363 lines
8.6 KiB
YAML
363 lines
8.6 KiB
YAML
|
# Test code for the Meraki NAT module
|
||
|
# Copyright: (c) 2019, Kevin Breit (@kbreit)
|
||
|
|
||
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||
|
---
|
||
|
- block:
|
||
|
- name: Create test network
|
||
|
meraki_network:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
type: appliance
|
||
|
|
||
|
- name: Create 1:1 rule with check mode
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
one_to_one:
|
||
|
- name: Service behind NAT
|
||
|
public_ip: 1.2.1.2
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: internet1
|
||
|
allowed_inbound:
|
||
|
- protocol: tcp
|
||
|
destination_ports:
|
||
|
- 80
|
||
|
allowed_ips:
|
||
|
- 10.10.10.10
|
||
|
register: create_one_one_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- debug:
|
||
|
var: create_one_one_check
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_one_one_check is changed
|
||
|
|
||
|
- name: Create 1:1 rule
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
one_to_one:
|
||
|
- name: Service behind NAT
|
||
|
public_ip: 1.2.1.2
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: internet1
|
||
|
allowed_inbound:
|
||
|
- protocol: tcp
|
||
|
destination_ports:
|
||
|
- 80
|
||
|
allowed_ips:
|
||
|
- 10.10.10.10
|
||
|
register: create_one_one
|
||
|
|
||
|
- debug:
|
||
|
var: create_one_one
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_one_one is changed
|
||
|
|
||
|
- name: Create 1:1 rule with idempotency
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
one_to_one:
|
||
|
- name: Service behind NAT
|
||
|
public_ip: 1.2.1.2
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: internet1
|
||
|
allowed_inbound:
|
||
|
- protocol: tcp
|
||
|
destination_ports:
|
||
|
- 80
|
||
|
allowed_ips:
|
||
|
- 10.10.10.10
|
||
|
register: create_one_one_idempotent
|
||
|
|
||
|
- debug:
|
||
|
var: create_one_one_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_one_one_idempotent is not changed
|
||
|
|
||
|
- name: Create 1:many rule with check mode
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
one_to_many:
|
||
|
- public_ip: 1.1.1.1
|
||
|
uplink: internet1
|
||
|
port_rules:
|
||
|
- name: Test rule
|
||
|
protocol: tcp
|
||
|
public_port: 10
|
||
|
local_ip: 192.168.128.1
|
||
|
local_port: 11
|
||
|
allowed_ips:
|
||
|
- any
|
||
|
register: create_one_many_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- debug:
|
||
|
var: create_one_many_check
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_one_many_check is changed
|
||
|
|
||
|
- name: Create 1:many rule
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
one_to_many:
|
||
|
- public_ip: 1.1.1.1
|
||
|
uplink: internet1
|
||
|
port_rules:
|
||
|
- name: Test rule
|
||
|
protocol: tcp
|
||
|
public_port: 10
|
||
|
local_ip: 192.168.128.1
|
||
|
local_port: 11
|
||
|
allowed_ips:
|
||
|
- any
|
||
|
register: create_one_many
|
||
|
|
||
|
- debug:
|
||
|
var: create_one_many
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_one_many is changed
|
||
|
|
||
|
- name: Create 1:many rule with idempotency
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
one_to_many:
|
||
|
- public_ip: 1.1.1.1
|
||
|
uplink: internet1
|
||
|
port_rules:
|
||
|
- name: Test rule
|
||
|
protocol: tcp
|
||
|
public_port: 10
|
||
|
local_ip: 192.168.128.1
|
||
|
local_port: 11
|
||
|
allowed_ips:
|
||
|
- any
|
||
|
register: create_one_many_idempotent
|
||
|
|
||
|
- debug:
|
||
|
var: create_one_many_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_one_many_idempotent is not changed
|
||
|
|
||
|
- name: Create port forwarding rule with check mode
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
port_forwarding:
|
||
|
- name: Test map
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: both
|
||
|
protocol: tcp
|
||
|
allowed_ips:
|
||
|
- 1.1.1.1
|
||
|
public_port: 10
|
||
|
local_port: 11
|
||
|
register: create_pf_check
|
||
|
check_mode: yes
|
||
|
|
||
|
- debug:
|
||
|
var: create_pf_check
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_pf_check is changed
|
||
|
|
||
|
- name: Create port forwarding rule
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
port_forwarding:
|
||
|
- name: Test map
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: both
|
||
|
protocol: tcp
|
||
|
allowed_ips:
|
||
|
- 1.1.1.1
|
||
|
public_port: 10
|
||
|
local_port: 11
|
||
|
register: create_pf
|
||
|
|
||
|
- debug:
|
||
|
var: create_pf
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_pf is changed
|
||
|
|
||
|
- name: Create port forwarding rule with idempotency
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
port_forwarding:
|
||
|
- name: Test map
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: both
|
||
|
protocol: tcp
|
||
|
allowed_ips:
|
||
|
- 1.1.1.1
|
||
|
public_port: 10
|
||
|
local_port: 11
|
||
|
register: create_pf_idempotent
|
||
|
|
||
|
- debug:
|
||
|
var: create_pf_idempotent
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_pf_idempotent is not changed
|
||
|
- create_pf_idempotent.data.port_forwarding is defined
|
||
|
|
||
|
- name: Create multiple rules
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: present
|
||
|
port_forwarding:
|
||
|
- name: Test map
|
||
|
lan_ip: 192.168.128.1
|
||
|
uplink: both
|
||
|
protocol: tcp
|
||
|
allowed_ips:
|
||
|
- 1.1.1.2
|
||
|
public_port: 10
|
||
|
local_port: 11
|
||
|
one_to_many:
|
||
|
- public_ip: 1.1.1.3
|
||
|
uplink: internet1
|
||
|
port_rules:
|
||
|
- name: Test rule
|
||
|
protocol: tcp
|
||
|
public_port: 10
|
||
|
local_ip: 192.168.128.1
|
||
|
local_port: 11
|
||
|
allowed_ips:
|
||
|
- any
|
||
|
register: create_multiple
|
||
|
|
||
|
- debug:
|
||
|
var: create_multiple
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_multiple is changed
|
||
|
- create_multiple.data.one_to_many is defined
|
||
|
- create_multiple.data.port_forwarding is defined
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- create_multiple is changed
|
||
|
- create_multiple.data.one_to_many is defined
|
||
|
- create_multiple.data.port_forwarding is defined
|
||
|
- create_multiple.diff.before.one_to_many is defined
|
||
|
- create_multiple.diff.before.port_forwarding is defined
|
||
|
- create_multiple.diff.after.one_to_many is defined
|
||
|
- create_multiple.diff.after.port_forwarding is defined
|
||
|
|
||
|
- name: Query all NAT rules
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: query
|
||
|
subset: all
|
||
|
register: query_all
|
||
|
|
||
|
- debug:
|
||
|
var: query_all
|
||
|
|
||
|
- name: Query 1:1 NAT rules
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: query
|
||
|
subset: '1:1'
|
||
|
register: query_1to1
|
||
|
|
||
|
- debug:
|
||
|
var: query_1to1
|
||
|
|
||
|
- name: Query 1:many NAT rules
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: query
|
||
|
subset: '1:many'
|
||
|
register: query_1tomany
|
||
|
|
||
|
- debug:
|
||
|
var: query_1tomany
|
||
|
|
||
|
- name: Query port forwarding rules
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: query
|
||
|
subset: port_forwarding
|
||
|
register: query_pf
|
||
|
|
||
|
- debug:
|
||
|
var: query_pf
|
||
|
|
||
|
- name: Query multiple rules
|
||
|
meraki_nat:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: query
|
||
|
subset:
|
||
|
- '1:1'
|
||
|
- '1:many'
|
||
|
register: query_multiple
|
||
|
|
||
|
- debug:
|
||
|
var: query_multiple
|
||
|
|
||
|
always:
|
||
|
- name: Delete test network
|
||
|
meraki_network:
|
||
|
auth_key: '{{auth_key}}'
|
||
|
org_name: '{{test_org_name}}'
|
||
|
net_name: '{{test_net_name}}'
|
||
|
state: absent
|
||
|
|