ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity

meraki_mx_l3_firewall - Fix idempotency for default rule logging (#42649)

Browse source 
* Fix idempotency and default syslog bugs

* Fix idempotency check for syslog_default_rule

* Syntax errors
This commit is contained in:
Kevin Breit 2018-07-12 09:47:17 -05:00 committed by Dag Wieers
parent 9105149595
commit 2038ff5569
2 changed files with 74 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/ansible/modules/network/meraki/meraki_mx_l3_firewall.py
View file

@ -301,20 +301,24 @@ def main():
else: else:
payload = dict() payload = dict()
update = False update = False
if meraki.params['syslog_default_rule']: if meraki.params['syslog_default_rule'] is not None:
payload['syslogDefaultRule'] = meraki.params['syslog_default_rule'] payload['syslogDefaultRule'] = meraki.params['syslog_default_rule']
# meraki.fail_json(msg='Payload', payload=payload)
try: try:
if len(rules) - 1 != len(payload['rules']): # Quick and simple check to avoid more processing if len(rules) - 1 != len(payload['rules']): # Quick and simple check to avoid more processing
update = True update = True
if meraki.params['syslog_default_rule']: if meraki.params['syslog_default_rule'] is not None:
if rules[len(rules) - 1]['syslogEnabled'] != meraki.params['syslog_default_rule']: if rules[len(rules) - 1]['syslogEnabled'] != meraki.params['syslog_default_rule']:
update = True update = True
if update is False: if update is False:
del rules[len(rules) - 1] # Remove default rule for comparison
for r in range(len(rules) - 1): for r in range(len(rules) - 1):
if meraki.is_update_required(rules[r], payload[r]) is True: if meraki.is_update_required(rules[r], payload['rules'][r]) is True:
update = True update = True
except KeyError: except KeyError:
pass pass
# if meraki.params['syslog_default_rule']:
# meraki.fail_json(msg='Compare', original=rules, proposed=payload)
if update is True: if update is True:
response = meraki.request(path, method='PUT', payload=json.dumps(payload)) response = meraki.request(path, method='PUT', payload=json.dumps(payload))
if meraki.status == 200: if meraki.status == 200:

95
test/integration/targets/meraki_mx_l3_firewall/tasks/main.yml
View file

@ -4,37 +4,37 @@
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
--- ---
- block: - block:
- name: Test an API key is provided # - name: Test an API key is provided
fail: # fail:
msg: Please define an API key # msg: Please define an API key
when: auth_key is not defined # when: auth_key is not defined
- name: Use an invalid domain # - name: Use an invalid domain
meraki_organization: # meraki_organization:
auth_key: '{{ auth_key }}' # auth_key: '{{ auth_key }}'
host: marrrraki.com # host: marrrraki.com
state: present # state: present
org_name: IntTestOrg # org_name: IntTestOrg
output_level: debug # output_level: debug
delegate_to: localhost # delegate_to: localhost
register: invalid_domain # register: invalid_domain
ignore_errors: yes # ignore_errors: yes
- name: Disable HTTP # - name: Disable HTTP
meraki_organization: # meraki_organization:
auth_key: '{{ auth_key }}' # auth_key: '{{ auth_key }}'
use_https: false # use_https: false
state: query # state: query
output_level: debug # output_level: debug
delegate_to: localhost # delegate_to: localhost
register: http # register: http
ignore_errors: yes # ignore_errors: yes
- name: Connection assertions # - name: Connection assertions
assert: # assert:
that: # that:
- '"Failed to connect to" in invalid_domain.msg' # - '"Failed to connect to" in invalid_domain.msg'
- '"http" in http.url' # - '"http" in http.url'
- name: Create network - name: Create network
meraki_network: meraki_network:
@ -146,6 +146,45 @@
- assert: - assert:
that: that:
- query.data.1.syslogEnabled == True - query.data.1.syslogEnabled == True
- default_syslog.changed == True
- name: Disable syslog for default rule
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: present
rules:
- comment: Deny to documentation address
src_port: any
src_cidr: any
dest_port: 80,443
dest_cidr: 192.0.1.1/32
protocol: tcp
policy: deny
syslog_default_rule: no
delegate_to: localhost
register: disable_syslog
- debug:
msg: '{{disable_syslog}}'
- name: Query firewall rules
meraki_mx_l3_firewall:
auth_key: '{{ auth_key }}'
org_name: '{{test_org_name}}'
net_name: TestNetAppliance
state: query
delegate_to: localhost
register: query
- debug:
msg: '{{query.data.1}}'
- assert:
that:
- query.data.1.syslogEnabled == False
- disable_syslog.changed == True
always: always:
- name: Delete all firewall rules - name: Delete all firewall rules