mirror of
https://github.com/ansible-collections/hetzner.hcloud.git
synced 2026-02-04 08:01:49 +00:00
2757fe745f
##### SUMMARY - firewall - Return resources the firewall is `applied_to`. - firewall_info - Add new `firewall_info` module to gather firewalls info. - firewall_resource - Add new `firewall_resource` module to manage firewalls resources. Fixes #111 ##### ISSUE TYPE - Feature Pull Request ##### COMPONENT NAME firewall firewall_info firewall_resource --------- Co-authored-by: Julian Tölle <julian.toelle97@gmail.com>
178 lines
5.4 KiB
YAML
178 lines
5.4 KiB
YAML
# Copyright: (c) 2020, Hetzner Cloud GmbH <info@hetzner-cloud.de>
|
|
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
---
|
|
- name: Test missing required parameters
|
|
hetzner.hcloud.firewall:
|
|
state: present
|
|
ignore_errors: true
|
|
register: result
|
|
- name: Verify missing required parameters
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is failed
|
|
- 'result.msg == "one of the following is required: id, name"'
|
|
|
|
- name: Test create with check mode
|
|
hetzner.hcloud.firewall:
|
|
name: "{{ hcloud_firewall_name }}"
|
|
rules:
|
|
- description: allow icmp in
|
|
direction: in
|
|
protocol: icmp
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
labels:
|
|
key: value
|
|
check_mode: true
|
|
register: result
|
|
- name: Verify create with check mode
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
|
|
- name: Test create
|
|
hetzner.hcloud.firewall:
|
|
name: "{{ hcloud_firewall_name }}"
|
|
rules:
|
|
- description: allow icmp in
|
|
direction: in
|
|
protocol: icmp
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
labels:
|
|
key: value
|
|
register: result
|
|
- name: Verify create
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.hcloud_firewall.name == hcloud_firewall_name
|
|
- result.hcloud_firewall.rules | list | count == 1
|
|
- result.hcloud_firewall.rules[0].description == "allow icmp in"
|
|
- result.hcloud_firewall.rules[0].direction == "in"
|
|
- result.hcloud_firewall.rules[0].protocol == "icmp"
|
|
- result.hcloud_firewall.rules[0].source_ips == ["0.0.0.0/0", "::/0"]
|
|
- result.hcloud_firewall.labels.key == "value"
|
|
- result.hcloud_firewall.applied_to | list | count == 0
|
|
|
|
- name: Test create idempotency
|
|
hetzner.hcloud.firewall:
|
|
name: "{{ hcloud_firewall_name }}"
|
|
rules:
|
|
- description: allow icmp in
|
|
direction: in
|
|
protocol: icmp
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
labels:
|
|
key: value
|
|
register: result
|
|
- name: Verify create idempotency
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: Test update
|
|
hetzner.hcloud.firewall:
|
|
name: "{{ hcloud_firewall_name }}"
|
|
rules:
|
|
- description: allow icmp in
|
|
direction: in
|
|
protocol: icmp
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
- description: allow http in
|
|
direction: in
|
|
protocol: tcp
|
|
port: 80
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
- description: allow http out
|
|
direction: out
|
|
protocol: tcp
|
|
port: 80
|
|
destination_ips: ["0.0.0.0/0", "::/0"]
|
|
labels:
|
|
key: value
|
|
label: label
|
|
register: result
|
|
- name: Verify update
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.hcloud_firewall.name == hcloud_firewall_name
|
|
- result.hcloud_firewall.rules | list | count == 3
|
|
- result.hcloud_firewall.rules[0].description == "allow icmp in"
|
|
- result.hcloud_firewall.rules[0].direction == "in"
|
|
- result.hcloud_firewall.rules[0].protocol == "icmp"
|
|
- result.hcloud_firewall.rules[0].source_ips == ["0.0.0.0/0", "::/0"]
|
|
- result.hcloud_firewall.rules[1].description == "allow http in"
|
|
- result.hcloud_firewall.rules[1].direction == "in"
|
|
- result.hcloud_firewall.rules[1].protocol == "tcp"
|
|
- result.hcloud_firewall.rules[1].port == "80"
|
|
- result.hcloud_firewall.rules[1].source_ips == ["0.0.0.0/0", "::/0"]
|
|
- result.hcloud_firewall.rules[2].description == "allow http out"
|
|
- result.hcloud_firewall.rules[2].direction == "out"
|
|
- result.hcloud_firewall.rules[2].protocol == "tcp"
|
|
- result.hcloud_firewall.rules[2].port == "80"
|
|
- result.hcloud_firewall.rules[2].destination_ips == ["0.0.0.0/0", "::/0"]
|
|
- result.hcloud_firewall.labels.key == "value"
|
|
- result.hcloud_firewall.labels.label == "label"
|
|
|
|
- name: Test update idempotency
|
|
hetzner.hcloud.firewall:
|
|
name: "{{ hcloud_firewall_name }}"
|
|
rules:
|
|
- description: allow icmp in
|
|
direction: in
|
|
protocol: icmp
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
- description: allow http in
|
|
direction: in
|
|
protocol: tcp
|
|
port: 80
|
|
source_ips: ["0.0.0.0/0", "::/0"]
|
|
- description: allow http out
|
|
direction: out
|
|
protocol: tcp
|
|
port: 80
|
|
destination_ips: ["0.0.0.0/0", "::/0"]
|
|
labels:
|
|
key: value
|
|
label: label
|
|
register: result
|
|
- name: Verify update idempotency
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is not changed
|
|
|
|
- name: Test update name
|
|
hetzner.hcloud.firewall:
|
|
id: "{{ result.hcloud_firewall.id }}"
|
|
name: "changed-{{ hcloud_firewall_name }}"
|
|
register: result
|
|
- name: Verify update name
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.hcloud_firewall.name == "changed-{{ hcloud_firewall_name }}"
|
|
|
|
- name: Test update name and labels
|
|
hetzner.hcloud.firewall:
|
|
id: "{{ result.hcloud_firewall.id }}"
|
|
name: "{{ hcloud_firewall_name }}"
|
|
labels:
|
|
key: value
|
|
register: result
|
|
- name: Verify update name and labels
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|
|
- result.hcloud_firewall.name == hcloud_firewall_name
|
|
- result.hcloud_firewall.labels.key == "value"
|
|
- result.hcloud_firewall.labels.label is not defined
|
|
|
|
- name: Test delete
|
|
hetzner.hcloud.firewall:
|
|
name: "{{ hcloud_firewall_name }}"
|
|
state: absent
|
|
register: result
|
|
- name: Verify delete
|
|
ansible.builtin.assert:
|
|
that:
|
|
- result is changed
|