diff options
| author | Kevin Breit <kevin.breit@kevinbreit.net> | 2019-07-26 10:43:28 -0500 |
|---|---|---|
| committer | Paul Belanger <pabelanger@redhat.com> | 2019-07-26 11:43:28 -0400 |
| commit | 3cdc6678880b3a8070a44c5499840676d042e374 (patch) | |
| tree | e24db997068266b465f64e280c9e2a3d8be368d0 /test/integration/targets/meraki_mx_l7_firewall | |
| parent | f8f3986871dde66437a68b23e2ee6243569b3194 (diff) | |
| download | ansible-3cdc6678880b3a8070a44c5499840676d042e374.tar.gz | |
New module - meraki_mx_l7_firewall (#55485)
* Initial commit for meraki_mx_l7_firewall module
* Add argument checking
* Sanity fixes
* Fix crash and improve integration tests
* Improved integration tests and coverage
* Reformat response data
- Module does not match argument structure of API
- PR reformats the response to match Ansible arg spec
- Improved integration tests
* Fix reformatting for diffs
* Create rename_* functions
- is_update_required() ignores the key id
- Meraki expects one of the keys to be id
- Function temporarily renames key to appId to get around this
* Tweak documentation and tests
- Tests now do an include so each task doesn't need delegate_to
* Fix which files I'm editing
Diffstat (limited to 'test/integration/targets/meraki_mx_l7_firewall')
3 files changed, 503 insertions, 0 deletions
diff --git a/test/integration/targets/meraki_mx_l7_firewall/aliases b/test/integration/targets/meraki_mx_l7_firewall/aliases new file mode 100644 index 0000000000..06fe32bc66 --- /dev/null +++ b/test/integration/targets/meraki_mx_l7_firewall/aliases @@ -0,0 +1,2 @@ +unsupported + diff --git a/test/integration/targets/meraki_mx_l7_firewall/tasks/main.yml b/test/integration/targets/meraki_mx_l7_firewall/tasks/main.yml new file mode 100644 index 0000000000..bb4c6fc594 --- /dev/null +++ b/test/integration/targets/meraki_mx_l7_firewall/tasks/main.yml @@ -0,0 +1,7 @@ +# Test code for the Meraki Organization module +# Copyright: (c) 2018, Kevin Breit (@kbreit) + +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +- name: Run test cases + include: tests.yml ansible_connection=local
\ No newline at end of file diff --git a/test/integration/targets/meraki_mx_l7_firewall/tasks/tests.yml b/test/integration/targets/meraki_mx_l7_firewall/tasks/tests.yml new file mode 100644 index 0000000000..72adef560e --- /dev/null +++ b/test/integration/targets/meraki_mx_l7_firewall/tasks/tests.yml @@ -0,0 +1,494 @@ +# Test code for the Meraki Organization module +# Copyright: (c) 2018, Kevin Breit (@kbreit) + +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +--- +- block: + - name: Test an API key is provided + fail: + msg: Please define an API key + when: auth_key is not defined + + - name: Create network + meraki_network: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + type: appliance + + - name: Query firewall rules + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: query + register: query + + - debug: + var: query + + - assert: + that: + - query.data is defined + + - name: Query firewall application categories + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: query + categories: yes + register: query_categories + + - assert: + that: + - query_categories.data is defined + + - name: Create firewall rule for IP range in check mode + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range_check + check_mode: yes + + - debug: + var: create_ip_range_check + + - assert: + that: + - create_ip_range_check is changed + + - name: Create firewall rule for IP range + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range + + - debug: + var: create_ip_range + + - assert: + that: + - create_ip_range is changed + - create_ip_range.data.rules | length == 1 + + - name: Create firewall rule for IP range with idempotency with check mode + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range_idempotent_check + check_mode: yes + + - assert: + that: + - create_ip_range_idempotent_check is not changed + + - name: Create firewall rule for IP range with idempotency + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range_idempotent + + - assert: + that: + - create_ip_range_idempotent is not changed + + - name: Create firewall rule for IP and port + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.1:23 + register: create_ip_range_port + + - debug: + var: create_ip_range_port + + - assert: + that: + - create_ip_range_port is changed + + - name: Create firewall rule for IP range + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range + + - debug: + var: create_ip_range + + - assert: + that: + - create_ip_range is changed + - create_ip_range.data.rules | length == 1 + + - name: Create firewall rule for IP range with idempotency with check mode + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range_idempotent_check + check_mode: yes + + - assert: + that: + - create_ip_range_idempotent_check is not changed + + - name: Create firewall rule for IP range with idempotency + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: ip_range + ip_range: 10.11.12.0/24 + register: create_ip_range_idempotent + + - assert: + that: + - create_ip_range_idempotent is not changed + + - name: Create firewall rule for application + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application + application: + name: facebook + register: application_rule + + - assert: + that: + - application_rule is changed + - application_rule.data.rules is defined + + - name: Create firewall rule for application via ID + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application + application: + id: meraki:layer7/application/205 + register: application_rule_id + + - assert: + that: + - application_rule_id is changed + + - name: Create firewall rule for invalid application + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application + application: + name: ansible + register: application_rule_invalid + ignore_errors: yes + + - name: Create firewall rule for application category + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application_category + application: + name: Advertising + register: application_category_rule + + - debug: + var: application_category_rule + + - assert: + that: + - application_category_rule is changed + + - name: Create firewall rule for application category with ID and conflict + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application_category + application: + id: meraki:layer7/category/27 + register: application_category_rule_id_conflict + + - assert: + that: + - application_category_rule_id_conflict is not changed + + - name: Create firewall rule for application category with ID + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application_category + application: + id: meraki:layer7/category/24 + register: application_category_rule_id + + - assert: + that: + - application_category_rule_id is changed + + - name: Create firewall rule for host + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: host + host: asdf.com + register: host_rule + + - assert: + that: + - host_rule is changed + + - name: Create firewall rule for port + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: port + port: 1234 + register: port_rule + + - assert: + that: + - port_rule is changed + + - name: Create firewall rule for blacklisted countries + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: blacklisted_countries + countries: + - CA + - AX + register: blacklist_countries + + - assert: + that: + - blacklist_countries is changed + + - name: Create firewall rule for whitelisted countries + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: whitelisted_countries + countries: + - US + - FR + register: whitelist_countries + + - assert: + that: + - whitelist_countries is changed + + - name: Create firewall rule for whitelisted countries with idempotency + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: whitelisted_countries + countries: + - US + - FR + register: whitelist_countries_idempotent + + - assert: + that: + - whitelist_countries_idempotent is not changed + + - name: Create multiple firewall rules + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application_category + application: + id: meraki:layer7/category/27 + - type: blacklisted_countries + countries: + - CN + - policy: deny + type: port + port: 8080 + register: multiple_rules + + - debug: + var: multiple_rules + + - assert: + that: + - multiple_rules.data.rules | length == 3 + - multiple_rules is changed + + ######################################### + ## Tests for argument completeness ## + ######################################### + + - name: Test whitelisted_countries incomplete arguments + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: whitelisted_countries + register: error_whitelist + ignore_errors: yes + + - assert: + that: + - 'error_whitelist.msg == "countries argument is required when type is whitelisted_countries."' + + - name: Test blacklisted_countries incomplete arguments + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: blacklisted_countries + register: error_blacklist + ignore_errors: yes + + - assert: + that: + - 'error_blacklist.msg == "countries argument is required when type is blacklisted_countries."' + + - name: Test application_category incomplete arguments + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application_category + register: error_app_cat + ignore_errors: yes + + - assert: + that: + - 'error_app_cat.msg == "application argument is required when type is application_category."' + + - name: Test application incomplete arguments + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: application + register: error_app_cat + ignore_errors: yes + + - assert: + that: + - 'error_app_cat.msg == "application argument is required when type is application."' + + - name: Test host incomplete arguments + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: host + register: error_app_cat + ignore_errors: yes + + - assert: + that: + - 'error_app_cat.msg == "host argument is required when type is host."' + + - name: Test port incomplete arguments + meraki_mx_l7_firewall: + auth_key: '{{ auth_key }}' + org_name: '{{test_org_name}}' + net_name: TestNetAppliance + state: present + rules: + - type: port + register: error_app_cat + ignore_errors: yes + + - assert: + that: + - 'error_app_cat.msg == "port argument is required when type is port."' + + ################# + ## Cleanup ## + ################# + + # always: + # - name: Delete network + # meraki_network: + # auth_key: '{{ auth_key }}' + # org_name: '{{test_org_name}}' + # net_name: TestNetAppliance + # state: absent + # delegate_to: localhost |