|
|
|
---
|
|
|
|
- name: setup vpc
|
|
|
|
cs_vpc:
|
|
|
|
name: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
display_text: "{{ cs_resource_prefix }}_display_text"
|
|
|
|
cidr: 10.10.0.0/16
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: vpc
|
|
|
|
- name: verify setup vpc
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- vpc is successful
|
|
|
|
|
|
|
|
- name: setup network acl
|
|
|
|
cs_network_acl:
|
|
|
|
name: "{{ cs_resource_prefix }}_acl"
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl
|
|
|
|
- name: verify setup network acl
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl is successful
|
|
|
|
|
|
|
|
- name: setup network acl rule
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
state: absent
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify setup network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
|
|
|
|
- name: test fail missing params
|
|
|
|
cs_network_acl_rule:
|
|
|
|
ignore_errors: true
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test fail missing param
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is failed
|
|
|
|
- "acl_rule.msg.startswith('missing required arguments: ')"
|
|
|
|
|
|
|
|
- name: test fail missing params for tcp
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: ingress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
ignore_errors: true
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test fail missing param for tcp
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is failed
|
|
|
|
- "acl_rule.msg == 'protocol is tcp but the following are missing: start_port, end_port'"
|
|
|
|
|
|
|
|
- name: test fail missing params for icmp
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: ingress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
protocol: icmp
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
ignore_errors: true
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test fail missing param for icmp
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is failed
|
|
|
|
- "acl_rule.msg == 'protocol is icmp but the following are missing: icmp_type, icmp_code'"
|
|
|
|
|
|
|
|
- name: test fail missing params for by number
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: ingress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
protocol: by_number
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
ignore_errors: true
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test fail missing param for by number
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is failed
|
|
|
|
- "acl_rule.msg == 'protocol is by_number but the following are missing: protocol_number'"
|
|
|
|
|
|
|
|
- name: test create network acl rule in check mode
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: ingress
|
|
|
|
action_policy: allow
|
|
|
|
port: 80
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify test create network acl rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
|
|
|
|
- name: test create network acl rule
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: ingress
|
|
|
|
action_policy: allow
|
|
|
|
port: 80
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test create network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 80
|
|
|
|
- acl_rule.end_port == 80
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "ingress"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test create network acl rule idempotence
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: ingress
|
|
|
|
action_policy: allow
|
|
|
|
port: 80
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test create network acl idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is not changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 80
|
|
|
|
- acl_rule.end_port == 80
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "ingress"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test change network acl rule in check mode
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: deny
|
|
|
|
port: 81
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify test change network acl rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 80
|
|
|
|
- acl_rule.end_port == 80
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "ingress"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test change network acl rule
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: deny
|
|
|
|
port: 81
|
|
|
|
protocol: udp
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test change network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "udp"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test change network acl rule idempotence
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: deny
|
|
|
|
port: 81
|
|
|
|
protocol: udp
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test change network acl idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is not changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "udp"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test change network acl by protocol number in check mode
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: deny
|
|
|
|
protocol: by_number
|
|
|
|
protocol_number: 8
|
|
|
|
port: 81
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify test change network acl by protocol number in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "udp"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test change network acl by protocol number
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: deny
|
|
|
|
protocol: by_number
|
|
|
|
protocol_number: 8
|
|
|
|
port: 81
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test change network acl by protocol number
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "by_number"
|
|
|
|
- acl_rule.protocol_number == 8
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test change network acl by protocol number idempotence
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: deny
|
|
|
|
protocol: by_number
|
|
|
|
protocol_number: 8
|
|
|
|
port: 81
|
|
|
|
cidr: 0.0.0.0/0
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test change network acl by protocol number idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is not changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "by_number"
|
|
|
|
- acl_rule.protocol_number == 8
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
|
|
|
|
- name: test create 2nd network acl rule in check mode
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 2
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 10.23.12.0/24
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
protocol: all
|
|
|
|
register: acl_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify test create 2nd network acl rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
|
|
|
|
- name: test create 2nd network acl rule
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 2
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 10.23.12.0/24
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
protocol: all
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test create 2nd network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "10.23.12.0/24"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "all"
|
|
|
|
- acl_rule.rule_position == 2
|
|
|
|
|
|
|
|
- name: test create 2nd network acl rule idempotence
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 2
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 10.23.12.0/24
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
protocol: all
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test create 2nd network acl rule idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is not changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "10.23.12.0/24"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "all"
|
|
|
|
- acl_rule.rule_position == 2
|
|
|
|
|
|
|
|
- name: test update 2nd network acl rule to icmp
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 2
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 10.23.12.0/24
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
protocol: icmp
|
|
|
|
icmp_type: 0
|
|
|
|
icmp_code: 8
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test create 2nd network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "10.23.12.0/24"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "icmp"
|
|
|
|
- acl_rule.icmp_type == 0
|
|
|
|
- acl_rule.icmp_code == 8
|
|
|
|
- acl_rule.rule_position == 2
|
|
|
|
|
|
|
|
- name: test update 2nd network acl rule to icmp idempotence
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 2
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
traffic_type: egress
|
|
|
|
action_policy: allow
|
|
|
|
cidr: 10.23.12.0/24
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
protocol: icmp
|
|
|
|
icmp_type: 0
|
|
|
|
icmp_code: 8
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test create 2nd network acl rule idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is not changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "10.23.12.0/24"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "icmp"
|
|
|
|
- acl_rule.icmp_type == 0
|
|
|
|
- acl_rule.icmp_code == 8
|
|
|
|
- acl_rule.rule_position == 2
|
|
|
|
|
|
|
|
- name: test absent network acl rule in check mode
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
state: absent
|
|
|
|
register: acl_rule
|
|
|
|
check_mode: true
|
|
|
|
- name: verify test absent network acl rule in check mode
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test absent network acl rule
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
state: absent
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test absent network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.start_port == 81
|
|
|
|
- acl_rule.end_port == 81
|
|
|
|
- acl_rule.action_policy == "deny"
|
|
|
|
- acl_rule.cidr == "0.0.0.0/0"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.rule_position == 1
|
|
|
|
|
|
|
|
- name: test absent network acl rule idempotence
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 1
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
state: absent
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test absent network acl rule idempotence
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is not changed
|
|
|
|
|
|
|
|
- name: test absent 2nd network acl rule
|
|
|
|
cs_network_acl_rule:
|
|
|
|
network_acl: "{{ cs_resource_prefix }}_acl"
|
|
|
|
rule_position: 2
|
|
|
|
vpc: "{{ cs_resource_prefix }}_vpc"
|
|
|
|
zone: "{{ cs_common_zone_adv }}"
|
|
|
|
state: absent
|
|
|
|
register: acl_rule
|
|
|
|
- name: verify test absent 2nd network acl rule
|
|
|
|
assert:
|
|
|
|
that:
|
|
|
|
- acl_rule is successful
|
|
|
|
- acl_rule is changed
|
|
|
|
- acl_rule.vpc == "{{ cs_resource_prefix }}_vpc"
|
|
|
|
- acl_rule.network_acl == "{{ cs_resource_prefix }}_acl"
|
|
|
|
- acl_rule.action_policy == "allow"
|
|
|
|
- acl_rule.cidr == "10.23.12.0/24"
|
|
|
|
- acl_rule.traffic_type == "egress"
|
|
|
|
- acl_rule.protocol == "icmp"
|
|
|
|
- acl_rule.icmp_type == 0
|
|
|
|
- acl_rule.icmp_code == 8
|
|
|
|
- acl_rule.rule_position == 2
|