-
Notifications
You must be signed in to change notification settings - Fork 39
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(firewall): add firewall resources management
- Loading branch information
Showing
6 changed files
with
264 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,2 @@ | ||
| minor_changes: | ||
| - hcloud_firewall Add firewall resources management |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
1 change: 1 addition & 0 deletions
1
tests/integration/targets/hcloud_firewall/defaults/main/main.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,5 @@ | ||
| # Copyright: (c) 2019, Hetzner Cloud GmbH <[email protected]> | ||
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
| --- | ||
| hcloud_server_name: "{{ hcloud_ns }}" | ||
| hcloud_firewall_name: "{{ hcloud_ns }}" |
10 changes: 10 additions & 0 deletions
10
tests/integration/targets/hcloud_firewall/tasks/cleanup.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| --- | ||
| - name: Cleanup test_firewall | ||
| hetzner.hcloud.hcloud_firewall: | ||
| name: "{{ hcloud_firewall_name }}" | ||
| state: absent | ||
|
|
||
| - name: Cleanup test_server | ||
| hetzner.hcloud.hcloud_server: | ||
| name: "{{ hcloud_server_name }}" | ||
| state: absent |
10 changes: 10 additions & 0 deletions
10
tests/integration/targets/hcloud_firewall/tasks/prepare.yml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| --- | ||
| - name: Create test_server | ||
| hetzner.hcloud.hcloud_server: | ||
| name: "{{ hcloud_server_name }}" | ||
| server_type: cx11 | ||
| image: ubuntu-22.04 | ||
| labels: | ||
| key: value | ||
| state: stopped | ||
| register: test_server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,11 +1,6 @@ | ||
| # Copyright: (c) 2020, Hetzner Cloud GmbH <[email protected]> | ||
| # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) | ||
| --- | ||
| - name: setup firewall to be absent | ||
| hetzner.hcloud.hcloud_firewall: | ||
| name: "{{ hcloud_firewall_name }}" | ||
| state: absent | ||
|
|
||
| - name: test missing required parameters on create firewall | ||
| hetzner.hcloud.hcloud_firewall: | ||
| register: result | ||
|
|
@@ -36,6 +31,9 @@ | |
| - 0.0.0.0/0 | ||
| - ::/0 | ||
| description: "allow icmp in" | ||
| apply_to: | ||
| - type: server | ||
| server: "{{ test_server.hcloud_server.id }}" | ||
| labels: | ||
| key: value | ||
| my-label: label | ||
|
|
@@ -49,6 +47,9 @@ | |
| - firewall.hcloud_firewall.rules | selectattr('direction','equalto','in') | list | count == 1 | ||
| - firewall.hcloud_firewall.rules | selectattr('protocol','equalto','icmp') | list | count == 1 | ||
| - firewall.hcloud_firewall.rules | selectattr('description', 'equalto', 'allow icmp in') | list | count == 1 | ||
| - firewall.hcloud_firewall.applied_to | list | count == 1 | ||
| - firewall.hcloud_firewall.applied_to[0].type == "server" | ||
| - firewall.hcloud_firewall.applied_to[0].server == "{{ test_server.hcloud_server.id }}" | ||
|
|
||
| - name: test create firewall idempotence | ||
| hetzner.hcloud.hcloud_firewall: | ||
|
|
@@ -139,6 +140,58 @@ | |
| that: | ||
| - result is not changed | ||
|
|
||
| - name: test update firewall remove_from | ||
| hetzner.hcloud.hcloud_firewall: | ||
| name: "{{ hcloud_firewall_name }}" | ||
| remove_from: | ||
| - type: server | ||
| server: "{{ test_server.hcloud_server.id }}" | ||
| register: result | ||
| - name: verify update firewall remove_from | ||
| assert: | ||
| that: | ||
| - result is changed | ||
| - result.hcloud_firewall.applied_to | list | count == 0 | ||
|
|
||
| - name: test update firewall remove_from idempotence | ||
| hetzner.hcloud.hcloud_firewall: | ||
| name: "{{ hcloud_firewall_name }}" | ||
| remove_from: | ||
| - type: server | ||
| server: "{{ test_server.hcloud_server.id }}" | ||
| register: result | ||
| - name: verify update firewall remove_from idempotence | ||
| assert: | ||
| that: | ||
| - result is not changed | ||
|
|
||
| - name: test update firewall apply_to | ||
| hetzner.hcloud.hcloud_firewall: | ||
| name: "{{ hcloud_firewall_name }}" | ||
| apply_to: | ||
| - type: label_selector | ||
| label_selector: key=value | ||
| register: result | ||
| - name: verify update firewall apply_to | ||
| assert: | ||
| that: | ||
| - result is changed | ||
| - result.hcloud_firewall.applied_to | list | count == 1 | ||
| - result.hcloud_firewall.applied_to[0].type == "label_selector" | ||
| - result.hcloud_firewall.applied_to[0].label_selector == "key=value" | ||
|
|
||
| - name: test update firewall apply_to idempotence | ||
| hetzner.hcloud.hcloud_firewall: | ||
| name: "{{ hcloud_firewall_name }}" | ||
| apply_to: | ||
| - type: label_selector | ||
| label_selector: key=value | ||
| register: result | ||
| - name: verify update firewall apply_to | ||
| assert: | ||
| that: | ||
| - result is not changed | ||
|
|
||
| - name: test update firewall with check mode | ||
| hetzner.hcloud.hcloud_firewall: | ||
| id: "{{ firewall.hcloud_firewall.id }}" | ||
|
|
@@ -199,7 +252,7 @@ | |
| - result is changed | ||
| - result.hcloud_firewall.name == "{{ hcloud_firewall_name }}" | ||
|
|
||
| - name: absent firewall | ||
| - name: test absent firewall | ||
| hetzner.hcloud.hcloud_firewall: | ||
| id: "{{ firewall.hcloud_firewall.id }}" | ||
| state: absent | ||
|
|
||