blob: 8ee080a8aef7b4516181be1580ee5cd5d624f113 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
|
- name: test remove http range rule
cs_securitygroup_rule:
security_group: default
start_port: 8000
end_port: 8888
cidr: 1.2.3.4/32
state: absent
register: sg_rule
- name: verify create http range rule
assert:
that:
- sg_rule|success
- sg_rule|changed
- sg_rule.type == 'ingress'
- sg_rule.security_group == 'default'
- sg_rule.protocol == 'tcp'
- sg_rule.start_port == 8000
- sg_rule.end_port == 8888
- sg_rule.cidr == '1.2.3.4/32'
- name: test remove http range rule idempotence
cs_securitygroup_rule:
security_group: default
start_port: 8000
end_port: 8888
cidr: 1.2.3.4/32
state: absent
register: sg_rule
- name: verify create http range rule idempotence
assert:
that:
- sg_rule|success
- not sg_rule|changed
- name: test remove single port udp rule
cs_securitygroup_rule:
security_group: default
port: 5353
protocol: udp
type: egress
user_security_group: '{{ cs_resource_prefix }}_sg'
state: absent
register: sg_rule
- name: verify remove single port udp rule
assert:
that:
- sg_rule|success
- sg_rule|changed
- sg_rule.type == 'egress'
- sg_rule.security_group == 'default'
- sg_rule.protocol == 'udp'
- sg_rule.start_port == 5353
- sg_rule.end_port == 5353
- sg_rule.user_security_group == '{{ cs_resource_prefix }}_sg'
- name: test remove single port udp rule idempotence
cs_securitygroup_rule:
security_group: default
port: 5353
protocol: udp
type: egress
user_security_group: '{{ cs_resource_prefix }}_sg'
state: absent
register: sg_rule
- name: verify remove single port udp rule idempotence
assert:
that:
- sg_rule|success
- not sg_rule|changed
- name: test remove icmp rule
cs_securitygroup_rule:
security_group: default
protocol: icmp
type: ingress
icmp_type: -1
icmp_code: -1
state: absent
register: sg_rule
- name: verify icmp rule
assert:
that:
- sg_rule|success
- sg_rule|changed
- sg_rule.type == 'ingress'
- sg_rule.security_group == 'default'
- sg_rule.cidr == '0.0.0.0/0'
- sg_rule.protocol == 'icmp'
- sg_rule.icmp_code == -1
- sg_rule.icmp_type == -1
- name: test remove icmp rule idempotence
cs_securitygroup_rule:
security_group: default
protocol: icmp
type: ingress
icmp_type: -1
icmp_code: -1
state: absent
register: sg_rule
- name: verify icmp rule idempotence
assert:
that:
- sg_rule|success
- not sg_rule|changed
|