f16bb4daf4
* Fixing assigning ssl certificate to http listener in app gateway (#45830)
* fixed ssl certificate reference
* modified test
(cherry picked from commit 83645963fb
)
* added chagelog
301 lines
8.8 KiB
YAML
301 lines
8.8 KiB
YAML
- name: Prepare random number
|
|
set_fact:
|
|
rpfx: "{{ resource_group | hash('md5') | truncate(7, True, '') }}{{ 1000 | random }}"
|
|
run_once: yes
|
|
|
|
- name: Create a virtual network
|
|
azure_rm_virtualnetwork:
|
|
name: vnet{{ rpfx }}
|
|
resource_group: "{{ resource_group }}"
|
|
address_prefixes_cidr:
|
|
- 10.1.0.0/16
|
|
- 172.100.0.0/16
|
|
dns_servers:
|
|
- 127.0.0.1
|
|
- 127.0.0.2
|
|
- name: Create a subnet
|
|
azure_rm_subnet:
|
|
name: subnet{{ rpfx }}
|
|
virtual_network_name: vnet{{ rpfx }}
|
|
resource_group: "{{ resource_group }}"
|
|
address_prefix_cidr: 10.1.0.0/24
|
|
register: subnet_output
|
|
|
|
- name: Create instance of Application Gateway -- check mode
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
sku:
|
|
name: standard_small
|
|
tier: standard
|
|
capacity: 2
|
|
ssl_policy:
|
|
policy_type: predefined
|
|
policy_name: ssl_policy20150501
|
|
disabled_ssl_protocols:
|
|
- tls_v1_0
|
|
cipher_suites:
|
|
- tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
|
|
authentication_certificates:
|
|
- name: cert1
|
|
data: "{{ lookup('file', 'cert1.txt') }}"
|
|
ssl_certificates:
|
|
- name: cert2
|
|
password: your-password
|
|
data: "{{ lookup('file', 'cert2.txt') }}"
|
|
gateway_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: app_gateway_ip_config
|
|
frontend_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: sample_gateway_frontend_ip_config
|
|
frontend_ports:
|
|
- port: 90
|
|
name: ag_frontend_port
|
|
backend_address_pools:
|
|
- backend_addresses:
|
|
- ip_address: 10.0.0.4
|
|
name: test_backend_address_pool
|
|
backend_http_settings_collection:
|
|
- port: 80
|
|
protocol: http
|
|
cookie_based_affinity: enabled
|
|
name: sample_appgateway_http_settings
|
|
http_listeners:
|
|
- frontend_ip_configuration: sample_gateway_frontend_ip_config
|
|
frontend_port: ag_frontend_port
|
|
protocol: https
|
|
ssl_certificate: cert2
|
|
name: sample_http_listener
|
|
request_routing_rules:
|
|
- rule_type: basic
|
|
backend_address_pool: test_backend_address_pool
|
|
backend_http_settings: sample_appgateway_http_settings
|
|
http_listener: sample_http_listener
|
|
name: rule1
|
|
check_mode: yes
|
|
register: output
|
|
- name: Assert the resource instance is well created
|
|
assert:
|
|
that:
|
|
- output.changed
|
|
|
|
- name: dump
|
|
debug:
|
|
var: output
|
|
|
|
- name: Create instance of Application Gateway
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
sku:
|
|
name: standard_small
|
|
tier: standard
|
|
capacity: 2
|
|
ssl_policy:
|
|
policy_type: predefined
|
|
policy_name: ssl_policy20150501
|
|
disabled_ssl_protocols:
|
|
- tls_v1_0
|
|
cipher_suites:
|
|
- tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
|
|
authentication_certificates:
|
|
- name: cert1
|
|
data: "{{ lookup('file', 'cert1.txt') }}"
|
|
ssl_certificates:
|
|
- name: cert2
|
|
password: your-password
|
|
data: "{{ lookup('file', 'cert2.txt') }}"
|
|
gateway_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: app_gateway_ip_config
|
|
frontend_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: sample_gateway_frontend_ip_config
|
|
frontend_ports:
|
|
- port: 90
|
|
name: ag_frontend_port
|
|
backend_address_pools:
|
|
- backend_addresses:
|
|
- ip_address: 10.0.0.4
|
|
name: test_backend_address_pool
|
|
backend_http_settings_collection:
|
|
- port: 80
|
|
protocol: http
|
|
cookie_based_affinity: enabled
|
|
name: sample_appgateway_http_settings
|
|
http_listeners:
|
|
- frontend_ip_configuration: sample_gateway_frontend_ip_config
|
|
frontend_port: ag_frontend_port
|
|
protocol: https
|
|
ssl_certificate: cert2
|
|
name: sample_http_listener
|
|
request_routing_rules:
|
|
- rule_type: Basic
|
|
backend_address_pool: test_backend_address_pool
|
|
backend_http_settings: sample_appgateway_http_settings
|
|
http_listener: sample_http_listener
|
|
name: rule1
|
|
register: output
|
|
- name: Assert the resource instance is well created
|
|
assert:
|
|
that:
|
|
- output.changed
|
|
|
|
- name: Try to update instance of Application Gateway - no change
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
sku:
|
|
name: standard_small
|
|
tier: standard
|
|
capacity: 2
|
|
ssl_policy:
|
|
policy_type: predefined
|
|
policy_name: ssl_policy20150501
|
|
disabled_ssl_protocols:
|
|
- tls_v1_0
|
|
cipher_suites:
|
|
- tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
|
|
authentication_certificates:
|
|
- name: cert1
|
|
data: "{{ lookup('file', 'cert1.txt') }}"
|
|
ssl_certificates:
|
|
- name: cert2
|
|
password: your-password
|
|
data: "{{ lookup('file', 'cert2.txt') }}"
|
|
gateway_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: app_gateway_ip_config
|
|
frontend_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: sample_gateway_frontend_ip_config
|
|
frontend_ports:
|
|
- port: 90
|
|
name: ag_frontend_port
|
|
backend_address_pools:
|
|
- backend_addresses:
|
|
- ip_address: 10.0.0.4
|
|
name: test_backend_address_pool
|
|
backend_http_settings_collection:
|
|
- port: 80
|
|
protocol: http
|
|
cookie_based_affinity: enabled
|
|
name: sample_appgateway_http_settings
|
|
http_listeners:
|
|
- frontend_ip_configuration: sample_gateway_frontend_ip_config
|
|
frontend_port: ag_frontend_port
|
|
protocol: https
|
|
ssl_certificate: cert2
|
|
name: sample_http_listener
|
|
request_routing_rules:
|
|
- rule_type: Basic
|
|
backend_address_pool: test_backend_address_pool
|
|
backend_http_settings: sample_appgateway_http_settings
|
|
http_listener: sample_http_listener
|
|
name: rule1
|
|
register: output
|
|
- name: Assert the resource instance is well created
|
|
assert:
|
|
that:
|
|
- not output.changed
|
|
|
|
- name: Try to update instance of Application Gateway - single change
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
sku:
|
|
name: standard_small
|
|
tier: standard
|
|
capacity: 2
|
|
ssl_policy:
|
|
policy_type: predefined
|
|
policy_name: ssl_policy20150501
|
|
disabled_ssl_protocols:
|
|
- tls_v1_0
|
|
cipher_suites:
|
|
- tls_ecdhe_ecdsa_with_aes_256_gcm_sha384
|
|
authentication_certificates:
|
|
- name: cert1
|
|
data: "{{ lookup('file', 'cert1.txt') }}"
|
|
ssl_certificates:
|
|
- name: cert2
|
|
password: your-password
|
|
data: "{{ lookup('file', 'cert2.txt') }}"
|
|
gateway_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: app_gateway_ip_config
|
|
frontend_ip_configurations:
|
|
- subnet:
|
|
id: "{{ subnet_output.state.id }}"
|
|
name: sample_gateway_frontend_ip_config
|
|
frontend_ports:
|
|
- port: 90
|
|
name: ag_frontend_port
|
|
backend_address_pools:
|
|
- backend_addresses:
|
|
- ip_address: 10.0.0.4
|
|
name: test_backend_address_pool
|
|
backend_http_settings_collection:
|
|
- port: 81
|
|
protocol: http
|
|
cookie_based_affinity: enabled
|
|
name: sample_appgateway_http_settings
|
|
http_listeners:
|
|
- frontend_ip_configuration: sample_gateway_frontend_ip_config
|
|
frontend_port: ag_frontend_port
|
|
protocol: https
|
|
ssl_certificate: cert2
|
|
name: sample_http_listener
|
|
request_routing_rules:
|
|
- rule_type: Basic
|
|
backend_address_pool: test_backend_address_pool
|
|
backend_http_settings: sample_appgateway_http_settings
|
|
http_listener: sample_http_listener
|
|
name: rule1
|
|
register: output
|
|
- name: Assert the resource instance is well created
|
|
assert:
|
|
that:
|
|
- output.changed
|
|
|
|
- name: Delete instance of Application Gateway -- check mode
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
state: absent
|
|
check_mode: yes
|
|
register: output
|
|
- name: Assert the state has changed
|
|
assert:
|
|
that:
|
|
- output.changed
|
|
|
|
- name: Delete instance of Application Gateway
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
state: absent
|
|
register: output
|
|
- name: Assert the state has changed
|
|
assert:
|
|
that:
|
|
- output.changed
|
|
|
|
- name: Delete unexisting instance of Application Gateway
|
|
azure_rm_appgateway:
|
|
resource_group: "{{ resource_group }}"
|
|
name: "appgateway{{ rpfx }}"
|
|
state: absent
|
|
register: output
|
|
- name: Assert the state has changed
|
|
assert:
|
|
that:
|
|
- output.changed == false
|