From 3d816402ba2ab84aae818b788e3ad174f7bfb9c4 Mon Sep 17 00:00:00 2001 From: Rene Moser Date: Mon, 18 May 2015 22:44:29 +0200 Subject: [PATCH] cloudstack: add tests for cs_firewall --- test/integration/cloudstack.yml | 1 + .../roles/test_cs_firewall/defaults/main.yml | 3 + .../roles/test_cs_firewall/meta/main.yml | 3 + .../roles/test_cs_firewall/tasks/main.yml | 271 ++++++++++++++++++ 4 files changed, 278 insertions(+) create mode 100644 test/integration/roles/test_cs_firewall/defaults/main.yml create mode 100644 test/integration/roles/test_cs_firewall/meta/main.yml create mode 100644 test/integration/roles/test_cs_firewall/tasks/main.yml diff --git a/test/integration/cloudstack.yml b/test/integration/cloudstack.yml index 7cdf593a8c..546c6fa806 100644 --- a/test/integration/cloudstack.yml +++ b/test/integration/cloudstack.yml @@ -12,3 +12,4 @@ - { role: test_cs_instance, tags: test_cs_instance } - { role: test_cs_instancegroup, tags: test_cs_instancegroup } - { role: test_cs_account, tags: test_cs_account } + - { role: test_cs_firewall, tags: test_cs_firewall } diff --git a/test/integration/roles/test_cs_firewall/defaults/main.yml b/test/integration/roles/test_cs_firewall/defaults/main.yml new file mode 100644 index 0000000000..4aa4fe846f --- /dev/null +++ b/test/integration/roles/test_cs_firewall/defaults/main.yml @@ -0,0 +1,3 @@ +--- +cs_firewall_ip_address: 10.100.212.5 +cs_firewall_network: test diff --git a/test/integration/roles/test_cs_firewall/meta/main.yml b/test/integration/roles/test_cs_firewall/meta/main.yml new file mode 100644 index 0000000000..03e38bd4f7 --- /dev/null +++ b/test/integration/roles/test_cs_firewall/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - test_cs_common diff --git a/test/integration/roles/test_cs_firewall/tasks/main.yml b/test/integration/roles/test_cs_firewall/tasks/main.yml new file mode 100644 index 0000000000..5482ce4497 --- /dev/null +++ b/test/integration/roles/test_cs_firewall/tasks/main.yml @@ -0,0 +1,271 @@ +--- +- name: setup 80 + cs_firewall: + port: 80 + ip_address: "{{ cs_firewall_ip_address }}" + state: absent + register: fw +- name: verify setup + assert: + that: + - fw|success + +- name: setup 5300 + cs_firewall: + ip_address: "{{ cs_firewall_ip_address }}" + protocol: udp + start_port: 5300 + end_port: 5333 + cidr: 1.2.3.4/24 + state: absent + register: fw +- name: verify setup + assert: + that: + - fw|success + +- name: setup all + cs_firewall: + network: "{{ cs_firewall_network }}" + protocol: all + type: egress + state: absent + register: fw +- name: verify setup + assert: + that: + - fw|success + +- name: test fail if missing params + action: cs_firewall + register: fw + ignore_errors: true +- name: verify results of fail if missing params + assert: + that: + - fw|failed + - fw.msg == "missing required argument for protocol 'tcp': start_port or end_port" + +- name: test fail if missing params ip_address ingress + cs_firewall: + port: 80 + register: fw + ignore_errors: true +- name: verify results of fail if missing params ip_address + assert: + that: + - fw|failed + - fw.msg == "missing required argument for type ingress: ip_address" + +- name: test fail if missing params network egress + cs_firewall: + type: egress + register: fw + ignore_errors: true +- name: verify results of fail if missing params ip_address + assert: + that: + - fw|failed + - fw.msg == "missing required argument for type egress: network" + +- name: test present firewall rule ingress 80 + cs_firewall: + port: 80 + ip_address: "{{ cs_firewall_ip_address }}" + register: fw +- name: verify results of present firewall rule ingress 80 + assert: + that: + - fw|success + - fw|changed + - fw.cidr == "0.0.0.0/0" + - fw.ip_address == "{{ cs_firewall_ip_address }}" + - fw.protocol == "tcp" + - fw.start_port == 80 + - fw.end_port == 80 + - fw.type == "ingress" + +- name: test present firewall rule ingress 80 idempotence + cs_firewall: + port: 80 + ip_address: "{{ cs_firewall_ip_address }}" + register: fw +- name: verify results of present firewall rule ingress 80 idempotence + assert: + that: + - fw|success + - not fw|changed + - fw.cidr == "0.0.0.0/0" + - fw.ip_address == "{{ cs_firewall_ip_address }}" + - fw.protocol == "tcp" + - fw.start_port == 80 + - fw.end_port == 80 + - fw.type == "ingress" + +- name: test present firewall rule ingress 5300 + cs_firewall: + ip_address: "{{ cs_firewall_ip_address }}" + protocol: udp + start_port: 5300 + end_port: 5333 + cidr: 1.2.3.4/24 + register: fw +- name: verify results of present firewall rule ingress 5300 + assert: + that: + - fw|success + - fw|changed + - fw.cidr == "1.2.3.4/24" + - fw.ip_address == "{{ cs_firewall_ip_address }}" + - fw.protocol == "udp" + - fw.start_port == 5300 + - fw.end_port == 5333 + - fw.type == "ingress" + +- name: test present firewall rule ingress 5300 idempotence + cs_firewall: + ip_address: "{{ cs_firewall_ip_address }}" + protocol: udp + start_port: 5300 + end_port: 5333 + cidr: 1.2.3.4/24 + register: fw +- name: verify results of present firewall rule ingress 5300 idempotence + assert: + that: + - fw|success + - not fw|changed + - fw.cidr == "1.2.3.4/24" + - fw.ip_address == "{{ cs_firewall_ip_address }}" + - fw.protocol == "udp" + - fw.start_port == 5300 + - fw.end_port == 5333 + - fw.type == "ingress" + +- name: test present firewall rule egress all + cs_firewall: + network: "{{ cs_firewall_network }}" + protocol: all + type: egress + register: fw +- name: verify results of present firewall rule egress all + assert: + that: + - fw|success + - fw|changed + - fw.cidr == "0.0.0.0/0" + - fw.network == "{{ cs_firewall_network }}" + - fw.protocol == "all" + - fw.type == "egress" + +- name: test present firewall rule egress all idempotence + cs_firewall: + network: "{{ cs_firewall_network }}" + protocol: all + type: egress + register: fw +- name: verify results of present firewall rule egress all idempotence + assert: + that: + - fw|success + - not fw|changed + - fw.cidr == "0.0.0.0/0" + - fw.network == "{{ cs_firewall_network }}" + - fw.protocol == "all" + - fw.type == "egress" + +- name: test absent firewall rule ingress 80 + cs_firewall: + port: 80 + ip_address: "{{ cs_firewall_ip_address }}" + state: absent + register: fw +- name: verify results of absent firewall rule ingress 80 + assert: + that: + - fw|success + - fw|changed + - fw.cidr == "0.0.0.0/0" + - fw.ip_address == "{{ cs_firewall_ip_address }}" + - fw.protocol == "tcp" + - fw.start_port == 80 + - fw.end_port == 80 + - fw.type == "ingress" + +- name: test absent firewall rule ingress 80 idempotence + cs_firewall: + port: 80 + ip_address: "{{ cs_firewall_ip_address }}" + state: absent + register: fw +- name: verify results of absent firewall rule ingress 80 idempotence + assert: + that: + - fw|success + - not fw|changed + +- name: test absent firewall rule ingress 5300 + cs_firewall: + ip_address: "{{ cs_firewall_ip_address }}" + protocol: udp + start_port: 5300 + end_port: 5333 + cidr: 1.2.3.4/24 + state: absent + register: fw +- name: verify results of absent firewall rule ingress 5300 + assert: + that: + - fw|success + - fw|changed + - fw.cidr == "1.2.3.4/24" + - fw.ip_address == "{{ cs_firewall_ip_address }}" + - fw.protocol == "udp" + - fw.start_port == 5300 + - fw.end_port == 5333 + - fw.type == "ingress" + +- name: test absent firewall rule ingress 5300 idempotence + cs_firewall: + ip_address: "{{ cs_firewall_ip_address }}" + protocol: udp + start_port: 5300 + end_port: 5333 + cidr: 1.2.3.4/24 + state: absent + register: fw +- name: verify results of absent firewall rule ingress 5300 idempotence + assert: + that: + - fw|success + - not fw|changed + +- name: test absent firewall rule egress all + cs_firewall: + network: "{{ cs_firewall_network }}" + protocol: all + type: egress + state: absent + register: fw +- name: verify results of absent firewall rule egress all + assert: + that: + - fw|success + - fw|changed + - fw.cidr == "0.0.0.0/0" + - fw.network == "{{ cs_firewall_network }}" + - fw.protocol == "all" + - fw.type == "egress" + +- name: test absent firewall rule egress all idempotence + cs_firewall: + network: "{{ cs_firewall_network }}" + protocol: all + type: egress + state: absent + register: fw +- name: verify results of absent firewall rule egress all idempotence + assert: + that: + - fw|success + - not fw|changed