mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
173 lines
4 KiB
YAML
173 lines
4 KiB
YAML
|
- name: Create resource group
|
||
|
azure_rm_resourcegroup:
|
||
|
name: "{{ resource_group }}"
|
||
|
location: "{{ location }}"
|
||
|
|
||
|
- name: Create security group
|
||
|
azure_rm_securitygroup:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: mysecgroup
|
||
|
tags:
|
||
|
testing: testing
|
||
|
delete: on-exit
|
||
|
foo: bar
|
||
|
purge_rules: yes
|
||
|
rules:
|
||
|
- name: DenySSH
|
||
|
protocol: Tcp
|
||
|
destination_port_range: 22
|
||
|
access: Deny
|
||
|
priority: 100
|
||
|
direction: Inbound
|
||
|
- name: 'AllowSSH'
|
||
|
protocol: Tcp
|
||
|
source_address_prefix: '174.109.158.0/24'
|
||
|
destination_port_range: 22
|
||
|
access: Allow
|
||
|
priority: 101
|
||
|
direction: Inbound
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert: { that: "{{ output.state.rules | length }} == 2" }
|
||
|
|
||
|
- name: Gather facts by tags
|
||
|
azure_rm_securitygroup_facts:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
tags:
|
||
|
- testing
|
||
|
- foo:bar
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that: azure_securitygroups | length == 1
|
||
|
|
||
|
- name: Add/Update rules on existing security group
|
||
|
azure_rm_securitygroup:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: mysecgroup
|
||
|
rules:
|
||
|
- name: DenySSH
|
||
|
protocol: Tcp
|
||
|
destination_port_range: 22-23
|
||
|
access: Deny
|
||
|
priority: 100
|
||
|
- name: AllowSSHFromHome
|
||
|
protocol: Tcp
|
||
|
source_address_prefix: '174.109.158.0/24'
|
||
|
destination_port_range: 22-23
|
||
|
priority: 102
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert: { that: "{{ output.state.rules | length }} == 3" }
|
||
|
|
||
|
- name: Test idempotence
|
||
|
azure_rm_securitygroup:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: mysecgroup
|
||
|
rules:
|
||
|
- name: DenySSH
|
||
|
protocol: Tcp
|
||
|
destination_port_range: 22-23
|
||
|
access: Deny
|
||
|
priority: 100
|
||
|
- name: AllowSSHFromHome
|
||
|
protocol: Tcp
|
||
|
source_address_prefix: '174.109.158.0/24'
|
||
|
destination_port_range: 22-23
|
||
|
priority: 102
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that: not output.changed
|
||
|
|
||
|
- name: Update tags
|
||
|
azure_rm_securitygroup:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: mysecgroup
|
||
|
tags:
|
||
|
testing: testing
|
||
|
delete: never
|
||
|
baz: bar
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- output.state.tags | length == 3
|
||
|
- output.state.tags.delete == 'never'
|
||
|
|
||
|
- name: Purge tags
|
||
|
azure_rm_securitygroup:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: mysecgroup
|
||
|
tags:
|
||
|
testing: testing
|
||
|
delete: on-exit
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- output.state.tags | length == 2
|
||
|
- output.state.tags.delete == 'on-exit'
|
||
|
|
||
|
- name: Gather facts for one accounts
|
||
|
azure_rm_securitygroup_facts:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: mysecgroup
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- azure_securitygroups | length == 1
|
||
|
|
||
|
- name: Gather facts for all accounts
|
||
|
azure_rm_securitygroup_facts:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- azure_securitygroups | length > 0
|
||
|
|
||
|
- name: Delete all security groups
|
||
|
azure_rm_securitygroup:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
name: "{{ item.name }}"
|
||
|
state: absent
|
||
|
with_items: "{{ azure_securitygroups }}"
|
||
|
|
||
|
- name: Should have no security groups remaining
|
||
|
azure_rm_securitygroup_facts:
|
||
|
resource_group: "{{ resource_group }}"
|
||
|
register: output
|
||
|
|
||
|
- debug: var=output
|
||
|
when: playbook_debug
|
||
|
|
||
|
- assert:
|
||
|
that:
|
||
|
- azure_securitygroups | length == 0
|