ansible/test/integration/targets/meraki_mx_l3_firewall/tasks/main.yml

231 lines
5.5 KiB
YAML
Raw Normal View History

# Test code for the Meraki Organization module
# Copyright: (c) 2018, Kevin Breit (@kbreit)
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
---
- block:
- name: Test an API key is provided
fail:
msg: Please define an API key
when: auth_key is not defined
- name: Use an invalid domain
meraki_organization:
auth_key: '{{ auth_key }}'
host: marrrraki.com
state: present
org_name: IntTestOrg
output_level: debug
delegate_to: localhost
register: invalid_domain
ignore_errors: yes
- name: Disable HTTP
meraki_organization:
auth_key: '{{ auth_key }}'
use_https: false
state: query
output_level: debug
delegate_to: localhost
register: http
ignore_errors: yes
- name: Connection assertions
assert:
that:
- '"Failed to connect to" in invalid_domain.msg'
- '"http" in http.url'
- name: Create network
meraki_network:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
type: appliance
delegate_to: localhost
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: query
delegate_to: localhost
register: query
- assert:
that:
- query.data|length == 1
- name: Set one firewall rule
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- comment: Deny to documentation address
src_port: any
src_cidr: any
dest_port: 80,443
dest_cidr: 192.0.1.1/32
protocol: tcp
policy: deny
delegate_to: localhost
register: create_one
- debug:
var: create_one
- assert:
that:
- create_one.data|length == 2
- create_one.data.0.dest_cidr == '192.0.1.1/32'
- create_one.data.0.protocol == 'tcp'
- create_one.data.0.policy == 'deny'
- create_one.changed == True
- create_one.data is defined
- name: Check for idempotency
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- comment: Deny to documentation address
src_port: any
src_cidr: any
dest_port: 80,443
dest_cidr: 192.0.1.1/32
protocol: tcp
policy: deny
delegate_to: localhost
register: create_one_idempotent
- debug:
msg: '{{create_one_idempotent}}'
- assert:
that:
- create_one_idempotent.changed == False
- create_one_idempotent.data is defined
- name: Create syslog in network
meraki_syslog:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
servers:
- host: 192.0.2.10
port: 514
roles:
- Appliance event log
- Flows
delegate_to: localhost
- name: Enable syslog for default rule
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- comment: Deny to documentation address
src_port: any
src_cidr: any
dest_port: 80,443
dest_cidr: 192.0.1.1/32
protocol: tcp
policy: deny
syslog_default_rule: yes
delegate_to: localhost
register: default_syslog
- debug:
msg: '{{default_syslog}}'
- assert:
that:
- default_syslog.data is defined
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: query
delegate_to: localhost
register: query
- debug:
msg: '{{query.data.1}}'
- assert:
that:
- query.data.1.syslog_enabled == True
- default_syslog.changed == True
- name: Disable syslog for default rule
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- comment: Deny to documentation address
src_port: any
src_cidr: any
dest_port: 80,443
dest_cidr: 192.0.1.1/32
protocol: tcp
policy: deny
syslog_default_rule: no
delegate_to: localhost
register: disable_syslog
- debug:
msg: '{{disable_syslog}}'
- assert:
that:
- disable_syslog.data is defined
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: query
delegate_to: localhost
register: query
- debug:
msg: '{{query.data.1}}'
- assert:
that:
- query.data.1.syslog_enabled == False
- disable_syslog.changed == True
always:
- name: Delete all firewall rules
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules: []
delegate_to: localhost
register: delete_all
- name: Delete network
meraki_network:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: absent
delegate_to: localhost