197 lines
4.8 KiB
YAML
197 lines
4.8 KiB
YAML
|
# Test code for the Meraki modules
|
||
|
# Copyright: (c) 2019, Kevin Breit (@kbreit)
|
||
|
|
||
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||
|
---
|
||
|
- block:
|
||
|
- name: Create network
|
||
|
meraki_network:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
type: appliance
|
||
|
register: create
|
||
|
|
||
|
- set_fact:
|
||
|
net_id: create.data.id
|
||
|
|
||
|
- name: Set icmp service to blocked with check mode
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: ICMP
|
||
|
access: blocked
|
||
|
register: icmp_blocked_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- debug:
|
||
|
var: icmp_blocked_check
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- icmp_blocked_check.data is defined
|
||
|
- icmp_blocked_check is changed
|
||
|
|
||
|
- name: Set icmp service to blocked
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: ICMP
|
||
|
access: blocked
|
||
|
register: icmp_blocked
|
||
|
|
||
|
- debug:
|
||
|
var: icmp_blocked
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- icmp_blocked.data is defined
|
||
|
- icmp_blocked is changed
|
||
|
|
||
|
- name: Set icmp service to blocked with idempotency
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: ICMP
|
||
|
access: blocked
|
||
|
register: icmp_blocked_idempotent
|
||
|
|
||
|
- debug:
|
||
|
var: icmp_blocked_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- icmp_blocked_idempotent.data is defined
|
||
|
- icmp_blocked_idempotent is not changed
|
||
|
|
||
|
- name: Set icmp service to restricted with check mode
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: web
|
||
|
access: restricted
|
||
|
allowed_ips:
|
||
|
- 192.0.1.1
|
||
|
- 192.0.1.2
|
||
|
check_mode: yes
|
||
|
register: web_restricted_check
|
||
|
|
||
|
- debug:
|
||
|
var: web_restricted_check
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- web_restricted_check.data is defined
|
||
|
- web_restricted_check is changed
|
||
|
|
||
|
- name: Set icmp service to restricted
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: web
|
||
|
access: restricted
|
||
|
allowed_ips:
|
||
|
- 192.0.1.1
|
||
|
- 192.0.1.2
|
||
|
register: web_restricted
|
||
|
|
||
|
- debug:
|
||
|
var: web_restricted
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- web_restricted.data is defined
|
||
|
- web_restricted is changed
|
||
|
|
||
|
- name: Set icmp service to restricted with idempotency
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: web
|
||
|
access: restricted
|
||
|
allowed_ips:
|
||
|
- 192.0.1.1
|
||
|
- 192.0.1.2
|
||
|
register: web_restricted_idempotent
|
||
|
|
||
|
- debug:
|
||
|
var: web_restricted_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- web_restricted_idempotent.data is defined
|
||
|
- web_restricted_idempotent is not changed
|
||
|
|
||
|
- name: Test error for access restricted and allowed_ips
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: present
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: web
|
||
|
access: unrestricted
|
||
|
allowed_ips:
|
||
|
- 192.0.1.1
|
||
|
- 192.0.1.2
|
||
|
register: access_error
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'access_error.msg == "allowed_ips is only allowed when access is restricted."'
|
||
|
|
||
|
- name: Query appliance services
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: query
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
register: query_appliance
|
||
|
|
||
|
- debug:
|
||
|
var: query_appliance
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- query_appliance.data is defined
|
||
|
|
||
|
- name: Query services
|
||
|
meraki_firewalled_services:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: query
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|
||
|
service: ICMP
|
||
|
register: query_service
|
||
|
|
||
|
- debug:
|
||
|
var: query_service
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- query_service.data is defined
|
||
|
|
||
|
#############################################################################
|
||
|
# Tear down starts here
|
||
|
#############################################################################
|
||
|
always:
|
||
|
- name: Delete all networks
|
||
|
meraki_network:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
state: absent
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: IntTestNetworkAppliance
|