--- - name: setup 80 cs_firewall: port: 80 ip_address: "{{ cs_firewall_ip_address }}" state: absent register: fw - name: verify setup assert: that: - fw|success - name: setup 5300 cs_firewall: ip_address: "{{ cs_firewall_ip_address }}" protocol: udp start_port: 5300 end_port: 5333 cidr: 1.2.3.4/24 state: absent register: fw - name: verify setup assert: that: - fw|success - name: setup all cs_firewall: network: "{{ cs_firewall_network }}" protocol: all type: egress state: absent register: fw - name: verify setup assert: that: - fw|success - name: test fail if missing params action: cs_firewall register: fw ignore_errors: true - name: verify results of fail if missing params assert: that: - fw|failed - fw.msg == "missing required argument for protocol 'tcp': start_port or end_port" - name: test fail if missing params ip_address ingress cs_firewall: port: 80 register: fw ignore_errors: true - name: verify results of fail if missing params ip_address assert: that: - fw|failed - fw.msg == "missing required argument for type ingress: ip_address" - name: test fail if missing params network egress cs_firewall: type: egress register: fw ignore_errors: true - name: verify results of fail if missing params ip_address assert: that: - fw|failed - fw.msg == "missing required argument for type egress: network" - name: test present firewall rule ingress 80 cs_firewall: port: 80 ip_address: "{{ cs_firewall_ip_address }}" register: fw - name: verify results of present firewall rule ingress 80 assert: that: - fw|success - fw|changed - fw.cidr == "0.0.0.0/0" - fw.ip_address == "{{ cs_firewall_ip_address }}" - fw.protocol == "tcp" - fw.start_port == 80 - fw.end_port == 80 - fw.type == "ingress" - name: test present firewall rule ingress 80 idempotence cs_firewall: port: 80 ip_address: "{{ cs_firewall_ip_address }}" register: fw - name: verify results of present firewall rule ingress 80 idempotence assert: that: - fw|success - not fw|changed - fw.cidr == "0.0.0.0/0" - fw.ip_address == "{{ cs_firewall_ip_address }}" - fw.protocol == "tcp" - fw.start_port == 80 - fw.end_port == 80 - fw.type == "ingress" - name: test present firewall rule ingress 5300 cs_firewall: ip_address: "{{ cs_firewall_ip_address }}" protocol: udp start_port: 5300 end_port: 5333 cidr: 1.2.3.4/24 register: fw - name: verify results of present firewall rule ingress 5300 assert: that: - fw|success - fw|changed - fw.cidr == "1.2.3.4/24" - fw.ip_address == "{{ cs_firewall_ip_address }}" - fw.protocol == "udp" - fw.start_port == 5300 - fw.end_port == 5333 - fw.type == "ingress" - name: test present firewall rule ingress 5300 idempotence cs_firewall: ip_address: "{{ cs_firewall_ip_address }}" protocol: udp start_port: 5300 end_port: 5333 cidr: 1.2.3.4/24 register: fw - name: verify results of present firewall rule ingress 5300 idempotence assert: that: - fw|success - not fw|changed - fw.cidr == "1.2.3.4/24" - fw.ip_address == "{{ cs_firewall_ip_address }}" - fw.protocol == "udp" - fw.start_port == 5300 - fw.end_port == 5333 - fw.type == "ingress" - name: test present firewall rule egress all cs_firewall: network: "{{ cs_firewall_network }}" protocol: all type: egress register: fw - name: verify results of present firewall rule egress all assert: that: - fw|success - fw|changed - fw.cidr == "0.0.0.0/0" - fw.network == "{{ cs_firewall_network }}" - fw.protocol == "all" - fw.type == "egress" - name: test present firewall rule egress all idempotence cs_firewall: network: "{{ cs_firewall_network }}" protocol: all type: egress register: fw - name: verify results of present firewall rule egress all idempotence assert: that: - fw|success - not fw|changed - fw.cidr == "0.0.0.0/0" - fw.network == "{{ cs_firewall_network }}" - fw.protocol == "all" - fw.type == "egress" - name: test absent firewall rule ingress 80 cs_firewall: port: 80 ip_address: "{{ cs_firewall_ip_address }}" state: absent register: fw - name: verify results of absent firewall rule ingress 80 assert: that: - fw|success - fw|changed - fw.cidr == "0.0.0.0/0" - fw.ip_address == "{{ cs_firewall_ip_address }}" - fw.protocol == "tcp" - fw.start_port == 80 - fw.end_port == 80 - fw.type == "ingress" - name: test absent firewall rule ingress 80 idempotence cs_firewall: port: 80 ip_address: "{{ cs_firewall_ip_address }}" state: absent register: fw - name: verify results of absent firewall rule ingress 80 idempotence assert: that: - fw|success - not fw|changed - name: test absent firewall rule ingress 5300 cs_firewall: ip_address: "{{ cs_firewall_ip_address }}" protocol: udp start_port: 5300 end_port: 5333 cidr: 1.2.3.4/24 state: absent register: fw - name: verify results of absent firewall rule ingress 5300 assert: that: - fw|success - fw|changed - fw.cidr == "1.2.3.4/24" - fw.ip_address == "{{ cs_firewall_ip_address }}" - fw.protocol == "udp" - fw.start_port == 5300 - fw.end_port == 5333 - fw.type == "ingress" - name: test absent firewall rule ingress 5300 idempotence cs_firewall: ip_address: "{{ cs_firewall_ip_address }}" protocol: udp start_port: 5300 end_port: 5333 cidr: 1.2.3.4/24 state: absent register: fw - name: verify results of absent firewall rule ingress 5300 idempotence assert: that: - fw|success - not fw|changed - name: test absent firewall rule egress all cs_firewall: network: "{{ cs_firewall_network }}" protocol: all type: egress state: absent register: fw - name: verify results of absent firewall rule egress all assert: that: - fw|success - fw|changed - fw.cidr == "0.0.0.0/0" - fw.network == "{{ cs_firewall_network }}" - fw.protocol == "all" - fw.type == "egress" - name: test absent firewall rule egress all idempotence cs_firewall: network: "{{ cs_firewall_network }}" protocol: all type: egress state: absent register: fw - name: verify results of absent firewall rule egress all idempotence assert: that: - fw|success - not fw|changed