ansible/test/integration/targets/cs_firewall/tasks/main.yml
Toshio Kuratomi 638de22b35 Update tests for required_if changes
These tests are doing string matches on the error condition.  Update
them to match the new strings.  This is probably okay to push out to old
releases even though it's technically backwards incompatible because
production playbooks won't be checking that a parameter was missing.
Param missing is something detected and fixed while writing the playbook.
2017-10-26 17:37:11 -07:00

430 lines
11 KiB
YAML

---
- name: network setup
cs_network:
name: "{{ cs_firewall_network }}"
network_offering: DefaultIsolatedNetworkOfferingWithSourceNatService
network_domain: example.com
zone: "{{ cs_common_zone_adv }}"
register: net
- name: verify network setup
assert:
that:
- net|success
- name: public ip address setup
cs_ip_address:
network: ansible test
zone: "{{ cs_common_zone_adv }}"
register: ip_address
- name: verify public ip address setup
assert:
that:
- ip_address|success
- name: set ip address as fact
set_fact:
cs_firewall_ip_address: "{{ ip_address.ip_address }}"
- name: setup 80
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify setup
assert:
that:
- fw|success
- name: setup 5300
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify setup
assert:
that:
- fw|success
- name: setup all
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify setup
assert:
that:
- fw|success
- name: test fail if missing params
action: cs_firewall
register: fw
ignore_errors: true
- name: verify results of fail if missing params
assert:
that:
- fw|failed
- "fw.msg == 'one of the following is required: ip_address, network'"
- name: test fail if missing params
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
ignore_errors: true
- name: verify results of fail if missing params
assert:
that:
- fw|failed
- "fw.msg == \"missing required argument for protocol 'tcp': start_port or end_port\""
- name: test fail if missing params network egress
cs_firewall:
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
ignore_errors: true
- name: verify results of fail if missing params ip_address
assert:
that:
- fw|failed
- "fw.msg == 'one of the following is required: ip_address, network'"
- name: test present firewall rule ingress 80 in check mode
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of present firewall rule ingress 80 in check mode
assert:
that:
- fw|success
- fw|changed
- name: test present firewall rule ingress 80
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 80
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test present firewall rule ingress 80 idempotence
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 80 idempotence
assert:
that:
- fw|success
- not fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test present firewall rule ingress 5300 in check mode
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of present firewall rule ingress 5300 in check mode
assert:
that:
- fw|success
- fw|changed
- name: test present firewall rule ingress 5300
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 5300
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test present firewall rule ingress 5300 idempotence
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 5300 idempotence
assert:
that:
- fw|success
- not fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test present firewall rule egress all in check mode
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of present firewall rule egress all in check mode
assert:
that:
- fw|success
- fw|changed
- name: test present firewall rule egress all
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule egress all
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test present firewall rule egress all idempotence
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule egress all idempotence
assert:
that:
- fw|success
- not fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test absent firewall rule ingress 80 in check mode
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
check_mode: true
- name: verify results of absent firewall rule ingress 80 in check mode
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test absent firewall rule ingress 80
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 80
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test absent firewall rule ingress 80 idempotence
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 80 idempotence
assert:
that:
- fw|success
- not fw|changed
- name: test absent firewall rule ingress 5300 in check mode
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
check_mode: true
- name: verify results of absent firewall rule ingress 5300 in check mode
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test absent firewall rule ingress 5300
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 5300
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test absent firewall rule ingress 5300 idempotence
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 5300 idempotence
assert:
that:
- fw|success
- not fw|changed
- name: test absent firewall rule egress all in check mode
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
state: absent
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of absent firewall rule egress all in check mode
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test absent firewall rule egress all
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
state: absent
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of absent firewall rule egress all
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test absent firewall rule egress all idempotence
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule egress all idempotence
assert:
that:
- fw|success
- not fw|changed
- name: network cleanup
cs_network:
name: "{{ cs_firewall_network }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: net
- name: verify network cleanup
assert:
that:
- net|success