# Copyright (c) 2018, René Moser <mail@renemoser.net>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
---
- name: setup firewall group
  vultr_firewall_group:
    name: "{{ vultr_firewall_group_name }}"
  register: result
- name: verify setup firewall group
  assert:
    that:
    - result is success

- name: setup firewall rule tcp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    state: absent
  register: result
- name: verify setup firewal rule
  assert:
    that:
    - result is success

- name: setup firewall rule udp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    state: absent
  register: result
- name: verify setup firewal rule udp
  assert:
    that:
    - result is success

- name: setup firewall rule udp v6
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
    state: absent
  register: result
- name: verify setup firewal rule udp v6
  assert:
    that:
    - result is success

- name: setup firewall rule port range
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
    state: absent
  register: result
  tags: tmp
- name: verify setup firewal rule port range
  assert:
    that:
    - result is success

- name: setup firewall rule icmp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
    state: absent
  register: result
- name: verify setup firewal rule
  assert:
    that:
    - result is success

- name: test fail if missing group
  vultr_firewall_rule:
  register: result
  ignore_errors: yes
- name: verify test fail if missing group
  assert:
    that:
    - result is failed
    - 'result.msg == "missing required arguments: group"'

- name: test create firewall rule tcp in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
  register: result
  check_mode: true
- name: verify test create firewall rule tcp in check mode
  assert:
    that:
    - result is changed

- name: test create firewall rule tcp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
  register: result
- name: verify test create firewall rule tcp
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "0.0.0.0/0"

- name: test create firewall rule tcp idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
  register: result
- name: verify test create firewall rule tcp idempotence
  assert:
    that:
    - result is not changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "0.0.0.0/0"

- name: test create firewall rule udp in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
  register: result
  check_mode: true
- name: verify test create firewall rule udp in check mode
  assert:
    that:
    - result is changed

- name: test create firewall rule udp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
  register: result
- name: verify test create firewall rule udp
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "udp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "0.0.0.0/0"

- name: test create firewall rule udp idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
  register: result
- name: verify test create firewall rule udp idempotence
  assert:
    that:
    - result is not changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "udp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "0.0.0.0/0"

- name: test create firewall rule udp v6 in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
  register: result
  check_mode: true
- name: verify test create firewall rule udp v6 in check mode
  assert:
    that:
    - result is changed

- name: test create firewall rule udp v6
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
  register: result
- name: verify test create firewall rule udp v6
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "udp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "::/0"

- name: test create firewall rule udp v6 idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
  register: result
- name: verify test create firewall rule udp v6 idempotence
  assert:
    that:
    - result is not changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "udp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "::/0"

- name: test create firewall rule port range in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
  register: result
  check_mode: true
- name: verify test create firewall rule port range in check mode
  assert:
    that:
    - result is changed

- name: test create firewall rule port range
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
  register: result
- name: verify test create firewall rule port range
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 8000
    - result.vultr_firewall_rule.end_port == 8080
    - result.vultr_firewall_rule.cidr == "10.100.12.0/24"

- name: test create firewall rule port range idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
  register: result
- name: test create firewall rule port range idempotence
  assert:
    that:
    - result is not changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 8000
    - result.vultr_firewall_rule.end_port == 8080
    - result.vultr_firewall_rule.cidr == "10.100.12.0/24"

- name: test create firewall rule icmp in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
  register: result
  check_mode: true
- name: test create firewall rule icmp in check mode
  assert:
    that:
    - result is changed

- name: test create firewall rule icmp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
  register: result
- name: test create firewall rule icmp
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "icmp"

- name: test create firewall rule icmp idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
  register: result
- name: test create firewall rule icmp idempotence
  assert:
    that:
    - result is not changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "icmp"

- name: test remove firewall rule icmp in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
    state: absent
  register: result
  check_mode: true
- name: test remove firewall rule icmp in check mode
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "icmp"

- name: test remove firewall rule icmp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
    state: absent
  register: result
- name: test remove firewall rule icmp
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "icmp"

- name: test remove firewall rule icmp idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    protocol: icmp
    state: absent
  register: result
- name: test remove firewall rule icmp idempotence
  assert:
    that:
    - result is not changed

- name: test remove firewall rule tcp in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    state: absent
  register: result
  check_mode: true
- name: verify test remove firewall rule tcp in check mode
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "0.0.0.0/0"

- name: test remove firewall rule tcp
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    state: absent
  register: result
- name: verify test remove firewall rule tcp
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "0.0.0.0/0"

- name: test remove firewall rule tcp idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    state: absent
  register: result
- name: verify test remove firewall rule tcp idempotence
  assert:
    that:
    - result is not changed

- name: test remove firewall rule udp v6 in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
    state: absent
  register: result
  check_mode: true
- name: verify test remove firewall rule udp v6 in check mode
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "udp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "::/0"

- name: test remove firewall rule udp v6
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
    state: absent
  register: result
- name: verify test remove firewall rule udp v6
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "udp"
    - result.vultr_firewall_rule.start_port == 53
    - result.vultr_firewall_rule.cidr == "::/0"

- name: test remove firewall rule udp v6 idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    port: 53
    protocol: udp
    ip_version: v6
    state: absent
  register: result
- name: verify test remove firewall rule udp v6 idempotence
  assert:
    that:
    - result is not changed

- name: test remove firewall rule port range in check mode
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
    state: absent
  register: result
  check_mode: true
- name: verify test remove firewall rule port range in check mode
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 8000
    - result.vultr_firewall_rule.end_port == 8080
    - result.vultr_firewall_rule.cidr == "10.100.12.0/24"

- name: test remove firewall rule port range
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
    state: absent
  register: result
- name: verify test remove firewall rule port range
  assert:
    that:
    - result is changed
    - result.vultr_firewall_rule.action == "accept"
    - result.vultr_firewall_rule.protocol == "tcp"
    - result.vultr_firewall_rule.start_port == 8000
    - result.vultr_firewall_rule.end_port == 8080
    - result.vultr_firewall_rule.cidr == "10.100.12.0/24"

- name: test remove firewall rule port range idempotence
  vultr_firewall_rule:
    group: "{{ vultr_firewall_group_name }}"
    start_port: 8000
    end_port: 8080
    protocol: tcp
    cidr: 10.100.12.0/24
    state: absent
  register: result
- name: verify test remove firewall rule port range idempotence
  assert:
    that:
    - result is not changed