638de22b35
These tests are doing string matches on the error condition. Update them to match the new strings. This is probably okay to push out to old releases even though it's technically backwards incompatible because production playbooks won't be checking that a parameter was missing. Param missing is something detected and fixed while writing the playbook.
430 lines
11 KiB
YAML
430 lines
11 KiB
YAML
---
|
|
- name: network setup
|
|
cs_network:
|
|
name: "{{ cs_firewall_network }}"
|
|
network_offering: DefaultIsolatedNetworkOfferingWithSourceNatService
|
|
network_domain: example.com
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: net
|
|
- name: verify network setup
|
|
assert:
|
|
that:
|
|
- net|success
|
|
|
|
- name: public ip address setup
|
|
cs_ip_address:
|
|
network: ansible test
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: ip_address
|
|
- name: verify public ip address setup
|
|
assert:
|
|
that:
|
|
- ip_address|success
|
|
|
|
- name: set ip address as fact
|
|
set_fact:
|
|
cs_firewall_ip_address: "{{ ip_address.ip_address }}"
|
|
|
|
- name: setup 80
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify setup
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
|
|
- name: setup 5300
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify setup
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
|
|
- name: setup all
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify setup
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
|
|
- name: test fail if missing params
|
|
action: cs_firewall
|
|
register: fw
|
|
ignore_errors: true
|
|
- name: verify results of fail if missing params
|
|
assert:
|
|
that:
|
|
- fw|failed
|
|
- "fw.msg == 'one of the following is required: ip_address, network'"
|
|
|
|
- name: test fail if missing params
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
ignore_errors: true
|
|
- name: verify results of fail if missing params
|
|
assert:
|
|
that:
|
|
- fw|failed
|
|
- "fw.msg == \"missing required argument for protocol 'tcp': start_port or end_port\""
|
|
|
|
- name: test fail if missing params network egress
|
|
cs_firewall:
|
|
type: egress
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
ignore_errors: true
|
|
- name: verify results of fail if missing params ip_address
|
|
assert:
|
|
that:
|
|
- fw|failed
|
|
- "fw.msg == 'one of the following is required: ip_address, network'"
|
|
|
|
- name: test present firewall rule ingress 80 in check mode
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
check_mode: true
|
|
- name: verify results of present firewall rule ingress 80 in check mode
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
|
|
- name: test present firewall rule ingress 80
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of present firewall rule ingress 80
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "tcp"
|
|
- fw.start_port == 80
|
|
- fw.end_port == 80
|
|
- fw.type == "ingress"
|
|
|
|
- name: test present firewall rule ingress 80 idempotence
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of present firewall rule ingress 80 idempotence
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- not fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "tcp"
|
|
- fw.start_port == 80
|
|
- fw.end_port == 80
|
|
- fw.type == "ingress"
|
|
|
|
- name: test present firewall rule ingress 5300 in check mode
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
check_mode: true
|
|
- name: verify results of present firewall rule ingress 5300 in check mode
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
|
|
- name: test present firewall rule ingress 5300
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of present firewall rule ingress 5300
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "1.2.3.4/24"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "udp"
|
|
- fw.start_port == 5300
|
|
- fw.end_port == 5333
|
|
- fw.type == "ingress"
|
|
|
|
- name: test present firewall rule ingress 5300 idempotence
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of present firewall rule ingress 5300 idempotence
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- not fw|changed
|
|
- fw.cidr == "1.2.3.4/24"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "udp"
|
|
- fw.start_port == 5300
|
|
- fw.end_port == 5333
|
|
- fw.type == "ingress"
|
|
|
|
- name: test present firewall rule egress all in check mode
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
check_mode: true
|
|
- name: verify results of present firewall rule egress all in check mode
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
|
|
- name: test present firewall rule egress all
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of present firewall rule egress all
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.network == "{{ cs_firewall_network }}"
|
|
- fw.protocol == "all"
|
|
- fw.type == "egress"
|
|
|
|
- name: test present firewall rule egress all idempotence
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of present firewall rule egress all idempotence
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- not fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.network == "{{ cs_firewall_network }}"
|
|
- fw.protocol == "all"
|
|
- fw.type == "egress"
|
|
|
|
- name: test absent firewall rule ingress 80 in check mode
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
check_mode: true
|
|
- name: verify results of absent firewall rule ingress 80 in check mode
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "tcp"
|
|
- fw.start_port == 80
|
|
- fw.end_port == 80
|
|
- fw.type == "ingress"
|
|
|
|
- name: test absent firewall rule ingress 80
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify results of absent firewall rule ingress 80
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "tcp"
|
|
- fw.start_port == 80
|
|
- fw.end_port == 80
|
|
- fw.type == "ingress"
|
|
|
|
- name: test absent firewall rule ingress 80 idempotence
|
|
cs_firewall:
|
|
port: 80
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify results of absent firewall rule ingress 80 idempotence
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- not fw|changed
|
|
|
|
- name: test absent firewall rule ingress 5300 in check mode
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
check_mode: true
|
|
- name: verify results of absent firewall rule ingress 5300 in check mode
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "1.2.3.4/24"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "udp"
|
|
- fw.start_port == 5300
|
|
- fw.end_port == 5333
|
|
- fw.type == "ingress"
|
|
|
|
- name: test absent firewall rule ingress 5300
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify results of absent firewall rule ingress 5300
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "1.2.3.4/24"
|
|
- fw.ip_address == "{{ cs_firewall_ip_address }}"
|
|
- fw.protocol == "udp"
|
|
- fw.start_port == 5300
|
|
- fw.end_port == 5333
|
|
- fw.type == "ingress"
|
|
|
|
- name: test absent firewall rule ingress 5300 idempotence
|
|
cs_firewall:
|
|
ip_address: "{{ cs_firewall_ip_address }}"
|
|
protocol: udp
|
|
start_port: 5300
|
|
end_port: 5333
|
|
cidr: 1.2.3.4/24
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify results of absent firewall rule ingress 5300 idempotence
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- not fw|changed
|
|
|
|
- name: test absent firewall rule egress all in check mode
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
state: absent
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
check_mode: true
|
|
- name: verify results of absent firewall rule egress all in check mode
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.network == "{{ cs_firewall_network }}"
|
|
- fw.protocol == "all"
|
|
- fw.type == "egress"
|
|
|
|
- name: test absent firewall rule egress all
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
state: absent
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
register: fw
|
|
- name: verify results of absent firewall rule egress all
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- fw|changed
|
|
- fw.cidr == "0.0.0.0/0"
|
|
- fw.network == "{{ cs_firewall_network }}"
|
|
- fw.protocol == "all"
|
|
- fw.type == "egress"
|
|
|
|
- name: test absent firewall rule egress all idempotence
|
|
cs_firewall:
|
|
network: "{{ cs_firewall_network }}"
|
|
protocol: all
|
|
type: egress
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: fw
|
|
- name: verify results of absent firewall rule egress all idempotence
|
|
assert:
|
|
that:
|
|
- fw|success
|
|
- not fw|changed
|
|
|
|
- name: network cleanup
|
|
cs_network:
|
|
name: "{{ cs_firewall_network }}"
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
state: absent
|
|
register: net
|
|
- name: verify network cleanup
|
|
assert:
|
|
that:
|
|
- net|success
|