# Test code for the Meraki NAT module # Copyright: (c) 2019, Kevin Breit (@kbreit) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) --- - block: - name: Create test network meraki_network: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present type: appliance - name: Create 1:1 rule with check mode meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present one_to_one: - name: Service behind NAT public_ip: 1.2.1.2 lan_ip: 192.168.128.1 uplink: internet1 allowed_inbound: - protocol: tcp destination_ports: - 80 allowed_ips: - 10.10.10.10 register: create_one_one_check check_mode: yes - debug: var: create_one_one_check - assert: that: - create_one_one_check is changed - name: Create 1:1 rule meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present one_to_one: - name: Service behind NAT public_ip: 1.2.1.2 lan_ip: 192.168.128.1 uplink: internet1 allowed_inbound: - protocol: tcp destination_ports: - 80 allowed_ips: - 10.10.10.10 register: create_one_one - debug: var: create_one_one - assert: that: - create_one_one is changed - name: Create 1:1 rule with idempotency meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present one_to_one: - name: Service behind NAT public_ip: 1.2.1.2 lan_ip: 192.168.128.1 uplink: internet1 allowed_inbound: - protocol: tcp destination_ports: - 80 allowed_ips: - 10.10.10.10 register: create_one_one_idempotent - debug: var: create_one_one_idempotent - assert: that: - create_one_one_idempotent is not changed - name: Create 1:many rule with check mode meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present one_to_many: - public_ip: 1.1.1.1 uplink: internet1 port_rules: - name: Test rule protocol: tcp public_port: 10 local_ip: 192.168.128.1 local_port: 11 allowed_ips: - any register: create_one_many_check check_mode: yes - debug: var: create_one_many_check - assert: that: - create_one_many_check is changed - name: Create 1:many rule meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present one_to_many: - public_ip: 1.1.1.1 uplink: internet1 port_rules: - name: Test rule protocol: tcp public_port: 10 local_ip: 192.168.128.1 local_port: 11 allowed_ips: - any register: create_one_many - debug: var: create_one_many - assert: that: - create_one_many is changed - name: Create 1:many rule with idempotency meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present one_to_many: - public_ip: 1.1.1.1 uplink: internet1 port_rules: - name: Test rule protocol: tcp public_port: 10 local_ip: 192.168.128.1 local_port: 11 allowed_ips: - any register: create_one_many_idempotent - debug: var: create_one_many_idempotent - assert: that: - create_one_many_idempotent is not changed - name: Create port forwarding rule with check mode meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present port_forwarding: - name: Test map lan_ip: 192.168.128.1 uplink: both protocol: tcp allowed_ips: - 1.1.1.1 public_port: 10 local_port: 11 register: create_pf_check check_mode: yes - debug: var: create_pf_check - assert: that: - create_pf_check is changed - name: Create port forwarding rule meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present port_forwarding: - name: Test map lan_ip: 192.168.128.1 uplink: both protocol: tcp allowed_ips: - 1.1.1.1 public_port: 10 local_port: 11 register: create_pf - debug: var: create_pf - assert: that: - create_pf is changed - name: Create port forwarding rule with idempotency meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present port_forwarding: - name: Test map lan_ip: 192.168.128.1 uplink: both protocol: tcp allowed_ips: - 1.1.1.1 public_port: 10 local_port: 11 register: create_pf_idempotent - debug: var: create_pf_idempotent - assert: that: - create_pf_idempotent is not changed - create_pf_idempotent.data.port_forwarding is defined - name: Create multiple rules meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: present port_forwarding: - name: Test map lan_ip: 192.168.128.1 uplink: both protocol: tcp allowed_ips: - 1.1.1.2 public_port: 10 local_port: 11 one_to_many: - public_ip: 1.1.1.3 uplink: internet1 port_rules: - name: Test rule protocol: tcp public_port: 10 local_ip: 192.168.128.1 local_port: 11 allowed_ips: - any register: create_multiple - debug: var: create_multiple - assert: that: - create_multiple is changed - create_multiple.data.one_to_many is defined - create_multiple.data.port_forwarding is defined - assert: that: - create_multiple is changed - create_multiple.data.one_to_many is defined - create_multiple.data.port_forwarding is defined - create_multiple.diff.before.one_to_many is defined - create_multiple.diff.before.port_forwarding is defined - create_multiple.diff.after.one_to_many is defined - create_multiple.diff.after.port_forwarding is defined - name: Query all NAT rules meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: query subset: all register: query_all - debug: var: query_all - name: Query 1:1 NAT rules meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: query subset: '1:1' register: query_1to1 - debug: var: query_1to1 - name: Query 1:many NAT rules meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: query subset: '1:many' register: query_1tomany - debug: var: query_1tomany - name: Query port forwarding rules meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: query subset: port_forwarding register: query_pf - debug: var: query_pf - name: Query multiple rules meraki_nat: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: query subset: - '1:1' - '1:many' register: query_multiple - debug: var: query_multiple always: - name: Delete test network meraki_network: auth_key: '{{auth_key}}' org_name: '{{test_org_name}}' net_name: '{{test_net_name}}' state: absent