ansible/test/legacy/roles/vr_firewall_rule/tasks/main.yml
2018-01-21 22:54:12 +01:00

475 lines
13 KiB
YAML

# Copyright (c) 2018, René Moser <mail@renemoser.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
---
- name: setup firewall group
vr_firewall_group:
name: "{{ vr_firewall_group_name }}"
register: result
- name: verify setup firewall group
assert:
that:
- result is success
- name: setup firewall rule tcp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
state: absent
register: result
- name: verify setup firewal rule
assert:
that:
- result is success
- name: setup firewall rule udp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
state: absent
register: result
- name: verify setup firewal rule udp
assert:
that:
- result is success
- name: setup firewall rule udp v6
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
state: absent
register: result
- name: verify setup firewal rule udp v6
assert:
that:
- result is success
- name: setup firewall rule port range
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
state: absent
register: result
tags: tmp
- name: verify setup firewal rule port range
assert:
that:
- result is success
- name: setup firewall rule icmp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
state: absent
register: result
- name: verify setup firewal rule
assert:
that:
- result is success
- name: test fail if missing group
vr_firewall_rule:
register: result
ignore_errors: yes
- name: verify test fail if missing group
assert:
that:
- result is failed
- 'result.msg == "missing required arguments: group"'
- name: test create firewall rule tcp in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
register: result
check_mode: true
- name: verify test create firewall rule tcp in check mode
assert:
that:
- result is changed
- name: test create firewall rule tcp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
register: result
- name: verify test create firewall rule tcp
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
- name: test create firewall rule tcp idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
register: result
- name: verify test create firewall rule tcp idempotence
assert:
that:
- result is not changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
- name: test create firewall rule udp in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
register: result
check_mode: true
- name: verify test create firewall rule udp in check mode
assert:
that:
- result is changed
- name: test create firewall rule udp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
register: result
- name: verify test create firewall rule udp
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "udp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
- name: test create firewall rule udp idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
register: result
- name: verify test create firewall rule udp idempotence
assert:
that:
- result is not changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "udp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
- name: test create firewall rule udp v6 in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
register: result
check_mode: true
- name: verify test create firewall rule udp v6 in check mode
assert:
that:
- result is changed
- name: test create firewall rule udp v6
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
register: result
- name: verify test create firewall rule udp v6
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "udp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "::/0"
- name: test create firewall rule udp v6 idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
register: result
- name: verify test create firewall rule udp v6 idempotence
assert:
that:
- result is not changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "udp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "::/0"
- name: test create firewall rule port range in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
register: result
check_mode: true
- name: verify test create firewall rule port range in check mode
assert:
that:
- result is changed
- name: test create firewall rule port range
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
register: result
- name: verify test create firewall rule port range
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 8000
- result.vultr_firewall_rule.end_port == 8080
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
- name: test create firewall rule port range idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
register: result
- name: test create firewall rule port range idempotence
assert:
that:
- result is not changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 8000
- result.vultr_firewall_rule.end_port == 8080
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
- name: test create firewall rule icmp in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
register: result
check_mode: true
- name: test create firewall rule icmp in check mode
assert:
that:
- result is changed
- name: test create firewall rule icmp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
register: result
- name: test create firewall rule icmp
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "icmp"
- name: test create firewall rule icmp idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
register: result
- name: test create firewall rule icmp idempotence
assert:
that:
- result is not changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "icmp"
- name: test remove firewall rule icmp in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
state: absent
register: result
check_mode: true
- name: test remove firewall rule icmp in check mode
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "icmp"
- name: test remove firewall rule icmp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
state: absent
register: result
- name: test remove firewall rule icmp
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "icmp"
- name: test remove firewall rule icmp idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
protocol: icmp
state: absent
register: result
- name: test remove firewall rule icmp idempotence
assert:
that:
- result is not changed
- name: test remove firewall rule tcp in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
state: absent
register: result
check_mode: true
- name: verify test remove firewall rule tcp in check mode
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
- name: test remove firewall rule tcp
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
state: absent
register: result
- name: verify test remove firewall rule tcp
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "0.0.0.0/0"
- name: test remove firewall rule tcp idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
state: absent
register: result
- name: verify test remove firewall rule tcp idempotence
assert:
that:
- result is not changed
- name: test remove firewall rule udp v6 in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
state: absent
register: result
check_mode: true
- name: verify test remove firewall rule udp v6 in check mode
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "udp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "::/0"
- name: test remove firewall rule udp v6
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
state: absent
register: result
- name: verify test remove firewall rule udp v6
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "udp"
- result.vultr_firewall_rule.start_port == 53
- result.vultr_firewall_rule.cidr == "::/0"
- name: test remove firewall rule udp v6 idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
port: 53
protocol: udp
ip_version: v6
state: absent
register: result
- name: verify test remove firewall rule udp v6 idempotence
assert:
that:
- result is not changed
- name: test remove firewall rule port range in check mode
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
state: absent
register: result
check_mode: true
- name: verify test remove firewall rule port range in check mode
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 8000
- result.vultr_firewall_rule.end_port == 8080
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
- name: test remove firewall rule port range
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
state: absent
register: result
- name: verify test remove firewall rule port range
assert:
that:
- result is changed
- result.vultr_firewall_rule.action == "accept"
- result.vultr_firewall_rule.protocol == "tcp"
- result.vultr_firewall_rule.start_port == 8000
- result.vultr_firewall_rule.end_port == 8080
- result.vultr_firewall_rule.cidr == "10.100.12.0/24"
- name: test remove firewall rule port range idempotence
vr_firewall_rule:
group: "{{ vr_firewall_group_name }}"
start_port: 8000
end_port: 8080
protocol: tcp
cidr: 10.100.12.0/24
state: absent
register: result
- name: verify test remove firewall rule port range idempotence
assert:
that:
- result is not changed