48e83c39ba
* add asa_og module * add test * fix pep8 * fix some sanity pylint * fix import error order * fix import * replace cmd() method * rename file and class * add mock for connection * fix commands in replace test function * fix lines list * update unit test * fix 'and' logic for port-object command * restore previous unit test; fix pep8 and remove debug * other unit tests * Add state present, absent, replace * Update doc; add default for state * update unit test with state present/absent * fix typo in unit test * fix pep8 too many blank lines * fix show run for service object ASA Ver 8.x * Add description field; fix bug for state present and absent * Re-designed module structure for network, service and port objects * update integration test for new module structure * fix pep8 * update EXAMPLES and RETURN * update units tests * fix module typos in unit test * removed provider from examples * fix missing comma in replace test * fix module name and remove provider * update license * remove register; update license; change import order; chage def state * remove shebang * fix doc default state * change import order * Update year in banner * fix integration test as set of tasks * remove arg_spec * remove extends_documentation_fragment: asa * Update DOC, remove unused import, change import order
541 lines
11 KiB
YAML
541 lines
11 KiB
YAML
---
|
|
- name: remove test config if any
|
|
asa_config:
|
|
lines:
|
|
- no object-group network ansible_test_0
|
|
- no object-group network ansible_test_1
|
|
- no object-group network ansible_test_2
|
|
- no object-group service ansible_test_3 tcp-udp
|
|
- no object-group service ansible_test_4
|
|
- no object-group service ansible_test_5
|
|
ignore_errors: true
|
|
|
|
- block:
|
|
|
|
- set_fact:
|
|
name: ansible_test_0
|
|
host_ip:
|
|
- 8.8.8.8
|
|
- 8.8.4.4
|
|
address:
|
|
- 10.0.0.0 255.0.0.0
|
|
- 192.168.0.0 255.255.0.0
|
|
- 172.16.0.0 255.255.0.0
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
group_object:
|
|
- aws_commonservices_eu_ie_pci_prv
|
|
- aws_commonservices_eu_ie_pci_elb_prv
|
|
|
|
- name: STAGE 0
|
|
asa_og: &config
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: present
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
description: "{{ description }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: &true
|
|
that:
|
|
- "result.changed == true"
|
|
|
|
- name: idempotence check
|
|
asa_og: *config
|
|
register: result
|
|
|
|
- assert: &false
|
|
that:
|
|
- "result.changed == false"
|
|
|
|
- set_fact:
|
|
name: ansible_test_0
|
|
host_ip:
|
|
- 8.8.9.9
|
|
address:
|
|
- 8.8.8.0 255.255.255.0
|
|
group_object:
|
|
- test_network_object_1
|
|
|
|
- name: STAGE 1
|
|
asa_og: &config1
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: present
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config1
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- name: STAGE 1/B
|
|
asa_og:
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: present
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_1
|
|
host_ip:
|
|
- 8.8.9.9
|
|
address:
|
|
- 8.8.8.0 255.255.255.0
|
|
group_object:
|
|
- test_network_object_1
|
|
|
|
- name: STAGE 2
|
|
asa_og: &config2
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: present
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config2
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- name: STAGE 2b
|
|
asa_og: &config2b
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: present
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config2b
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_0
|
|
host_ip:
|
|
- 8.8.8.8
|
|
- 8.8.4.4
|
|
address:
|
|
- 10.0.0.0 255.0.0.0
|
|
- 192.168.0.0 255.255.0.0
|
|
- 172.16.0.0 255.255.0.0
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
group_object:
|
|
- aws_commonservices_eu_ie_pci_prv
|
|
- aws_commonservices_eu_ie_pci_elb_prv
|
|
|
|
- name: STAGE 3
|
|
asa_og: &config3
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: absent
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
description: "{{ description }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config3
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_2
|
|
host_ip:
|
|
- 8.8.8.8
|
|
- 8.8.4.4
|
|
address:
|
|
- 10.0.0.0 255.0.0.0
|
|
- 192.168.0.0 255.255.0.0
|
|
- 172.16.0.0 255.255.0.0
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
group_object:
|
|
- aws_commonservices_eu_ie_pci_prv
|
|
- aws_commonservices_eu_ie_pci_elb_prv
|
|
|
|
- name: STAGE 4
|
|
asa_og: &config4
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: replace
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
description: "{{ description }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config4
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_2
|
|
host_ip:
|
|
- 8.8.8.8
|
|
address:
|
|
- 10.0.0.0 255.0.0.0
|
|
- 1.0.0.0 255.255.0.0
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
group_object:
|
|
- aws_commonservices_eu_ie_pci_prv
|
|
|
|
- name: STAGE 5
|
|
asa_og: &config5
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: replace
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
description: "{{ description }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config5
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_2
|
|
host_ip:
|
|
- 9.9.9.9
|
|
- 8.8.8.8
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
group_object:
|
|
- test_network_object_1
|
|
|
|
- name: STAGE 6
|
|
asa_og: &config6
|
|
name: "{{ name }}"
|
|
group_type: network-object
|
|
state: replace
|
|
host_ip: "{{ host_ip }}"
|
|
ip_mask: "{{ address }}"
|
|
description: "{{ description }}"
|
|
group_object: "{{ group_object }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config6
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_3
|
|
port_eq:
|
|
- www
|
|
- '1024'
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
port_range:
|
|
- '1024 10024'
|
|
|
|
- name: STAGE 7
|
|
asa_og: &config7
|
|
name: "{{ name }}"
|
|
protocol: tcp-udp
|
|
port_eq: "{{ port_eq }}"
|
|
port_range: "{{ port_range }}"
|
|
group_type: port-object
|
|
state: present
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config7
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_3
|
|
port_eq:
|
|
- talk
|
|
- '65535'
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
port_range:
|
|
- '1 100'
|
|
|
|
- name: STAGE 8
|
|
asa_og: &config8
|
|
name: "{{ name }}"
|
|
protocol: tcp-udp
|
|
port_eq: "{{ port_eq }}"
|
|
port_range: "{{ port_range }}"
|
|
group_type: port-object
|
|
state: present
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config8
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
|
|
- name: STAGE 9
|
|
asa_og: &config9
|
|
name: "{{ name }}"
|
|
protocol: tcp-udp
|
|
port_eq: "{{ port_eq }}"
|
|
port_range: "{{ port_range }}"
|
|
group_type: port-object
|
|
state: absent
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config9
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_3
|
|
port_eq:
|
|
- talk
|
|
- '65535'
|
|
description: th1s_IS-a_D3scrIPt10n_3xaMple-
|
|
port_range:
|
|
- '1 100'
|
|
|
|
- name: STAGE 10
|
|
asa_og: &config10
|
|
name: "{{ name }}"
|
|
protocol: tcp-udp
|
|
port_eq: "{{ port_eq }}"
|
|
port_range: "{{ port_range }}"
|
|
group_type: port-object
|
|
state: replace
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config10
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_3
|
|
port_eq:
|
|
- talk
|
|
- www
|
|
- kerberos
|
|
description: th1s_ISWhatitIS
|
|
port_range:
|
|
- '1024 1234'
|
|
|
|
- name: STAGE 11
|
|
asa_og: &config11
|
|
name: "{{ name }}"
|
|
protocol: tcp-udp
|
|
port_eq: "{{ port_eq }}"
|
|
port_range: "{{ port_range }}"
|
|
group_type: port-object
|
|
state: replace
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config11
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_4
|
|
service_cfg:
|
|
- tcp destination eq 8080
|
|
- tcp destination eq www
|
|
description: th1s_ISWhatitIS
|
|
|
|
- name: STAGE 12
|
|
asa_og: &config12
|
|
name: "{{ name }}"
|
|
service_cfg: "{{ service_cfg }}"
|
|
group_type: service-object
|
|
state: present
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config12
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_4
|
|
service_cfg:
|
|
- tcp destination range 1234 5678
|
|
- tcp destination range 5678 6789
|
|
description: th1s_ISWhatitIS
|
|
|
|
- name: STAGE 13
|
|
asa_og: &config13
|
|
name: "{{ name }}"
|
|
service_cfg: "{{ service_cfg }}"
|
|
group_type: service-object
|
|
state: present
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config13
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_4
|
|
service_cfg:
|
|
- tcp destination range 1234 5678
|
|
- tcp destination range 5678 6789
|
|
description: th1s_ISWhatitIS
|
|
|
|
- name: STAGE 14
|
|
asa_og: &config14
|
|
name: "{{ name }}"
|
|
service_cfg: "{{ service_cfg }}"
|
|
group_type: service-object
|
|
state: absent
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config14
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_5
|
|
service_cfg:
|
|
- tcp destination range 1234 5678
|
|
- tcp destination range 5678 6789
|
|
description: th1s_ISWhatitIS
|
|
|
|
- name: STAGE 15
|
|
asa_og: &config15
|
|
name: "{{ name }}"
|
|
service_cfg: "{{ service_cfg }}"
|
|
group_type: service-object
|
|
state: replace
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config15
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_5
|
|
service_cfg:
|
|
- tcp destination range 1234 5678
|
|
- tcp destination range 5678 6789
|
|
- tcp destination eq www
|
|
description: th1s_ISWhatitIS
|
|
|
|
- name: STAGE 16
|
|
asa_og: &config16
|
|
name: "{{ name }}"
|
|
service_cfg: "{{ service_cfg }}"
|
|
group_type: service-object
|
|
state: replace
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config16
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
- set_fact:
|
|
name: ansible_test_5
|
|
service_cfg:
|
|
- tcp destination eq 8080
|
|
description: th1s_ISWhatitIS
|
|
|
|
- name: STAGE 17
|
|
asa_og: &config17
|
|
name: "{{ name }}"
|
|
service_cfg: "{{ service_cfg }}"
|
|
group_type: service-object
|
|
state: replace
|
|
description: "{{ description }}"
|
|
register: result
|
|
|
|
- assert: *true
|
|
|
|
- name: idempotence check
|
|
asa_og: *config17
|
|
register: result
|
|
|
|
- assert: *false
|
|
|
|
always:
|
|
- name: remove test config if any
|
|
asa_config:
|
|
lines:
|
|
- no object-group network ansible_test_0
|
|
- no object-group network ansible_test_1
|
|
- no object-group network ansible_test_2
|
|
- no object-group service ansible_test_3 tcp-udp
|
|
- no object-group service ansible_test_4
|
|
- no object-group service ansible_test_5
|
|
ignore_errors: true
|