add security group and rule

resmo · resmo · commit b9baceedbce2 · 2024-11-24T21:55:57.000+01:00
diff --git a/tests/integration/targets/security_group/aliases b/tests/integration/targets/security_group/aliases
@@ -0,0 +1,3 @@
+cloud/cs
+cs/group2
+cs/group3
diff --git a/tests/integration/targets/security_group/meta/main.yml b/tests/integration/targets/security_group/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - cs_common
diff --git a/tests/integration/targets/security_group/tasks/main.yml b/tests/integration/targets/security_group/tasks/main.yml
@@ -0,0 +1,79 @@
+---
+- name: setup
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg state=absent
+  register: sg
+- name: verify setup
+  assert:
+    that:
+      - sg is successful
+
+- name: test fail if missing name
+  action: cs_securitygroup
+  register: sg
+  ignore_errors: true
+- name: verify results of fail if missing name
+  assert:
+    that:
+      - sg is failed
+      - "sg.msg == 'missing required arguments: name'"
+
+- name: test present security group in check mode
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg
+  register: sg
+  check_mode: true
+- name: verify results of create security group in check mode
+  assert:
+    that:
+      - sg is successful
+      - sg is changed
+
+- name: test present security group
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg
+  register: sg
+- name: verify results of create security group
+  assert:
+    that:
+      - sg is successful
+      - sg is changed
+      - sg.name == cs_resource_prefix + "_sg"
+
+- name: test present security group is idempotence
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg
+  register: sg
+- name: verify results present security group is idempotence
+  assert:
+    that:
+      - sg is successful
+      - sg is not changed
+      - sg.name == cs_resource_prefix + "_sg"
+
+- name: test absent security group in check mode
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg state=absent
+  register: sg
+  check_mode: true
+- name: verify results of absent security group in check mode
+  assert:
+    that:
+      - sg is successful
+      - sg is changed
+      - sg.name == cs_resource_prefix + "_sg"
+
+- name: test absent security group
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg state=absent
+  register: sg
+- name: verify results of absent security group
+  assert:
+    that:
+      - sg is successful
+      - sg is changed
+      - sg.name == cs_resource_prefix + "_sg"
+
+- name: test absent security group is idempotence
+  ngine_io.cloudstack.security_group: name={{ cs_resource_prefix }}_sg state=absent
+  register: sg
+- name: verify results of absent security group is idempotence
+  assert:
+    that:
+      - sg is successful
+      - sg is not changed
+      - sg.name is undefined
diff --git a/tests/integration/targets/security_group_rule/aliases b/tests/integration/targets/security_group_rule/aliases
@@ -0,0 +1,3 @@
+cloud/cs
+cs/group2
+cs/group3
diff --git a/tests/integration/targets/security_group_rule/meta/main.yml b/tests/integration/targets/security_group_rule/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - cs_common
diff --git a/tests/integration/targets/security_group_rule/tasks/absent.yml b/tests/integration/targets/security_group_rule/tasks/absent.yml
@@ -0,0 +1,171 @@
+---
+- name: test remove http range rule in check mode
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    start_port: 8000
+    end_port: 8888
+    cidr: 1.2.3.4/32
+    state: absent
+  register: sg_rule
+  check_mode: true
+- name: verify create http range rule in check mode
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is changed
+      - sg_rule.type == 'ingress'
+      - sg_rule.security_group == 'default'
+      - sg_rule.protocol == 'tcp'
+      - sg_rule.start_port == 8000
+      - sg_rule.end_port == 8888
+      - sg_rule.cidr == '1.2.3.4/32'
+
+- name: test remove http range rule
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    start_port: 8000
+    end_port: 8888
+    cidr: 1.2.3.4/32
+    state: absent
+  register: sg_rule
+- name: verify create http range rule
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is changed
+      - sg_rule.type == 'ingress'
+      - sg_rule.security_group == 'default'
+      - sg_rule.protocol == 'tcp'
+      - sg_rule.start_port == 8000
+      - sg_rule.end_port == 8888
+      - sg_rule.cidr == '1.2.3.4/32'
+
+- name: test remove http range rule idempotence
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    start_port: 8000
+    end_port: 8888
+    cidr: 1.2.3.4/32
+    state: absent
+  register: sg_rule
+- name: verify create http range rule idempotence
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is not changed
+
+- name: test remove single port udp rule in check mode
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    port: 5353
+    protocol: udp
+    type: egress
+    user_security_group: "{{ cs_resource_prefix }}_sg"
+    state: absent
+  register: sg_rule
+  check_mode: true
+- name: verify remove single port udp rule in check mode
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is changed
+      - sg_rule.type == 'egress'
+      - sg_rule.security_group == 'default'
+      - sg_rule.protocol == 'udp'
+      - sg_rule.start_port == 5353
+      - sg_rule.end_port == 5353
+      - sg_rule.user_security_group == cs_resource_prefix + "_sg"
+
+- name: test remove single port udp rule
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    port: 5353
+    protocol: udp
+    type: egress
+    user_security_group: "{{ cs_resource_prefix }}_sg"
+    state: absent
+  register: sg_rule
+- name: verify remove single port udp rule
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is changed
+      - sg_rule.type == 'egress'
+      - sg_rule.security_group == 'default'
+      - sg_rule.protocol == 'udp'
+      - sg_rule.start_port == 5353
+      - sg_rule.end_port == 5353
+      - sg_rule.user_security_group == cs_resource_prefix + "_sg"
+
+- name: test remove single port udp rule idempotence
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    port: 5353
+    protocol: udp
+    type: egress
+    user_security_group: "{{ cs_resource_prefix }}_sg"
+    state: absent
+  register: sg_rule
+- name: verify remove single port udp rule idempotence
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is not changed
+
+- name: test remove icmp rule in check mode
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    protocol: icmp
+    type: ingress
+    icmp_type: -1
+    icmp_code: -1
+    state: absent
+  register: sg_rule
+  check_mode: true
+- name: verify icmp rule in check mode
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is changed
+      - sg_rule.type == 'ingress'
+      - sg_rule.security_group == 'default'
+      - sg_rule.cidr == '0.0.0.0/0'
+      - sg_rule.protocol == 'icmp'
+      - sg_rule.icmp_code == -1
+      - sg_rule.icmp_type == -1
+
+- name: test remove icmp rule
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    protocol: icmp
+    type: ingress
+    icmp_type: -1
+    icmp_code: -1
+    state: absent
+  register: sg_rule
+- name: verify icmp rule
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is changed
+      - sg_rule.type == 'ingress'
+      - sg_rule.security_group == 'default'
+      - sg_rule.cidr == '0.0.0.0/0'
+      - sg_rule.protocol == 'icmp'
+      - sg_rule.icmp_code == -1
+      - sg_rule.icmp_type == -1
+
+- name: test remove icmp rule idempotence
+  ngine_io.cloudstack.security_group_rule:
+    security_group: default
+    protocol: icmp
+    type: ingress
+    icmp_type: -1
+    icmp_code: -1
+    state: absent
+  register: sg_rule
+- name: verify icmp rule idempotence
+  assert:
+    that:
+      - sg_rule is successful
+      - sg_rule is not changed
diff --git a/tests/integration/targets/security_group_rule/tasks/cleanup.yml b/tests/integration/targets/security_group_rule/tasks/cleanup.yml
@@ -0,0 +1,9 @@
+- name: cleanup custom security group
+  ngine_io.cloudstack.security_group:
+    name: "{{ cs_resource_prefix }}_sg"
+    state: absent
+  register: sg
+- name: verify setup
+  assert:
+    that:
+      - sg is successful
diff --git a/tests/integration/targets/security_group_rule/tasks/main.yml b/tests/integration/targets/security_group_rule/tasks/main.yml
@@ -0,0 +1,4 @@
+- include_tasks: setup.yml
+- include_tasks: present.yml
+- include_tasks: absent.yml
+- include_tasks: cleanup.yml
diff --git a/tests/integration/targets/security_group_rule/tasks/present.yml b/tests/integration/targets/security_group_rule/tasks/present.yml
diff --git a/tests/integration/targets/security_group_rule/tasks/setup.yml b/tests/integration/targets/security_group_rule/tasks/setup.yml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+cloud/cs`
	`2`	`+cs/group2`
	`3`	`+cs/group3`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+---`
	`2`	`+dependencies:`
	`3`	`+ - cs_common`