ansible/test/integration/targets/win_firewall_rule/tasks/main.yml
Matt Davis 206b6ebe0d
fix PS type conversion failure when using "all" profiles ()
* obscure type promotion issue in some versions of Powershell causes [int]::MaxValue to be promoted to [int64] when doing a COM property get or set. Since the "All" profiles value of 0x7FFFFFFF is [int]::MaxValue, it would trigger "Specified cast is not valid" when modifying a rule that's already set to All Profiles or trying to be.
* Fixed catch-all error handler to include exception detail
* Added test converage for this case
2018-01-02 20:25:46 -08:00

395 lines
9.9 KiB
YAML

- name: Remove potentially leftover firewall rule
win_firewall_rule:
name: http
state: absent
action: allow
direction: in
- name: Add firewall rule
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
register: add_firewall_rule
- name: Check that creating new firewall rule succeeds with a change
assert:
that:
- add_firewall_rule.changed == true
- name: Add same firewall rule (again)
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
register: add_firewall_rule_again
- name: Check that creating same firewall rule succeeds without a change
assert:
that:
- add_firewall_rule_again.changed == false
- name: Remove firewall rule
win_firewall_rule:
name: http
enabled: yes
state: absent
localport: 80
action: allow
direction: in
protocol: tcp
register: remove_firewall_rule
- name: Check that removing existing firewall rule succeeds with a change
assert:
that:
- remove_firewall_rule.changed == true
- name: Remove absent firewall rule
win_firewall_rule:
name: http
enabled: yes
state: absent
localport: 80
action: allow
direction: in
protocol: tcp
register: remove_absent_firewall_rule
- name: Check that removing non existing firewall rule succeeds without a change
assert:
that:
- remove_absent_firewall_rule.changed == false
- name: Add firewall rule
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
- name: Change firewall rule
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: block
direction: in
protocol: tcp
register: change_firewall_rule
- name: Check that changing firewall rule succeeds
assert:
that:
- change_firewall_rule.changed == true
- name: Add firewall rule when remoteip is range
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.0.1-192.168.0.5
action: allow
direction: in
protocol: tcp
- name: Add same firewall rule when remoteip is range (again)
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.0.1-192.168.0.5
action: allow
direction: in
protocol: tcp
register: add_firewall_rule_with_range_remoteip_again
- name: Check that creating same firewall rule when remoteip is range succeeds without a change
assert:
that:
- add_firewall_rule_with_range_remoteip_again.changed == false
- name: Add firewall rule when remoteip in CIDR notation
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.0.0/24
action: allow
direction: in
protocol: tcp
- name: Add same firewall rule when remoteip in CIDR notation (again)
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.0.0/24
action: allow
direction: in
protocol: tcp
register: add_firewall_rule_with_cidr_remoteip_again
- name: Check that creating same firewall rule succeeds without a change when remoteip in CIDR notation
assert:
that:
- add_firewall_rule_with_cidr_remoteip_again.changed == false
- name: Add firewall rule when remoteip contains a netmask
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.1.0/255.255.255.0
action: allow
direction: in
protocol: tcp
- name: Add same firewall rule when remoteip contains a netmask (again)
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.1.0/255.255.255.0
action: allow
direction: in
protocol: tcp
register: add_firewall_rule_remoteip_contains_netmask_again
- name: Check that creating same firewall rule succeeds without a change when remoteip contains a netmask
assert:
that:
- add_firewall_rule_remoteip_contains_netmask_again.changed == false
- name: Add firewall rule when remoteip is IPv4
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.0.1
action: allow
direction: in
protocol: tcp
- name: Add same firewall rule when remoteip is IPv4 (again)
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.0.1
action: allow
direction: in
protocol: tcp
register: add_firewall_rule_with_ipv4_remoteip_again
- name: Check that creating same firewall rule when remoteip is IPv4 succeeds without a change
assert:
that:
- add_firewall_rule_with_ipv4_remoteip_again.changed == false
- name: Add firewall rule when remoteip contains a netmask
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.2.0/255.255.255.0
action: allow
direction: in
protocol: tcp
- name: Add same firewall rule when remoteip in CIDR notation
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
remoteip: 192.168.2.0/24
action: allow
direction: in
protocol: tcp
register: add_same_firewall_rule_with_cidr_remoteip
- name: Check that creating same firewall rule succeeds without a change when remoteip contains a netmask or CIDR
assert:
that:
- add_same_firewall_rule_with_cidr_remoteip.changed == false
- name: Add firewall rule with multiple ports
win_firewall_rule:
name: http
enabled: yes
state: present
localport: '80,81'
action: allow
direction: in
protocol: tcp
register: add_firewall_rule_with_multiple_ports
- name: Check that creating firewall rule with multiple ports succeeds with a change
assert:
that:
- add_firewall_rule_with_multiple_ports.changed == true
- name: Add firewall rule with interface types in string format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
interfacetypes: 'ras,lan,wireless'
register: add_firewall_rule_with_string_interface_types
- name: Check that creating firewall rule with interface types in string format succeeds with a change
assert:
that:
- add_firewall_rule_with_string_interface_types.changed == true
- name: Add firewall rule with interface types in list format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
interfacetypes: [ras, lan]
register: add_firewall_rule_with_list_interface_types
- name: Check that creating firewall rule with interface types in list format succeeds with a change
assert:
that:
- add_firewall_rule_with_list_interface_types.changed == true
- name: Add firewall rule with interface type 'any'
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
interfacetypes: any
register: add_firewall_rule_with_interface_type_any
- name: Check that creating firewall rule with interface type 'any' succeeds with a change
assert:
that:
- add_firewall_rule_with_interface_type_any.changed == true
- name: Add firewall rule with edge traversal option 'deferapp'
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
edge: deferapp
register: add_firewall_rule_with_edge_traversal
# Setup action creates ansible_distribution_version variable
- action: setup
- name: Check that creating firewall rule with enge traversal option 'deferapp' succeeds with a change
assert:
that:
- add_firewall_rule_with_edge_traversal.changed == true
# Works on windows >= Windows 7/Windows Server 2008 R2
when: ansible_distribution_version is version('6.1', '>=')
- name: Add firewall rule with 'authenticate' secure flag
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
security: authenticate
register: add_firewall_rule_with_secure_flags
- name: Check that creating firewall rule with secure flag 'authenticate' succeeds with a change
assert:
that:
- add_firewall_rule_with_secure_flags.changed == true
# Works on windows >= Windows 8/Windows Server 2012
when: ansible_distribution_version is version('6.2', '>=')
- name: Add firewall rule with profiles in string format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
profiles: 'domain,public'
register: add_firewall_rule_with_string_profiles
- name: Check that creating firewall rule with profiles in string format succeeds with a change
assert:
that:
- add_firewall_rule_with_string_profiles.changed == true
- name: Set firewall rule profile back to 'all'
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
profiles: [Domain, Public, Private]
register: add_firewall_rule_with_string_profiles
- name: Check that setting firewall rule profile back to 'all' succeeds with a change
assert:
that:
- add_firewall_rule_with_string_profiles.changed == true
- name: Add firewall rule with profiles in list format
win_firewall_rule:
name: http
enabled: yes
state: present
localport: 80
action: allow
direction: in
protocol: tcp
profiles: [Domain, Private]
register: add_firewall_rule_with_list_profiles
- name: Check that creating firewall rule with profiles in list format succeeds with a change
assert:
that:
- add_firewall_rule_with_list_profiles.changed == true