that follow it in the sequence are not listed. Below is an example from the latest rolling release without this patch applied.
Here is the default sequence of ls commands:
ls /opt/vyatta/config/active/firewall/group/address-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/network-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/port-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/interface-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/ipv6-address-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/ipv6-network-group 2>/dev/null
If I configure an address-group and an interface-group—skipping network-group and port-group—the interface-group does not appear in tab completion.
Configured groups:
vyos@vyos# show firewall group
address-group addr-group {
address 10.1.1.1
address 10.1.1.2
address 10.1.1.3
}
interface-group int-group {
interface eth0
interface eth1
}
In op-mode, when attempting tab completion:
vyos@vyos:~$ show firewall group
Possible completions:
<Enter> Execute the current command
addr-group Show firewall group
detail Show list view of firewall group
No interface-groups are shown. And if I try to ls the network-group, I get this error:
vyos@vyos:~$ ls /opt/vyatta/config/active/firewall/group/
address-group/ interface-group/
vyos@vyos:~$ ls /opt/vyatta/config/active/firewall/group/network-group
ls: cannot access '/opt/vyatta/config/active/firewall/group/network-group': No such file or directory
My assumption is that since the return code for this command is non-zero, the rest of the commands in the sequence are not executed. As a result, any groups that follow the unconfigured one are not returned. Hope this helps.
There was a problem hiding this comment.
I see... I'm going to look into that completion helper.
There was a problem hiding this comment.
Just to expand further—when using && to concatenate ls commands, each command must return a zero exit code for the next command to run. If any command returns a non-zero code, all subsequent commands are skipped.
vyos@vyos:~$ true && echo 'ls command'
ls command
vyos@vyos:~$ false && echo 'ls command'
vyos@vyos:~$
I haven’t yet found where these commands are built from the XML, but if semicolons (;) were used instead of double ampersands (&&), then all commands would run regardless of the return code.
vyos@vyos:~$ true ; echo 'ls command'
ls command
vyos@vyos:~$ false ; echo 'ls command'
ls command
vyos@vyos:~$
Here’s the same test using the actual op-mode commands:
vyos@vyos:~$ ls /opt/vyatta/config/active/firewall/group/address-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/network-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/port-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/interface-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/ipv6-address-group 2>/dev/null &&
ls /opt/vyatta/config/active/firewall/group/ipv6-network-group 2>/dev/null
addr-group
vyos@vyos:~$
vyos@vyos:~$ ls /opt/vyatta/config/active/firewall/group/address-group 2>/dev/null ;
ls /opt/vyatta/config/active/firewall/group/network-group 2>/dev/null ;
ls /opt/vyatta/config/active/firewall/group/port-group 2>/dev/null ;
ls /opt/vyatta/config/active/firewall/group/interface-group 2>/dev/null ;
ls /opt/vyatta/config/active/firewall/group/ipv6-address-group 2>/dev/null ;
ls /opt/vyatta/config/active/firewall/group/ipv6-network-group 2>/dev/null
addr-group
int-group
vyos@vyos:~$
I’m sure there may be other consequences to this change that I’m not currently aware of, but I just wanted to offer it up as an option.
There was a problem hiding this comment.
I’m attempting this change to observe its effects. So far, it appears to work fine for this particular issue. However, I haven’t been able to extensively test it yet to ensure there are no negative effects elsewhere.
diff --git a/scripts/build-command-op-templates b/scripts/build-command-op-templates
index d203fdcef..0bb62113e 100755
--- a/scripts/build-command-op-templates
+++ b/scripts/build-command-op-templates
@@ -116,7 +116,7 @@ def get_properties(p):
if comptype is not None:
props["comp_type"] = "imagefiles"
comp_exprs.append("echo -n \"<imagefiles>\"")
- comp_help = " && ".join(comp_exprs)
+ comp_help = " ; ".join(comp_exprs)
props["comp_help"] = comp_help
There was a problem hiding this comment.
From a somewhat cynical point of view, broken completion isn't going to get anyone into a serious trouble — in the worst case they can copy the name or type it by hand. So I'd say we can give it a go and see what happens.
There was a problem hiding this comment.
For sure, it is a minor quality of life improvement. It was a small change that ended up taking me down a rabbit hole of problems. I'll push this update in a bit to see how it goes. From my research I don't think switching to a semicolon will have any negative impact. Thanks!
markh0338
force-pushed
the
op-fw-dyn-grps
branch
from
34df2ab to
07626e8
Compare
markh0338
force-pushed
the
op-fw-dyn-grps
branch
from
07626e8 to
cf206d3
Compare
|
CI integration 👍 passed! Details
|
dmbaturin
approved these changes
Apr 24, 2025
dmbaturin
added
bp/sagitta
c-po
approved these changes
Apr 24, 2025
github-actions
bot
added
the
mirror-initiated
vyosbot
added
mirror-completed
and removed
mirror-initiated
ryanzuwala
added a commit
to ryanzuwala/vyos-1x
that referenced
this pull request
Apr 25, 2025
Squashed commit of the following: commit 97fa42f Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 16:23:22 2025 -0400 router-advert: T7389: duplicate RA prefix guard add more smoketests for auto ignore to ensure it works for auto-ignore CLI and prefix overrides commit 0b20c2e Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 15:22:45 2025 -0400 router-advert: T7389: duplicate RA prefix guard ensure wildcard is configured in smoketest commit 0580f73 Merge: 5449160 5f0c177 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 15:14:23 2025 -0400 Merge branch 'current' of https://github.com/ryanzuwala/vyos-1x into current commit 5449160 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 15:13:55 2025 -0400 router-advert: T7389: duplicate RA prefix guard fix incorrect position of closing brace commit 5f0c177 Merge: 927751c e6909ff Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 14:52:17 2025 -0400 Merge branch 'vyos:current' into current commit 927751c Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 14:51:10 2025 -0400 router-advert: T7389: duplicate RA prefix guard Remove superfluous list cast filter commit 678819c Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 14:26:30 2025 -0400 router-advert: T7389: duplicate RA prefix guard Only generate autoignoreprefixes block if auto-ignore CLI node(s) exists OR there is more than one prefix advertisement (including the wildcard) commit e443a9c Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 14:11:01 2025 -0400 router-advert: T7389: duplicate RA prefix guard Remove prefix count check to preserve new auto-ignore CLI behavior commit e6909ff Merge: 110b771 b297226 Author: Daniil Baturin <daniil@vyos.io> Date: Thu Apr 24 16:25:08 2025 +0100 Merge pull request vyos#4469 from KawaiiNetworks/current bgp: T7220: Add the option to disable enforce-first-as at peer level commit 110b771 Merge: 3e08abf cf206d3 Author: Daniil Baturin <daniil@vyos.io> Date: Thu Apr 24 16:16:06 2025 +0100 Merge pull request vyos#4414 from markh0338/op-fw-dyn-grps T7282: op-mode: show firewall group filtering and tab completion update commit 3e08abf Merge: c898ce2 85c34d9 Author: Daniil Baturin <daniil@vyos.io> Date: Thu Apr 24 15:56:20 2025 +0100 Merge pull request vyos#4442 from srividya0208/T7316 T7316: Add MTU validation for interfaces with MTU less then 1200 commit 7f1f97d Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 03:07:43 2025 -0400 router-advert: T7389: duplicate RA prefix guard Fix filters in jinja template for generating autoignoreprefixes block commit c49af16 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 01:19:30 2025 -0400 router-advert: T7389: duplicate RA prefix guard Enclose pipe operator with a single space on each side commit 82d1587 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 00:26:07 2025 -0400 router-advert: T7389: duplicate RA prefix guard forgot to remove original auto_ignore_prefix loop commit 10eb742 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Thu Apr 24 00:22:33 2025 -0400 router-advert: T7389: duplicate RA prefix guard implement union of overridden prefixes and auto-ignore CLI nodes for autoignoreprefixes block commit b297226 Author: canoziia <canoziia@qq.com> Date: Thu Apr 24 11:55:17 2025 +0800 T7220: Add the option to disable enforce-first-as at peer level commit 0654c79 Merge: 328d347 c898ce2 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Wed Apr 23 23:45:24 2025 -0400 Merge branch 'vyos:current' into current commit c898ce2 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Wed Apr 23 16:32:53 2025 -0400 router-advert: T7380: Implement auto-ignore-prefix syntax for router advertisements (vyos#4463) commit 88e8a1e Merge: 7cbaefe 2ff0981 Author: Christian Breunig <christian@breunig.cc> Date: Wed Apr 23 22:26:36 2025 +0200 Merge pull request vyos#4465 from MattKobayashi/T6253 dhclient: T6253: Respect `no-default-route` commit 7cbaefe Merge: 16ed7fa d0a2088 Author: Christian Breunig <christian@breunig.cc> Date: Wed Apr 23 20:24:09 2025 +0200 Merge pull request vyos#4467 from c-po/ipv6-nd-fixes interface: T4627: not every interface type supports IPv6 interface-identifiers commit d0a2088 Author: Christian Breunig <christian@breunig.cc> Date: Wed Apr 23 20:14:56 2025 +0200 interface: T4627: not every interface type supports IPv6 interface-identifiers Turns out commit b124f0b ("interface: T4627: support IPv6 Interface Identifier (token) for SLAAC") uncovered a wrong assumption in VyOS that every interface type in use always supports SLAAC and IPv6-ND (neighbor discovery). This is not true for WireGuard, Tunnel and VTI interfaces, thus do not provide that CLI option. In addition SLAAC support should be removed for those interface types in a future PR. commit 16ed7fa Merge: a92733f b540651 Author: Viacheslav Hletenko <v.gletenko@vyos.io> Date: Wed Apr 23 09:24:00 2025 +0300 Merge pull request vyos#4460 from c-po/systemd-syslog syslog: T7367: ensure rsyslog is registered as default systemd syslog service commit a92733f Merge: 801bdc9 de44c6a Author: Viacheslav Hletenko <v.gletenko@vyos.io> Date: Wed Apr 23 09:19:08 2025 +0300 Merge pull request vyos#4461 from c-po/slaac-removal interface: T7375: cleanup SLAAC assigned address and default route after removing SLAAC CLI configuration commit 801bdc9 Merge: d93a448 8f20f0e Author: Daniil Baturin <daniil@vyos.io> Date: Tue Apr 22 16:21:51 2025 +0100 Merge pull request vyos#4419 from sskaje/T5636 geoip: T5636: Add geoip for policy route/route6 commit d93a448 Merge: be0ce3a b124f0b Author: Daniil Baturin <daniil@vyos.io> Date: Tue Apr 22 16:19:10 2025 +0100 Merge pull request vyos#4392 from symysak/T4627 interface: T4627: support setting of IPv6 Interface Identifier(Token) commit be0ce3a Merge: 35e3a37 1d636f4 Author: Daniil Baturin <daniil@vyos.io> Date: Tue Apr 22 15:50:34 2025 +0100 Merge pull request vyos#4444 from l0crian1/T7322-fix-allowed-vlan bridge: T7322: fix slow performance of allowed vlan commit 35e3a37 Merge: 427ebbb c984fe0 Author: Daniil Baturin <daniil@vyos.io> Date: Tue Apr 22 15:47:25 2025 +0100 Merge pull request vyos#4466 from aapostoliuk/T7383-rolling ospf: T7383: Fixed unconfigured redistribution of nhrp into ospf commit 427ebbb Author: Alex Bukharov <alex.bukharov@innablr.com.au> Date: Wed Apr 23 00:40:06 2025 +1000 T6773: RFC-2136 support for Kea DHCP4 server (vyos#4153) commit de44c6a Author: Christian Breunig <christian@breunig.cc> Date: Sun Apr 20 20:59:57 2025 +0200 interface: T7379: do not request SLAAC default route when only DHCPv6 is set When an interface runs in DHCPv6 only mode, there is no reason to have a default installed that was received via SLAAC. If SLAAC is needed, it should be turned on explicitly. This bug was only triggered during system boot where a DHCPv6 client address and a default route to a link-local address was shown in the system. If DHCPv6 was enabled only on an interface while VyOS was already running - no default route got installed. commit 563488b Author: Christian Breunig <christian@breunig.cc> Date: Sun Apr 20 20:59:14 2025 +0200 sysctl: T7379: always disable IPv6 autoconf and accept_ra during startup commit bad519f Author: Christian Breunig <christian@breunig.cc> Date: Sat Apr 19 15:59:55 2025 +0200 interface: T7375: routes received via SLAAC are not cleared on exit When using SLAAC for IPv6 addresses we will also receive a default route via a RA (Router Advertisement). When we disable SLAAC on a interface the Linux Kernel does not automatically flush all addresses nor the routes received. The Kernel wait's until the addresses/prefixes/routes expire using their lifestime setting. When removing SLAAC from an interface, also remove the auto generated IPv6 address and both the default router received and the connected IP prefix of the SLAAC advertisement. commit 542e3db Author: Christian Breunig <christian@breunig.cc> Date: Sat Apr 19 15:50:37 2025 +0200 interface: T7375: remove superfluous "ifname = self.ifname" assignment We can reference "self.ifname" in any Python f-ormatted string directly. No need for an interim temporary variable. commit e9fb207 Author: Christian Breunig <christian@breunig.cc> Date: Sat Apr 19 15:18:44 2025 +0200 interface: T7375: SLAAC assigned address is not cleared when removing SLAAC commit cf206d3 Author: Mark Hayes <mark.hayes0338@gmail.com> Date: Tue Apr 22 08:29:50 2025 -0400 T7282: op-mode: update op-mode template build script to concatenate with ; instead of && commit e8da459 Author: Mark Hayes <mark.hayes0338@gmail.com> Date: Tue Apr 22 08:29:00 2025 -0400 T7282: op-mode: update firewall completion paths to include all group types commit 610a8c6 Author: Mark Hayes <mark.hayes0338@gmail.com> Date: Fri Mar 28 12:23:54 2025 -0400 T7282: op-mode: update firewall.py for proper group filtering commit c984fe0 Author: aapostoliuk <a.apostoliuk@vyos.io> Date: Tue Apr 22 12:23:12 2025 +0300 ospf: T7383: Fixed unconfigured redistribution of nhrp into ospf Fixed unconfigured redistribution of nhrp into ospf. commit 2ff0981 Author: Matthew Kobayashi <matthew@kobayashi.au> Date: Tue Apr 22 12:06:04 2025 +1000 dhclient: T6253: Respect `no-default-route` commit 328d347 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Mon Apr 21 03:31:25 2025 -0400 router-advert: T7380: smoke test Ensure remaining prefixes still set in smoke test commit bdf6609 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Mon Apr 21 03:12:53 2025 -0400 router-advert: T7380: new smoke test Add new smoke tests for auto-ignore feature commit 0207b21 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Mon Apr 21 02:56:17 2025 -0400 router-advert: T7380: radvd pkg dependency Update radvd package dependency to v2.20 commit f504da3 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Mon Apr 21 02:33:13 2025 -0400 router-advert: T7380: auto-ignore Rename CLI syntax from auto-ignore-prefix to auto-ignore commit 1212347 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Mon Apr 21 00:12:03 2025 -0400 router-advert: T7380: auto-ignore-prefix block move autoignoreprefixes block to just above prefix definitions commit 95c0f54 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Mon Apr 21 00:06:52 2025 -0400 router-advert: T7380: auto-ignore-prefix semicolon forgot final semi-colon at end of autoignoreprefixes block commit 2f130a2 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 23:42:38 2025 -0400 router-advert: T7380: auto-ignore-prefix spacing properly indent inserted prefixes commit 657b9dd Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 21:48:34 2025 -0400 router-advert: T7380: auto-ignore-prefix semicolon forgot to add required semi-colon to end of each prefix commit bc4b895 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 21:33:24 2025 -0400 router-advert: T7380: auto-ignore-prefix multi Make leaf node accept multiple prefixes commit bb473e4 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 20:33:17 2025 -0400 router-advert: T7380: auto-ignore-prefix conf j2 Remove .items() and use auto_ignore_prefix name commit 245df10 Merge: 28f61ee 39e2a90 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 16:57:37 2025 -0400 Merge branch 'vyos:current' into current commit 39e2a90 Merge: ab648af 31f098b Author: Christian Breunig <christian@breunig.cc> Date: Sun Apr 20 12:55:28 2025 +0200 Merge pull request vyos#4462 from kumvijaya/current T7334: pr mirror trigger workflow added with label creation permission for default github token commit 31f098b Author: kumvijaya <kuvmijaya@gmail.com> Date: Sun Apr 20 14:30:10 2025 +0530 T7334: pr mirror trigger workflow added with label creation permission for default github token commit 28f61ee Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 03:52:04 2025 -0400 router-advert: T7380: auto-ignore-prefix underscore Use underscores when referencing config nodes with dashes commit f0d8e8d Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sun Apr 20 03:06:49 2025 -0400 router-advert: T7380: auto-ignore-prefix leafNode Use leafNode instead of tagNode since this element does not have children, only values commit 2a569bb Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sat Apr 19 19:05:17 2025 -0400 router-advert: T7380: wip auto-ignore-prefix Implement tagNode for auto-ignore-prefix in XML configuration commit eeac906 Author: Ryan Zuwala <ryanzuwala@gmail.com> Date: Sat Apr 19 18:57:24 2025 -0400 router-advert: T7380: begin auto-ignore-prefix Implement autoignoreprefixes syntax in conf j2 template commit b540651 Author: Christian Breunig <christian@breunig.cc> Date: Fri Apr 18 19:51:53 2025 +0200 syslog: T7367: use generic systemd syslog.service over rsyslog.service commit 50d1e13 Author: Christian Breunig <christian@breunig.cc> Date: Fri Apr 18 19:49:48 2025 +0200 syslog: T7367: ensure rsyslog is registered as default systemd syslog service Systemd states: The default syslog implementation should make syslog.service a symlink to itself, so that this socket activates the right actual syslog service. commit 1d636f4 Author: l0crian1 <ryan.claridge13@gmail.com> Date: Thu Apr 10 11:21:39 2025 -0400 bridge:T7322: Fix bridge allowed-vlan handling Fix indentation error in get_vlans_ids_and_range function. commit ad5f14c Author: l0crian1 <ryan.claridge13@gmail.com> Date: Thu Apr 10 11:03:33 2025 -0400 bridge:T7322: Fix bridge allowed-vlan handling Allowed VLAN ranges are unnecessarily deconstructed into individual vlans, and then added one by one to the bridge. This can take a long time if a large range like 1-4084 is used. - python/vyos/configdict.py - Added get_vlans_ids_and_range function to return configured ranges - python/vyos/ifconfig/bridge.py - Modified add and delete vlan section to not loop unnecessarily commit 85c34d9 Author: srividya0208 <a.srividya@vyos.io> Date: Thu Apr 10 10:34:02 2025 -0400 mtu_value: T7316:commit validation for interfaces when mtu configured <1200 commit 8f20f0e Author: sskaje <sskaje@gmail.com> Date: Sun Mar 30 14:24:25 2025 +0800 geoip: T5636: add smoketest for pbr geoip commit 795154d Author: sskaje <sskaje@gmail.com> Date: Fri Mar 28 15:47:24 2025 +0800 geoip: T5636: Add geoip for policy route/route6
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Change summary
When showing firewall group , any dynamic groups are also shown along with the requested group name. Dynamic-groups, mac-groups and domain-groups are also not shown in tab completion.
Types of changes
Related Task(s)
T7282
Related PR(s)
How to test / Smoketest result
Checklist: