495 lines
12 KiB
YAML
495 lines
12 KiB
YAML
|
# Test code for the Meraki Organization module
|
||
|
# Copyright: (c) 2018, Kevin Breit (@kbreit)
|
||
|
|
||
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||
|
---
|
||
|
- block:
|
||
|
- name: Test an API key is provided
|
||
|
fail:
|
||
|
msg: Please define an API key
|
||
|
when: auth_key is not defined
|
||
|
|
||
|
- name: Create network
|
||
|
meraki_network:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
type: appliance
|
||
|
|
||
|
- name: Query firewall rules
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: query
|
||
|
register: query
|
||
|
|
||
|
- debug:
|
||
|
var: query
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- query.data is defined
|
||
|
|
||
|
- name: Query firewall application categories
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: query
|
||
|
categories: yes
|
||
|
register: query_categories
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- query_categories.data is defined
|
||
|
|
||
|
- name: Create firewall rule for IP range in check mode
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- debug:
|
||
|
var: create_ip_range_check
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range_check is changed
|
||
|
|
||
|
- name: Create firewall rule for IP range
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range
|
||
|
|
||
|
- debug:
|
||
|
var: create_ip_range
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range is changed
|
||
|
- create_ip_range.data.rules | length == 1
|
||
|
|
||
|
- name: Create firewall rule for IP range with idempotency with check mode
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range_idempotent_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range_idempotent_check is not changed
|
||
|
|
||
|
- name: Create firewall rule for IP range with idempotency
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range_idempotent is not changed
|
||
|
|
||
|
- name: Create firewall rule for IP and port
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.1:23
|
||
|
register: create_ip_range_port
|
||
|
|
||
|
- debug:
|
||
|
var: create_ip_range_port
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range_port is changed
|
||
|
|
||
|
- name: Create firewall rule for IP range
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range
|
||
|
|
||
|
- debug:
|
||
|
var: create_ip_range
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range is changed
|
||
|
- create_ip_range.data.rules | length == 1
|
||
|
|
||
|
- name: Create firewall rule for IP range with idempotency with check mode
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range_idempotent_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range_idempotent_check is not changed
|
||
|
|
||
|
- name: Create firewall rule for IP range with idempotency
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: ip_range
|
||
|
ip_range: 10.11.12.0/24
|
||
|
register: create_ip_range_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_ip_range_idempotent is not changed
|
||
|
|
||
|
- name: Create firewall rule for application
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application
|
||
|
application:
|
||
|
name: facebook
|
||
|
register: application_rule
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- application_rule is changed
|
||
|
- application_rule.data.rules is defined
|
||
|
|
||
|
- name: Create firewall rule for application via ID
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application
|
||
|
application:
|
||
|
id: meraki:layer7/application/205
|
||
|
register: application_rule_id
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- application_rule_id is changed
|
||
|
|
||
|
- name: Create firewall rule for invalid application
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application
|
||
|
application:
|
||
|
name: ansible
|
||
|
register: application_rule_invalid
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- name: Create firewall rule for application category
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application_category
|
||
|
application:
|
||
|
name: Advertising
|
||
|
register: application_category_rule
|
||
|
|
||
|
- debug:
|
||
|
var: application_category_rule
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- application_category_rule is changed
|
||
|
|
||
|
- name: Create firewall rule for application category with ID and conflict
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application_category
|
||
|
application:
|
||
|
id: meraki:layer7/category/27
|
||
|
register: application_category_rule_id_conflict
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- application_category_rule_id_conflict is not changed
|
||
|
|
||
|
- name: Create firewall rule for application category with ID
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application_category
|
||
|
application:
|
||
|
id: meraki:layer7/category/24
|
||
|
register: application_category_rule_id
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- application_category_rule_id is changed
|
||
|
|
||
|
- name: Create firewall rule for host
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: host
|
||
|
host: asdf.com
|
||
|
register: host_rule
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- host_rule is changed
|
||
|
|
||
|
- name: Create firewall rule for port
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: port
|
||
|
port: 1234
|
||
|
register: port_rule
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- port_rule is changed
|
||
|
|
||
|
- name: Create firewall rule for blacklisted countries
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: blacklisted_countries
|
||
|
countries:
|
||
|
- CA
|
||
|
- AX
|
||
|
register: blacklist_countries
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- blacklist_countries is changed
|
||
|
|
||
|
- name: Create firewall rule for whitelisted countries
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: whitelisted_countries
|
||
|
countries:
|
||
|
- US
|
||
|
- FR
|
||
|
register: whitelist_countries
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- whitelist_countries is changed
|
||
|
|
||
|
- name: Create firewall rule for whitelisted countries with idempotency
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: whitelisted_countries
|
||
|
countries:
|
||
|
- US
|
||
|
- FR
|
||
|
register: whitelist_countries_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- whitelist_countries_idempotent is not changed
|
||
|
|
||
|
- name: Create multiple firewall rules
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application_category
|
||
|
application:
|
||
|
id: meraki:layer7/category/27
|
||
|
- type: blacklisted_countries
|
||
|
countries:
|
||
|
- CN
|
||
|
- policy: deny
|
||
|
type: port
|
||
|
port: 8080
|
||
|
register: multiple_rules
|
||
|
|
||
|
- debug:
|
||
|
var: multiple_rules
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- multiple_rules.data.rules | length == 3
|
||
|
- multiple_rules is changed
|
||
|
|
||
|
#########################################
|
||
|
## Tests for argument completeness ##
|
||
|
#########################################
|
||
|
|
||
|
- name: Test whitelisted_countries incomplete arguments
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: whitelisted_countries
|
||
|
register: error_whitelist
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'error_whitelist.msg == "countries argument is required when type is whitelisted_countries."'
|
||
|
|
||
|
- name: Test blacklisted_countries incomplete arguments
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: blacklisted_countries
|
||
|
register: error_blacklist
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'error_blacklist.msg == "countries argument is required when type is blacklisted_countries."'
|
||
|
|
||
|
- name: Test application_category incomplete arguments
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application_category
|
||
|
register: error_app_cat
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'error_app_cat.msg == "application argument is required when type is application_category."'
|
||
|
|
||
|
- name: Test application incomplete arguments
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: application
|
||
|
register: error_app_cat
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'error_app_cat.msg == "application argument is required when type is application."'
|
||
|
|
||
|
- name: Test host incomplete arguments
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: host
|
||
|
register: error_app_cat
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'error_app_cat.msg == "host argument is required when type is host."'
|
||
|
|
||
|
- name: Test port incomplete arguments
|
||
|
meraki_mx_l7_firewall:
|
||
|
auth_key: '{{ auth_key }}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: TestNetAppliance
|
||
|
state: present
|
||
|
rules:
|
||
|
- type: port
|
||
|
register: error_app_cat
|
||
|
ignore_errors: yes
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- 'error_app_cat.msg == "port argument is required when type is port."'
|
||
|
|
||
|
#################
|
||
|
## Cleanup ##
|
||
|
#################
|
||
|
|
||
|
# always:
|
||
|
# - name: Delete network
|
||
|
# meraki_network:
|
||
|
# auth_key: '{{ auth_key }}'
|
||
|
# org_name: '{{test_org_name}}'
|
||
|
# net_name: TestNetAppliance
|
||
|
# state: absent
|
||
|
# delegate_to: localhost
|