ansible/test/integration/targets/meraki_mx_l7_firewall/tasks/tests.yml

495 lines
12 KiB
YAML
Raw Normal View History

# Test code for the Meraki Organization module
# Copyright: (c) 2018, Kevin Breit (@kbreit)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
---
- block:
- name: Test an API key is provided
fail:
msg: Please define an API key
when: auth_key is not defined
- name: Create network
meraki_network:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
type: appliance
- name: Query firewall rules
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: query
register: query
- debug:
var: query
- assert:
that:
- query.data is defined
- name: Query firewall application categories
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: query
categories: yes
register: query_categories
- assert:
that:
- query_categories.data is defined
- name: Create firewall rule for IP range in check mode
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range_check
check_mode: yes
- debug:
var: create_ip_range_check
- assert:
that:
- create_ip_range_check is changed
- name: Create firewall rule for IP range
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range
- debug:
var: create_ip_range
- assert:
that:
- create_ip_range is changed
- create_ip_range.data.rules | length == 1
- name: Create firewall rule for IP range with idempotency with check mode
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range_idempotent_check
check_mode: yes
- assert:
that:
- create_ip_range_idempotent_check is not changed
- name: Create firewall rule for IP range with idempotency
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range_idempotent
- assert:
that:
- create_ip_range_idempotent is not changed
- name: Create firewall rule for IP and port
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.1:23
register: create_ip_range_port
- debug:
var: create_ip_range_port
- assert:
that:
- create_ip_range_port is changed
- name: Create firewall rule for IP range
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range
- debug:
var: create_ip_range
- assert:
that:
- create_ip_range is changed
- create_ip_range.data.rules | length == 1
- name: Create firewall rule for IP range with idempotency with check mode
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range_idempotent_check
check_mode: yes
- assert:
that:
- create_ip_range_idempotent_check is not changed
- name: Create firewall rule for IP range with idempotency
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: ip_range
ip_range: 10.11.12.0/24
register: create_ip_range_idempotent
- assert:
that:
- create_ip_range_idempotent is not changed
- name: Create firewall rule for application
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application
application:
name: facebook
register: application_rule
- assert:
that:
- application_rule is changed
- application_rule.data.rules is defined
- name: Create firewall rule for application via ID
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application
application:
id: meraki:layer7/application/205
register: application_rule_id
- assert:
that:
- application_rule_id is changed
- name: Create firewall rule for invalid application
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application
application:
name: ansible
register: application_rule_invalid
ignore_errors: yes
- name: Create firewall rule for application category
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application_category
application:
name: Advertising
register: application_category_rule
- debug:
var: application_category_rule
- assert:
that:
- application_category_rule is changed
- name: Create firewall rule for application category with ID and conflict
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application_category
application:
id: meraki:layer7/category/27
register: application_category_rule_id_conflict
- assert:
that:
- application_category_rule_id_conflict is not changed
- name: Create firewall rule for application category with ID
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application_category
application:
id: meraki:layer7/category/24
register: application_category_rule_id
- assert:
that:
- application_category_rule_id is changed
- name: Create firewall rule for host
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: host
host: asdf.com
register: host_rule
- assert:
that:
- host_rule is changed
- name: Create firewall rule for port
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: port
port: 1234
register: port_rule
- assert:
that:
- port_rule is changed
- name: Create firewall rule for blacklisted countries
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: blacklisted_countries
countries:
- CA
- AX
register: blacklist_countries
- assert:
that:
- blacklist_countries is changed
- name: Create firewall rule for whitelisted countries
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: whitelisted_countries
countries:
- US
- FR
register: whitelist_countries
- assert:
that:
- whitelist_countries is changed
- name: Create firewall rule for whitelisted countries with idempotency
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: whitelisted_countries
countries:
- US
- FR
register: whitelist_countries_idempotent
- assert:
that:
- whitelist_countries_idempotent is not changed
- name: Create multiple firewall rules
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application_category
application:
id: meraki:layer7/category/27
- type: blacklisted_countries
countries:
- CN
- policy: deny
type: port
port: 8080
register: multiple_rules
- debug:
var: multiple_rules
- assert:
that:
- multiple_rules.data.rules | length == 3
- multiple_rules is changed
#########################################
## Tests for argument completeness ##
#########################################
- name: Test whitelisted_countries incomplete arguments
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: whitelisted_countries
register: error_whitelist
ignore_errors: yes
- assert:
that:
- 'error_whitelist.msg == "countries argument is required when type is whitelisted_countries."'
- name: Test blacklisted_countries incomplete arguments
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: blacklisted_countries
register: error_blacklist
ignore_errors: yes
- assert:
that:
- 'error_blacklist.msg == "countries argument is required when type is blacklisted_countries."'
- name: Test application_category incomplete arguments
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application_category
register: error_app_cat
ignore_errors: yes
- assert:
that:
- 'error_app_cat.msg == "application argument is required when type is application_category."'
- name: Test application incomplete arguments
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: application
register: error_app_cat
ignore_errors: yes
- assert:
that:
- 'error_app_cat.msg == "application argument is required when type is application."'
- name: Test host incomplete arguments
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: host
register: error_app_cat
ignore_errors: yes
- assert:
that:
- 'error_app_cat.msg == "host argument is required when type is host."'
- name: Test port incomplete arguments
meraki_mx_l7_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- type: port
register: error_app_cat
ignore_errors: yes
- assert:
that:
- 'error_app_cat.msg == "port argument is required when type is port."'
#################
## Cleanup ##
#################
# always:
# - name: Delete network
# meraki_network:
# auth_key: '{{ auth_key }}'
# org_name: '{{test_org_name}}'
# net_name: TestNetAppliance
# state: absent
# delegate_to: localhost