475 lines
13 KiB
YAML
475 lines
13 KiB
YAML
# Copyright (c) 2018, René Moser <mail@renemoser.net>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
---
|
|
- name: setup firewall group
|
|
vr_firewall_group:
|
|
name: "{{ vr_firewall_group_name }}"
|
|
register: result
|
|
- name: verify setup firewall group
|
|
assert:
|
|
that:
|
|
- result is success
|
|
|
|
- name: setup firewall rule tcp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
state: absent
|
|
register: result
|
|
- name: verify setup firewal rule
|
|
assert:
|
|
that:
|
|
- result is success
|
|
|
|
- name: setup firewall rule udp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
state: absent
|
|
register: result
|
|
- name: verify setup firewal rule udp
|
|
assert:
|
|
that:
|
|
- result is success
|
|
|
|
- name: setup firewall rule udp v6
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
state: absent
|
|
register: result
|
|
- name: verify setup firewal rule udp v6
|
|
assert:
|
|
that:
|
|
- result is success
|
|
|
|
- name: setup firewall rule port range
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
state: absent
|
|
register: result
|
|
tags: tmp
|
|
- name: verify setup firewal rule port range
|
|
assert:
|
|
that:
|
|
- result is success
|
|
|
|
- name: setup firewall rule icmp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
state: absent
|
|
register: result
|
|
- name: verify setup firewal rule
|
|
assert:
|
|
that:
|
|
- result is success
|
|
|
|
- name: test fail if missing group
|
|
vr_firewall_rule:
|
|
register: result
|
|
ignore_errors: yes
|
|
- name: verify test fail if missing group
|
|
assert:
|
|
that:
|
|
- result is failed
|
|
- 'result.msg == "missing required arguments: group"'
|
|
|
|
- name: test create firewall rule tcp in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test create firewall rule tcp in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
|
|
- name: test create firewall rule tcp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
register: result
|
|
- name: verify test create firewall rule tcp
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
|
|
|
|
- name: test create firewall rule tcp idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
register: result
|
|
- name: verify test create firewall rule tcp idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
|
|
|
|
- name: test create firewall rule udp in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test create firewall rule udp in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
|
|
- name: test create firewall rule udp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
register: result
|
|
- name: verify test create firewall rule udp
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "udp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
|
|
|
|
- name: test create firewall rule udp idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
register: result
|
|
- name: verify test create firewall rule udp idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "udp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
|
|
|
|
- name: test create firewall rule udp v6 in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test create firewall rule udp v6 in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
|
|
- name: test create firewall rule udp v6
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
register: result
|
|
- name: verify test create firewall rule udp v6
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "udp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "::/0"
|
|
|
|
- name: test create firewall rule udp v6 idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
register: result
|
|
- name: verify test create firewall rule udp v6 idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "udp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "::/0"
|
|
|
|
- name: test create firewall rule port range in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test create firewall rule port range in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
|
|
- name: test create firewall rule port range
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
register: result
|
|
- name: verify test create firewall rule port range
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 8000
|
|
- result.vultr_firewall_rule.end_port == 8080
|
|
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
|
|
|
|
- name: test create firewall rule port range idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
register: result
|
|
- name: test create firewall rule port range idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 8000
|
|
- result.vultr_firewall_rule.end_port == 8080
|
|
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
|
|
|
|
- name: test create firewall rule icmp in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
register: result
|
|
check_mode: true
|
|
- name: test create firewall rule icmp in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
|
|
- name: test create firewall rule icmp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
register: result
|
|
- name: test create firewall rule icmp
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "icmp"
|
|
|
|
- name: test create firewall rule icmp idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
register: result
|
|
- name: test create firewall rule icmp idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "icmp"
|
|
|
|
- name: test remove firewall rule icmp in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
state: absent
|
|
register: result
|
|
check_mode: true
|
|
- name: test remove firewall rule icmp in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "icmp"
|
|
|
|
- name: test remove firewall rule icmp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
state: absent
|
|
register: result
|
|
- name: test remove firewall rule icmp
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "icmp"
|
|
|
|
- name: test remove firewall rule icmp idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
protocol: icmp
|
|
state: absent
|
|
register: result
|
|
- name: test remove firewall rule icmp idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: test remove firewall rule tcp in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
state: absent
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test remove firewall rule tcp in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
|
|
|
|
- name: test remove firewall rule tcp
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
state: absent
|
|
register: result
|
|
- name: verify test remove firewall rule tcp
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
|
|
|
|
- name: test remove firewall rule tcp idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
state: absent
|
|
register: result
|
|
- name: verify test remove firewall rule tcp idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: test remove firewall rule udp v6 in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
state: absent
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test remove firewall rule udp v6 in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "udp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "::/0"
|
|
|
|
- name: test remove firewall rule udp v6
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
state: absent
|
|
register: result
|
|
- name: verify test remove firewall rule udp v6
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "udp"
|
|
- result.vultr_firewall_rule.start_port == 53
|
|
- result.vultr_firewall_rule.cidr == "::/0"
|
|
|
|
- name: test remove firewall rule udp v6 idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
port: 53
|
|
protocol: udp
|
|
ip_version: v6
|
|
state: absent
|
|
register: result
|
|
- name: verify test remove firewall rule udp v6 idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: test remove firewall rule port range in check mode
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
state: absent
|
|
register: result
|
|
check_mode: true
|
|
- name: verify test remove firewall rule port range in check mode
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 8000
|
|
- result.vultr_firewall_rule.end_port == 8080
|
|
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
|
|
|
|
- name: test remove firewall rule port range
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
state: absent
|
|
register: result
|
|
- name: verify test remove firewall rule port range
|
|
assert:
|
|
that:
|
|
- result is changed
|
|
- result.vultr_firewall_rule.action == "accept"
|
|
- result.vultr_firewall_rule.protocol == "tcp"
|
|
- result.vultr_firewall_rule.start_port == 8000
|
|
- result.vultr_firewall_rule.end_port == 8080
|
|
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
|
|
|
|
- name: test remove firewall rule port range idempotence
|
|
vr_firewall_rule:
|
|
group: "{{ vr_firewall_group_name }}"
|
|
start_port: 8000
|
|
end_port: 8080
|
|
protocol: tcp
|
|
cidr: 10.100.12.0/24
|
|
state: absent
|
|
register: result
|
|
- name: verify test remove firewall rule port range idempotence
|
|
assert:
|
|
that:
|
|
- result is not changed
|