mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
meraki_mx_l3_firewall - Fix idempotency for default rule logging (#42649)
* Fix idempotency and default syslog bugs * Fix idempotency check for syslog_default_rule * Syntax errors
This commit is contained in:
parent
9105149595
commit
2038ff5569
2 changed files with 74 additions and 31 deletions
|
@ -301,20 +301,24 @@ def main():
|
|||
else:
|
||||
payload = dict()
|
||||
update = False
|
||||
if meraki.params['syslog_default_rule']:
|
||||
if meraki.params['syslog_default_rule'] is not None:
|
||||
payload['syslogDefaultRule'] = meraki.params['syslog_default_rule']
|
||||
# meraki.fail_json(msg='Payload', payload=payload)
|
||||
try:
|
||||
if len(rules) - 1 != len(payload['rules']): # Quick and simple check to avoid more processing
|
||||
update = True
|
||||
if meraki.params['syslog_default_rule']:
|
||||
if meraki.params['syslog_default_rule'] is not None:
|
||||
if rules[len(rules) - 1]['syslogEnabled'] != meraki.params['syslog_default_rule']:
|
||||
update = True
|
||||
if update is False:
|
||||
del rules[len(rules) - 1] # Remove default rule for comparison
|
||||
for r in range(len(rules) - 1):
|
||||
if meraki.is_update_required(rules[r], payload[r]) is True:
|
||||
if meraki.is_update_required(rules[r], payload['rules'][r]) is True:
|
||||
update = True
|
||||
except KeyError:
|
||||
pass
|
||||
# if meraki.params['syslog_default_rule']:
|
||||
# meraki.fail_json(msg='Compare', original=rules, proposed=payload)
|
||||
if update is True:
|
||||
response = meraki.request(path, method='PUT', payload=json.dumps(payload))
|
||||
if meraki.status == 200:
|
||||
|
|
|
@ -4,37 +4,37 @@
|
|||
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
|
||||
---
|
||||
- block:
|
||||
- name: Test an API key is provided
|
||||
fail:
|
||||
msg: Please define an API key
|
||||
when: auth_key is not defined
|
||||
# - name: Test an API key is provided
|
||||
# fail:
|
||||
# msg: Please define an API key
|
||||
# when: auth_key is not defined
|
||||
|
||||
- name: Use an invalid domain
|
||||
meraki_organization:
|
||||
auth_key: '{{ auth_key }}'
|
||||
host: marrrraki.com
|
||||
state: present
|
||||
org_name: IntTestOrg
|
||||
output_level: debug
|
||||
delegate_to: localhost
|
||||
register: invalid_domain
|
||||
ignore_errors: yes
|
||||
# - name: Use an invalid domain
|
||||
# meraki_organization:
|
||||
# auth_key: '{{ auth_key }}'
|
||||
# host: marrrraki.com
|
||||
# state: present
|
||||
# org_name: IntTestOrg
|
||||
# output_level: debug
|
||||
# delegate_to: localhost
|
||||
# register: invalid_domain
|
||||
# ignore_errors: yes
|
||||
|
||||
- name: Disable HTTP
|
||||
meraki_organization:
|
||||
auth_key: '{{ auth_key }}'
|
||||
use_https: false
|
||||
state: query
|
||||
output_level: debug
|
||||
delegate_to: localhost
|
||||
register: http
|
||||
ignore_errors: yes
|
||||
# - name: Disable HTTP
|
||||
# meraki_organization:
|
||||
# auth_key: '{{ auth_key }}'
|
||||
# use_https: false
|
||||
# state: query
|
||||
# output_level: debug
|
||||
# delegate_to: localhost
|
||||
# register: http
|
||||
# ignore_errors: yes
|
||||
|
||||
- name: Connection assertions
|
||||
assert:
|
||||
that:
|
||||
- '"Failed to connect to" in invalid_domain.msg'
|
||||
- '"http" in http.url'
|
||||
# - name: Connection assertions
|
||||
# assert:
|
||||
# that:
|
||||
# - '"Failed to connect to" in invalid_domain.msg'
|
||||
# - '"http" in http.url'
|
||||
|
||||
- name: Create network
|
||||
meraki_network:
|
||||
|
@ -146,6 +146,45 @@
|
|||
- assert:
|
||||
that:
|
||||
- query.data.1.syslogEnabled == True
|
||||
- default_syslog.changed == True
|
||||
|
||||
- name: Disable syslog for default rule
|
||||
meraki_mx_l3_firewall:
|
||||
auth_key: '{{ auth_key }}'
|
||||
org_name: '{{test_org_name}}'
|
||||
net_name: TestNetAppliance
|
||||
state: present
|
||||
rules:
|
||||
- comment: Deny to documentation address
|
||||
src_port: any
|
||||
src_cidr: any
|
||||
dest_port: 80,443
|
||||
dest_cidr: 192.0.1.1/32
|
||||
protocol: tcp
|
||||
policy: deny
|
||||
syslog_default_rule: no
|
||||
delegate_to: localhost
|
||||
register: disable_syslog
|
||||
|
||||
- debug:
|
||||
msg: '{{disable_syslog}}'
|
||||
|
||||
- name: Query firewall rules
|
||||
meraki_mx_l3_firewall:
|
||||
auth_key: '{{ auth_key }}'
|
||||
org_name: '{{test_org_name}}'
|
||||
net_name: TestNetAppliance
|
||||
state: query
|
||||
delegate_to: localhost
|
||||
register: query
|
||||
|
||||
- debug:
|
||||
msg: '{{query.data.1}}'
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- query.data.1.syslogEnabled == False
|
||||
- disable_syslog.changed == True
|
||||
|
||||
always:
|
||||
- name: Delete all firewall rules
|
||||
|
|
Loading…
Reference in a new issue