# Copyright (c) 2018, René Moser # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) --- - name: setup firewall group vr_firewall_group: name: "{{ vr_firewall_group_name }}" register: result - name: verify setup firewall group assert: that: - result is success - name: setup firewall rule tcp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 state: absent register: result - name: verify setup firewal rule assert: that: - result is success - name: setup firewall rule udp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp state: absent register: result - name: verify setup firewal rule udp assert: that: - result is success - name: setup firewall rule udp v6 vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 state: absent register: result - name: verify setup firewal rule udp v6 assert: that: - result is success - name: setup firewall rule port range vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 state: absent register: result tags: tmp - name: verify setup firewal rule port range assert: that: - result is success - name: setup firewall rule icmp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp state: absent register: result - name: verify setup firewal rule assert: that: - result is success - name: test fail if missing group vr_firewall_rule: register: result ignore_errors: yes - name: verify test fail if missing group assert: that: - result is failed - 'result.msg == "missing required arguments: group"' - name: test create firewall rule tcp in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 register: result check_mode: true - name: verify test create firewall rule tcp in check mode assert: that: - result is changed - name: test create firewall rule tcp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 register: result - name: verify test create firewall rule tcp assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "0.0.0.0/0" - name: test create firewall rule tcp idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 register: result - name: verify test create firewall rule tcp idempotence assert: that: - result is not changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "0.0.0.0/0" - name: test create firewall rule udp in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp register: result check_mode: true - name: verify test create firewall rule udp in check mode assert: that: - result is changed - name: test create firewall rule udp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp register: result - name: verify test create firewall rule udp assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "udp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "0.0.0.0/0" - name: test create firewall rule udp idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp register: result - name: verify test create firewall rule udp idempotence assert: that: - result is not changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "udp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "0.0.0.0/0" - name: test create firewall rule udp v6 in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 register: result check_mode: true - name: verify test create firewall rule udp v6 in check mode assert: that: - result is changed - name: test create firewall rule udp v6 vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 register: result - name: verify test create firewall rule udp v6 assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "udp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "::/0" - name: test create firewall rule udp v6 idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 register: result - name: verify test create firewall rule udp v6 idempotence assert: that: - result is not changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "udp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "::/0" - name: test create firewall rule port range in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 register: result check_mode: true - name: verify test create firewall rule port range in check mode assert: that: - result is changed - name: test create firewall rule port range vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 register: result - name: verify test create firewall rule port range assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 8000 - result.vultr_firewall_rule.end_port == 8080 - result.vultr_firewall_rule.cidr == "10.100.12.0/24" - name: test create firewall rule port range idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 register: result - name: test create firewall rule port range idempotence assert: that: - result is not changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 8000 - result.vultr_firewall_rule.end_port == 8080 - result.vultr_firewall_rule.cidr == "10.100.12.0/24" - name: test create firewall rule icmp in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp register: result check_mode: true - name: test create firewall rule icmp in check mode assert: that: - result is changed - name: test create firewall rule icmp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp register: result - name: test create firewall rule icmp assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "icmp" - name: test create firewall rule icmp idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp register: result - name: test create firewall rule icmp idempotence assert: that: - result is not changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "icmp" - name: test remove firewall rule icmp in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp state: absent register: result check_mode: true - name: test remove firewall rule icmp in check mode assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "icmp" - name: test remove firewall rule icmp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp state: absent register: result - name: test remove firewall rule icmp assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "icmp" - name: test remove firewall rule icmp idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" protocol: icmp state: absent register: result - name: test remove firewall rule icmp idempotence assert: that: - result is not changed - name: test remove firewall rule tcp in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 state: absent register: result check_mode: true - name: verify test remove firewall rule tcp in check mode assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "0.0.0.0/0" - name: test remove firewall rule tcp vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 state: absent register: result - name: verify test remove firewall rule tcp assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "0.0.0.0/0" - name: test remove firewall rule tcp idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 state: absent register: result - name: verify test remove firewall rule tcp idempotence assert: that: - result is not changed - name: test remove firewall rule udp v6 in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 state: absent register: result check_mode: true - name: verify test remove firewall rule udp v6 in check mode assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "udp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "::/0" - name: test remove firewall rule udp v6 vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 state: absent register: result - name: verify test remove firewall rule udp v6 assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "udp" - result.vultr_firewall_rule.start_port == 53 - result.vultr_firewall_rule.cidr == "::/0" - name: test remove firewall rule udp v6 idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" port: 53 protocol: udp ip_version: v6 state: absent register: result - name: verify test remove firewall rule udp v6 idempotence assert: that: - result is not changed - name: test remove firewall rule port range in check mode vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 state: absent register: result check_mode: true - name: verify test remove firewall rule port range in check mode assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 8000 - result.vultr_firewall_rule.end_port == 8080 - result.vultr_firewall_rule.cidr == "10.100.12.0/24" - name: test remove firewall rule port range vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 state: absent register: result - name: verify test remove firewall rule port range assert: that: - result is changed - result.vultr_firewall_rule.action == "accept" - result.vultr_firewall_rule.protocol == "tcp" - result.vultr_firewall_rule.start_port == 8000 - result.vultr_firewall_rule.end_port == 8080 - result.vultr_firewall_rule.cidr == "10.100.12.0/24" - name: test remove firewall rule port range idempotence vr_firewall_rule: group: "{{ vr_firewall_group_name }}" start_port: 8000 end_port: 8080 protocol: tcp cidr: 10.100.12.0/24 state: absent register: result - name: verify test remove firewall rule port range idempotence assert: that: - result is not changed