1--- 2- name: network setup 3 cs_network: 4 name: "{{ cs_firewall_network }}" 5 network_offering: DefaultIsolatedNetworkOfferingWithSourceNatService 6 network_domain: example.com 7 zone: "{{ cs_common_zone_adv }}" 8 register: net 9- name: verify network setup 10 assert: 11 that: 12 - net is successful 13 14- name: setup instance to get network in implementation state 15 cs_instance: 16 name: "{{ cs_resource_prefix }}-vm-cs-firewall" 17 template: "{{ cs_common_template }}" 18 service_offering: "{{ cs_common_service_offering }}" 19 zone: "{{ cs_common_zone_adv }}" 20 networks: 21 - "{{ net.name }}" 22 register: instance 23 until: instance is success 24 retries: 20 25 delay: 5 26- name: verify instance setup 27 assert: 28 that: 29 - instance is successful 30 31- name: public ip address setup 32 cs_ip_address: 33 network: ansible test 34 zone: "{{ cs_common_zone_adv }}" 35 register: ip_address 36- name: verify public ip address setup 37 assert: 38 that: 39 - ip_address is successful 40 41- name: set ip address as fact 42 set_fact: 43 cs_firewall_ip_address: "{{ ip_address.ip_address }}" 44 45- name: setup 80 46 cs_firewall: 47 port: 80 48 ip_address: "{{ cs_firewall_ip_address }}" 49 zone: "{{ cs_common_zone_adv }}" 50 state: absent 51 register: fw 52- name: verify setup 53 assert: 54 that: 55 - fw is successful 56 57- name: setup 5300 58 cs_firewall: 59 ip_address: "{{ cs_firewall_ip_address }}" 60 protocol: udp 61 start_port: 5300 62 end_port: 5333 63 cidrs: 64 - 1.2.3.0/24 65 - 4.5.6.0/24 66 zone: "{{ cs_common_zone_adv }}" 67 state: absent 68 register: fw 69- name: verify setup 70 assert: 71 that: 72 - fw is successful 73 74- name: setup all 75 cs_firewall: 76 network: "{{ cs_firewall_network }}" 77 protocol: all 78 type: egress 79 zone: "{{ cs_common_zone_adv }}" 80 state: absent 81 register: fw 82- name: verify setup 83 assert: 84 that: 85 - fw is successful 86 87- name: test fail if missing params 88 action: cs_firewall 89 register: fw 90 ignore_errors: true 91- name: verify results of fail if missing params 92 assert: 93 that: 94 - fw is failed 95 - "fw.msg == 'one of the following is required: ip_address, network'" 96 97- name: test fail if missing params 98 cs_firewall: 99 ip_address: "{{ cs_firewall_ip_address }}" 100 zone: "{{ cs_common_zone_adv }}" 101 register: fw 102 ignore_errors: true 103- name: verify results of fail if missing params 104 assert: 105 that: 106 - fw is failed 107 - "fw.msg == \"missing required argument for protocol 'tcp': start_port or end_port\"" 108 109- name: test fail if missing params network egress 110 cs_firewall: 111 type: egress 112 zone: "{{ cs_common_zone_adv }}" 113 register: fw 114 ignore_errors: true 115- name: verify results of fail if missing params ip_address 116 assert: 117 that: 118 - fw is failed 119 - "fw.msg == 'one of the following is required: ip_address, network'" 120 121- name: test present firewall rule ingress 80 in check mode 122 cs_firewall: 123 port: 80 124 ip_address: "{{ cs_firewall_ip_address }}" 125 zone: "{{ cs_common_zone_adv }}" 126 register: fw 127 check_mode: true 128- name: verify results of present firewall rule ingress 80 in check mode 129 assert: 130 that: 131 - fw is successful 132 - fw is changed 133 134- name: test present firewall rule ingress 80 135 cs_firewall: 136 port: 80 137 ip_address: "{{ cs_firewall_ip_address }}" 138 zone: "{{ cs_common_zone_adv }}" 139 register: fw 140- name: verify results of present firewall rule ingress 80 141 assert: 142 that: 143 - fw is successful 144 - fw is changed 145 - fw.cidr == "0.0.0.0/0" 146 - fw.cidrs == [ '0.0.0.0/0' ] 147 - fw.ip_address == "{{ cs_firewall_ip_address }}" 148 - fw.protocol == "tcp" 149 - fw.start_port == 80 150 - fw.end_port == 80 151 - fw.type == "ingress" 152 153- name: test present firewall rule ingress 80 idempotence 154 cs_firewall: 155 port: 80 156 ip_address: "{{ cs_firewall_ip_address }}" 157 zone: "{{ cs_common_zone_adv }}" 158 register: fw 159- name: verify results of present firewall rule ingress 80 idempotence 160 assert: 161 that: 162 - fw is successful 163 - fw is not changed 164 - fw.cidr == "0.0.0.0/0" 165 - fw.cidrs == [ '0.0.0.0/0' ] 166 - fw.ip_address == "{{ cs_firewall_ip_address }}" 167 - fw.protocol == "tcp" 168 - fw.start_port == 80 169 - fw.end_port == 80 170 - fw.type == "ingress" 171 172- name: test present firewall rule ingress 5300 in check mode 173 cs_firewall: 174 ip_address: "{{ cs_firewall_ip_address }}" 175 protocol: udp 176 start_port: 5300 177 end_port: 5333 178 cidrs: 179 - 1.2.3.0/24 180 - 4.5.6.0/24 181 zone: "{{ cs_common_zone_adv }}" 182 register: fw 183 check_mode: true 184- name: verify results of present firewall rule ingress 5300 in check mode 185 assert: 186 that: 187 - fw is successful 188 - fw is changed 189 190- name: test present firewall rule ingress 5300 191 cs_firewall: 192 ip_address: "{{ cs_firewall_ip_address }}" 193 protocol: udp 194 start_port: 5300 195 end_port: 5333 196 cidrs: 197 - 1.2.3.0/24 198 - 4.5.6.0/24 199 zone: "{{ cs_common_zone_adv }}" 200 register: fw 201- name: verify results of present firewall rule ingress 5300 202 assert: 203 that: 204 - fw is successful 205 - fw is changed 206 - fw.cidr == "1.2.3.0/24,4.5.6.0/24" 207 - fw.cidrs == [ '1.2.3.0/24', '4.5.6.0/24' ] 208 - fw.ip_address == "{{ cs_firewall_ip_address }}" 209 - fw.protocol == "udp" 210 - fw.start_port == 5300 211 - fw.end_port == 5333 212 - fw.type == "ingress" 213 214- name: test present firewall rule ingress 5300 idempotence 215 cs_firewall: 216 ip_address: "{{ cs_firewall_ip_address }}" 217 protocol: udp 218 start_port: 5300 219 end_port: 5333 220 cidrs: 221 - 1.2.3.0/24 222 - 4.5.6.0/24 223 zone: "{{ cs_common_zone_adv }}" 224 register: fw 225- name: verify results of present firewall rule ingress 5300 idempotence 226 assert: 227 that: 228 - fw is successful 229 - fw is not changed 230 - fw.cidr == "1.2.3.0/24,4.5.6.0/24" 231 - fw.cidrs == [ '1.2.3.0/24', '4.5.6.0/24' ] 232 - fw.ip_address == "{{ cs_firewall_ip_address }}" 233 - fw.protocol == "udp" 234 - fw.start_port == 5300 235 - fw.end_port == 5333 236 - fw.type == "ingress" 237 238- name: test present firewall rule egress all in check mode 239 cs_firewall: 240 network: "{{ cs_firewall_network }}" 241 protocol: all 242 type: egress 243 zone: "{{ cs_common_zone_adv }}" 244 register: fw 245 check_mode: true 246- name: verify results of present firewall rule egress all in check mode 247 assert: 248 that: 249 - fw is successful 250 - fw is changed 251 252- name: test present firewall rule egress all 253 cs_firewall: 254 network: "{{ cs_firewall_network }}" 255 protocol: all 256 type: egress 257 zone: "{{ cs_common_zone_adv }}" 258 register: fw 259- name: verify results of present firewall rule egress all 260 assert: 261 that: 262 - fw is successful 263 - fw is changed 264 - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24" 265 - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ] 266 - fw.network == "{{ cs_firewall_network }}" 267 - fw.protocol == "all" 268 - fw.type == "egress" 269 270- name: test present firewall rule egress all idempotence 271 cs_firewall: 272 network: "{{ cs_firewall_network }}" 273 protocol: all 274 type: egress 275 zone: "{{ cs_common_zone_adv }}" 276 register: fw 277- name: verify results of present firewall rule egress all idempotence 278 assert: 279 that: 280 - fw is successful 281 - fw is not changed 282 - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24" 283 - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ] 284 - fw.network == "{{ cs_firewall_network }}" 285 - fw.protocol == "all" 286 - fw.type == "egress" 287 288- name: test absent firewall rule ingress 80 in check mode 289 cs_firewall: 290 port: 80 291 ip_address: "{{ cs_firewall_ip_address }}" 292 zone: "{{ cs_common_zone_adv }}" 293 state: absent 294 register: fw 295 check_mode: true 296- name: verify results of absent firewall rule ingress 80 in check mode 297 assert: 298 that: 299 - fw is successful 300 - fw is changed 301 - fw.cidr == "0.0.0.0/0" 302 - fw.cidrs == [ '0.0.0.0/0' ] 303 - fw.ip_address == "{{ cs_firewall_ip_address }}" 304 - fw.protocol == "tcp" 305 - fw.start_port == 80 306 - fw.end_port == 80 307 - fw.type == "ingress" 308 309- name: test absent firewall rule ingress 80 310 cs_firewall: 311 port: 80 312 ip_address: "{{ cs_firewall_ip_address }}" 313 zone: "{{ cs_common_zone_adv }}" 314 state: absent 315 register: fw 316- name: verify results of absent firewall rule ingress 80 317 assert: 318 that: 319 - fw is successful 320 - fw is changed 321 - fw.cidr == "0.0.0.0/0" 322 - fw.cidrs == [ '0.0.0.0/0' ] 323 - fw.ip_address == "{{ cs_firewall_ip_address }}" 324 - fw.protocol == "tcp" 325 - fw.start_port == 80 326 - fw.end_port == 80 327 - fw.type == "ingress" 328 329- name: test absent firewall rule ingress 80 idempotence 330 cs_firewall: 331 port: 80 332 ip_address: "{{ cs_firewall_ip_address }}" 333 zone: "{{ cs_common_zone_adv }}" 334 state: absent 335 register: fw 336- name: verify results of absent firewall rule ingress 80 idempotence 337 assert: 338 that: 339 - fw is successful 340 - fw is not changed 341 342- name: test absent firewall rule ingress 5300 in check mode 343 cs_firewall: 344 ip_address: "{{ cs_firewall_ip_address }}" 345 protocol: udp 346 start_port: 5300 347 end_port: 5333 348 cidrs: 349 - 1.2.3.0/24 350 - 4.5.6.0/24 351 zone: "{{ cs_common_zone_adv }}" 352 state: absent 353 register: fw 354 check_mode: true 355- name: verify results of absent firewall rule ingress 5300 in check mode 356 assert: 357 that: 358 - fw is successful 359 - fw is changed 360 - fw.cidr == "1.2.3.0/24,4.5.6.0/24" 361 - fw.cidrs == [ '1.2.3.0/24', '4.5.6.0/24' ] 362 - fw.ip_address == "{{ cs_firewall_ip_address }}" 363 - fw.protocol == "udp" 364 - fw.start_port == 5300 365 - fw.end_port == 5333 366 - fw.type == "ingress" 367 368- name: test absent firewall rule ingress 5300 369 cs_firewall: 370 ip_address: "{{ cs_firewall_ip_address }}" 371 protocol: udp 372 start_port: 5300 373 end_port: 5333 374 cidrs: 375 - 1.2.3.0/24 376 - 4.5.6.0/24 377 zone: "{{ cs_common_zone_adv }}" 378 state: absent 379 register: fw 380- name: verify results of absent firewall rule ingress 5300 381 assert: 382 that: 383 - fw is successful 384 - fw is changed 385 - fw.cidr == "1.2.3.0/24,4.5.6.0/24" 386 - fw.cidrs == [ '1.2.3.0/24', '4.5.6.0/24' ] 387 - fw.ip_address == "{{ cs_firewall_ip_address }}" 388 - fw.protocol == "udp" 389 - fw.start_port == 5300 390 - fw.end_port == 5333 391 - fw.type == "ingress" 392 393- name: test absent firewall rule ingress 5300 idempotence 394 cs_firewall: 395 ip_address: "{{ cs_firewall_ip_address }}" 396 protocol: udp 397 start_port: 5300 398 end_port: 5333 399 cidrs: 400 - 1.2.3.0/24 401 - 4.5.6.0/24 402 zone: "{{ cs_common_zone_adv }}" 403 state: absent 404 register: fw 405- name: verify results of absent firewall rule ingress 5300 idempotence 406 assert: 407 that: 408 - fw is successful 409 - fw is not changed 410 411- name: test absent firewall rule egress all in check mode 412 cs_firewall: 413 network: "{{ cs_firewall_network }}" 414 protocol: all 415 type: egress 416 state: absent 417 zone: "{{ cs_common_zone_adv }}" 418 register: fw 419 check_mode: true 420- name: verify results of absent firewall rule egress all in check mode 421 assert: 422 that: 423 - fw is successful 424 - fw is changed 425 - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24" 426 - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ] 427 - fw.network == "{{ cs_firewall_network }}" 428 - fw.protocol == "all" 429 - fw.type == "egress" 430 431- name: test absent firewall rule egress all 432 cs_firewall: 433 network: "{{ cs_firewall_network }}" 434 protocol: all 435 type: egress 436 state: absent 437 zone: "{{ cs_common_zone_adv }}" 438 register: fw 439- name: verify results of absent firewall rule egress all 440 assert: 441 that: 442 - fw is successful 443 - fw is changed 444 - fw.cidr == "0.0.0.0/0" or fw.cidr == "10.1.1.0/24" 445 - fw.cidrs == [ '0.0.0.0/0' ] or fw.cidrs == [ '10.1.1.0/24' ] 446 - fw.network == "{{ cs_firewall_network }}" 447 - fw.protocol == "all" 448 - fw.type == "egress" 449 450- name: test absent firewall rule egress all idempotence 451 cs_firewall: 452 network: "{{ cs_firewall_network }}" 453 protocol: all 454 type: egress 455 zone: "{{ cs_common_zone_adv }}" 456 state: absent 457 register: fw 458- name: verify results of absent firewall rule egress all idempotence 459 assert: 460 that: 461 - fw is successful 462 - fw is not changed 463 464- name: cleanup instance 465 cs_instance: 466 name: "{{ cs_resource_prefix }}-vm-cs-firewall" 467 zone: "{{ cs_common_zone_adv }}" 468 state: expunged 469 register: instance 470- name: verify instance cleanup 471 assert: 472 that: 473 - instance is successful 474 475- name: network cleanup 476 cs_network: 477 name: "{{ cs_firewall_network }}" 478 zone: "{{ cs_common_zone_adv }}" 479 state: absent 480 register: net 481- name: verify network cleanup 482 assert: 483 that: 484 - net is successful 485