cloudstack: add tests for cs_firewall

test/integration/cloudstack.yml

@@ -12,3 +12,4 @@
     - { role: test_cs_instance,             tags: test_cs_instance }
     - { role: test_cs_instancegroup,        tags: test_cs_instancegroup }
     - { role: test_cs_account,              tags: test_cs_account }
+    - { role: test_cs_firewall,             tags: test_cs_firewall }

test/integration/roles/test_cs_firewall/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+cs_firewall_ip_address: 10.100.212.5
+cs_firewall_network: test

test/integration/roles/test_cs_firewall/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - test_cs_common

test/integration/roles/test_cs_firewall/tasks/main.yml

@@ -0,0 +1,271 @@
+---
+- name: setup 80
+  cs_firewall:
+    port: 80
+    ip_address: "{{ cs_firewall_ip_address }}"
+    state: absent
+  register: fw
+- name: verify setup
+  assert:
+    that:
+    - fw|success
+
+- name: setup 5300
+  cs_firewall:
+    ip_address: "{{ cs_firewall_ip_address }}"
+    protocol: udp
+    start_port: 5300
+    end_port: 5333
+    cidr: 1.2.3.4/24
+    state: absent
+  register: fw
+- name: verify setup
+  assert:
+    that:
+    - fw|success
+
+- name: setup all
+  cs_firewall:
+    network: "{{ cs_firewall_network }}"
+    protocol: all
+    type: egress
+    state: absent
+  register: fw
+- name: verify setup
+  assert:
+    that:
+    - fw|success
+
+- name: test fail if missing params
+  action: cs_firewall
+  register: fw
+  ignore_errors: true
+- name: verify results of fail if missing params
+  assert:
+    that:
+    - fw|failed
+    - fw.msg == "missing required argument for protocol 'tcp': start_port or end_port"
+
+- name: test fail if missing params ip_address ingress
+  cs_firewall:
+    port: 80
+  register: fw
+  ignore_errors: true
+- name: verify results of fail if missing params ip_address
+  assert:
+    that:
+    - fw|failed
+    - fw.msg == "missing required argument for type ingress: ip_address"
+
+- name: test fail if missing params network egress
+  cs_firewall:
+    type: egress
+  register: fw
+  ignore_errors: true
+- name: verify results of fail if missing params ip_address
+  assert:
+    that:
+    - fw|failed
+    - fw.msg == "missing required argument for type egress: network"
+
+- name: test present firewall rule ingress 80
+  cs_firewall:
+    port: 80
+    ip_address: "{{ cs_firewall_ip_address }}"
+  register: fw
+- name: verify results of present firewall rule ingress 80
+  assert:
+    that:
+    - fw|success
+    - fw|changed
+    - fw.cidr == "0.0.0.0/0"
+    - fw.ip_address == "{{ cs_firewall_ip_address }}"
+    - fw.protocol == "tcp"
+    - fw.start_port == 80
+    - fw.end_port == 80
+    - fw.type == "ingress"
+
+- name: test present firewall rule ingress 80 idempotence
+  cs_firewall:
+    port: 80
+    ip_address: "{{ cs_firewall_ip_address }}"
+  register: fw
+- name: verify results of present firewall rule ingress 80 idempotence
+  assert:
+    that:
+    - fw|success
+    - not fw|changed
+    - fw.cidr == "0.0.0.0/0"
+    - fw.ip_address == "{{ cs_firewall_ip_address }}"
+    - fw.protocol == "tcp"
+    - fw.start_port == 80
+    - fw.end_port == 80
+    - fw.type == "ingress"
+
+- name: test present firewall rule ingress 5300
+  cs_firewall:
+    ip_address: "{{ cs_firewall_ip_address }}"
+    protocol: udp
+    start_port: 5300
+    end_port: 5333
+    cidr: 1.2.3.4/24
+  register: fw
+- name: verify results of present firewall rule ingress 5300
+  assert:
+    that:
+    - fw|success
+    - fw|changed
+    - fw.cidr == "1.2.3.4/24"
+    - fw.ip_address == "{{ cs_firewall_ip_address }}"
+    - fw.protocol == "udp"
+    - fw.start_port == 5300
+    - fw.end_port == 5333
+    - fw.type == "ingress"
+
+- name: test present firewall rule ingress 5300 idempotence
+  cs_firewall:
+    ip_address: "{{ cs_firewall_ip_address }}"
+    protocol: udp
+    start_port: 5300
+    end_port: 5333
+    cidr: 1.2.3.4/24
+  register: fw
+- name: verify results of present firewall rule ingress 5300 idempotence
+  assert:
+    that:
+    - fw|success
+    - not fw|changed
+    - fw.cidr == "1.2.3.4/24"
+    - fw.ip_address == "{{ cs_firewall_ip_address }}"
+    - fw.protocol == "udp"
+    - fw.start_port == 5300
+    - fw.end_port == 5333
+    - fw.type == "ingress"
+
+- name: test present firewall rule egress all
+  cs_firewall:
+    network: "{{ cs_firewall_network }}"
+    protocol: all
+    type: egress
+  register: fw
+- name: verify results of present firewall rule egress all
+  assert:
+    that:
+    - fw|success
+    - fw|changed
+    - fw.cidr == "0.0.0.0/0"
+    - fw.network == "{{ cs_firewall_network }}"
+    - fw.protocol == "all"
+    - fw.type == "egress"
+
+- name: test present firewall rule egress all idempotence
+  cs_firewall:
+    network: "{{ cs_firewall_network }}"
+    protocol: all
+    type: egress
+  register: fw
+- name: verify results of present firewall rule egress all idempotence
+  assert:
+    that:
+    - fw|success
+    - not fw|changed
+    - fw.cidr == "0.0.0.0/0"
+    - fw.network == "{{ cs_firewall_network }}"
+    - fw.protocol == "all"
+    - fw.type == "egress"
+
+- name: test absent firewall rule ingress 80
+  cs_firewall:
+    port: 80
+    ip_address: "{{ cs_firewall_ip_address }}"
+    state: absent
+  register: fw
+- name: verify results of absent firewall rule ingress 80
+  assert:
+    that:
+    - fw|success
+    - fw|changed
+    - fw.cidr == "0.0.0.0/0"
+    - fw.ip_address == "{{ cs_firewall_ip_address }}"
+    - fw.protocol == "tcp"
+    - fw.start_port == 80
+    - fw.end_port == 80
+    - fw.type == "ingress"
+
+- name: test absent firewall rule ingress 80 idempotence
+  cs_firewall:
+    port: 80
+    ip_address: "{{ cs_firewall_ip_address }}"
+    state: absent
+  register: fw
+- name: verify results of absent firewall rule ingress 80 idempotence
+  assert:
+    that:
+    - fw|success
+    - not fw|changed
+
+- name: test absent firewall rule ingress 5300
+  cs_firewall:
+    ip_address: "{{ cs_firewall_ip_address }}"
+    protocol: udp
+    start_port: 5300
+    end_port: 5333
+    cidr: 1.2.3.4/24
+    state: absent
+  register: fw
+- name: verify results of absent firewall rule ingress 5300
+  assert:
+    that:
+    - fw|success
+    - fw|changed
+    - fw.cidr == "1.2.3.4/24"
+    - fw.ip_address == "{{ cs_firewall_ip_address }}"
+    - fw.protocol == "udp"
+    - fw.start_port == 5300
+    - fw.end_port == 5333
+    - fw.type == "ingress"
+
+- name: test absent firewall rule ingress 5300 idempotence
+  cs_firewall:
+    ip_address: "{{ cs_firewall_ip_address }}"
+    protocol: udp
+    start_port: 5300
+    end_port: 5333
+    cidr: 1.2.3.4/24
+    state: absent
+  register: fw
+- name: verify results of absent firewall rule ingress 5300 idempotence
+  assert:
+    that:
+    - fw|success
+    - not fw|changed
+
+- name: test absent firewall rule egress all
+  cs_firewall:
+    network: "{{ cs_firewall_network }}"
+    protocol: all
+    type: egress
+    state: absent
+  register: fw
+- name: verify results of absent firewall rule egress all
+  assert:
+    that:
+    - fw|success
+    - fw|changed
+    - fw.cidr == "0.0.0.0/0"
+    - fw.network == "{{ cs_firewall_network }}"
+    - fw.protocol == "all"
+    - fw.type == "egress"
+
+- name: test absent firewall rule egress all idempotence
+  cs_firewall:
+    network: "{{ cs_firewall_network }}"
+    protocol: all
+    type: egress
+    state: absent
+  register: fw
+- name: verify results of absent firewall rule egress all idempotence
+  assert:
+    that:
+    - fw|success
+    - not fw|changed