diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 12:04:41 +0000 |
| commit | 975f66f2eebe9dadba04f275774d4ab83f74cf25 (patch) | |
| tree | 89bd26a93aaae6a25749145b7e4bca4a1e75b2be /ansible_collections/cisco/asa/tests/integration/targets | |
| parent | Initial commit. (diff) | |
| download | ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.tar.xz ansible-975f66f2eebe9dadba04f275774d4ab83f74cf25.zip | |
Adding upstream version 7.7.0+dfsg.upstream/7.7.0+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'ansible_collections/cisco/asa/tests/integration/targets')
77 files changed, 3044 insertions, 0 deletions
diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/defaults/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/defaults/main.yaml new file mode 100644 index 000000000..164afead2 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "[^_].*" +test_items: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/meta/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/meta/main.yaml new file mode 100644 index 000000000..23d65c7ef --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tasks/cli.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tasks/cli.yaml new file mode 100644 index 000000000..debd3a59c --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tasks/cli.yaml @@ -0,0 +1,30 @@ +--- +- name: Print all available facts + ansible.builtin.debug: + var: ansible_facts + +- name: Print ansible_host + ansible.builtin.debug: + var: ansible_host + +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + use_regex: true + register: test_cases + delegate_to: localhost + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + delegate_to: localhost + +- name: Run test case (connection=ansible.netcommon.network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tasks/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tasks/main.yaml new file mode 100644 index 000000000..19f697238 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tasks/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Include tasks + ansible.builtin.include_tasks: cli.yaml + tags: + - cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg new file mode 100644 index 000000000..82c5e778d --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_parsed.cfg @@ -0,0 +1,5 @@ +access-list test_access; 2 elements; name hash: 0xaf1b712e +access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors +access-list test_R1_traffic; 1 elements; name hash: 0xaf40d3c2 +access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml new file mode 100644 index 000000000..dafe55dbc --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_populate_config.yaml @@ -0,0 +1,62 @@ +--- +- name: Populate Config + cisco.asa.asa_acls: &id001 + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 192.0.3.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + log: errors + - name: test_global_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors + - name: test_R1_traffic + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true + state: merged diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml new file mode 100644 index 000000000..74e21f61e --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_populate_network_og.yaml @@ -0,0 +1,21 @@ +--- +- name: Populate Network Object-group + cisco.asa.asa_ogs: + config: + - object_type: network + object_groups: + - name: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + network_object: + host: + - 192.0.3.1 + ipv6_address: + - 2001:db8:3::/64 + state: merged diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_remove_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_remove_config.yaml new file mode 100644 index 000000000..f2d64eab0 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_remove_config.yaml @@ -0,0 +1,4 @@ +--- +- name: Remove Config + cisco.asa.asa_acls: + state: deleted diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_remove_og_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_remove_og_config.yaml new file mode 100644 index 000000000..50921c3bb --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/_remove_og_config.yaml @@ -0,0 +1,4 @@ +--- +- name: Remove configured Object group + cisco.asa.asa_ogs: + state: deleted diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/deleted.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/deleted.yaml new file mode 100644 index 000000000..e92e56e45 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/deleted.yaml @@ -0,0 +1,63 @@ +--- +- ansible.builtin.debug: + msg: + Start Deleted integration state for asa_acls ansible_connection={{ ansible_connection + }} + +- ansible.builtin.include_tasks: _remove_config.yaml + +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Delete attributes of provided configured ACLs + register: result + cisco.asa.asa_acls: &id001 + config: + acls: + - name: test_access + - name: test_global_access + state: deleted + + - assert: + that: + - result.commands|length == 3 + - result.changed == true + - result.commands|symmetric_difference(deleted.commands) == [] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + cisco.asa.asa_acls: *id001 + + - name: Assert that the previous delete task was idempotent + assert: + that: + - result.commands|length == 0 + - result.changed == false + + - include_tasks: _remove_config.yaml + + - include_tasks: _populate_config.yaml + + - name: Delete all off ACLs configured + register: result + cisco.asa.asa_acls: &id002 + state: deleted + + - assert: + that: + - result.commands|length == 4 + - result.changed == true + - result.commands|symmetric_difference(delete_all.commands) == [] + + - name: Delete ACL attributes of provided configured interfaces based on AFI + (IDEMPOTENT) + register: result + cisco.asa.asa_acls: *id002 + + - name: Assert that the previous delete task was idempotent + assert: + that: + - result.commands|length == 0 + - result.changed == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/empty_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/empty_config.yaml new file mode 100644 index 000000000..e0e2962e8 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/empty_config.yaml @@ -0,0 +1,60 @@ +--- +- ansible.builtin.debug: + msg: + START asa_acls empty_config.yaml integration tests on connection={{ ansible_connection + }} + +- name: Merged with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_acls: + config: + state: merged + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_acls: + config: + state: replaced + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Overridden with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_acls: + config: + state: overridden + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state overridden' + +- name: Rendered with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_acls: + config: + state: rendered + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state rendered' + +- name: Parsed with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_acls: + running_config: + state: parsed + +- assert: + that: + - result.msg == 'value of running_config parameter must not be empty for state parsed' diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/gathered.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/gathered.yaml new file mode 100644 index 000000000..2d9735442 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/gathered.yaml @@ -0,0 +1,23 @@ +--- +- ansible.builtin.debug: + msg: + START asa_acls gathered integration tests on connection={{ ansible_connection + }} + +- ansible.builtin.include_tasks: _remove_config.yaml + +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Gather the provided configuration with the exisiting running configuration + register: result + cisco.asa.asa_acls: + config: + state: gathered + + - assert: + that: + - gathered['config']['acls'] | symmetric_difference(result.gathered.acls) == [] + - result['changed'] == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/merged.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/merged.yaml new file mode 100644 index 000000000..cf443df08 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/merged.yaml @@ -0,0 +1,129 @@ +--- +- ansible.builtin.debug: + msg: + START Merged asa_acls state for integration tests on connection={{ ansible_connection + }} + +- ansible.builtin.include_tasks: _remove_config.yaml +- ansible.builtin.include_tasks: _populate_network_og.yaml + +- block: + - name: Merge provided configuration with device configuration + register: result + cisco.asa.asa_acls: &id001 + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 192.0.3.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol: icmp + protocol_options: + icmp: + alternate_address: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + log: errors + - grant: deny + line: 3 + protocol: tcp + protocol_options: + tcp: true + source: + host: 198.51.110.0 + destination: + any: true + port_protocol: + eq: www + log: default + - grant: deny + line: 4 + protocol: tcp + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default + - name: test_global_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + interface: management + destination: + interface: management + port_protocol: + eq: www + log: warnings + - name: test_R1_traffic + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true + state: merged + + - assert: + that: + - result.commands|length == 7 + - result.changed == true + - result.commands|symmetric_difference(merged.commands) == [] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + cisco.asa.asa_acls: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result.commands|length == 0 + - result['changed'] == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml + - ansible.builtin.include_tasks: _remove_og_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/overridden.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/overridden.yaml new file mode 100644 index 000000000..d2af6a0c0 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/overridden.yaml @@ -0,0 +1,65 @@ +--- +- ansible.builtin.debug: + msg: START Overridden asa_acls state for integration tests on connection={{ + ansible_connection }} + +- ansible.builtin.include_tasks: _remove_config.yaml +- ansible.builtin.include_tasks: _populate_network_og.yaml +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Override device configuration of all interfaces with provided configuration + register: result + cisco.asa.asa_acls: &id001 + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default + state: overridden + + - assert: + that: + - result.commands|length == 6 + - result.changed == true + - result.commands|symmetric_difference(overridden.commands) == [] + + - name: + Override device configuration of all interfaces with provided configuration + (IDEMPOTENT) + register: result + cisco.asa.asa_acls: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result.commands|length == 0 + - result['changed'] == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml + - ansible.builtin.include_tasks: _remove_og_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/parsed.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/parsed.yaml new file mode 100644 index 000000000..e758940f7 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/parsed.yaml @@ -0,0 +1,17 @@ +--- +- ansible.builtin.debug: + msg: + START asa_acls parsed integration tests on connection={{ ansible_connection + }} + +- name: Parse the commands for provided configuration + become: true + register: result + cisco.asa.asa_acls: + running_config: "{{ lookup('file', '_parsed.cfg') }}" + state: parsed + +- assert: + that: + - result.changed == false + - parsed['config']['acls']|symmetric_difference(result.parsed.acls) == [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/rendered.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/rendered.yaml new file mode 100644 index 000000000..62e1c2555 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/rendered.yaml @@ -0,0 +1,112 @@ +--- +- ansible.builtin.debug: + msg: + Start asa_acls rendered integration tests ansible_connection={{ ansible_connection + }} + +- block: + - name: Rendered the provided configuration with the exisiting running configuration + register: result + cisco.asa.asa_acls: + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 192.0.3.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol: icmp + protocol_options: + icmp: + alternate_address: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + log: errors + - grant: deny + line: 3 + protocol: tcp + protocol_options: + tcp: true + source: + host: 198.51.110.0 + destination: + any: true + port_protocol: + eq: www + log: default + - grant: deny + line: 4 + protocol: tcp + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default + - name: test_global_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + interface: management + destination: + interface: management + port_protocol: + eq: www + log: warnings + - name: test_R1_traffic + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true + state: rendered + + - assert: + that: + - result.changed == false + - result.rendered|symmetric_difference(merged.commands) == [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/replaced.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/replaced.yaml new file mode 100644 index 000000000..85e7d2dcc --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/replaced.yaml @@ -0,0 +1,83 @@ +--- +- ansible.builtin.debug: + msg: + START Replaced asa_acls state for integration tests on connection={{ ansible_connection + }} + +- ansible.builtin.include_tasks: _remove_config.yaml +- ansible.builtin.include_tasks: _populate_network_og.yaml +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Replaces device configuration of listed interfaces with provided configuration + register: result + cisco.asa.asa_acls: &id001 + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol: tcp + protocol_options: + tcp: true + source: + address: 192.0.3.0 + netmask: 255.255.255.0 + destination: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default + - name: test_global_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + state: replaced + + - assert: + that: + - result.commands|length == 6 + - result.changed == true + - result.commands|symmetric_difference(replaced.commands) == [] + + - name: + Replaces device configuration of listed interfaces with provided configuration + (IDEMPOTENT) + register: result + cisco.asa.asa_acls: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result.commands|length == 0 + - result['changed'] == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml + - ansible.builtin.include_tasks: _remove_og_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/rtt.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/rtt.yaml new file mode 100644 index 000000000..1c77c2811 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/tests/cli/rtt.yaml @@ -0,0 +1,138 @@ +--- +- ansible.builtin.debug: + msg: + START asa_acls round trip integration tests on connection={{ ansible_connection + }} + +- ansible.builtin.include_tasks: _remove_config.yaml +- ansible.builtin.include_tasks: _populate_network_og.yaml +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + cisco.asa.asa_acls: + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + destination: + address: 192.0.3.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + log: default + - grant: deny + line: 2 + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + log: errors + - name: test_global_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + any: true + destination: + any: true + port_protocol: + eq: www + log: errors + - name: test_R1_traffic + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + inactive: true + state: merged + + - name: Gather ACLs facts + cisco.asa.asa_facts: + gather_subset: + - "!all" + - "!min" + gather_network_resources: + - acls + + - name: Apply the configuration which need to be reverted + register: result + cisco.asa.asa_acls: + config: + acls: + - name: test_access + acl_type: extended + aces: + - grant: deny + line: 1 + protocol_options: + tcp: true + source: + address: 192.0.4.0 + netmask: 255.255.255.0 + port_protocol: + eq: telnet + destination: + address: 192.0.5.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + - grant: deny + line: 2 + protocol_options: + tcp: true + source: + object_group: test_og_network + destination: + object_group: test_network_og + port_protocol: + eq: www + log: default + state: overridden + + - assert: + that: + - result.commands|length == 6 + - result.changed == true + - result.commands|symmetric_difference(overridden.commands) == [] + + - name: Revert back to base config using facts round trip + register: revert + cisco.asa.asa_acls: + config: "{{ ansible_facts['network_resources']['acls'] }}" + state: overridden + + - assert: + that: + - revert.commands|length == 6 + - revert.changed == true + - revert.commands|symmetric_difference(rtt.commands) == [] + always: + - ansible.builtin.include_tasks: _remove_config.yaml + - ansible.builtin.include_tasks: _remove_og_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/vars/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/vars/main.yaml new file mode 100644 index 000000000..281cb8d6c --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_acls/vars/main.yaml @@ -0,0 +1,158 @@ +--- +deleted: + commands: + - no access-list test_global_access line 1 extended deny tcp any any eq www log errors + - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +delete_all: + commands: + - no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive + - no access-list test_global_access line 1 extended deny tcp any any eq www log errors + - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default +merged: + commands: + - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 2 extended deny icmp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 alternate-address log errors + - access-list test_access line 3 extended deny tcp host 198.51.110.0 any eq www log default + - access-list test_access line 4 extended deny tcp object-group test_og_network object-group test_network_og eq www log default + - access-list test_global_access line 1 extended deny tcp any any eq www log errors + - access-list test_global_access line 2 extended deny tcp interface management interface management eq www log warnings + - access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive +replaced: + commands: + - no access-list test_global_access line 1 extended deny tcp any any eq www log errors + - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 192.0.3.0 255.255.255.0 192.0.4.0 255.255.255.0 eq www log default + - access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default + - access-list test_global_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www +overridden: + commands: + - no access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive + - no access-list test_global_access line 1 extended deny tcp any any eq www log errors + - no access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors + - no access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www + - access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default +gathered: + config: + acls: + - aces: + - destination: + address: 192.0.3.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + grant: deny + line: 1 + log: default + protocol: tcp + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + - destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + grant: deny + line: 2 + log: errors + protocol: igrp + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + acl_type: extended + name: test_access + - aces: + - destination: + any: true + port_protocol: + eq: www + grant: deny + line: 1 + log: errors + protocol: tcp + protocol_options: + tcp: true + source: + any: true + acl_type: extended + name: test_global_access + - aces: + - destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + grant: deny + inactive: true + line: 1 + protocol: tcp + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + acl_type: extended + name: test_R1_traffic +parsed: + config: + acls: + - aces: + - destination: + address: 192.0.3.0 + netmask: 255.255.255.0 + port_protocol: + eq: www + grant: deny + line: 1 + log: default + protocol: tcp + protocol_options: + tcp: true + source: + address: 192.0.2.0 + netmask: 255.255.255.0 + - destination: + address: 198.51.110.0 + netmask: 255.255.255.0 + grant: deny + line: 2 + log: errors + protocol: igrp + protocol_options: + igrp: true + source: + address: 198.51.100.0 + netmask: 255.255.255.0 + acl_type: extended + name: test_access + - aces: + - destination: + address: 2001:fc8:0:4::/64 + port_protocol: + eq: telnet + grant: deny + inactive: true + line: 1 + protocol: tcp + protocol_options: + tcp: true + source: + address: 2001:db8:0:3::/64 + port_protocol: + eq: www + acl_type: extended + name: test_R1_traffic +rtt: + commands: + - no access-list test_access line 2 extended deny tcp object-group test_og_network object-group test_network_og eq www log default + - no access-list test_access line 1 extended deny tcp 192.0.4.0 255.255.255.0 eq telnet 192.0.5.0 255.255.255.0 eq www + - access-list test_access line 1 extended deny tcp 192.0.2.0 255.255.255.0 192.0.3.0 255.255.255.0 eq www log default + - access-list test_access line 2 extended deny igrp 198.51.100.0 255.255.255.0 198.51.110.0 255.255.255.0 log errors + - access-list test_global_access line 1 extended deny tcp any any eq www log errors + - access-list test_R1_traffic line 1 extended deny tcp 2001:db8:0:3::/64 eq www 2001:fc8:0:4::/64 eq telnet inactive diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/defaults/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/defaults/main.yaml new file mode 100644 index 000000000..9ef5ba516 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "*" +test_items: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tasks/cli.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tasks/cli.yaml new file mode 100644 index 000000000..27d4eef9b --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tasks/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tasks/main.yaml new file mode 100644 index 000000000..19f697238 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tasks/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Include tasks + ansible.builtin.include_tasks: cli.yaml + tags: + - cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/bad_operator.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/bad_operator.yaml new file mode 100644 index 000000000..576ba540a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/bad_operator.yaml @@ -0,0 +1,21 @@ +--- +- ansible.builtin.debug: + msg: "START cli/bad_operator.yaml" + +- name: test bad operator + register: result + ignore_errors: true + cisco.asa.asa_command: + commands: + - show version + - show interfaces GigabitEthernet 0/0 + wait_for: + - result[0] contains 'Description: Foo' + +- assert: + that: + - result.failed == true + - result.msg is defined + +- ansible.builtin.debug: + msg: "END cli/bad_operator.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/contains.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/contains.yaml new file mode 100644 index 000000000..78cd59f47 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/contains.yaml @@ -0,0 +1,21 @@ +--- +- ansible.builtin.debug: + msg: "START cli/contains.yaml" + +- name: test contains operator + register: result + cisco.asa.asa_command: + commands: + - show version + - show interface + wait_for: + - result[0] contains 'Cisco Adaptive Security Appliance Software Version' + - result[1] contains 'Hardware' + +- assert: + that: + - result.changed == false + - result.stdout is defined + +- ansible.builtin.debug: + msg: "END cli/contains.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/invalid.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/invalid.yaml new file mode 100644 index 000000000..ae5575de4 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/invalid.yaml @@ -0,0 +1,30 @@ +--- +- ansible.builtin.debug: + msg: "START cli/invalid.yaml" + +- name: run invalid command + register: result + ignore_errors: true + cisco.asa.asa_command: + commands: + - show foo + +- assert: + that: + - result.failed + +- name: run commands that include invalid command + register: result + ignore_errors: true + cisco.asa.asa_command: + commands: + - show version + - show foo + +- assert: + that: + - result.failed + ignore_errors: true + +- ansible.builtin.debug: + msg: "END cli/invalid.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/output.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/output.yaml new file mode 100644 index 000000000..81d00ad9a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/output.yaml @@ -0,0 +1,30 @@ +--- +- ansible.builtin.debug: + msg: "START cli/output.yaml" + +- name: get output for single command + register: result + cisco.asa.asa_command: + commands: + - show version + +- assert: + that: + - result.changed == false + - result.stdout is defined + +- name: get output for multiple commands + register: result + cisco.asa.asa_command: + commands: + - show version + - show interface + +- assert: + that: + - result.changed == false + - result.stdout is defined + - result.stdout | length == 2 + +- ansible.builtin.debug: + msg: "END cli/output.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/timeout.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/timeout.yaml new file mode 100644 index 000000000..41af98e2f --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_command/tests/cli/timeout.yaml @@ -0,0 +1,20 @@ +--- +- ansible.builtin.debug: + msg: "START cli/timeout.yaml" + +- name: test bad condition + register: result + ignore_errors: true + cisco.asa.asa_command: + commands: + - show version + wait_for: + - result[0] contains bad_value_string + +- assert: + that: + - result.failed == true + - result.msg is defined + +- ansible.builtin.debug: + msg: "END cli/timeout.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/defaults/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/defaults/main.yaml new file mode 100644 index 000000000..9ef5ba516 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "*" +test_items: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/cli.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/cli.yaml new file mode 100644 index 000000000..27d4eef9b --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/cli.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/main.yaml new file mode 100644 index 000000000..ca453cc34 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/main.yaml @@ -0,0 +1,9 @@ +--- +- name: Include tasks + ansible.builtin.include_tasks: cli.yaml + tags: + - cli + +- name: Include tasks + ansible.builtin.include_tasks: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/redirection.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/redirection.yaml new file mode 100644 index 000000000..534949b41 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tasks/redirection.yaml @@ -0,0 +1,19 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/redirection" + patterns: "{{ testcase }}.yaml" + register: test_cases + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/templates/basic/config.j2 b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/templates/basic/config.j2 new file mode 100644 index 000000000..779b731e1 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/templates/basic/config.j2 @@ -0,0 +1,3 @@ +object-group network OG-ANSIBLE-TEMPLATE + description this is a test + network-object host 192.168.99.12 diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/templates/defaults/config.j2 b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/templates/defaults/config.j2 new file mode 100644 index 000000000..762e73dea --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/templates/defaults/config.j2 @@ -0,0 +1,4 @@ +object-group network OG-ANSIBLE-TEMPLATE-DEFAULT + description this is a test + network-object 10.0.0.0 255.255.255.0 + network-object 10.1.0.0 255.255.255.0 diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/backup.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/backup.yaml new file mode 100644 index 000000000..60c66c50d --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/backup.yaml @@ -0,0 +1,52 @@ +--- +- ansible.builtin.debug: + msg: "START cli/backup.yaml" + +- name: setup + ignore_errors: true + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE + +- name: collect any backup files + ansible.builtin.find: + paths: "{{ role_path }}/backup" + pattern: "{{ inventory_hostname_short }}_config*" + register: backup_files + connection: local + +- name: delete backup files + ansible.builtin.file: + path: "{{ item.path }}" + state: absent + with_items: "{{backup_files.files|default([])}}" + +- name: configure device with config + register: result + cisco.asa.asa_config: + src: basic/config.j2 + backup: true + +- assert: + that: + - result.changed == true + - result.updates is defined + +- name: collect any backup files + ansible.builtin.find: + paths: "{{ role_path }}/backup" + pattern: "{{ inventory_hostname_short }}_config*" + register: backup_files + connection: local + +- assert: + that: + - backup_files.files is defined + +- name: teardown + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE + +- ansible.builtin.debug: + msg: "END cli/backup.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/basic.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/basic.yaml new file mode 100644 index 000000000..13a39df5a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/basic.yaml @@ -0,0 +1,37 @@ +--- +- ansible.builtin.debug: + msg: "START cli/basic.yaml" + +- name: setup + ignore_errors: true + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE + +- name: configure device with config + register: result + cisco.asa.asa_config: + src: basic/config.j2 + +- assert: + that: + - result.changed == true + - result.updates is defined + +- name: check device with config + register: result + cisco.asa.asa_config: + src: basic/config.j2 + +- assert: + that: + - result.changed == false + - result.updates is not defined + +- name: teardown + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE + +- ansible.builtin.debug: + msg: "END cli/basic.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/defaults.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/defaults.yaml new file mode 100644 index 000000000..8645d71f9 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/defaults.yaml @@ -0,0 +1,45 @@ +--- +- ansible.builtin.debug: + msg: "START cli/defaults.yaml" + +- name: setup + ignore_errors: true + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE-DEFAULT + +- name: configure device with defaults included + register: result + cisco.asa.asa_config: + src: defaults/config.j2 + defaults: true + +- ansible.builtin.debug: + var: result + +- assert: + that: + - result.changed == true + - result.updates is defined + +- name: check device with defaults included + register: result + cisco.asa.asa_config: + src: defaults/config.j2 + defaults: true + +- ansible.builtin.debug: + var: result + +- assert: + that: + - result.changed == false + - result.updates is not defined + +- name: teardown + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE-DEFAULT + +- ansible.builtin.debug: + msg: "END cli/defaults.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/force.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/force.yaml new file mode 100644 index 000000000..4042eca6a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/force.yaml @@ -0,0 +1,39 @@ +--- +- ansible.builtin.debug: + msg: "START cli/force.yaml" + +- name: setup + ignore_errors: true + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE-DEFAULT + +- name: configure device with config + register: result + cisco.asa.asa_config: + src: basic/config.j2 + match: none + +- assert: + that: + - result.changed == true + - result.updates is defined + +- name: check device with config + register: result + cisco.asa.asa_config: + src: basic/config.j2 + match: none + +- assert: + that: + - result.changed == true + - result.updates is defined + +- name: teardown + cisco.asa.asa_config: + commands: + - no object-group network OG-ANSIBLE-TEMPLATE-DEFAULT + +- ansible.builtin.debug: + msg: "END cli/force.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/more_system.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/more_system.yaml new file mode 100644 index 000000000..e90e5c84a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/more_system.yaml @@ -0,0 +1,36 @@ +--- +- ansible.builtin.debug: + msg: "START cli/more_system.yaml" + +- name: Prepare tunnel-group + cisco.asa.asa_config: + before: tunnel-group 192.0.2.1 type ipsec-l2l + lines: + - tunnel-group 192.0.2.1 ipsec-attributes + +- name: Setup tunnel-group + cisco.asa.asa_config: + parents: tunnel-group 192.0.2.1 ipsec-attributes + lines: + - ikev1 pre-shared-key abc123 + passwords: true + +- name: Test idempotency + register: result + cisco.asa.asa_config: + parents: tunnel-group 192.0.2.1 ipsec-attributes + lines: + - ikev1 pre-shared-key abc123 + passwords: true + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - clear configure tunnel-group 192.0.2.1 + +- ansible.builtin.debug: + msg: "END cli/more_system.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/removal_error.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/removal_error.yaml new file mode 100644 index 000000000..a855fbb2a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/removal_error.yaml @@ -0,0 +1,42 @@ +--- +- ansible.builtin.debug: + msg: "START cli/removal_error.yaml" + +- name: setup + ignore_errors: true + cisco.asa.asa_config: + commands: + - no object-group network OGA-GOOGLE-DNS + +- name: configure test object-group + register: result + cisco.asa.asa_config: + parents: object-group network OGA-GOOGLE-DNS + lines: network-object host 8.8.8.8 + +- name: configure test access-list + cisco.asa.asa_config: + lines: + access-list ANSIBLE-DNS extended permit udp any object-group OGA-GOOGLE-DNS + eq domain + +- name: try to remove object-group (should fail) + ignore_errors: true + register: result + cisco.asa.asa_config: + commands: + - no object-group network OGA-GOOGLE-DNS + +- name: Last command should fail + assert: + that: + - result.failed == true + +- name: teardown + cisco.asa.asa_config: + commands: + - clear configure access-list ANSIBLE-DNS + - no object-group network OGA-GOOGLE-DNS + +- ansible.builtin.debug: + msg: "END cli/removal_error.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/save_when.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/save_when.yaml new file mode 100644 index 000000000..a48f54b37 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/save_when.yaml @@ -0,0 +1,49 @@ +--- +- ansible.builtin.debug: + msg: "START cli/save.yaml on connection={{ ansible_connection }}" + +- name: setup for save when TC + cisco.asa.asa_config: + commands: + - no description + parents: + - interface Management0/0 + save_when: modified + +- name: save should always run + register: result + cisco.asa.asa_config: + save_when: always + +- assert: + that: + - result.changed == true + +- name: delete config (setup) + register: result + cisco.asa.asa_config: + replace: line + lines: + - no banner motd test_motd + save_when: modified + +- name: save should run when changed + register: result + cisco.asa.asa_config: + replace: line + lines: + - banner motd test_motd + save_when: modified + +- assert: + that: + - result.changed == true + +- name: teardown + register: result + cisco.asa.asa_config: + lines: + - no banner motd test_motd + +- ansible.builtin.debug: + msg: "END cli/save.yaml on connection={{ ansible_connection }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel.yaml new file mode 100644 index 000000000..a910b0ab8 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel.yaml @@ -0,0 +1,42 @@ +--- +- ansible.builtin.debug: + msg: "START cli/sublevel.yaml" + +- name: setup test + cisco.asa.asa_config: + lines: + - no object-group network OG-ANSIBLE-SUBLEVEL + +- name: configure sub level command + register: result + cisco.asa.asa_config: + lines: + - network-object host 192.168.10.1 + parents: + - object-group network OG-ANSIBLE-SUBLEVEL + +- assert: + that: + - result.changed == true + - "'object-group network OG-ANSIBLE-SUBLEVEL' in result.updates" + - "'network-object host 192.168.10.1' in result.updates" + +- name: configure sub level command idempotent check + register: result + cisco.asa.asa_config: + lines: + - network-object host 192.168.10.1 + parents: + - object-group network OG-ANSIBLE-SUBLEVEL + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - no object-group network OG-ANSIBLE-SUBLEVEL + +- ansible.builtin.debug: + msg: "END cli/sublevel.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_block.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_block.yaml new file mode 100644 index 000000000..7659413df --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_block.yaml @@ -0,0 +1,64 @@ +--- +- ansible.builtin.debug: + msg: "START cli/sublevel_block.yaml" + +- name: setup + register: object_group + cisco.asa.asa_command: + commands: + - show run object-group + +- name: setup + cisco.asa.asa_config: + lines: + - no object-group network OG-ANSIBLE + match: none + +- name: configure sub level command using block replace + register: result + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE + replace: block + after: + - exit + +- assert: + that: + - result.changed == true + - "'object-group network OG-ANSIBLE' in result.updates" + - "'network-object 192.168.10.0 255.255.255.0' in result.updates" + - "'network-object 192.168.20.0 255.255.255.0' in result.updates" + - "'network-object 192.168.30.0 255.255.255.0' in result.updates" + - "'network-object 192.168.40.0 255.255.255.0' in result.updates" + +- name: check sub level command using block replace + register: result + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE + replace: block + after: + - exit + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - no object-group network OG-ANSIBLE + +- ansible.builtin.debug: + msg: "END cli/sublevel_block.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_exact.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_exact.yaml new file mode 100644 index 000000000..85417720b --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_exact.yaml @@ -0,0 +1,69 @@ +--- +- ansible.builtin.debug: + msg: "START cli/sublevel_exact.yaml" + +- name: setup + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + - network-object 192.168.50.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE-EXACT + before: + - no object-group network OG-ANSIBLE-EXACT + after: + - exit + +- name: configure sub level command using exact match + register: result + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE-EXACT + after: + - exit + match: exact + +- assert: + that: + - result.changed == true + - "'object-group network OG-ANSIBLE-EXACT' in result.updates" + - "'network-object 192.168.10.0 255.255.255.0' in result.updates" + - "'network-object 192.168.20.0 255.255.255.0' in result.updates" + - "'network-object 192.168.30.0 255.255.255.0' in result.updates" + - "'network-object 192.168.40.0 255.255.255.0' in result.updates" + - "'network-object 192.168.50.0 255.255.255.0' not in result.updates" + +- name: check sub level command using exact match + register: result + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + - network-object 192.168.50.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE-EXACT + after: + - exit + match: exact + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - no object-group network OG-ANSIBLE-EXACT + +- ansible.builtin.debug: + msg: "END cli/sublevel_exact.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_strict.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_strict.yaml new file mode 100644 index 000000000..d384f82f7 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_strict.yaml @@ -0,0 +1,65 @@ +--- +- ansible.builtin.debug: + msg: "START cli/sublevel_strict.yaml" + +- name: setup + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + - network-object 192.168.50.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE-STRICT + before: + - no object-group network OG-ANSIBLE-STRICT + after: + - exit + +- name: configure sub level command using strict match + register: result + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.20.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.40.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE-STRICT + match: strict + +- assert: + that: + - result.changed == false + +- name: check sub level command using strict match + register: result + cisco.asa.asa_config: + lines: + - network-object 192.168.10.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + - network-object 192.168.30.0 255.255.255.0 + parents: + - object-group network OG-ANSIBLE-STRICT + after: + - exit + match: strict + +- assert: + that: + - result.changed == true + - "'object-group network OG-ANSIBLE-STRICT' in result.updates" + - "'network-object 192.168.10.0 255.255.255.0' not in result.updates" + - "'network-object 192.168.30.0 255.255.255.0' in result.updates" + - "'network-object 192.168.30.0 255.255.255.0' in result.updates" + - "'network-object 192.168.40.0 255.255.255.0' not in result.updates" + - "'network-object 192.168.50.0 255.255.255.0' not in result.updates" + +- name: teardown + cisco.asa.asa_config: + lines: + - no object-group network OG-ANSIBLE-STRICT + +- ansible.builtin.debug: + msg: "END cli/sublevel_strict.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_strict_mul_parents.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_strict_mul_parents.yaml new file mode 100644 index 000000000..b3b0505ae --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/sublevel_strict_mul_parents.yaml @@ -0,0 +1,73 @@ +--- +- ansible.builtin.debug: + msg: "START cli/sublevel_strict_mul_parents.yaml on connection={{ ansible_connection}}" + +- name: setup + cisco.asa.asa_config: + lines: + - class-map c1 + - match default-inspection-traffic + - policy-map p1 + - class c1 + match: none + +- name: configure sub level command using strict match + register: result + cisco.asa.asa_config: + lines: + - inspect ftp + - inspect tftp + parents: + - policy-map p1 + - class c1 + match: strict + +- assert: + that: + - result.changed == true + - "'inspect ftp' in result.updates" + - "'inspect tftp' in result.updates" + +- name: change sub level command order and config with strict match + register: result + cisco.asa.asa_config: + lines: + - inspect tftp + - inspect ftp + parents: + - policy-map p1 + - class c1 + match: strict + +- assert: + that: + - result.changed == true + - "'inspect ftp' in result.updates" + - "'inspect tftp' in result.updates" + +- name: Config sub level command with strict match (Idempotency) + register: result + cisco.asa.asa_config: + lines: + - inspect ftp + - inspect tftp + parents: + - policy-map p1 + - class c1 + match: strict + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - no policy-map p1 + - no class-map c1 + match: strict + +- ansible.builtin.debug: + msg: + "END cli/sublevel_strict_mul_parents.yaml on connection={{ ansible_connection + }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel.yaml new file mode 100644 index 000000000..0d0ee49e7 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel.yaml @@ -0,0 +1,37 @@ +--- +- ansible.builtin.debug: + msg: "START cli/toplevel.yaml" + +- name: setup + cisco.asa.asa_config: + lines: + - hostname firewall + +- name: configure top level command + register: result + cisco.asa.asa_config: + lines: + - hostname foo + +- assert: + that: + - result.changed == true + - "'hostname foo' in result.updates" + +- name: configure top level command idempotent check + register: result + cisco.asa.asa_config: + lines: + - hostname foo + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - hostname {{ inventory_hostname_short }} + +- ansible.builtin.debug: + msg: "END cli/toplevel.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_after.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_after.yaml new file mode 100644 index 000000000..196834da6 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_after.yaml @@ -0,0 +1,44 @@ +--- +- ansible.builtin.debug: + msg: "START cli/toplevel_after.yaml" + +- name: setup + cisco.asa.asa_config: + lines: + - snmp-server contact ansible + - hostname firewall + +- name: configure top level command with before + register: result + cisco.asa.asa_config: + lines: + - hostname foo + after: + - snmp-server contact bar + +- assert: + that: + - result.changed == true + - "'hostname foo' in result.updates" + - "'snmp-server contact bar' in result.updates" + +- name: configure top level command with before idempotent check + register: result + cisco.asa.asa_config: + lines: + - hostname foo + after: + - snmp-server contact foo + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - no snmp-server contact + - hostname {{ inventory_hostname_short }} + +- ansible.builtin.debug: + msg: "END cli/toplevel_after.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_before.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_before.yaml new file mode 100644 index 000000000..98ed04382 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_before.yaml @@ -0,0 +1,44 @@ +--- +- ansible.builtin.debug: + msg: "START cli/toplevel_before.yaml" + +- name: setup + cisco.asa.asa_config: + lines: + - snmp-server contact ansible + - hostname firewall + +- name: configure top level command with before + register: result + cisco.asa.asa_config: + lines: + - hostname foo + before: + - snmp-server contact bar + +- assert: + that: + - result.changed == true + - "'hostname foo' in result.updates" + - "'snmp-server contact bar' in result.updates" + +- name: configure top level command with before idempotent check + register: result + cisco.asa.asa_config: + lines: + - hostname foo + before: + - snmp-server contact foo + +- assert: + that: + - result.changed == false + +- name: teardown + cisco.asa.asa_config: + lines: + - no snmp-server contact + - hostname {{ inventory_hostname_short }} + +- ansible.builtin.debug: + msg: "END cli/toplevel_before.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_nonidempotent.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_nonidempotent.yaml new file mode 100644 index 000000000..305c359c2 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/cli/toplevel_nonidempotent.yaml @@ -0,0 +1,38 @@ +--- +- ansible.builtin.debug: + msg: "START cli/toplevel_nonidempotent.yaml" + +- name: setup + cisco.asa.asa_config: + backup: true + +- name: configure top level command + register: result + cisco.asa.asa_config: + lines: + - hostname foo + match: strict + +- assert: + that: + - result.changed == true + - "'hostname foo' in result.updates" + +- name: configure top level command idempotent check + register: result + cisco.asa.asa_config: + lines: + - hostname foo + match: strict + +- assert: + that: + - result.changed == true + +- name: teardown + cisco.asa.asa_config: + lines: + - hostname {{ inventory_hostname_short }} + +- ansible.builtin.debug: + msg: "END cli/toplevel_nonidempotent.yaml" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/redirection/shortname.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/redirection/shortname.yaml new file mode 100644 index 000000000..5746756e4 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_config/tests/redirection/shortname.yaml @@ -0,0 +1,38 @@ +--- +- ansible.builtin.debug: + msg: "START redirection/shortname.yaml on connection={{ ansible_connection }}" + +- name: Use src with module alias + register: result + cisco.asa.config: + src: basic/config.j2 + +- assert: + that: + # make sure that the template content was read and not the path + - result.failed == false + +- name: use module alias to take configuration backup + register: result + cisco.asa.config: + backup: true + backup_options: + filename: backup_with_alias.cfg + dir_path: "{{ role_path }}/backup_test_dir/{{ inventory_hostname_short }}" + +- assert: + that: + - result.changed == true + +- name: check if the backup file exist + ansible.builtin.find: + paths: "{{ role_path }}/backup_test_dir/{{ inventory_hostname_short }}/backup_with_alias.cfg" + register: backup_file + connection: local + +- assert: + that: + - backup_file.files is defined + +- ansible.builtin.debug: + msg: "END redirection/shortname.yaml on connection={{ ansible_connection }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/defaults/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/defaults/main.yaml new file mode 100644 index 000000000..9ef5ba516 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "*" +test_items: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tasks/cli.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tasks/cli.yaml new file mode 100644 index 000000000..ed9e75963 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tasks/cli.yaml @@ -0,0 +1,18 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + register: test_cases + delegate_to: localhost + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test cases (connection=ansible.netcommon.network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tasks/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tasks/main.yaml new file mode 100644 index 000000000..19f697238 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tasks/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Include tasks + ansible.builtin.include_tasks: cli.yaml + tags: + - cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/all_facts.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/all_facts.yaml new file mode 100644 index 000000000..0c27d62c3 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/all_facts.yaml @@ -0,0 +1,28 @@ +--- +- ansible.builtin.debug: + msg: "START cli/all_facts.yaml on connection={{ ansible_connection }}" + +- name: test getting all facts + register: result + cisco.asa.asa_facts: + gather_subset: + - all + +- assert: + that: + - result.changed == false + - "'config' in result.ansible_facts.ansible_net_gather_subset" + - "'hardware' in result.ansible_facts.ansible_net_gather_subset" + - "'default' in result.ansible_facts.ansible_net_gather_subset" + - result.ansible_facts.ansible_net_filesystems is defined + - result.ansible_facts.ansible_net_memfree_mb > 1 + - result.ansible_facts.ansible_net_memtotal_mb > 1 + +- assert: + that: "{{ item.value.spacetotal_kb }} > {{ item.value.spacefree_kb }}" + loop: + "{{ lookup('dict', result.ansible_facts.ansible_net_filesystems_info, wantlist=True)\ + \ }}" + +- ansible.builtin.debug: + msg: "END cli/all_facts.yaml on connection={{ ansible_connection }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/default_facts.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/default_facts.yaml new file mode 100644 index 000000000..e57377ec9 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/default_facts.yaml @@ -0,0 +1,27 @@ +--- +- ansible.builtin.debug: + msg: "START cli/default_facts.yaml on connection={{ ansible_connection }}" + +- name: test getting default facts + register: result + cisco.asa.asa_facts: + +- assert: + that: + - result.changed == false + - "'hardware' in result.ansible_facts.ansible_net_gather_subset" + - "'default' in result.ansible_facts.ansible_net_gather_subset" + - result.ansible_facts.ansible_net_filesystems is defined + - "'config' not in result.ansible_facts.ansible_net_gather_subset" + - result.ansible_facts.ansible_net_filesystems is defined + - result.ansible_facts.ansible_net_memtotal_mb > 10 + - result.ansible_facts.ansible_net_config is not defined + +- assert: + that: "{{ item.value.spacetotal_kb }} > {{ item.value.spacefree_kb }}" + loop: + "{{ lookup('dict', result.ansible_facts.ansible_net_filesystems_info, wantlist=True)\ + \ }}" + +- ansible.builtin.debug: + msg: "END cli/default.yaml on connection={{ ansible_connection }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/invalid_subset.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/invalid_subset.yaml new file mode 100644 index 000000000..205553346 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/invalid_subset.yaml @@ -0,0 +1,36 @@ +--- +- ansible.builtin.debug: + msg: "START cli/invalid_subset.yaml on connection={{ ansible_connection + }}" + +- name: test invalid subset (foobar) + register: result + ignore_errors: true + cisco.asa.asa_facts: + gather_subset: + - foobar + +- assert: + that: + - result.changed == false + - result.failed == true + - result.msg == 'Subset must be one of [config, default, hardware], + got foobar' + +- name: test subset specified multiple times + register: result + ignore_errors: true + cisco.asa.asa_facts: + gather_subset: + - "!hardware" + - hardware + +- assert: + that: + - result.changed == false + - result.failed == true + - result.msg == 'Bad subset' + ignore_errors: true + +- ansible.builtin.debug: + msg: "END cli/invalid_subset.yaml on connection={{ ansible_connection }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/not_hardware.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/not_hardware.yaml new file mode 100644 index 000000000..b21d7c6d8 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_facts/tests/cli/not_hardware.yaml @@ -0,0 +1,23 @@ +--- +- ansible.builtin.debug: + msg: "START cli/not_hardware_facts.yaml on connection={{ ansible_connection + }}" + +- name: test not hardware + register: result + cisco.asa.asa_facts: + gather_subset: + - "!hardware" + +- assert: + that: + - result.changed == false + - "'config' in result.ansible_facts.ansible_net_gather_subset" + - "'default' in result.ansible_facts.ansible_net_gather_subset" + - "'hardware' not in result.ansible_facts.ansible_net_gather_subset" + - result.ansible_facts.ansible_net_filesystems is not defined + - result.ansible_facts.ansible_net_filesystems_info is not defined + +- ansible.builtin.debug: + msg: "END cli/not_hardware_facts.yaml on connection={{ ansible_connection + }}" diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/defaults/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/defaults/main.yaml new file mode 100644 index 000000000..164afead2 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "[^_].*" +test_items: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tasks/cli.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tasks/cli.yaml new file mode 100644 index 000000000..d5f0ca500 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tasks/cli.yaml @@ -0,0 +1,22 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests/cli" + patterns: "{{ testcase }}.yaml" + use_regex: true + register: test_cases + delegate_to: localhost + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + delegate_to: localhost + +- name: Run test case (connection=ansible.netcommon.network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: ansible.netcommon.network_cli + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tasks/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tasks/main.yaml new file mode 100644 index 000000000..19f697238 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tasks/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Include tasks + ansible.builtin.include_tasks: cli.yaml + tags: + - cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_parsed.cfg b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_parsed.cfg new file mode 100644 index 000000000..a2d23372d --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_parsed.cfg @@ -0,0 +1,8 @@ +object-group network test_og_network + description test_og_network + network-object host 192.0.2.1 + network-object 192.0.2.0 255.255.255.0 +object-group network test_network_og + network-object 2001:db8:3::/64 +object-group service test_og_service + service-object tcp-udp diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml new file mode 100644 index 000000000..ec02e549d --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_populate_config.yaml @@ -0,0 +1,45 @@ +--- +- name: Populate Config + cisco.asa.asa_ogs: + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 192.0.3.1 + - 192.0.3.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL + state: merged diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_remove_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_remove_config.yaml new file mode 100644 index 000000000..53a5bb956 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/_remove_config.yaml @@ -0,0 +1,4 @@ +--- +- name: Remove Config + cisco.asa.asa_ogs: + state: deleted diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/deleted.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/deleted.yaml new file mode 100644 index 000000000..ed77ca760 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/deleted.yaml @@ -0,0 +1,59 @@ +--- +- ansible.builtin.debug: + msg: Start asa_ogs deleted integration tests ansible_connection={{ + ansible_connection }} + +- ansible.builtin.include_tasks: _remove_config.yaml + +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Delete given module attributes + register: result + cisco.asa.asa_ogs: &id001 + config: + - object_type: network + object_groups: + - name: test_og_network + - object_type: security + object_groups: + - name: test_og_security + state: deleted + + - assert: + that: + - result.commands|length == 2 + - result.changed == true + - result.commands|symmetric_difference(deleted.commands) == [] + + - name: Delete given module attributes (IDEMPOTENT) + register: result + cisco.asa.asa_ogs: *id001 + + - assert: + that: + - result.changed == false + + - ansible.builtin.include_tasks: _populate_config.yaml + + - name: Delete ALL configured module attributes + register: result + cisco.asa.asa_ogs: + state: deleted + + - assert: + that: + - result.commands|length == 4 + - result.changed == true + - result.commands|symmetric_difference(delete_all.commands) == [] + + - name: Delete ALL configured module attributes (IDEMPOTENT) + register: result + cisco.asa.asa_ogs: + state: deleted + + - assert: + that: + - result.changed == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/empty_config.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/empty_config.yaml new file mode 100644 index 000000000..14c2e9ef4 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/empty_config.yaml @@ -0,0 +1,60 @@ +--- +- ansible.builtin.debug: + msg: START asa_ogs empty_config.yaml integration tests on connection={{ + ansible_connection }} + +- name: Merged with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_ogs: + config: + state: merged + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state merged' + +- name: Replaced with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_ogs: + config: + state: replaced + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state replaced' + +- name: Overridden with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_ogs: + config: + state: overridden + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state overridden' + +- name: Rendered with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_ogs: + config: + state: rendered + +- assert: + that: + - result.msg == 'value of config parameter must not be empty for state rendered' + +- name: Parsed with empty config should give appropriate error message + register: result + ignore_errors: true + cisco.asa.asa_ogs: + running_config: + state: parsed + +- assert: + that: + - result.msg == 'value of running_config parameter must not be empty for state + parsed' diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml new file mode 100644 index 000000000..d37fcbae2 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/gathered.yaml @@ -0,0 +1,62 @@ +--- +- ansible.builtin.debug: + msg: + "START asa_ogs gathered integration tests on connection={{ ansible_connection + }}" + +- ansible.builtin.include_tasks: _remove_config.yaml + +- block: + - name: Populate Config for Gather facts + cisco.asa.asa_ogs: + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + address: + - 192.0.2.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 192.0.3.1 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + tag: + - 10 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL + state: merged + + - name: Gather the provided configuration with the exisiting running configuration + register: result + cisco.asa.asa_ogs: + config: + state: gathered + + - name: Assert + assert: + that: + - gathered['config'] | symmetric_difference(result.gathered) == [] + - result['changed'] == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/merged.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/merged.yaml new file mode 100644 index 000000000..c2ba8d63a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/merged.yaml @@ -0,0 +1,72 @@ +--- +- ansible.builtin.debug: + msg: "Start asa_ogs merged integration tests ansible_connection={{ + ansible_connection }}" + +- ansible.builtin.include_tasks: _remove_config.yaml + +- block: + - name: Merge the provided configuration with the exisiting running configuration + register: result + cisco.asa.asa_ogs: &id001 + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 192.0.3.1 + - 192.0.3.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL + state: merged + + - assert: + that: + - result.commands|length == 21 + - result.changed == true + - result.commands|symmetric_difference(merged.commands) == [] + + - name: + Merge the provided configuration with the exisiting running configuration + (IDEMPOTENT) + register: result + cisco.asa.asa_ogs: *id001 + + - assert: + that: + - result.commands|length == 0 + - result.changed == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml new file mode 100644 index 000000000..9b10c1ed4 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/overridden.yaml @@ -0,0 +1,50 @@ +--- +- ansible.builtin.debug: + msg: Start asa_ogs overridden integration tests ansible_connection={{ + ansible_connection }} + +- ansible.builtin.include_tasks: _remove_config.yaml +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Overridden module attributes of given object-group + become: true + register: result + cisco.asa.asa_ogs: &id001 + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network_override + network_object: + host: + - 192.0.3.1 + address: + - 192.0.3.0 255.255.255.0 + - object_type: protocol + object_groups: + - name: test_og_protocol + description: test_og_protocol + protocol_object: + protocol: + - tcp + - udp + state: overridden + + - assert: + that: + - result.commands|length == 15 + - result.changed == true + - result.commands|symmetric_difference(overridden.commands) == [] + + - name: Overridden module attributes of given object-group (IDEMPOTENT) + become: true + register: result + cisco.asa.asa_ogs: *id001 + + - assert: + that: + - result.commands|length == 0 + - result.changed == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/parsed.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/parsed.yaml new file mode 100644 index 000000000..857277e60 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/parsed.yaml @@ -0,0 +1,17 @@ +--- +- ansible.builtin.debug: + msg: + "START asa_ogs parsed integration tests on connection={{ ansible_connection + }}" + +- name: Parse the commands for provided configuration + become: true + register: result + cisco.asa.asa_ogs: + running_config: "{{ lookup('file', '_parsed.cfg') }}" + state: parsed + +- assert: + that: + - result.changed == false + - parsed['config']|symmetric_difference(result.parsed) == [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml new file mode 100644 index 000000000..ec74691d0 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/rendered.yaml @@ -0,0 +1,57 @@ +--- +- ansible.builtin.debug: + msg: "Start asa_ogs rendered integration tests ansible_connection={{ + ansible_connection }}" + +- block: + - name: Render the commands for provided configuration + become: true + register: result + cisco.asa.asa_ogs: + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 192.0.3.1 + - 192.0.3.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL + state: rendered + + - assert: + that: + - result.changed == false + - result.rendered|symmetric_difference(merged.commands) == [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml new file mode 100644 index 000000000..91e25a552 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/replaced.yaml @@ -0,0 +1,50 @@ +--- +- ansible.builtin.debug: + msg: "Start asa_ogs replced integration tests ansible_connection={{ + ansible_connection }}" + +- ansible.builtin.include_tasks: _remove_config.yaml +- ansible.builtin.include_tasks: _populate_config.yaml + +- block: + - name: Replace module attributes of given object-group + become: true + register: result + cisco.asa.asa_ogs: &id001 + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network_replace + network_object: + host: + - 192.0.3.1 + address: + - 192.0.3.0 255.255.255.0 + - object_type: protocol + object_groups: + - name: test_og_protocol + description: test_og_protocol + protocol_object: + protocol: + - tcp + - udp + state: replaced + + - assert: + that: + - result.commands|length == 12 + - result.changed == true + - result.commands|symmetric_difference(replaced.commands) == [] + + - name: Replace module attributes of given object-group (IDEMPOTENT) + become: true + register: result + cisco.asa.asa_ogs: *id001 + + - assert: + that: + - result.commands|length == 0 + - result.changed == false + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml new file mode 100644 index 000000000..f3b99ea5d --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/tests/cli/rtt.yaml @@ -0,0 +1,104 @@ +--- +- ansible.builtin.debug: + msg: "START asa_ogs round trip integration tests on connection={{ + ansible_connection }}" + +- ansible.builtin.include_tasks: _remove_config.yaml + +- block: + - name: Apply the provided configuration (Base config) + register: base_config + cisco.asa.asa_ogs: + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 192.0.3.1 + - 192.0.3.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL + state: merged + + - name: Gather Object group facts + cisco.asa.asa_facts: + gather_subset: + - "!all" + - "!min" + gather_network_resources: + - ogs + + - name: Apply the provided configuration (config to be reverted) + register: result + cisco.asa.asa_ogs: + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network_override + network_object: + host: + - 192.0.3.1 + address: + - 192.0.3.0 255.255.255.0 + - object_type: protocol + object_groups: + - name: test_og_protocol + description: test_og_protocol + protocol_object: + protocol: + - tcp + - udp + state: overridden + + - assert: + that: + - result.commands|length == 15 + - result.changed == true + - result.commands|symmetric_difference(overridden.commands) == [] + + - name: Revert back to base config using facts round trip + register: revert + cisco.asa.asa_ogs: + config: "{{ ansible_facts['network_resources']['ogs'] }}" + state: overridden + + - assert: + that: + - revert.commands|length == 24 + - revert.changed == true + - revert.commands|symmetric_difference(rtt.commands) == [] + always: + - ansible.builtin.include_tasks: _remove_config.yaml diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/vars/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/vars/main.yaml new file mode 100644 index 000000000..b5a8e30ff --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_ogs/vars/main.yaml @@ -0,0 +1,148 @@ +--- +deleted: + commands: + - no object-group network test_og_network + - no object-group security test_og_security +delete_all: + commands: + - no object-group network test_og_network + - no object-group network test_network_og + - no object-group security test_og_security + - no object-group user test_og_user +merged: + commands: + - object-group security test_og_security + - description test_security + - security-group name test_1 + - security-group name test_2 + - security-group tag 10 + - security-group tag 20 + - object-group network test_og_network + - description test_og_network + - network-object 192.0.2.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 + - network-object host 192.0.2.1 + - network-object host 192.0.2.2 + - object-group network test_network_og + - description test_network_og + - network-object host 192.0.3.1 + - network-object host 192.0.3.2 + - network-object 2001:db8:3::/64 + - object-group user test_og_user + - description test_user + - user LOCAL\new_user_1 + - user LOCAL\new_user_2 +replaced: + commands: + - object-group protocol test_og_protocol + - description test_og_protocol + - protocol tcp + - protocol udp + - object-group network test_og_network + - description test_og_network_replace + - no network-object 192.0.2.0 255.255.255.0 + - no network-object 198.51.100.0 255.255.255.0 + - network-object 192.0.3.0 255.255.255.0 + - no network-object host 192.0.2.1 + - no network-object host 192.0.2.2 + - network-object host 192.0.3.1 +overridden: + commands: + - no object-group security test_og_security + - no object-group user test_og_user + - object-group protocol test_og_protocol + - description test_og_protocol + - protocol tcp + - protocol udp + - object-group network test_og_network + - description test_og_network_override + - no network-object 192.0.2.0 255.255.255.0 + - no network-object 198.51.100.0 255.255.255.0 + - network-object 192.0.3.0 255.255.255.0 + - no network-object host 192.0.2.1 + - no network-object host 192.0.2.2 + - network-object host 192.0.3.1 + - no object-group network test_network_og +gathered: + config: + - object_groups: + - description: test_network_og + name: test_network_og + network_object: + host: + - 192.0.3.1 + ipv6_address: + - 2001:db8:3::/64 + - description: test_og_network + name: test_og_network + network_object: + address: + - 192.0.2.0 255.255.255.0 + host: + - 192.0.2.1 + object_type: network + - object_groups: + - description: test_security + name: test_og_security + security_group: + sec_name: + - test_1 + tag: + - "10" + object_type: security + - object_groups: + - description: test_user + name: test_og_user + user_object: + user: + - domain: LOCAL + name: new_user_1 + - domain: LOCAL + name: new_user_2 + object_type: user +parsed: + config: + - object_groups: + - name: test_network_og + network_object: + ipv6_address: + - 2001:db8:3::/64 + - description: test_og_network + name: test_og_network + network_object: + address: + - 192.0.2.0 255.255.255.0 + host: + - 192.0.2.1 + object_type: network + - object_groups: + - name: test_og_service + services_object: + - protocol: tcp-udp + object_type: service +rtt: + commands: + - no object-group protocol test_og_protocol + - object-group security test_og_security + - description test_security + - security-group name test_2 + - security-group name test_1 + - security-group tag 10 + - security-group tag 20 + - object-group network test_og_network + - description test_og_network + - no network-object 192.0.3.0 255.255.255.0 + - network-object 192.0.2.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 + - no network-object host 192.0.3.1 + - network-object host 192.0.2.1 + - network-object host 192.0.2.2 + - object-group network test_network_og + - description test_network_og + - network-object host 192.0.3.1 + - network-object host 192.0.3.2 + - network-object 2001:db8:3::/64 + - object-group user test_og_user + - description test_user + - user LOCAL\new_user_1 + - user LOCAL\new_user_2 diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/defaults/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/defaults/main.yaml new file mode 100644 index 000000000..164afead2 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/defaults/main.yaml @@ -0,0 +1,3 @@ +--- +testcase: "[^_].*" +test_items: [] diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tasks/cli.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tasks/cli.yaml new file mode 100644 index 000000000..95d36328a --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tasks/cli.yaml @@ -0,0 +1,23 @@ +--- +- name: Collect all cli test cases + ansible.builtin.find: + paths: "{{ role_path }}/tests" + patterns: "{{ testcase }}.yaml" + use_regex: true + register: test_cases + delegate_to: localhost + +- name: Set test_items + ansible.builtin.set_fact: + test_items: "{{ test_cases.files | map(attribute='path') | list }}" + delegate_to: localhost + +- name: Run test case (connection=network_cli) + ansible.builtin.include_tasks: "{{ test_case_to_run }}" + vars: + ansible_connection: network_cli + ansible_network_single_user_mode: true + with_items: "{{ test_items }}" + loop_control: + loop_var: test_case_to_run + tags: connection_network_cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tasks/main.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tasks/main.yaml new file mode 100644 index 000000000..19f697238 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tasks/main.yaml @@ -0,0 +1,5 @@ +--- +- name: Include tasks + ansible.builtin.include_tasks: cli.yaml + tags: + - cli diff --git a/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tests/caching.yaml b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tests/caching.yaml new file mode 100644 index 000000000..a2f918079 --- /dev/null +++ b/ansible_collections/cisco/asa/tests/integration/targets/asa_smoke/tests/caching.yaml @@ -0,0 +1,103 @@ +--- +- block: + - ansible.builtin.debug: + msg: "START connection={{ ansible_connection }} caching.yaml" + + - set_fact: + merged: + - object-group security test_og_security + - description test_security + - security-group name test_1 + - security-group name test_2 + - security-group tag 10 + - security-group tag 20 + - object-group network test_og_network + - description test_og_network + - network-object 192.0.2.0 255.255.255.0 + - network-object 198.51.100.0 255.255.255.0 + - network-object host 192.0.2.1 + - network-object host 192.0.2.2 + - object-group network test_network_og + - description test_network_og + - network-object host 192.0.3.1 + - network-object host 192.0.3.2 + - network-object 2001:db8:3::/64 + - object-group user test_og_user + - description test_user + - user LOCAL\new_user_1 + - user LOCAL\new_user_2 + + - name: Remove OG Config + cisco.asa.asa_ogs: + state: deleted + ignore_errors: true + + - name: Merge the provided configuration with the exisiting running configuration + cisco.asa.asa_ogs: &id001 + config: + - object_type: network + object_groups: + - name: test_og_network + description: test_og_network + network_object: + host: + - 192.0.2.1 + - 192.0.2.2 + address: + - 192.0.2.0 255.255.255.0 + - 198.51.100.0 255.255.255.0 + - name: test_network_og + description: test_network_og + network_object: + host: + - 192.0.3.1 + - 192.0.3.2 + ipv6_address: + - 2001:db8:3::/64 + - object_type: security + object_groups: + - name: test_og_security + description: test_security + security_group: + sec_name: + - test_1 + - test_2 + tag: + - 10 + - 20 + - object_type: user + object_groups: + - name: test_og_user + description: test_user + user_object: + user: + - name: new_user_1 + domain: LOCAL + - name: new_user_2 + domain: LOCAL + state: merged + register: result + + - assert: + that: + - result.commands|length == 21 + - result.changed == true + - result.commands|symmetric_difference(merged) == [] + + - name: + Merge the provided configuration with the exisiting running configuration + (IDEMPOTENT) + register: result + cisco.asa.asa_ogs: *id001 + + - assert: + that: + - result.commands|length == 0 + - result.changed == false + + always: + - name: Remove OG Config + cisco.asa.asa_ogs: + state: deleted + ignore_errors: true + when: ansible_connection == "network_cli" and ansible_network_single_user_mode|d(False) |