def test_asa_acls_replaced_idempotent(self): set_module_args( dict( config=[ dict(acls=[ dict( name="test_access", acl_type="extended", aces=[ dict( destination=dict( address="192.0.3.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), grant="deny", line=1, log="default", protocol="tcp", protocol_options=dict(tcp="true"), source=dict( address="192.0.2.0", netmask="255.255.255.0", ), ) ], ) ]) ], state="replaced", )) self.execute_module(changed=False, commands=[], sort=True)
def test_asa_acls_merged(self): set_module_args( dict( config=dict(acls=[ dict( aces=[ dict( destination=dict( object_group="test_network_og", port_protocol=dict(eq="www"), ), grant="deny", line=2, log="default", protocol="tcp", protocol_options=dict(tcp="true"), source=dict(object_group="test_og_network"), ) ], acl_type="extended", name="test_global_access", ) ]), state="merged", )) result = self.execute_module(changed=True) commands = [ "access-list test_global_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default" ] self.assertEqual(result["commands"], commands)
def test_asa_acls_rendered(self): set_module_args( dict( config=[ dict(acls=[ dict( name="test_access", acl_type="extended", aces=[ dict( destination=dict( address="192.0.3.0", netmask="255.255.255.0", ), grant="deny", line=1, log="default", protocol="tcp", protocol_options=dict(tcp="true"), source=dict( address="192.0.2.0", netmask="255.255.255.0", ), ) ], ) ]) ], state="rendered", )) commands = [ "access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 log default" ] result = self.execute_module(changed=False) self.assertEqual(result["rendered"], commands)
def test_asa_ogs_merged(self): set_module_args( dict( config=[ dict( object_groups=[ dict( name="test_network_og", description="test network og", network_object=dict( host=["192.0.3.1", "192.0.3.2"], ipv6_address=["2001:db8:0:3::/64"], ), ) ], object_type="network", ) ], state="merged", )) result = self.execute_module(changed=True) commands = [ "object-group network test_network_og", "description test network og", "network-object host 192.0.3.1", "network-object host 192.0.3.2", "network-object 2001:db8:0:3::/64", ] self.assertEqual(result["commands"], commands)
def test_asa_ogs_overridden_idempotent(self): set_module_args( dict( config=[ dict( object_groups=[ dict( description="test_og_network", name="test_og_network", network_object=dict( host=["192.0.2.1"], address=["192.0.2.0 255.255.255.0"], ), ) ], object_type="network", ), dict( object_groups=[ dict( name="test_og_service", service_object=dict( protocol=["ipinip", "tcp-udp"]), ) ], object_type="service", ), ], state="overridden", )) self.execute_module(changed=False, commands=[], sort=True)
def test_asa_acls_overridden(self): set_module_args( dict( config=[ dict(acls=[ dict( name="test_global_access", acl_type="extended", aces=[ dict( destination=dict( any="true", port_protocol=dict(eq="www"), ), grant="deny", line=1, log="errors", protocol="tcp", protocol_options=dict(tcp="true"), source=dict(any="true"), ) ], ) ]) ], state="overridden", )) result = self.execute_module(changed=True) commands = [ "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", "access-list test_global_access line 1 extended deny tcp any any eq www log errors", ] self.assertEqual(result["commands"], commands)
def test_asa_ogs_overridden(self): set_module_args( dict( config=[ dict( object_groups=[ dict( name="test_og_network", description="test_og_network_override", network_object=dict( host=["192.0.3.1"], address=["192.0.3.0 255.255.255.0"], ), ) ], object_type="network", ) ], state="overridden", )) result = self.execute_module(changed=True) commands = [ "no object-group service test_og_service", "no object-group network group_network_obj", "object-group network test_og_network", "description test_og_network_override", "no network-object 192.0.2.0 255.255.255.0", "network-object 192.0.3.0 255.255.255.0", "no network-object host 192.0.2.1", "network-object host 192.0.3.1", "no object-group network ANSIBLE_TEST", "no object-group user group_user_obj", "no object-group user test_user_obj", ] self.assertEqual(sorted(result["commands"]), sorted(commands))
def test_asa_ogs_replaced(self): set_module_args( dict( config=[ dict( object_groups=[ dict( name="test_og_network", description="test_og_network_replace", network_object=dict( host=["192.0.3.1"], address=["192.0.3.0 255.255.255.0"], ), ) ], object_type="network", ) ], state="replaced", )) result = self.execute_module(changed=True) commands = [ "object-group network test_og_network", "description test_og_network_replace", "no network-object 192.0.2.0 255.255.255.0", "network-object 192.0.3.0 255.255.255.0", "no network-object host 192.0.2.1", "network-object host 192.0.3.1", ] self.assertEqual(result["commands"], commands)
def test_asa_ogs_rendered(self): set_module_args( dict( config=[ dict( description="test_og_network", name="test_og_network", network_object=dict( host=["192.0.2.1"], address=["192.0.2.0 255.255.255.0"], ), object_type="network", ), dict( name="test_og_service", service_object=dict(protocol=["ipinip", "tcp-udp"]), object_type="service", ), ], state="rendered", )) commands = [ "object-group network test_og_network", "description test_og_network", "network-object host 192.0.2.1", "network-object 192.0.2.0 255.255.255.0", "object-group service test_og_service", "service-object ipinip", "service-object tcp-udp", ] result = self.execute_module(changed=False) self.assertEqual(result["rendered"], commands)
def test_asa_ogs_attributes_based(self): set_module_args( dict( config=[ dict( name="test_og_network", network_object=dict( address=["192.0.2.0 255.255.255.0"]), object_type="network", ), dict( name="test_og_service", service_object=dict(protocol=["ipinip"]), object_type="service", ), ], state="deleted", )) result = self.execute_module(changed=True) commands = [ "object-group network test_og_network", "no network-object 192.0.2.0 255.255.255.0", "object-group service test_og_service", "no service-object ipinip", ] self.assertEqual(result["commands"], commands)
def test_asa_acls_merged(self): set_module_args( dict( config=[ dict( acls=[ dict( name="test_global_access", acl_type="extended", aces=[ dict( destination=dict( any="true", port_protocol=dict(eq="www"), ), grant="deny", line=1, log="errors", protocol="tcp", protocol_options=dict(tcp="true"), source=dict(any="true"), ) ], ) ] ), dict( acls=[ dict( name="merge_v6_acl", aces=[ dict( destination=dict( address="2001:fc8:0:6::/64", port_protocol=dict(eq="telnet"), ), grant="deny", inactive="true", protocol="tcp", protocol_options=dict(tcp="true"), source=dict( address="2001:db8:0:5::/64", port_protocol=dict(eq="www"), ), ) ], ) ] ), ], state="merged", ) ) result = self.execute_module(changed=True) commands = [ "access-list test_global_access line 1 extended deny tcp any any eq www log errors", "access-list merge_v6_acl deny tcp 2001:db8:0:5::/64 eq www 2001:fc8:0:6::/64 eq telnet inactive", ] self.assertEqual(result["commands"], commands)
def test_asa_ogs_deleted_all(self): set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ "no object-group network test_og_network", "no object-group service test_og_service", ] self.assertEqual(result["commands"], commands)
def test_asa_acls_deleted_all(self): set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", ] self.assertEqual(result["commands"], commands)
def test_asa_ogs_overridden_idempotent(self): set_module_args( dict( config=[ dict( object_groups=[ dict( group_object=["ANSIBLE_TEST"], name="group_network_obj", ), dict( description="test_og_network", name="test_og_network", network_object=dict( host=["192.0.2.1"], address=["192.0.2.0 255.255.255.0"], ), ), dict( name="ANSIBLE_TEST", network_object=dict(object=["TEST1", "TEST2"]), ), ], object_type="network", ), dict( object_groups=[ dict( name="test_og_service", service_object=dict( protocol=["ipinip", "tcp-udp"]), ) ], object_type="service", ), dict( object_groups=[ dict( group_object=["test_user_obj"], name="group_user_obj", ), dict( name="test_user_obj", user_object=dict( user=[dict(domain="LOCAL", name="test1")], user_group=[ dict(domain="domain", name="test1"), dict(domain="domain", name="test2"), ], ), ), ], object_type="user", ), ], state="overridden", )) self.execute_module(changed=False, commands=[], sort=True)
def test_asa_acls_replaced(self): set_module_args( dict( config=dict( acls=[ dict( name="test_access", acl_type="extended", aces=[ dict( destination=dict( address="198.51.102.0", netmask="255.255.255.0", ), grant="deny", line=1, log="default", protocol="igrp", protocol_options=dict(igrp="true"), source=dict( address="198.51.101.0", netmask="255.255.255.0", ), time_range="temp", ) ], ), dict( aces=[ dict(line=1, remark="HostA0"), dict( destination=dict(any4=True), grant="deny", line=2, protocol="ip", protocol_options=dict(ip="true"), source=dict(host="192.0.5.1"), ), ], acl_type="extended", name="ansible_test", ), ] ), state="replaced", ) ) result = self.execute_module(changed=True) commands = [ "no access-list ansible_test line 1 remark HostA", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", "access-list test_access line 1 extended deny igrp 198.51.101.0 255.255.255.0 198.51.102.0 255.255.255.0 log default time-range temp", "access-list ansible_test line 1 remark HostA0", ] self.assertEqual(sorted(result["commands"]), sorted(commands))
def test_asa_ogs_merged(self): set_module_args( dict( config=[ dict( object_groups=[ dict( group_object=["test_network_og"], name="group_network_obj", ), dict( name="test_network_og", description="test network og", network_object=dict( host=["192.0.3.1", "192.0.3.2"], ipv6_address=["2001:db8:0:3::/64"], ), ), dict( name="ANSIBLE_TEST", network_object=dict(object=["NEW_TEST"]), ), ], object_type="network", ), dict( object_groups=[ dict( name="test_user_obj", user_object=dict(user_group=[ dict(domain="domain", name="test_merge") ]), ) ], object_type="user", ), ], state="merged", )) result = self.execute_module(changed=True) commands = [ "object-group network group_network_obj", "group-object test_network_og", "object-group network test_network_og", "description test network og", "network-object host 192.0.3.1", "network-object host 192.0.3.2", "network-object 2001:db8:0:3::/64", "object-group network ANSIBLE_TEST", "network-object object NEW_TEST", "object-group user test_user_obj", "user-group domain\\\\test_merge", ] self.assertEqual(sorted(result["commands"]), sorted(commands))
def test_asa_acls_merged_idempotent(self): set_module_args( dict( config=[ dict(acls=[ dict( aces=[ dict( destination=dict( address="192.0.3.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), grant="deny", line=1, log="default", protocol="tcp", protocol_options=dict(tcp="true"), source=dict( address="192.0.2.0", netmask="255.255.255.0", ), ), dict( destination=dict( any="true", port_protocol=dict(eq="www"), ), grant="deny", line=2, log="default", protocol="tcp", protocol_options=dict(tcp="true"), remark="host1", source=dict(host="192.0.2.1"), ), dict( destination=dict(any="true"), grant="permit", line=3, protocol="ip", protocol_options=dict(ip="true"), remark="host2", source=dict(host="192.0.2.2"), ), ], name="test_access", acl_type="extended", ) ]) ], state="merged", )) self.execute_module(changed=False, commands=[], sort=True)
def test_asa_ogs_deleted_all(self): set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ "no object-group network group_network_obj", "no object-group network test_og_network", "no object-group network ANSIBLE_TEST", "no object-group service test_og_service", "no object-group user group_user_obj", "no object-group user test_user_obj", ] self.assertEqual(sorted(result["commands"]), sorted(commands))
def test_asa_acls_deleted_all(self): set_module_args(dict(state="deleted")) result = self.execute_module(changed=True) commands = [ "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", "no access-list test_global_access line 2 remark test global remark", "no access-list test_global_access line 1 extended deny tcp any any eq www log errors", ] self.assertEqual(result["commands"], commands)
def test_asa_og_idempotent(self): set_module_args(dict( name='test_nets', group_type='network-object', host_ip=['8.8.8.8'], ip_mask=['192.168.0.0 255.255.0.0'], group_object=['awx_lon'], description='ansible_test object-group description', state='present' )) commands = [] self.execute_module(changed=False, commands=commands)
def test_asa_acls_deleted_line_based(self): set_module_args( dict( config=[ dict(acls=[dict(name="test_access", aces=[dict(line=1)])]) ], state="deleted", )) result = self.execute_module(changed=True) commands = [ "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default" ] self.assertEqual(result["commands"], commands)
def test_asa_facts_filesystems_info(self): set_module_args(dict(gather_subset="hardware")) result = self.execute_module() self.assertEqual( result["ansible_facts"]["ansible_net_filesystems_info"]["disk0:"] ["spacetotal_kb"], 8370192.0, ) self.assertEqual( result["ansible_facts"]["ansible_net_filesystems_info"]["disk0:"] ["spacefree_kb"], 8348976.0, )
def test_asa_og_idempotent(self): set_module_args( dict( name="test_nets", group_type="network-object", host_ip=["8.8.8.8"], ip_mask=["192.168.0.0 255.255.0.0"], group_object=["awx_lon"], description="ansible_test object-group description", state="present", )) commands = [] self.execute_module(changed=False, commands=commands)
def test_asa_ogs_delete_by_name(self): set_module_args( dict( config=[ dict( object_groups=[dict(name="test_og_network")], object_type="network", ) ], state="deleted", )) result = self.execute_module(changed=True) commands = ["no object-group network test_og_network"] self.assertEqual(result["commands"], commands)
def test_asa_og_remove(self): set_module_args(dict( name='test_nets', group_type='network-object', host_ip=['8.8.8.8'], group_object=['awx_lon'], state='absent' )) commands = [ 'object-group network test_nets', 'no network-object host 8.8.8.8', 'no group-object awx_lon' ] self.execute_module(changed=True, commands=commands)
def test_asa_og_remove(self): set_module_args( dict( name="test_nets", group_type="network-object", host_ip=["8.8.8.8"], group_object=["awx_lon"], state="absent", )) commands = [ "object-group network test_nets", "no network-object host 8.8.8.8", "no group-object awx_lon", ] self.execute_module(changed=True, commands=commands)
def test_asa_acls_delete_by_acl(self): set_module_args( dict( config=dict(acls=[ dict(name="test_global_access"), dict(name="test_R1_traffic"), ]), state="deleted", )) result = self.execute_module(changed=True) commands = [ "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "no access-list test_global_access line 2 remark test global remark", "no access-list test_global_access line 1 extended deny tcp any any eq www log errors", ] self.assertEqual(sorted(result["commands"]), sorted(commands))
def test_asa_og_add(self): set_module_args(dict( name='test_nets', group_type='network-object', host_ip=['8.8.8.8', '8.8.4.4'], ip_mask=['192.168.0.0 255.255.0.0', '10.0.0.0 255.255.255.0'], group_object=['awx_lon', 'awx_ams'], description='ansible_test object-group description', state='present' )) commands = [ 'object-group network test_nets', 'network-object host 8.8.4.4', 'network-object 10.0.0.0 255.255.255.0', 'group-object awx_ams' ] self.execute_module(changed=True, commands=commands)
def test_asa_acls_overridden(self): set_module_args( dict( config=dict( acls=[ dict( name="test_global_access", acl_type="extended", aces=[ dict( destination=dict( address="198.51.110.0", netmask="255.255.255.0", port_protocol=dict(eq="www"), ), grant="deny", line=1, log="errors", protocol="tcp", protocol_options=dict(tcp="true"), source=dict( address="198.51.100.0", netmask="255.255.255.0", ), ) ], ) ] ), state="overridden", ) ) result = self.execute_module(changed=True) commands = [ "no access-list test_global_access line 2 remark test global remark", "no access-list test_global_access line 1 extended deny tcp any any eq www log errors", "no access-list ansible_test line 2 extended deny ip host 192.0.5.1 any4", "no access-list ansible_test line 1 remark HostA", "no access-list test_access line 3 extended permit ip host 192.0.2.2 any", "no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors", "no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default", "no access-list test_R1_traffic line 2 extended permit ip host 2001:db8::1 any6", "no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive", "access-list test_global_access line 1 extended deny tcp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 eq www log errors", ] self.assertEqual(sorted(result["commands"]), sorted(commands))
def test_asa_og_add(self): set_module_args( dict( name="test_nets", group_type="network-object", host_ip=["8.8.8.8", "8.8.4.4"], ip_mask=["192.168.0.0 255.255.0.0", "10.0.0.0 255.255.255.0"], group_object=["awx_lon", "awx_ams"], description="ansible_test object-group description", state="present", )) commands = [ "object-group network test_nets", "network-object host 8.8.4.4", "network-object 10.0.0.0 255.255.255.0", "group-object awx_ams", ] self.execute_module(changed=True, commands=commands)