diff options
| author | Zim Kalinowski <zikalino@microsoft.com> | 2019-05-21 01:38:55 +0800 |
|---|---|---|
| committer | Matt Davis <nitzmahone@users.noreply.github.com> | 2019-05-20 10:38:55 -0700 |
| commit | b37ae35ba051cd9787effe8b485136ee436a2db7 (patch) | |
| tree | 7696b44abd49bab3329c98ec0bd9382a1ff4beba /test/integration/targets/azure_rm_azurefirewall | |
| parent | ea4842c0d3312e941e0d0feac11f3ce0b9925759 (diff) | |
| download | ansible-b37ae35ba051cd9787effe8b485136ee436a2db7.tar.gz | |
azure_rm_azurefirewall (#56359)
* azure_rm_azurefirewall
* a few updates
* fixed mistake
* updated docs, fixed syntax
* updated priority
* use checkmode for idempotence test, as it's very long
* fix check mode
Diffstat (limited to 'test/integration/targets/azure_rm_azurefirewall')
3 files changed, 253 insertions, 0 deletions
diff --git a/test/integration/targets/azure_rm_azurefirewall/aliases b/test/integration/targets/azure_rm_azurefirewall/aliases new file mode 100644 index 0000000000..aa77c071a8 --- /dev/null +++ b/test/integration/targets/azure_rm_azurefirewall/aliases @@ -0,0 +1,3 @@ +cloud/azure +shippable/azure/group2 +destructive diff --git a/test/integration/targets/azure_rm_azurefirewall/meta/main.yml b/test/integration/targets/azure_rm_azurefirewall/meta/main.yml new file mode 100644 index 0000000000..95e1952f98 --- /dev/null +++ b/test/integration/targets/azure_rm_azurefirewall/meta/main.yml @@ -0,0 +1,2 @@ +dependencies: + - setup_azure diff --git a/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml b/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml new file mode 100644 index 0000000000..c8fdac1352 --- /dev/null +++ b/test/integration/targets/azure_rm_azurefirewall/tasks/main.yml @@ -0,0 +1,248 @@ +- name: Fix resource prefix + set_fact: + virtual_network_name: myVirtualNetwork + subnet_name: AzureFirewallSubnet + public_ipaddress_name: myPublicIpAddress + azure_firewall_name: myFirewall + +- name: Create virtual network + azure_rm_virtualnetwork: + name: "{{ virtual_network_name }}" + address_prefixes_cidr: + - 10.1.0.0/16 + - 172.100.0.0/16 + dns_servers: + - 127.0.0.1 + - 127.0.0.3 + tags: + testing: testing + delete: on-exit + resource_group: "{{ resource_group }}" + +- name: Create subnet + azure_rm_subnet: + name: "{{ subnet_name }}" + virtual_network_name: "{{ virtual_network_name }}" + resource_group: "{{ resource_group }}" + address_prefix_cidr: "10.1.0.0/24" + +- name: Create public IP address + azure_rm_publicipaddress: + resource_group: "{{ resource_group }}" + allocation_method: Static + name: "{{ public_ipaddress_name }}" + sku: Standard + register: pip_output + +- debug: + var: pip_output + +- name: Create Azure Firewall + azure_rm_azurefirewall: + resource_group: '{{resource_group}}' + name: '{{azure_firewall_name}}' + #tags: + # key1: value1 + application_rule_collections: + - priority: 110 + action: deny + rules: + - name: rule1 + description: Deny inbound rule + source_addresses: + - 216.58.216.164 + - 10.0.0.0/25 + protocols: + - type: https + port: '443' + target_fqdns: + - www.test.com + name: apprulecoll + nat_rule_collections: + - priority: 112 + action: dnat + rules: + - name: DNAT-HTTPS-traffic + description: D-NAT all outbound web traffic for inspection + source_addresses: + - '*' + destination_addresses: + - "{{ pip_output.state.ip_address }}" + destination_ports: + - '443' + protocols: + - tcp + translated_address: 1.2.3.5 + translated_port: '8443' + name: natrulecoll + network_rule_collections: + - priority: 112 + action: deny + rules: + - name: L4-traffic + description: Block traffic based on source IPs and ports + protocols: + - tcp + source_addresses: + - 192.168.1.1-192.168.1.12 + - 10.1.4.12-10.1.4.255 + destination_addresses: + - '*' + destination_ports: + - 443-444 + - '8443' + name: netrulecoll + ip_configurations: + - subnet: + virtual_network_name: "{{ virtual_network_name }}" + name: "{{ subnet_name }}" + public_ip_address: + name: "{{ public_ipaddress_name }}" + name: azureFirewallIpConfiguration + register: output + +- debug: + var: output + +- name: Assert that output has changed + assert: + that: + - output.changed + +- name: Create Azure Firewall -- idempotent + azure_rm_azurefirewall: + resource_group: '{{resource_group}}' + name: '{{azure_firewall_name}}' + application_rule_collections: + - priority: 110 + action: deny + rules: + - name: rule1 + description: Deny inbound rule + source_addresses: + - 216.58.216.164 + - 10.0.0.0/25 + protocols: + - type: https + port: '443' + target_fqdns: + - www.test.com + name: apprulecoll + nat_rule_collections: + - priority: 112 + action: dnat + rules: + - name: DNAT-HTTPS-traffic + description: D-NAT all outbound web traffic for inspection + source_addresses: + - '*' + destination_addresses: + - "{{ pip_output.state.ip_address }}" + destination_ports: + - '443' + protocols: + - tcp + translated_address: 1.2.3.5 + translated_port: '8443' + name: natrulecoll + network_rule_collections: + - priority: 112 + action: deny + rules: + - name: L4-traffic + description: Block traffic based on source IPs and ports + protocols: + - tcp + source_addresses: + - 192.168.1.1-192.168.1.12 + - 10.1.4.12-10.1.4.255 + destination_addresses: + - '*' + destination_ports: + - 443-444 + - '8443' + name: netrulecoll + ip_configurations: + - subnet: + virtual_network_name: "{{ virtual_network_name }}" + name: "{{ subnet_name }}" + public_ip_address: + name: "{{ public_ipaddress_name }}" + name: azureFirewallIpConfiguration + register: output + +- debug: + var: output + +- name: Assert that output has not changed + assert: + that: + - not output.changed + +- name: Create Azure Firewall -- change something + azure_rm_azurefirewall: + resource_group: '{{resource_group}}' + name: '{{azure_firewall_name}}' + application_rule_collections: + - priority: 110 + action: deny + rules: + - name: rule1 + description: Deny inbound rule + source_addresses: + - 216.58.216.165 + - 10.0.0.0/25 + protocols: + - type: https + port: '443' + target_fqdns: + - www.test.com + name: apprulecoll + nat_rule_collections: + - priority: 112 + action: dnat + rules: + - name: DNAT-HTTPS-traffic + description: D-NAT all outbound web traffic for inspection + source_addresses: + - '*' + destination_addresses: + - "{{ pip_output.state.ip_address }}" + destination_ports: + - '443' + protocols: + - tcp + translated_address: 1.2.3.6 + translated_port: '8443' + name: natrulecoll + network_rule_collections: + - priority: 112 + action: deny + rules: + - name: L4-traffic + description: Block traffic based on source IPs and ports + protocols: + - tcp + source_addresses: + - 192.168.1.1-192.168.1.12 + - 10.1.4.12-10.1.4.255 + destination_addresses: + - '*' + destination_ports: + - 443-445 + - '8443' + name: netrulecoll + ip_configurations: + - subnet: + virtual_network_name: "{{ virtual_network_name }}" + name: "{{ subnet_name }}" + public_ip_address: + name: "{{ public_ipaddress_name }}" + name: azureFirewallIpConfiguration + check_mode: yes + register: output + +- name: Assert that output has changed + assert: + that: + - output.changed |