- name: Create resource group azure_rm_resourcegroup: name: "{{ resource_group }}" location: "{{ location }}" - name: Create security group azure_rm_securitygroup: resource_group: "{{ resource_group }}" name: mysecgroup tags: testing: testing delete: on-exit foo: bar purge_rules: yes rules: - name: DenySSH protocol: Tcp destination_port_range: 22 access: Deny priority: 100 direction: Inbound - name: 'AllowSSH' protocol: Tcp source_address_prefix: '174.109.158.0/24' destination_port_range: 22 access: Allow priority: 101 direction: Inbound register: output - debug: var=output when: playbook_debug - assert: { that: "{{ output.state.rules | length }} == 2" } - name: Gather facts by tags azure_rm_securitygroup_facts: resource_group: "{{ resource_group }}" tags: - testing - foo:bar register: output - debug: var=output when: playbook_debug - assert: that: azure_securitygroups | length == 1 - name: Add/Update rules on existing security group azure_rm_securitygroup: resource_group: "{{ resource_group }}" name: mysecgroup rules: - name: DenySSH protocol: Tcp destination_port_range: 22-23 access: Deny priority: 100 - name: AllowSSHFromHome protocol: Tcp source_address_prefix: '174.109.158.0/24' destination_port_range: 22-23 priority: 102 register: output - debug: var=output when: playbook_debug - assert: { that: "{{ output.state.rules | length }} == 3" } - name: Test idempotence azure_rm_securitygroup: resource_group: "{{ resource_group }}" name: mysecgroup rules: - name: DenySSH protocol: Tcp destination_port_range: 22-23 access: Deny priority: 100 - name: AllowSSHFromHome protocol: Tcp source_address_prefix: '174.109.158.0/24' destination_port_range: 22-23 priority: 102 register: output - debug: var=output when: playbook_debug - assert: that: not output.changed - name: Update tags azure_rm_securitygroup: resource_group: "{{ resource_group }}" name: mysecgroup tags: testing: testing delete: never baz: bar register: output - debug: var=output when: playbook_debug - assert: that: - output.state.tags | length == 3 - output.state.tags.delete == 'never' - name: Purge tags azure_rm_securitygroup: resource_group: "{{ resource_group }}" name: mysecgroup tags: testing: testing delete: on-exit register: output - debug: var=output when: playbook_debug - assert: that: - output.state.tags | length == 2 - output.state.tags.delete == 'on-exit' - name: Gather facts for one accounts azure_rm_securitygroup_facts: resource_group: "{{ resource_group }}" name: mysecgroup register: output - debug: var=output when: playbook_debug - assert: that: - azure_securitygroups | length == 1 - name: Gather facts for all accounts azure_rm_securitygroup_facts: resource_group: "{{ resource_group }}" register: output - debug: var=output when: playbook_debug - assert: that: - azure_securitygroups | length > 0 - name: Delete all security groups azure_rm_securitygroup: resource_group: "{{ resource_group }}" name: "{{ item.name }}" state: absent with_items: "{{ azure_securitygroups }}" - name: Should have no security groups remaining azure_rm_securitygroup_facts: resource_group: "{{ resource_group }}" register: output - debug: var=output when: playbook_debug - assert: that: - azure_securitygroups | length == 0