f8f3986871
* Initial commit for meraki_nat module - Query fully works - Present is still very much in development * Add initial code for present functionality, not complete * Add request documentation * Add examples and return documentation. * Added payload to requests - Module seems to need new idempotency check * Allow 1:1 and 1:many NAT to work - New idempotency check method is probably required to work * Make all three options work - Module isn't idempotent * Diff support - Added integration tests - Diff support isn't quite done * Fix diff output * Enable idempotency assertion in tests * Add test assertions for code coverage * Update documentation and tests - Split tests to separate file to avoid delegate_to * Fix blank line
363 lines
No EOL
8.6 KiB
YAML
363 lines
No EOL
8.6 KiB
YAML
# Test code for the Meraki NAT module
|
|
# Copyright: (c) 2019, Kevin Breit (@kbreit)
|
|
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
---
|
|
- block:
|
|
- name: Create test network
|
|
meraki_network:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
type: appliance
|
|
|
|
- name: Create 1:1 rule with check mode
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
one_to_one:
|
|
- name: Service behind NAT
|
|
public_ip: 1.2.1.2
|
|
lan_ip: 192.168.128.1
|
|
uplink: internet1
|
|
allowed_inbound:
|
|
- protocol: tcp
|
|
destination_ports:
|
|
- 80
|
|
allowed_ips:
|
|
- 10.10.10.10
|
|
register: create_one_one_check
|
|
check_mode: yes
|
|
|
|
- debug:
|
|
var: create_one_one_check
|
|
|
|
- assert:
|
|
that:
|
|
- create_one_one_check is changed
|
|
|
|
- name: Create 1:1 rule
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
one_to_one:
|
|
- name: Service behind NAT
|
|
public_ip: 1.2.1.2
|
|
lan_ip: 192.168.128.1
|
|
uplink: internet1
|
|
allowed_inbound:
|
|
- protocol: tcp
|
|
destination_ports:
|
|
- 80
|
|
allowed_ips:
|
|
- 10.10.10.10
|
|
register: create_one_one
|
|
|
|
- debug:
|
|
var: create_one_one
|
|
|
|
- assert:
|
|
that:
|
|
- create_one_one is changed
|
|
|
|
- name: Create 1:1 rule with idempotency
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
one_to_one:
|
|
- name: Service behind NAT
|
|
public_ip: 1.2.1.2
|
|
lan_ip: 192.168.128.1
|
|
uplink: internet1
|
|
allowed_inbound:
|
|
- protocol: tcp
|
|
destination_ports:
|
|
- 80
|
|
allowed_ips:
|
|
- 10.10.10.10
|
|
register: create_one_one_idempotent
|
|
|
|
- debug:
|
|
var: create_one_one_idempotent
|
|
|
|
- assert:
|
|
that:
|
|
- create_one_one_idempotent is not changed
|
|
|
|
- name: Create 1:many rule with check mode
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
one_to_many:
|
|
- public_ip: 1.1.1.1
|
|
uplink: internet1
|
|
port_rules:
|
|
- name: Test rule
|
|
protocol: tcp
|
|
public_port: 10
|
|
local_ip: 192.168.128.1
|
|
local_port: 11
|
|
allowed_ips:
|
|
- any
|
|
register: create_one_many_check
|
|
check_mode: yes
|
|
|
|
- debug:
|
|
var: create_one_many_check
|
|
|
|
- assert:
|
|
that:
|
|
- create_one_many_check is changed
|
|
|
|
- name: Create 1:many rule
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
one_to_many:
|
|
- public_ip: 1.1.1.1
|
|
uplink: internet1
|
|
port_rules:
|
|
- name: Test rule
|
|
protocol: tcp
|
|
public_port: 10
|
|
local_ip: 192.168.128.1
|
|
local_port: 11
|
|
allowed_ips:
|
|
- any
|
|
register: create_one_many
|
|
|
|
- debug:
|
|
var: create_one_many
|
|
|
|
- assert:
|
|
that:
|
|
- create_one_many is changed
|
|
|
|
- name: Create 1:many rule with idempotency
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
one_to_many:
|
|
- public_ip: 1.1.1.1
|
|
uplink: internet1
|
|
port_rules:
|
|
- name: Test rule
|
|
protocol: tcp
|
|
public_port: 10
|
|
local_ip: 192.168.128.1
|
|
local_port: 11
|
|
allowed_ips:
|
|
- any
|
|
register: create_one_many_idempotent
|
|
|
|
- debug:
|
|
var: create_one_many_idempotent
|
|
|
|
- assert:
|
|
that:
|
|
- create_one_many_idempotent is not changed
|
|
|
|
- name: Create port forwarding rule with check mode
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
port_forwarding:
|
|
- name: Test map
|
|
lan_ip: 192.168.128.1
|
|
uplink: both
|
|
protocol: tcp
|
|
allowed_ips:
|
|
- 1.1.1.1
|
|
public_port: 10
|
|
local_port: 11
|
|
register: create_pf_check
|
|
check_mode: yes
|
|
|
|
- debug:
|
|
var: create_pf_check
|
|
|
|
- assert:
|
|
that:
|
|
- create_pf_check is changed
|
|
|
|
- name: Create port forwarding rule
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
port_forwarding:
|
|
- name: Test map
|
|
lan_ip: 192.168.128.1
|
|
uplink: both
|
|
protocol: tcp
|
|
allowed_ips:
|
|
- 1.1.1.1
|
|
public_port: 10
|
|
local_port: 11
|
|
register: create_pf
|
|
|
|
- debug:
|
|
var: create_pf
|
|
|
|
- assert:
|
|
that:
|
|
- create_pf is changed
|
|
|
|
- name: Create port forwarding rule with idempotency
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
port_forwarding:
|
|
- name: Test map
|
|
lan_ip: 192.168.128.1
|
|
uplink: both
|
|
protocol: tcp
|
|
allowed_ips:
|
|
- 1.1.1.1
|
|
public_port: 10
|
|
local_port: 11
|
|
register: create_pf_idempotent
|
|
|
|
- debug:
|
|
var: create_pf_idempotent
|
|
|
|
- assert:
|
|
that:
|
|
- create_pf_idempotent is not changed
|
|
- create_pf_idempotent.data.port_forwarding is defined
|
|
|
|
- name: Create multiple rules
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: present
|
|
port_forwarding:
|
|
- name: Test map
|
|
lan_ip: 192.168.128.1
|
|
uplink: both
|
|
protocol: tcp
|
|
allowed_ips:
|
|
- 1.1.1.2
|
|
public_port: 10
|
|
local_port: 11
|
|
one_to_many:
|
|
- public_ip: 1.1.1.3
|
|
uplink: internet1
|
|
port_rules:
|
|
- name: Test rule
|
|
protocol: tcp
|
|
public_port: 10
|
|
local_ip: 192.168.128.1
|
|
local_port: 11
|
|
allowed_ips:
|
|
- any
|
|
register: create_multiple
|
|
|
|
- debug:
|
|
var: create_multiple
|
|
|
|
- assert:
|
|
that:
|
|
- create_multiple is changed
|
|
- create_multiple.data.one_to_many is defined
|
|
- create_multiple.data.port_forwarding is defined
|
|
|
|
- assert:
|
|
that:
|
|
- create_multiple is changed
|
|
- create_multiple.data.one_to_many is defined
|
|
- create_multiple.data.port_forwarding is defined
|
|
- create_multiple.diff.before.one_to_many is defined
|
|
- create_multiple.diff.before.port_forwarding is defined
|
|
- create_multiple.diff.after.one_to_many is defined
|
|
- create_multiple.diff.after.port_forwarding is defined
|
|
|
|
- name: Query all NAT rules
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: query
|
|
subset: all
|
|
register: query_all
|
|
|
|
- debug:
|
|
var: query_all
|
|
|
|
- name: Query 1:1 NAT rules
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: query
|
|
subset: '1:1'
|
|
register: query_1to1
|
|
|
|
- debug:
|
|
var: query_1to1
|
|
|
|
- name: Query 1:many NAT rules
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: query
|
|
subset: '1:many'
|
|
register: query_1tomany
|
|
|
|
- debug:
|
|
var: query_1tomany
|
|
|
|
- name: Query port forwarding rules
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: query
|
|
subset: port_forwarding
|
|
register: query_pf
|
|
|
|
- debug:
|
|
var: query_pf
|
|
|
|
- name: Query multiple rules
|
|
meraki_nat:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: query
|
|
subset:
|
|
- '1:1'
|
|
- '1:many'
|
|
register: query_multiple
|
|
|
|
- debug:
|
|
var: query_multiple
|
|
|
|
always:
|
|
- name: Delete test network
|
|
meraki_network:
|
|
auth_key: '{{auth_key}}'
|
|
org_name: '{{test_org_name}}'
|
|
net_name: '{{test_net_name}}'
|
|
state: absent
|
|
|