summaryrefslogtreecommitdiffstats
path: root/ansible_collections/splunk/es/tests/integration
diff options
context:
space:
mode:
Diffstat (limited to 'ansible_collections/splunk/es/tests/integration')
-rw-r--r--ansible_collections/splunk/es/tests/integration/network-integration.cfg4
-rw-r--r--ansible_collections/splunk/es/tests/integration/target-prefixes.network1
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases1
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml55
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases1
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml74
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases1
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml58
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases1
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml58
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases1
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml0
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml2
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml2
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml18
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml7
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml6
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml49
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml6
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml33
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml22
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml82
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml53
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml102
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml101
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml38
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml6
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml33
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml23
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml70
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml72
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml118
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml2
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml2
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml18
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml7
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml6
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml22
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml6
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml36
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml25
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml57
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml43
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml73
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml46
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml2
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml2
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml18
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml7
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml6
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml43
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml16
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml47
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml38
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml77
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml72
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml131
-rw-r--r--ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml129
58 files changed, 2029 insertions, 0 deletions
diff --git a/ansible_collections/splunk/es/tests/integration/network-integration.cfg b/ansible_collections/splunk/es/tests/integration/network-integration.cfg
new file mode 100644
index 000000000..d12c1efe2
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/network-integration.cfg
@@ -0,0 +1,4 @@
+[persistent_connection]
+command_timeout = 100
+connect_timeout = 100
+connect_retry_timeout = 100
diff --git a/ansible_collections/splunk/es/tests/integration/target-prefixes.network b/ansible_collections/splunk/es/tests/integration/target-prefixes.network
new file mode 100644
index 000000000..2a852434e
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/target-prefixes.network
@@ -0,0 +1 @@
+splunk
diff --git a/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases
new file mode 100644
index 000000000..f4c7f6a2b
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases
@@ -0,0 +1 @@
+network/splunk
diff --git a/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml
new file mode 100644
index 000000000..d111fea78
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml
@@ -0,0 +1,55 @@
+---
+- name: remove previous correlation_search
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "absent"
+
+- name: create correlation_search
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "present"
+
+- name: Test splunk.es.adaptive_response_notable_event
+ adaptive_response_notable_event:
+ name: "Fake notable event from playbook"
+ correlation_search_name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake notable event from playbook, description edition."
+ state: "present"
+ next_steps:
+ - ping
+ - nslookup
+ recommended_actions:
+ - script
+ - ansiblesecurityautomation
+ default_status: unassigned
+ register: adaptive_response_notable_event_out
+
+- name: Assert Create splunk.es.adaptive_response_notable_event CHANGED
+ assert:
+ that:
+ - adaptive_response_notable_event_out['changed'] == True
+ - adaptive_response_notable_event_out['failed'] == False
+
+- name: Validate splunk.es.adaptive_response_notable_event idempotent
+ adaptive_response_notable_event:
+ name: "Fake notable event from playbook"
+ correlation_search_name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake notable event from playbook, description edition."
+ state: "present"
+ next_steps:
+ - ping
+ - nslookup
+ recommended_actions:
+ - script
+ - ansiblesecurityautomation
+ register: adaptive_response_notable_event_out2
+
+- name: Assert Create splunk.es.adaptive_response_notable_event IDEMPOTENT
+ assert:
+ that:
+ - adaptive_response_notable_event_out2['changed'] == False
+ - adaptive_response_notable_event_out2['failed'] == False
diff --git a/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases
new file mode 100644
index 000000000..f4c7f6a2b
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases
@@ -0,0 +1 @@
+network/splunk
diff --git a/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml
new file mode 100644
index 000000000..a2ae59ef4
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml
@@ -0,0 +1,74 @@
+---
+- name: Cleanup old correlation_search
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "absent"
+
+- name: Test correlation_search - CREATE
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "present"
+ register: correlation_search_create_output
+
+- name: Assert Create splunk.es.correlation_search CHANGED
+ assert:
+ that:
+ - correlation_search_create_output['changed'] == True
+ - correlation_search_create_output['failed'] == False
+
+- name: Test correlation_search - CREATE IDEMPOTENT
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "present"
+ register: correlation_search_create_output2
+
+- name: Assert Create splunk.es.correlation_search IDEMPOTENT
+ assert:
+ that:
+ - correlation_search_create_output2['changed'] == False
+ - correlation_search_create_output2['failed'] == False
+
+- name: Test correlation_search_info
+ correlation_search_info:
+ name: "Test Fake Coorelation Search From Playbook"
+ register: correlation_search_info_output
+
+- name: Assert Create splunk.es.correlation_search CHANGED
+ assert:
+ that:
+ - correlation_search_info_output['changed'] == False
+ - correlation_search_info_output['failed'] == False
+
+- name: Test correlation_search - DELETE
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "absent"
+ register: correlation_search_delete_output
+
+- name: Assert Create splunk.es.correlation_search CHANGED
+ assert:
+ that:
+ - correlation_search_delete_output['changed'] == True
+ - correlation_search_delete_output['failed'] == False
+
+- name: Test correlation_search - DELETE IDEMPOTENT
+ correlation_search:
+ name: "Test Fake Coorelation Search From Playbook"
+ description: "Test Fake Coorelation Search From Playbook, description edition."
+ search: 'source="/var/log/snort.log"'
+ state: "absent"
+ register: correlation_search_delete_output2
+
+- name: Assert Create splunk.es.correlation_search IDEMPOTENT
+ assert:
+ that:
+ - correlation_search_delete_output2['changed'] == False
+ - correlation_search_delete_output2['failed'] == False
diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases
new file mode 100644
index 000000000..f4c7f6a2b
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases
@@ -0,0 +1 @@
+network/splunk
diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml
new file mode 100644
index 000000000..87459760e
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+- name: Clean up previous data_input_monitor
+ data_input_monitor:
+ name: "/var/log/messages"
+ state: "absent"
+ recursive: True
+
+- name: Test data_input_monitor - CREATE
+ data_input_monitor:
+ name: "/var/log/messages"
+ state: "present"
+ recursive: True
+ register: data_input_monitor_output
+
+- name: Assert Create splunk.es.data_input_monitor CHANGED
+ assert:
+ that:
+ - data_input_monitor_output['changed'] == True
+ - data_input_monitor_output['failed'] == False
+
+- name: Test data_input_monitor - CREATE IDEMPOTENT
+ data_input_monitor:
+ name: "/var/log/messages"
+ state: "present"
+ recursive: True
+ register: data_input_monitor_output2
+
+- name: Assert Create splunk.es.data_input_monitor CREATE IDEMPOTENT
+ assert:
+ that:
+ - data_input_monitor_output2['changed'] == False
+ - data_input_monitor_output2['failed'] == False
+
+- name: Test data_input_monitor - DELETE
+ data_input_monitor:
+ name: "/var/log/messages"
+ state: "absent"
+ recursive: True
+ register: data_input_monitor_absent_output
+
+- name: Assert Create splunk.es.data_input_monitor CHANGED
+ assert:
+ that:
+ - data_input_monitor_absent_output['changed'] == True
+ - data_input_monitor_absent_output['failed'] == False
+
+- name: Test data_input_monitor - DELETE IDEMPOTENT
+ data_input_monitor:
+ name: "/var/log/messages"
+ state: "absent"
+ recursive: True
+ register: data_input_monitor_absent_output2
+
+- name: Assert Create splunk.es.data_input_monitor DELETE IDEMPOTENT
+ assert:
+ that:
+ - data_input_monitor_absent_output2['changed'] == False
+ - data_input_monitor_absent_output2['failed'] == False
diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases
new file mode 100644
index 000000000..f4c7f6a2b
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases
@@ -0,0 +1 @@
+network/splunk
diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml
new file mode 100644
index 000000000..5082458c0
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml
@@ -0,0 +1,58 @@
+---
+- name: Cleanup previous data_input_network
+ data_input_network:
+ name: "8099"
+ protocol: "tcp"
+ state: "absent"
+
+- name: Test data_input_network - CREATE
+ data_input_network:
+ name: "8099"
+ protocol: "tcp"
+ state: "present"
+ register: data_input_network_output
+
+- name: Assert Create splunk.es.data_input_network CHANGED
+ assert:
+ that:
+ - data_input_network_output is changed
+ - data_input_network_output is not failed
+
+- name: Test data_input_network - CREATE IDEMPOTENT
+ data_input_network:
+ name: "8099"
+ protocol: "tcp"
+ state: "present"
+ register: data_input_network_output2
+
+- name: Assert Create splunk.es.data_input_network CREATE IDEMPOTENT
+ assert:
+ that:
+ - data_input_network_output2 is not changed
+ - data_input_network_output2 is not failed
+
+- name: Test data_input_network - DELETE
+ data_input_network:
+ name: "8099"
+ protocol: "tcp"
+ state: "absent"
+ register: data_input_network_absent_output
+
+- name: Assert Create splunk.es.data_input_network CHANGED
+ assert:
+ that:
+ - data_input_network_absent_output is changed
+ - data_input_network_absent_output is not failed
+
+- name: Test data_input_network - DELETE IDEMPOTENT
+ data_input_network:
+ name: "8099"
+ protocol: "tcp"
+ state: "absent"
+ register: data_input_network_absent_output2
+
+- name: Assert Create splunk.es.data_input_network DELETE IDEMPOTENT
+ assert:
+ that:
+ - data_input_network_absent_output2 is not changed
+ - data_input_network_absent_output2 is not failed
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases
new file mode 100644
index 000000000..f4c7f6a2b
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases
@@ -0,0 +1 @@
+network/splunk
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml
new file mode 100644
index 000000000..e69de29bb
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml
new file mode 100644
index 000000000..10c0fabcb
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+testcase: '*'
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml
new file mode 100644
index 000000000..23d65c7ef
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml
@@ -0,0 +1,2 @@
+---
+dependencies: []
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml
new file mode 100644
index 000000000..dcc81f25f
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml
@@ -0,0 +1,18 @@
+---
+- name: collect all test cases
+ find:
+ paths: '{{ role_path }}/tests'
+ patterns: '{{ testcase }}.yaml'
+ register: test_cases
+
+- name: set test_items
+ set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}"
+
+- name: Run test case (connection=ansible.netcommon.httpapi)
+ include: '{{ test_case_to_run }}'
+ vars:
+ ansible_connection: ansible.netcommon.httpapi
+ with_items: '{{ test_items }}'
+ loop_control:
+ loop_var: test_case_to_run
+ tags: connection_httpapi
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml
new file mode 100644
index 000000000..62cc1ae1e
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml
@@ -0,0 +1,7 @@
+---
+- include: cli.yaml
+ tags:
+ - cli
+
+- include: redirection.yaml
+ when: ansible_version.full is version('2.10.0', '>=')
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml
new file mode 100644
index 000000000..bafc23a45
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml
@@ -0,0 +1,6 @@
+---
+- name: collect all test cases
+ find:
+ paths: '{{ role_path }}/tests/redirection'
+ patterns: '{{ testcase }}.yaml'
+ register: test_cases
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml
new file mode 100644
index 000000000..02e9074da
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml
@@ -0,0 +1,49 @@
+---
+- name: create test correlation search
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ description: test description
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+ state: merged
+
+- name: populate notable event adaptive response for test correlation search
+ splunk.es.splunk_adaptive_response_notable_events:
+ config:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ drilldown_name: test_drill_name
+ drilldown_search: test_drill
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ - dvc
+ - orig_host
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ - src_user_role
+ - user_id
+ - user_role
+ - vendor_account
+ investigation_profiles:
+ - test profile 1
+ - test profile 2
+ - test profile 3
+ next_steps:
+ - makestreams
+ - nbtstat
+ - nslookup
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ - makestreams
+ - nbtstat
+ security_domain: threat
+ severity: high
+ state: merged \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml
new file mode 100644
index 000000000..ab4a4a278
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml
@@ -0,0 +1,6 @@
+---
+- name: create test correlation search
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ state: deleted
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml
new file mode 100644
index 000000000..e2fa5c8cf
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml
@@ -0,0 +1,33 @@
+---
+- debug:
+ msg: Start Deleted integration state for adaptive_response_notable_events ansible_connection={{ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+ - name: Delete adaptive response notable events config
+ splunk.es.splunk_adaptive_response_notable_events: &id001
+ config:
+ - correlation_search_name: Ansible Test
+ state: deleted
+ register: result
+
+ - assert:
+ that:
+ - result.changed == true
+ - merged['after'] == result['adaptive_response_notable_events']['before']
+ - merged['before'] == result['adaptive_response_notable_events']['after']
+
+ - name: Delete attributes of all configured interfaces (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_adaptive_response_notable_events: *id001
+
+ - name: Assert that the previous delete task was idempotent
+ assert:
+ that:
+ - result.changed == false
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml
new file mode 100644
index 000000000..f5003ee06
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml
@@ -0,0 +1,22 @@
+---
+- debug:
+ msg: START adaptive_response_notable_events gathered integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+ - name: Gather adaptive response notable events config
+ splunk.es.splunk_adaptive_response_notable_events:
+ config:
+ - correlation_search_name: Ansible Test
+ state: gathered
+ register: result
+
+ - assert:
+ that:
+ - merged['after'] == result['adaptive_response_notable_events']['gathered']
+ - result['changed'] == false
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml
new file mode 100644
index 000000000..6c949f830
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml
@@ -0,0 +1,82 @@
+---
+- debug:
+ msg:
+ START Merged adaptive_response_notable_events state for integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+
+- block:
+ - name: create test correlation search
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ description: test description
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+ state: merged
+
+ - name: Merge and create new adaptive response notable events configuration
+ tags: merged
+ register: result
+ splunk.es.splunk_adaptive_response_notable_events: &id001
+ state: merged
+ config:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ drilldown_name: test_drill_name
+ drilldown_search: test_drill
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ - dvc
+ - orig_host
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ - src_user_role
+ - user_id
+ - user_role
+ - vendor_account
+ investigation_profiles:
+ - test profile 1
+ - test profile 2
+ - test profile 3
+ next_steps:
+ - makestreams
+ - nbtstat
+ - nslookup
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ - makestreams
+ - nbtstat
+ security_domain: threat
+ severity: high
+
+ - name: Assert that task reports change and after dict is correctly generated
+ assert:
+ that:
+ - result['changed'] == true
+ - merged['after'] == result['adaptive_response_notable_events']['after']
+
+ - name: Assert that before dicts are correctly generated
+ assert:
+ that:
+ - merged['before'] == result['adaptive_response_notable_events']['before']
+
+ - name: Merge provided configuration with device configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_adaptive_response_notable_events: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml
new file mode 100644
index 000000000..47cf117b2
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml
@@ -0,0 +1,53 @@
+---
+- debug:
+ msg: START Replaced adaptive_response_notable_events state for integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+ - name: Replace existing adaptive response notable events configuration
+ register: result
+ splunk.es.splunk_adaptive_response_notable_events: &id001
+ state: replaced
+ config:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ next_steps:
+ - makestreams
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ security_domain: threat
+ severity: high
+
+ - assert:
+ that:
+ - result.changed == true
+ - replaced['before'] == result['adaptive_response_notable_events']['before']
+ - replaced['after'] == result['adaptive_response_notable_events']['after']
+
+ - name:
+ Replaces device configuration of listed adaptive response notable events configuration with
+ provided configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_adaptive_response_notable_events: *id001
+
+ - name: Assert that task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml
new file mode 100644
index 000000000..dfb936ff0
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml
@@ -0,0 +1,102 @@
+---
+- debug:
+ msg: START adaptive_response_notable_events round trip integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+ - name: Apply the provided configuration (base config)
+ register: base_config
+ splunk.es.splunk_adaptive_response_notable_events: &id001
+ state: merged
+ config:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ drilldown_name: test_drill_name
+ drilldown_search: test_drill
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ - dvc
+ - orig_host
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ - src_user_role
+ - user_id
+ - user_role
+ - vendor_account
+ investigation_profiles:
+ - test profile 1
+ - test profile 2
+ - test profile 3
+ next_steps:
+ - makestreams
+ - nbtstat
+ - nslookup
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ - makestreams
+ - nbtstat
+ security_domain: threat
+ severity: high
+
+ - name: Gather adaptive response notable events configuration facts
+ register: gather_result
+ splunk.es.splunk_adaptive_response_notable_events:
+ config:
+ - correlation_search_name: Ansible Test
+ state: gathered
+
+ - name: Apply the configuration which need to be reverted
+ register: result
+ splunk.es.splunk_adaptive_response_notable_events:
+ config:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ next_steps:
+ - makestreams
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ security_domain: threat
+ severity: high
+ state: replaced
+
+ - assert:
+ that:
+ - result.changed == true
+ - replaced['before'] == result['adaptive_response_notable_events']['before']
+ - replaced['after'] == result['adaptive_response_notable_events']['after']
+
+ - name: Revert back to base config using facts round trip
+ register: revert
+ splunk.es.splunk_adaptive_response_notable_events:
+ config: "{{ gather_result['adaptive_response_notable_events']['gathered'] }}"
+ state: replaced
+
+ - assert:
+ that:
+ - revert['changed'] == true
+ - merged['after'] == revert['adaptive_response_notable_events']['after']
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml
new file mode 100644
index 000000000..8116add0d
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml
@@ -0,0 +1,101 @@
+---
+merged:
+ before: []
+
+ after:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ drilldown_name: test_drill_name
+ drilldown_search: test_drill
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ - dvc
+ - orig_host
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ - src_user_role
+ - user_id
+ - user_role
+ - vendor_account
+ investigation_profiles:
+ - test profile 1
+ - test profile 2
+ - test profile 3
+ next_steps:
+ - makestreams
+ - nbtstat
+ - nslookup
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ - makestreams
+ - nbtstat
+ security_domain: threat
+ severity: high
+
+replaced:
+ before:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ drilldown_name: test_drill_name
+ drilldown_search: test_drill
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ - dvc
+ - orig_host
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ - src_user_role
+ - user_id
+ - user_role
+ - vendor_account
+ investigation_profiles:
+ - test profile 1
+ - test profile 2
+ - test profile 3
+ next_steps:
+ - makestreams
+ - nbtstat
+ - nslookup
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ - makestreams
+ - nbtstat
+ security_domain: threat
+ severity: high
+ after:
+ - correlation_search_name: Ansible Test
+ description: test notable event
+ drilldown_earliest_offset: $info_min_time$
+ drilldown_latest_offset: $info_max_time$
+ extract_artifacts:
+ asset:
+ - src
+ - dest
+ identity:
+ - src_user
+ - user
+ - src_user_id
+ next_steps:
+ - makestreams
+ name: ansible_test_notable
+ recommended_actions:
+ - email
+ - logevent
+ security_domain: threat
+ severity: high \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml
new file mode 100644
index 000000000..39b507ff3
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml
@@ -0,0 +1,38 @@
+---
+- name: merge corre config
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ disabled: false
+ description: test description
+ app: DA-ESS-EndpointProtection
+ annotations:
+ cis20:
+ - test1
+ mitre_attack:
+ - test2
+ kill_chain_phases:
+ - test3
+ nist:
+ - test4
+ custom:
+ - framework: test_framework
+ custom_annotations:
+ - test5
+ ui_dispatch_context: SplunkEnterpriseSecuritySuite
+ time_earliest: -24h
+ time_latest: now
+ cron_schedule: "*/5 * * * *"
+ scheduling: realtime
+ schedule_window: 0
+ schedule_priority: default
+ trigger_alert: once
+ trigger_alert_when: number of events
+ trigger_alert_when_condition: greater than
+ trigger_alert_when_value: 10
+ throttle_window_duration: 5s
+ throttle_fields_to_group_by:
+ - test_field1
+ suppress_alerts: False
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+ state: merged \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml
new file mode 100644
index 000000000..7707f9191
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml
@@ -0,0 +1,6 @@
+---
+- name: delete correlation search
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ state: deleted \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml
new file mode 100644
index 000000000..363f0f3b5
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml
@@ -0,0 +1,33 @@
+---
+- debug:
+ msg: Start Deleted integration state for correlation_searches ansible_connection={{ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _populate_config.yaml
+
+- block:
+ - name: Delete correlation searches config
+ splunk.es.splunk_correlation_searches: &id001
+ config:
+ - name: Ansible Test
+ state: deleted
+ register: result
+
+ - assert:
+ that:
+ - result.changed == true
+ - merged['after'] == result['correlation_searches']['before']
+ - merged['before'] == result['correlation_searches']['after']
+
+ - name: Delete attributes of all configured interfaces (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_correlation_searches: *id001
+
+ - name: Assert that the previous delete task was idempotent
+ assert:
+ that:
+ - result.changed == false
+
+ always:
+ - include_tasks: _remove_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml
new file mode 100644
index 000000000..f612ab397
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml
@@ -0,0 +1,23 @@
+---
+- debug:
+ msg: START correlation_searches gathered integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- include_tasks: _populate_config.yaml
+
+- block:
+ - name: Gather correlation searches config
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ - name: Ansible Test1
+ state: gathered
+ register: result
+
+ - assert:
+ that:
+ - merged['after'] == result['gathered']
+ - result['changed'] == false
+ always:
+ - include_tasks: _remove_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml
new file mode 100644
index 000000000..a83d1aacf
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml
@@ -0,0 +1,70 @@
+---
+- debug:
+ msg: START Merged correlation_searches state for integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+
+- block:
+ - name: Merge and create new correlation searches configuration
+ tags: merged
+ register: result
+ splunk.es.splunk_correlation_searches: &id001
+ state: merged
+ config:
+ - name: Ansible Test
+ disabled: false
+ description: test description
+ app: DA-ESS-EndpointProtection
+ annotations:
+ cis20:
+ - test1
+ mitre_attack:
+ - test2
+ kill_chain_phases:
+ - test3
+ nist:
+ - test4
+ custom:
+ - framework: test_framework
+ custom_annotations:
+ - test5
+ ui_dispatch_context: SplunkEnterpriseSecuritySuite
+ time_earliest: -24h
+ time_latest: now
+ cron_schedule: "*/5 * * * *"
+ scheduling: realtime
+ schedule_window: 0
+ schedule_priority: default
+ trigger_alert: once
+ trigger_alert_when: number of events
+ trigger_alert_when_condition: greater than
+ trigger_alert_when_value: 10
+ throttle_window_duration: 5s
+ throttle_fields_to_group_by:
+ - test_field1
+ suppress_alerts: False
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+
+ - name: Assert that task reports change and after dict is correctly generated
+ assert:
+ that:
+ - result['changed'] == true
+ - merged['after'] == result['correlation_searches']['after']
+
+ - name: Assert that before dicts are correctly generated
+ assert:
+ that:
+ - merged['before'] == result['correlation_searches']['before']
+
+ - name: Merge provided configuration with device configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_correlation_searches: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml
new file mode 100644
index 000000000..a41649a5b
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml
@@ -0,0 +1,72 @@
+---
+- debug:
+ msg: START Replaced correlation_searches state for integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+- include_tasks: _populate_config.yaml
+
+- block:
+
+ - name: Replace existing correlation searches configuration
+ register: result
+ splunk.es.splunk_correlation_searches: &id001
+ state: replaced
+ config:
+ - name: Ansible Test
+ disabled: false
+ description: test description
+ app: SplunkEnterpriseSecuritySuite
+ annotations:
+ cis20:
+ - test1
+ - test2
+ mitre_attack:
+ - test3
+ - test4
+ kill_chain_phases:
+ - test5
+ - test6
+ nist:
+ - test7
+ - test8
+ custom:
+ - framework: test_framework2
+ custom_annotations:
+ - test9
+ - test10
+ ui_dispatch_context: SplunkEnterpriseSecuritySuite
+ time_earliest: -24h
+ time_latest: now
+ cron_schedule: "*/5 * * * *"
+ scheduling: continuous
+ schedule_window: auto
+ schedule_priority: default
+ trigger_alert: once
+ trigger_alert_when: number of events
+ trigger_alert_when_condition: greater than
+ trigger_alert_when_value: 10
+ throttle_window_duration: 5s
+ throttle_fields_to_group_by:
+ - test_field1
+ - test_field2
+ suppress_alerts: True
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+
+ - assert:
+ that:
+ - result.changed == true
+ - replaced['before'] == result['correlation_searches']['before']
+ - replaced['after'] == result['correlation_searches']['after']
+
+ - name: Replaces device configuration of listed data inputs networks configuration with
+ provided configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_correlation_searches: *id001
+
+ - name: Assert that task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml
new file mode 100644
index 000000000..151e7305a
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml
@@ -0,0 +1,118 @@
+---
+- debug:
+ msg: START correlation_searches round trip integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_config.yaml
+- include_tasks: _populate_config.yaml
+
+- block:
+ - name: Apply the provided configuration (base config)
+ register: base_config
+ splunk.es.splunk_correlation_searches: &id001
+ state: merged
+ config:
+ - name: Ansible Test 3
+ disabled: false
+ description: test description
+ app: DA-ESS-EndpointProtection
+ annotations:
+ cis20:
+ - test1
+ mitre_attack:
+ - test2
+ kill_chain_phases:
+ - test3
+ nist:
+ - test4
+ custom:
+ - framework: test_framework
+ custom_annotations:
+ - test5
+ ui_dispatch_context: SplunkEnterpriseSecuritySuite
+ time_earliest: -24h
+ time_latest: now
+ cron_schedule: "*/5 * * * *"
+ scheduling: realtime
+ schedule_window: 0
+ schedule_priority: default
+ trigger_alert: once
+ trigger_alert_when: number of events
+ trigger_alert_when_condition: greater than
+ trigger_alert_when_value: 10
+ throttle_window_duration: 5s
+ throttle_fields_to_group_by:
+ - test_field1
+ suppress_alerts: False
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+
+ - name: Gather correlation searches configuration facts
+ register: gather_result
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ state: gathered
+
+ - name: Apply the configuration which need to be reverted
+ register: result
+ splunk.es.splunk_correlation_searches:
+ config:
+ - name: Ansible Test
+ disabled: false
+ description: test description
+ app: SplunkEnterpriseSecuritySuite
+ annotations:
+ cis20:
+ - test1
+ - test2
+ mitre_attack:
+ - test3
+ - test4
+ kill_chain_phases:
+ - test5
+ - test6
+ nist:
+ - test7
+ - test8
+ custom:
+ - framework: test_framework2
+ custom_annotations:
+ - test9
+ - test10
+ ui_dispatch_context: SplunkEnterpriseSecuritySuite
+ time_earliest: -24h
+ time_latest: now
+ cron_schedule: "*/5 * * * *"
+ scheduling: continuous
+ schedule_window: auto
+ schedule_priority: default
+ trigger_alert: once
+ trigger_alert_when: number of events
+ trigger_alert_when_condition: greater than
+ trigger_alert_when_value: 10
+ throttle_window_duration: 5s
+ throttle_fields_to_group_by:
+ - test_field1
+ - test_field2
+ suppress_alerts: True
+ search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6'
+ state: replaced
+
+ - assert:
+ that:
+ - result.changed == true
+ - replaced['before'] == result['correlation_searches']['before']
+ - replaced['after'] == result['correlation_searches']['after']
+
+ - name: Revert back to base config using facts round trip
+ register: revert
+ splunk.es.splunk_correlation_searches:
+ config: "{{ gather_result['gathered'] }}"
+ state: replaced
+
+ - assert:
+ that:
+ - revert['changed'] == true
+ - merged['after'] == revert['correlation_searches']['after']
+
+ always:
+ - include_tasks: _remove_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml
new file mode 100644
index 000000000..10c0fabcb
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+testcase: '*'
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml
new file mode 100644
index 000000000..23d65c7ef
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml
@@ -0,0 +1,2 @@
+---
+dependencies: []
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml
new file mode 100644
index 000000000..dcc81f25f
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml
@@ -0,0 +1,18 @@
+---
+- name: collect all test cases
+ find:
+ paths: '{{ role_path }}/tests'
+ patterns: '{{ testcase }}.yaml'
+ register: test_cases
+
+- name: set test_items
+ set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}"
+
+- name: Run test case (connection=ansible.netcommon.httpapi)
+ include: '{{ test_case_to_run }}'
+ vars:
+ ansible_connection: ansible.netcommon.httpapi
+ with_items: '{{ test_items }}'
+ loop_control:
+ loop_var: test_case_to_run
+ tags: connection_httpapi
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml
new file mode 100644
index 000000000..62cc1ae1e
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml
@@ -0,0 +1,7 @@
+---
+- include: cli.yaml
+ tags:
+ - cli
+
+- include: redirection.yaml
+ when: ansible_version.full is version('2.10.0', '>=')
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml
new file mode 100644
index 000000000..bafc23a45
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml
@@ -0,0 +1,6 @@
+---
+- name: collect all test cases
+ find:
+ paths: '{{ role_path }}/tests/redirection'
+ patterns: '{{ testcase }}.yaml'
+ register: test_cases
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml
new file mode 100644
index 000000000..2bb0129a4
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml
@@ -0,0 +1,22 @@
+---
+- name: Populate data inputs config
+ splunk.es.splunk_data_inputs_monitor:
+ config:
+ - name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z]/gm'
+ check_index: True
+ check_path: True
+ crc_salt: <SOURCE>
+ disabled: False
+ follow_tail: False
+ host: "$decideOnStartup"
+ host_regex: "/(test_host)/gm"
+ host_segment: 3
+ ignore_older_than: 5d
+ index: default
+ recursive: True
+ rename_source: test
+ sourcetype: test_source_type
+ time_before_close: 4
+ whitelist: '/\/var\/log\/[a-z]/gm'
+ state: merged \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml
new file mode 100644
index 000000000..d0fdb2d90
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml
@@ -0,0 +1,6 @@
+---
+- name: Delete data inputs config
+ splunk.es.splunk_data_inputs_monitor:
+ config:
+ - name: "/var/log"
+ state: deleted \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml
new file mode 100644
index 000000000..8f19b500f
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml
@@ -0,0 +1,36 @@
+---
+- debug:
+ msg: Start Deleted integration state for data_inputs_monitors ansible_connection={{ ansible_connection
+ }}
+
+- include_tasks: _remove_dim_config.yaml
+
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+ - name: Delete data inputs monitors config
+ splunk.es.splunk_data_inputs_monitor: &id001
+ config:
+ - name: /var/log
+ state: deleted
+ register: result
+
+ - assert:
+ that:
+ - result.changed == true
+ - "{{ merged['after'] | dict2items |\
+ symmetric_difference(result['data_inputs_monitor']['before'][0] |\
+ dict2items)| length==5}}"
+ - merged['before'] == result['data_inputs_monitor']['after']
+
+ - name: Delete attributes of all configured interfaces (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_data_inputs_monitor: *id001
+
+ - name: Assert that the previous delete task was idempotent
+ assert:
+ that:
+ - result.changed == false
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml
new file mode 100644
index 000000000..84aae2076
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml
@@ -0,0 +1,25 @@
+---
+- debug:
+ msg: START data_inputs_monitors gathered integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+ - name: Gather data inputs monitors config
+ splunk.es.splunk_data_inputs_monitor:
+ config:
+ - name: "/var/log"
+ state: gathered
+ register: result
+
+ - assert:
+ that:
+ - "{{ merged['after'] | dict2items |\
+ symmetric_difference(result['gathered'][0] |\
+ dict2items)| length==5}}"
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml
new file mode 100644
index 000000000..0388c26c1
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml
@@ -0,0 +1,57 @@
+---
+- debug:
+ msg: START Merged data_inputs_monitor state for integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+
+- block:
+ - name: Merge and create new data inputs monitors configuration
+ tags: merged
+ register: result
+ splunk.es.splunk_data_inputs_monitor: &id001
+ state: merged
+ config:
+ - name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z]/gm'
+ check_index: True
+ check_path: True
+ crc_salt: <SOURCE>
+ disabled: False
+ follow_tail: False
+ host: "$decideOnStartup"
+ host_regex: "/(test_host)/gm"
+ host_segment: 3
+ ignore_older_than: 5d
+ index: default
+ recursive: True
+ rename_source: test
+ sourcetype: test_source_type
+ time_before_close: 4
+ whitelist: '/\/var\/log\/[a-z]/gm'
+
+ - name: Assert that task reports change and after dict is correctly generated
+ assert:
+ that:
+ - result['changed'] == true
+ - "{{ merged['after'] | dict2items |\
+ symmetric_difference(result['data_inputs_monitor']['after'][0] |\
+ dict2items)| length==5}}"
+
+ - name: Assert that before dicts are correctly generated
+ assert:
+ that:
+ - merged['before'] == result['data_inputs_monitor']['before']
+
+ - name: Merge provided configuration with device configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_data_inputs_monitor: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+
+ - include_tasks: _remove_dim_config.yaml \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml
new file mode 100644
index 000000000..7a9dd8c46
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml
@@ -0,0 +1,43 @@
+---
+- debug:
+ msg: START Replaced data_inputs_monitor state for integration tests on connection={{ ansible_connection
+ }}
+
+- include_tasks: _remove_dim_config.yaml
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+
+ - name: Replace existing data inputs monitors configuration
+ register: result
+ splunk.es.splunk_data_inputs_monitor: &id001
+ state: replaced
+ config:
+ - name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z0-9]/gm'
+ crc_salt: <SOURCE>
+
+
+ - assert:
+ that:
+ - result.changed == true
+ - "{{ replaced['before'] | dict2items |\
+ symmetric_difference(result['data_inputs_monitor']['before'][0] |\
+ dict2items) | length==5}}"
+ - "{{ replaced['after'] | dict2items |\
+ symmetric_difference(result['data_inputs_monitor']['after'][0] |\
+ dict2items) | length==3}}"
+
+ - name: Replaces device configuration of listed data inputs networks configuration with
+ provided configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_data_inputs_monitor: *id001
+
+ - name: Assert that task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml
new file mode 100644
index 000000000..4025c446c
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml
@@ -0,0 +1,73 @@
+---
+- debug:
+ msg: START data_inputs_monitor round trip integration tests on connection={{ ansible_connection }}
+
+- include_tasks: _remove_dim_config.yaml
+- include_tasks: _populate_dim_config.yaml
+
+- block:
+
+ - name: Apply the provided configuration (base config)
+ register: base_config
+ splunk.es.splunk_data_inputs_monitor: &id001
+ state: merged
+ config:
+ - name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z]/gm'
+ check_index: True
+ check_path: True
+ crc_salt: <SOURCE>
+ disabled: False
+ follow_tail: False
+ host: "$decideOnStartup"
+ host_regex: "/(test_host)/gm"
+ host_segment: 3
+ ignore_older_than: 5d
+ index: default
+ recursive: True
+ rename_source: test
+ sourcetype: test_source_type
+ time_before_close: 4
+ whitelist: '/\/var\/log\/[a-z]/gm'
+
+ - name: Gather data inputs monitors configuration facts
+ register: gather_result
+ splunk.es.splunk_data_inputs_monitor:
+ config:
+ - name: "/var/log"
+ state: gathered
+
+ - name: Apply the configuration which need to be reverted
+ register: result
+ splunk.es.splunk_data_inputs_monitor:
+ config:
+ - name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z0-9]/gm'
+ crc_salt: <SOURCE>
+ state: replaced
+
+ - assert:
+ that:
+ - result.changed == true
+ - "{{ replaced['before'] | dict2items |\
+ symmetric_difference(result['data_inputs_monitor']['before'][0] |\
+ dict2items) | length==5}}"
+ - "{{ replaced['after'] | dict2items |\
+ symmetric_difference(result['data_inputs_monitor']['after'][0] |\
+ dict2items) | length==3}}"
+
+ - name: Revert back to base config using facts round trip
+ register: revert
+ splunk.es.splunk_data_inputs_monitor:
+ config: "{{ gather_result['gathered'] }}"
+ state: replaced
+
+ - assert:
+ that:
+ - revert['changed'] == true
+ - "{{ merged['after'] | dict2items |\
+ symmetric_difference(revert['data_inputs_monitor']['after'][0] |\
+ dict2items)| length==5}}"
+
+ always:
+ - include_tasks: _remove_dim_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml
new file mode 100644
index 000000000..881a750b4
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml
@@ -0,0 +1,46 @@
+---
+merged:
+ before: []
+
+ after:
+ name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z]/gm'
+ check_index: True
+ check_path: True
+ crc_salt: <SOURCE>
+ disabled: False
+ follow_tail: False
+ host: "$decideOnStartup"
+ host_regex: "/(test_host)/gm"
+ host_segment: 3
+ ignore_older_than: 5d
+ index: default
+ recursive: True
+ rename_source: test
+ sourcetype: test_source_type
+ time_before_close:
+ whitelist: '/\/var\/log\/[a-z]/gm'
+
+replaced:
+ before:
+ name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z]/gm'
+ check_index: True
+ check_path: True
+ crc_salt: <SOURCE>
+ disabled: False
+ follow_tail: False
+ host: "$decideOnStartup"
+ host_regex: "/(test_host)/gm"
+ host_segment: 3
+ ignore_older_than: 5d
+ index: default
+ recursive: True
+ rename_source: test
+ sourcetype: test_source_type
+ time_before_close:
+ whitelist: '/\/var\/log\/[a-z]/gm'
+ after:
+ name: "/var/log"
+ blacklist: '/\/var\/log\/[a-z0-9]/gm'
+ crc_salt: <SOURCE> \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml
new file mode 100644
index 000000000..10c0fabcb
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml
@@ -0,0 +1,2 @@
+---
+testcase: '*'
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml
new file mode 100644
index 000000000..23d65c7ef
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml
@@ -0,0 +1,2 @@
+---
+dependencies: []
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml
new file mode 100644
index 000000000..dcc81f25f
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml
@@ -0,0 +1,18 @@
+---
+- name: collect all test cases
+ find:
+ paths: '{{ role_path }}/tests'
+ patterns: '{{ testcase }}.yaml'
+ register: test_cases
+
+- name: set test_items
+ set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}"
+
+- name: Run test case (connection=ansible.netcommon.httpapi)
+ include: '{{ test_case_to_run }}'
+ vars:
+ ansible_connection: ansible.netcommon.httpapi
+ with_items: '{{ test_items }}'
+ loop_control:
+ loop_var: test_case_to_run
+ tags: connection_httpapi
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml
new file mode 100644
index 000000000..62cc1ae1e
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml
@@ -0,0 +1,7 @@
+---
+- include: cli.yaml
+ tags:
+ - cli
+
+- include: redirection.yaml
+ when: ansible_version.full is version('2.10.0', '>=')
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml
new file mode 100644
index 000000000..bafc23a45
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml
@@ -0,0 +1,6 @@
+---
+- name: collect all test cases
+ find:
+ paths: '{{ role_path }}/tests/redirection'
+ patterns: '{{ testcase }}.yaml'
+ register: test_cases
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml
new file mode 100644
index 000000000..60f87afbf
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml
@@ -0,0 +1,43 @@
+---
+- name: merge data inputs config
+ splunk.es.splunk_data_inputs_network:
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: 8100
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 9
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: 8101
+ connection_host: ip
+ disabled: False
+ host: "$decideOnStartup"
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ token: "01234567-0123-0123-0123-012345678901"
+ - protocol: tcp
+ datatype: ssl
+ name: test_host
+ - protocol: udp
+ name: 7890
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ no_appending_timestamp: True
+ no_priority_stripping: True
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ state: merged \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml
new file mode 100644
index 000000000..bf904c27d
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml
@@ -0,0 +1,16 @@
+---
+- name: delete data inputs config
+ splunk.es.splunk_data_inputs_network:
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ - protocol: udp
+ name: default:7890
+ state: deleted \ No newline at end of file
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml
new file mode 100644
index 000000000..08974bab5
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml
@@ -0,0 +1,47 @@
+---
+- debug:
+ msg:
+ Start Deleted integration state for data_inputs_network ansible_connection={{ ansible_connection
+ }}
+
+- include_tasks: _remove_din_config.yaml
+
+- include_tasks: _populate_din_config.yaml
+
+- block:
+ - name: Delete data inputs networks config
+ splunk.es.splunk_data_inputs_network: &id001
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ token: "01234567-0123-0123-0123-012345678901"
+ - protocol: udp
+ name: default:7890
+ state: deleted
+ register: result
+
+ - assert:
+ that:
+ - result.changed == true
+ - "{{ merged['after'] | symmetric_difference(result['data_inputs_network']['before']) |\
+ \ length == 1 }}"
+ - merged['before'] == result['data_inputs_network']['after']
+
+ - name: Delete attributes of all configured interfaces (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_data_inputs_network: *id001
+
+ - name: Assert that the previous delete task was idempotent
+ assert:
+ that:
+ - result.changed == false
+
+ always:
+ - include_tasks: _remove_din_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml
new file mode 100644
index 000000000..252ddc7df
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml
@@ -0,0 +1,38 @@
+---
+- debug:
+ msg:
+ START data_inputs_network gathered integration tests on connection={{ ansible_connection
+ }}
+
+- include_tasks: _remove_din_config.yaml
+
+- include_tasks: _populate_din_config.yaml
+
+- block:
+ - name: Gather data inputs networks config
+ splunk.es.splunk_data_inputs_network:
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ - protocol: tcp
+ datatype: ssl
+ name: test_host
+ - protocol: udp
+ name: default:7890
+ state: gathered
+ register: result
+
+ - assert:
+ that:
+ - "{{ merged['after'] | symmetric_difference(result['gathered']) |\
+ \ length == 0 }}"
+ - result['changed'] == false
+ always:
+ - include_tasks: _remove_din_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml
new file mode 100644
index 000000000..842524ec6
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml
@@ -0,0 +1,77 @@
+---
+- debug:
+ msg:
+ START Merged data_inputs_network state for integration tests on connection={{
+ ansible_connection }}
+
+- include_tasks: _remove_din_config.yaml
+
+- block:
+ - name: Merge and create new data inputs networks configuration
+ tags: merged
+ register: result
+ splunk.es.splunk_data_inputs_network: &id001
+ state: merged
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: 8100
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 9
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: 8101
+ connection_host: ip
+ disabled: False
+ host: "$decideOnStartup"
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ token: 01234567-0123-0123-0123-012345678901
+ - protocol: tcp
+ datatype: ssl
+ name: test_host
+ - protocol: udp
+ name: 7890
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ no_appending_timestamp: True
+ no_priority_stripping: True
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+
+ - name: Assert that task reports change and after dict is correctly generated
+ assert:
+ that:
+ - result['changed'] == true
+ - "{{ merged['after'] | symmetric_difference(result['data_inputs_network']['after']) |\
+ \ length == 0 }}"
+
+ - name: Assert that before dicts are correctly generated
+ assert:
+ that:
+ - merged['before_merged'] == result['data_inputs_network']['before']
+
+ - name: Merge provided configuration with device configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_data_inputs_network: *id001
+
+ - name: Assert that the previous task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_din_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml
new file mode 100644
index 000000000..340df5282
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml
@@ -0,0 +1,72 @@
+---
+- debug:
+ msg:
+ START Replaced data_inputs_network state for integration tests on connection={{ ansible_connection
+ }}
+
+- include_tasks: _remove_din_config.yaml
+- include_tasks: _populate_din_config.yaml
+
+- block:
+ - name: Replace existing data inputs networks configuration
+ register: result
+ splunk.es.splunk_data_inputs_network: &id001
+ state: replaced
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: 8100
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 10
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: 8101
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ token: 01234567-0123-0123-0123-012345678900
+ - protocol: udp
+ name: 7890
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ no_appending_timestamp: False
+ no_priority_stripping: False
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+
+ - assert:
+ that:
+ - result.changed == true
+ - "{{ replaced['before'] | symmetric_difference(result['data_inputs_network']['before']) |\
+ \ length == 0 }}"
+ - "{{ replaced['after'] | symmetric_difference(result['data_inputs_network']['after']) |\
+ \ length == 0 }}"
+
+ - name:
+ Replaces device configuration of listed data inputs networks configuration with
+ provided configuration (IDEMPOTENT)
+ register: result
+ splunk.es.splunk_data_inputs_network: *id001
+
+ - name: Assert that task was idempotent
+ assert:
+ that:
+ - result['changed'] == false
+
+ always:
+ - include_tasks: _remove_din_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml
new file mode 100644
index 000000000..1fa3e577c
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml
@@ -0,0 +1,131 @@
+---
+- debug:
+ msg:
+ START data_inputs_network round trip integration tests on connection={{ ansible_connection
+ }}
+
+- include_tasks: _remove_din_config.yaml
+- include_tasks: _populate_din_config.yaml
+
+- block:
+ - name: Apply the provided configuration (base config)
+ register: base_config
+ splunk.es.splunk_data_inputs_network: &id001
+ state: merged
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: 8100
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 9
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: 8101
+ connection_host: ip
+ disabled: False
+ host: "$decideOnStartup"
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ token: 01234567-0123-0123-0123-012345678901
+ - protocol: udp
+ name: 7890
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ no_appending_timestamp: True
+ no_priority_stripping: True
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+
+ - name: Gather data inputs networks configuration facts
+ register: gather_result
+ splunk.es.splunk_data_inputs_network:
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ - protocol: udp
+ name: default:7890
+ state: gathered
+
+ - name: Apply the configuration which need to be reverted
+ register: result
+ splunk.es.splunk_data_inputs_network:
+ config:
+ - protocol: tcp
+ datatype: raw
+ name: 8100
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 10
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: 8101
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: test_token
+ token: 01234567-0123-0123-0123-012345678900
+ - protocol: udp
+ name: 7890
+ connection_host: ip
+ disabled: True
+ host: "$decideOnStartup"
+ index: default
+ no_appending_timestamp: False
+ no_priority_stripping: False
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ state: replaced
+
+ - assert:
+ that:
+ - result.changed == true
+ - "{{ replaced['before'] | symmetric_difference(result['data_inputs_network']['before']) |\
+ \ length == 0 }}"
+ - "{{ replaced['after'] | symmetric_difference(result['data_inputs_network']['after']) |\
+ \ length == 0 }}"
+
+ - name: Revert back to base config using facts round trip
+ register: revert
+ splunk.es.splunk_data_inputs_network:
+ config: "{{ gather_result['gathered'] }}"
+ state: replaced
+
+ - assert:
+ that:
+ - revert['changed'] == true
+ - "{{ merged['after'] | symmetric_difference(revert['data_inputs_network']['after']) |\
+ \ length == 1 }}"
+
+ always:
+ - include_tasks: _remove_din_config.yaml
diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml
new file mode 100644
index 000000000..942b75851
--- /dev/null
+++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml
@@ -0,0 +1,129 @@
+---
+merged:
+ before: []
+ before_merged:
+ - cipher_suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ datatype: ssl
+ disabled: true
+ host: $decideOnStartup
+ index: default
+ name: test_host
+ protocol: tcp
+
+ after:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 9
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ connection_host: ip
+ disabled: False
+ host: $decideOnStartup
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: splunktcptoken://test_token
+ token: 01234567-0123-0123-0123-012345678901
+ - protocol: tcp
+ datatype: ssl
+ name: test_host
+ cipher_suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
+ disabled: true
+ host: $decideOnStartup
+ index: default
+ - protocol: udp
+ name: default:7890
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ index: default
+ no_appending_timestamp: True
+ no_priority_stripping: True
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+
+replaced:
+ before:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 9
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ connection_host: ip
+ disabled: False
+ host: $decideOnStartup
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: splunktcptoken://test_token
+ token: 01234567-0123-0123-0123-012345678901
+ - protocol: udp
+ name: default:7890
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ index: default
+ no_appending_timestamp: True
+ no_priority_stripping: True
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ after:
+ - protocol: tcp
+ datatype: raw
+ name: default:8100
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ index: default
+ queue: parsingQueue
+ raw_tcp_done_timeout: 10
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type
+ - protocol: tcp
+ datatype: cooked
+ name: default:8101
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ restrict_to_host: default
+ - protocol: tcp
+ datatype: splunktcptoken
+ name: splunktcptoken://test_token
+ token: 01234567-0123-0123-0123-012345678900
+ - protocol: udp
+ name: default:7890
+ connection_host: ip
+ disabled: True
+ host: $decideOnStartup
+ index: default
+ no_appending_timestamp: False
+ no_priority_stripping: False
+ queue: parsingQueue
+ restrict_to_host: default
+ source: test_source
+ sourcetype: test_source_type