cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/cs_firewall/tasks/main.yml
René Moser d5b04aa1f1 cloudstack: add check mode tests (#24908) 
* cloudstack: test: cs_network_acl: add check_mode tests

* cloudstack: test: cs_pod: add check_mode tests

* cloudstack: test: cs_user: add check_mode tests

* cloudstack: test: cs_sshkeypair: add check_mode tests

* cloudstack: test: cs_project: add check_mode tests

* cloudstack: test: cs_vpc: add check_mode tests

* cloudstack: test: cs_vpn_gateway: add check_mode tests

* cloudstack: test: cs_volume: add check_mode tests

* cloudstack: test: cs_vmsnapshot: add check_mode tests

* cloudstack: test: cs_account: add check_mode tests

* cloudstack: test: cs_affinitygroup: add check_mode tests

* cloudstack: test: cs_cluster: add check_mode tests

* cloudstack: test: cs_domain: add check_mode tests

* cloudstack: test: cs_instancegroup: add check_mode tests

* cloudstack: test: cs_iso: add check_mode tests

* cloudstack: test: cs_loadbalancer_rule: add check_mode tests

* cloudstack: test: cs_portforward: add check_mode tests

* cloudstack: test: cs_resourcelimit: add check_mode tests

* cloudstack: test: cs_securitygroup: add check_mode tests

* cloudstack: test: cs_securitygroup_rule: add check_mode tests

* cloudstack: test: cs_configuration: add check_mode tests

* cloudstack: test: cs_firewall: add check_mode tests

* cloudstack: test: cs_instance: add check_mode tests

* cloudstack: query current tags from API

Fixes unexpected tags returned in check mode.
2017-05-26 12:19:47 +02:00

430 lines
11 KiB
YAML
Raw Blame History

---
- name: network setup
cs_network:
name: "{{ cs_firewall_network }}"
network_offering: DefaultIsolatedNetworkOfferingWithSourceNatService
network_domain: example.com
zone: "{{ cs_common_zone_adv }}"
register: net
- name: verify network setup
assert:
that:
- net|success
- name: public ip address setup
cs_ip_address:
network: ansible test
zone: "{{ cs_common_zone_adv }}"
register: ip_address
- name: verify public ip address setup
assert:
that:
- ip_address|success
- name: set ip address as fact
set_fact:
cs_firewall_ip_address: "{{ ip_address.ip_address }}"
- name: setup 80
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify setup
assert:
that:
- fw|success
- name: setup 5300
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify setup
assert:
that:
- fw|success
- name: setup all
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify setup
assert:
that:
- fw|success
- name: test fail if missing params
action: cs_firewall
register: fw
ignore_errors: true
- name: verify results of fail if missing params
assert:
that:
- fw|failed
- "fw.msg == 'one of the following is required: ip_address,network'"
- name: test fail if missing params
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
ignore_errors: true
- name: verify results of fail if missing params
assert:
that:
- fw|failed
- "fw.msg == \"missing required argument for protocol 'tcp': start_port or end_port\""
- name: test fail if missing params network egress
cs_firewall:
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
ignore_errors: true
- name: verify results of fail if missing params ip_address
assert:
that:
- fw|failed
- "fw.msg == 'one of the following is required: ip_address,network'"
- name: test present firewall rule ingress 80 in check mode
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of present firewall rule ingress 80 in check mode
assert:
that:
- fw|success
- fw|changed
- name: test present firewall rule ingress 80
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 80
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test present firewall rule ingress 80 idempotence
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 80 idempotence
assert:
that:
- fw|success
- not fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test present firewall rule ingress 5300 in check mode
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of present firewall rule ingress 5300 in check mode
assert:
that:
- fw|success
- fw|changed
- name: test present firewall rule ingress 5300
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 5300
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test present firewall rule ingress 5300 idempotence
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule ingress 5300 idempotence
assert:
that:
- fw|success
- not fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test present firewall rule egress all in check mode
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of present firewall rule egress all in check mode
assert:
that:
- fw|success
- fw|changed
- name: test present firewall rule egress all
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule egress all
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test present firewall rule egress all idempotence
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of present firewall rule egress all idempotence
assert:
that:
- fw|success
- not fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test absent firewall rule ingress 80 in check mode
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
check_mode: true
- name: verify results of absent firewall rule ingress 80 in check mode
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test absent firewall rule ingress 80
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 80
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "tcp"
- fw.start_port == 80
- fw.end_port == 80
- fw.type == "ingress"
- name: test absent firewall rule ingress 80 idempotence
cs_firewall:
port: 80
ip_address: "{{ cs_firewall_ip_address }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 80 idempotence
assert:
that:
- fw|success
- not fw|changed
- name: test absent firewall rule ingress 5300 in check mode
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
check_mode: true
- name: verify results of absent firewall rule ingress 5300 in check mode
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test absent firewall rule ingress 5300
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 5300
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "1.2.3.4/24"
- fw.ip_address == "{{ cs_firewall_ip_address }}"
- fw.protocol == "udp"
- fw.start_port == 5300
- fw.end_port == 5333
- fw.type == "ingress"
- name: test absent firewall rule ingress 5300 idempotence
cs_firewall:
ip_address: "{{ cs_firewall_ip_address }}"
protocol: udp
start_port: 5300
end_port: 5333
cidr: 1.2.3.4/24
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule ingress 5300 idempotence
assert:
that:
- fw|success
- not fw|changed
- name: test absent firewall rule egress all in check mode
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
state: absent
zone: "{{ cs_common_zone_adv }}"
register: fw
check_mode: true
- name: verify results of absent firewall rule egress all in check mode
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test absent firewall rule egress all
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
state: absent
zone: "{{ cs_common_zone_adv }}"
register: fw
- name: verify results of absent firewall rule egress all
assert:
that:
- fw|success
- fw|changed
- fw.cidr == "0.0.0.0/0"
- fw.network == "{{ cs_firewall_network }}"
- fw.protocol == "all"
- fw.type == "egress"
- name: test absent firewall rule egress all idempotence
cs_firewall:
network: "{{ cs_firewall_network }}"
protocol: all
type: egress
zone: "{{ cs_common_zone_adv }}"
state: absent
register: fw
- name: verify results of absent firewall rule egress all idempotence
assert:
that:
- fw|success
- not fw|changed
- name: network cleanup
cs_network:
name: "{{ cs_firewall_network }}"
zone: "{{ cs_common_zone_adv }}"
state: absent
register: net
- name: verify network cleanup
assert:
that:
- net|success
Reference in a new issue View git blame Copy permalink