2017-05-26 12:19:47 +02:00
|
|
|
---
|
|
|
|
- name: test remove http range rule in check mode
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
start_port: 8000
|
|
|
|
end_port: 8888
|
|
|
|
cidr: 1.2.3.4/32
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify create http range rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- sg_rule|changed
|
|
|
|
- sg_rule.type == 'ingress'
|
|
|
|
- sg_rule.security_group == 'default'
|
|
|
|
- sg_rule.protocol == 'tcp'
|
|
|
|
- sg_rule.start_port == 8000
|
|
|
|
- sg_rule.end_port == 8888
|
|
|
|
- sg_rule.cidr == '1.2.3.4/32'
|
|
|
|
|
2015-05-03 16:06:30 +02:00
|
|
|
- name: test remove http range rule
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
start_port: 8000
|
|
|
|
end_port: 8888
|
|
|
|
cidr: 1.2.3.4/32
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
- name: verify create http range rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- sg_rule|changed
|
|
|
|
- sg_rule.type == 'ingress'
|
|
|
|
- sg_rule.security_group == 'default'
|
|
|
|
- sg_rule.protocol == 'tcp'
|
|
|
|
- sg_rule.start_port == 8000
|
|
|
|
- sg_rule.end_port == 8888
|
|
|
|
- sg_rule.cidr == '1.2.3.4/32'
|
|
|
|
|
|
|
|
- name: test remove http range rule idempotence
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
start_port: 8000
|
|
|
|
end_port: 8888
|
|
|
|
cidr: 1.2.3.4/32
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
- name: verify create http range rule idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- not sg_rule|changed
|
|
|
|
|
2017-05-26 12:19:47 +02:00
|
|
|
- name: test remove single port udp rule in check mode
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
port: 5353
|
|
|
|
protocol: udp
|
|
|
|
type: egress
|
|
|
|
user_security_group: '{{ cs_resource_prefix }}_sg'
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify remove single port udp rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- sg_rule|changed
|
|
|
|
- sg_rule.type == 'egress'
|
|
|
|
- sg_rule.security_group == 'default'
|
|
|
|
- sg_rule.protocol == 'udp'
|
|
|
|
- sg_rule.start_port == 5353
|
|
|
|
- sg_rule.end_port == 5353
|
|
|
|
- sg_rule.user_security_group == '{{ cs_resource_prefix }}_sg'
|
|
|
|
|
2015-05-03 16:06:30 +02:00
|
|
|
- name: test remove single port udp rule
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
port: 5353
|
|
|
|
protocol: udp
|
|
|
|
type: egress
|
|
|
|
user_security_group: '{{ cs_resource_prefix }}_sg'
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
- name: verify remove single port udp rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- sg_rule|changed
|
|
|
|
- sg_rule.type == 'egress'
|
|
|
|
- sg_rule.security_group == 'default'
|
|
|
|
- sg_rule.protocol == 'udp'
|
|
|
|
- sg_rule.start_port == 5353
|
|
|
|
- sg_rule.end_port == 5353
|
|
|
|
- sg_rule.user_security_group == '{{ cs_resource_prefix }}_sg'
|
|
|
|
|
|
|
|
- name: test remove single port udp rule idempotence
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
port: 5353
|
|
|
|
protocol: udp
|
|
|
|
type: egress
|
|
|
|
user_security_group: '{{ cs_resource_prefix }}_sg'
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
- name: verify remove single port udp rule idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- not sg_rule|changed
|
|
|
|
|
2017-05-26 12:19:47 +02:00
|
|
|
- name: test remove icmp rule in check mode
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
protocol: icmp
|
|
|
|
type: ingress
|
|
|
|
icmp_type: -1
|
|
|
|
icmp_code: -1
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify icmp rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- sg_rule|changed
|
|
|
|
- sg_rule.type == 'ingress'
|
|
|
|
- sg_rule.security_group == 'default'
|
|
|
|
- sg_rule.cidr == '0.0.0.0/0'
|
|
|
|
- sg_rule.protocol == 'icmp'
|
|
|
|
- sg_rule.icmp_code == -1
|
|
|
|
- sg_rule.icmp_type == -1
|
|
|
|
|
2015-05-03 16:06:30 +02:00
|
|
|
- name: test remove icmp rule
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
protocol: icmp
|
|
|
|
type: ingress
|
|
|
|
icmp_type: -1
|
|
|
|
icmp_code: -1
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
- name: verify icmp rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- sg_rule|changed
|
|
|
|
- sg_rule.type == 'ingress'
|
|
|
|
- sg_rule.security_group == 'default'
|
|
|
|
- sg_rule.cidr == '0.0.0.0/0'
|
|
|
|
- sg_rule.protocol == 'icmp'
|
|
|
|
- sg_rule.icmp_code == -1
|
|
|
|
- sg_rule.icmp_type == -1
|
|
|
|
|
|
|
|
- name: test remove icmp rule idempotence
|
|
|
|
cs_securitygroup_rule:
|
|
|
|
security_group: default
|
|
|
|
protocol: icmp
|
|
|
|
type: ingress
|
|
|
|
icmp_type: -1
|
|
|
|
icmp_code: -1
|
|
|
|
state: absent
|
|
|
|
register: sg_rule
|
|
|
|
- name: verify icmp rule idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- sg_rule|success
|
|
|
|
- not sg_rule|changed
|