2018-07-09 11:16:30 +02:00
|
|
|
# Test code for the Meraki Organization module
|
|
|
|
# Copyright: (c) 2018, Kevin Breit (@kbreit)
|
|
|
|
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
|
|
---
|
|
|
|
- block:
|
2019-05-17 05:04:16 +02:00
|
|
|
- name: Test an API key is provided
|
|
|
|
fail:
|
|
|
|
msg: Please define an API key
|
|
|
|
when: auth_key is not defined
|
2018-07-09 11:16:30 +02:00
|
|
|
|
2019-05-17 05:04:16 +02:00
|
|
|
- name: Use an invalid domain
|
|
|
|
meraki_organization:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
host: marrrraki.com
|
|
|
|
state: present
|
|
|
|
org_name: IntTestOrg
|
|
|
|
output_level: debug
|
|
|
|
delegate_to: localhost
|
|
|
|
register: invalid_domain
|
|
|
|
ignore_errors: yes
|
2018-07-09 11:16:30 +02:00
|
|
|
|
2019-05-17 05:04:16 +02:00
|
|
|
- name: Disable HTTP
|
|
|
|
meraki_organization:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
use_https: false
|
|
|
|
state: query
|
|
|
|
output_level: debug
|
|
|
|
delegate_to: localhost
|
|
|
|
register: http
|
|
|
|
ignore_errors: yes
|
|
|
|
|
|
|
|
- name: Connection assertions
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- '"Failed to connect to" in invalid_domain.msg'
|
|
|
|
- '"http" in http.url'
|
2018-07-09 11:16:30 +02:00
|
|
|
|
|
|
|
- name: Create network
|
|
|
|
meraki_network:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
type: appliance
|
|
|
|
delegate_to: localhost
|
|
|
|
|
|
|
|
- name: Query firewall rules
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: query
|
|
|
|
delegate_to: localhost
|
|
|
|
register: query
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- query.data|length == 1
|
|
|
|
|
|
|
|
- name: Set one firewall rule
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- comment: Deny to documentation address
|
|
|
|
src_port: any
|
|
|
|
src_cidr: any
|
|
|
|
dest_port: 80,443
|
|
|
|
dest_cidr: 192.0.1.1/32
|
|
|
|
protocol: tcp
|
|
|
|
policy: deny
|
|
|
|
delegate_to: localhost
|
|
|
|
register: create_one
|
|
|
|
|
2019-05-17 05:04:16 +02:00
|
|
|
- debug:
|
|
|
|
var: create_one
|
|
|
|
|
2018-07-09 11:16:30 +02:00
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- create_one.data|length == 2
|
2019-06-13 21:07:30 +02:00
|
|
|
- create_one.data.0.dest_cidr == '192.0.1.1/32'
|
2018-07-09 11:16:30 +02:00
|
|
|
- create_one.data.0.protocol == 'tcp'
|
|
|
|
- create_one.data.0.policy == 'deny'
|
|
|
|
- create_one.changed == True
|
2019-05-17 05:04:16 +02:00
|
|
|
- create_one.data is defined
|
2018-07-09 11:16:30 +02:00
|
|
|
|
|
|
|
- name: Check for idempotency
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- comment: Deny to documentation address
|
|
|
|
src_port: any
|
|
|
|
src_cidr: any
|
|
|
|
dest_port: 80,443
|
|
|
|
dest_cidr: 192.0.1.1/32
|
|
|
|
protocol: tcp
|
|
|
|
policy: deny
|
|
|
|
delegate_to: localhost
|
|
|
|
register: create_one_idempotent
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: '{{create_one_idempotent}}'
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- create_one_idempotent.changed == False
|
2019-05-17 05:04:16 +02:00
|
|
|
- create_one_idempotent.data is defined
|
2018-07-09 11:16:30 +02:00
|
|
|
|
2019-03-29 14:24:41 +01:00
|
|
|
- name: Create syslog in network
|
|
|
|
meraki_syslog:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
servers:
|
|
|
|
- host: 192.0.2.10
|
|
|
|
port: 514
|
|
|
|
roles:
|
|
|
|
- Appliance event log
|
|
|
|
- Flows
|
|
|
|
delegate_to: localhost
|
|
|
|
|
2018-07-09 11:16:30 +02:00
|
|
|
- name: Enable syslog for default rule
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- comment: Deny to documentation address
|
|
|
|
src_port: any
|
|
|
|
src_cidr: any
|
|
|
|
dest_port: 80,443
|
|
|
|
dest_cidr: 192.0.1.1/32
|
|
|
|
protocol: tcp
|
|
|
|
policy: deny
|
|
|
|
syslog_default_rule: yes
|
|
|
|
delegate_to: localhost
|
|
|
|
register: default_syslog
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: '{{default_syslog}}'
|
|
|
|
|
2019-05-17 05:04:16 +02:00
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- default_syslog.data is defined
|
|
|
|
|
2018-07-09 11:16:30 +02:00
|
|
|
- name: Query firewall rules
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: query
|
|
|
|
delegate_to: localhost
|
|
|
|
register: query
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: '{{query.data.1}}'
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
2019-06-13 21:07:30 +02:00
|
|
|
- query.data.1.syslog_enabled == True
|
2018-07-12 16:47:17 +02:00
|
|
|
- default_syslog.changed == True
|
|
|
|
|
|
|
|
- name: Disable syslog for default rule
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
rules:
|
|
|
|
- comment: Deny to documentation address
|
|
|
|
src_port: any
|
|
|
|
src_cidr: any
|
|
|
|
dest_port: 80,443
|
|
|
|
dest_cidr: 192.0.1.1/32
|
|
|
|
protocol: tcp
|
|
|
|
policy: deny
|
|
|
|
syslog_default_rule: no
|
|
|
|
delegate_to: localhost
|
|
|
|
register: disable_syslog
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: '{{disable_syslog}}'
|
|
|
|
|
2019-05-17 05:04:16 +02:00
|
|
|
- assert:
|
|
|
|
that:
|
|
|
|
- disable_syslog.data is defined
|
|
|
|
|
2018-07-12 16:47:17 +02:00
|
|
|
- name: Query firewall rules
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: query
|
|
|
|
delegate_to: localhost
|
|
|
|
register: query
|
|
|
|
|
|
|
|
- debug:
|
|
|
|
msg: '{{query.data.1}}'
|
|
|
|
|
|
|
|
- assert:
|
|
|
|
that:
|
2019-06-13 21:07:30 +02:00
|
|
|
- query.data.1.syslog_enabled == False
|
2018-07-12 16:47:17 +02:00
|
|
|
- disable_syslog.changed == True
|
2018-07-09 11:16:30 +02:00
|
|
|
|
|
|
|
always:
|
|
|
|
- name: Delete all firewall rules
|
|
|
|
meraki_mx_l3_firewall:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: present
|
|
|
|
rules: []
|
|
|
|
delegate_to: localhost
|
|
|
|
register: delete_all
|
2019-05-17 05:04:16 +02:00
|
|
|
|
|
|
|
- name: Delete network
|
|
|
|
meraki_network:
|
|
|
|
auth_key: '{{ auth_key }}'
|
|
|
|
org_name: '{{test_org_name}}'
|
|
|
|
net_name: TestNetAppliance
|
|
|
|
state: absent
|
|
|
|
delegate_to: localhost
|