From 975f66f2eebe9dadba04f275774d4ab83f74cf25 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 14:04:41 +0200 Subject: Adding upstream version 7.7.0+dfsg. Signed-off-by: Daniel Baumann --- .../es/tests/integration/network-integration.cfg | 4 + .../es/tests/integration/target-prefixes.network | 1 + .../adaptive_response_notable_event/aliases | 1 + .../adaptive_response_notable_event/tasks/main.yml | 55 +++++++++ .../targets/correlation_search_info/aliases | 1 + .../targets/correlation_search_info/tasks/main.yml | 74 ++++++++++++ .../integration/targets/data_input_monitor/aliases | 1 + .../targets/data_input_monitor/tasks/main.yml | 58 +++++++++ .../integration/targets/data_input_network/aliases | 1 + .../targets/data_input_network/tasks/main.yml | 58 +++++++++ .../splunk_adaptive_response_notable_event/aliases | 1 + .../tasks/main.yml | 0 .../defaults/main.yaml | 2 + .../meta/main.yaml | 2 + .../tasks/cli.yaml | 18 +++ .../tasks/main.yaml | 7 ++ .../tasks/redirection.yaml | 6 + .../tests/_populate_dim_config.yaml | 49 ++++++++ .../tests/_remove_dim_config.yaml | 6 + .../tests/deleted.yaml | 33 ++++++ .../tests/gathered.yaml | 22 ++++ .../tests/merged.yaml | 82 +++++++++++++ .../tests/replaced.yaml | 53 +++++++++ .../tests/rtt.yaml | 102 ++++++++++++++++ .../vars/main.yaml | 101 ++++++++++++++++ .../tests/_populate_config.yaml | 38 ++++++ .../tests/_remove_config.yaml | 6 + .../splunk_correlation_searches/tests/deleted.yaml | 33 ++++++ .../tests/gathered.yaml | 23 ++++ .../splunk_correlation_searches/tests/merged.yaml | 70 +++++++++++ .../tests/replaced.yaml | 72 +++++++++++ .../splunk_correlation_searches/tests/rtt.yaml | 118 +++++++++++++++++++ .../splunk_data_inputs_monitor/defaults/main.yaml | 2 + .../splunk_data_inputs_monitor/meta/main.yaml | 2 + .../splunk_data_inputs_monitor/tasks/cli.yaml | 18 +++ .../splunk_data_inputs_monitor/tasks/main.yaml | 7 ++ .../tasks/redirection.yaml | 6 + .../tests/_populate_dim_config.yaml | 22 ++++ .../tests/_remove_dim_config.yaml | 6 + .../splunk_data_inputs_monitor/tests/deleted.yaml | 36 ++++++ .../splunk_data_inputs_monitor/tests/gathered.yaml | 25 ++++ .../splunk_data_inputs_monitor/tests/merged.yaml | 57 +++++++++ .../splunk_data_inputs_monitor/tests/replaced.yaml | 43 +++++++ .../splunk_data_inputs_monitor/tests/rtt.yaml | 73 ++++++++++++ .../splunk_data_inputs_monitor/vars/main.yaml | 46 ++++++++ .../splunk_data_inputs_network/defaults/main.yaml | 2 + .../splunk_data_inputs_network/meta/main.yaml | 2 + .../splunk_data_inputs_network/tasks/cli.yaml | 18 +++ .../splunk_data_inputs_network/tasks/main.yaml | 7 ++ .../tasks/redirection.yaml | 6 + .../tests/_populate_din_config.yaml | 43 +++++++ .../tests/_remove_din_config.yaml | 16 +++ .../splunk_data_inputs_network/tests/deleted.yaml | 47 ++++++++ .../splunk_data_inputs_network/tests/gathered.yaml | 38 ++++++ .../splunk_data_inputs_network/tests/merged.yaml | 77 ++++++++++++ .../splunk_data_inputs_network/tests/replaced.yaml | 72 +++++++++++ .../splunk_data_inputs_network/tests/rtt.yaml | 131 +++++++++++++++++++++ .../splunk_data_inputs_network/vars/main.yaml | 129 ++++++++++++++++++++ 58 files changed, 2029 insertions(+) create mode 100644 ansible_collections/splunk/es/tests/integration/network-integration.cfg create mode 100644 ansible_collections/splunk/es/tests/integration/target-prefixes.network create mode 100644 ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases create mode 100644 ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases create mode 100644 ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases create mode 100644 ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases create mode 100644 ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml create mode 100644 ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml (limited to 'ansible_collections/splunk/es/tests/integration') diff --git a/ansible_collections/splunk/es/tests/integration/network-integration.cfg b/ansible_collections/splunk/es/tests/integration/network-integration.cfg new file mode 100644 index 000000000..d12c1efe2 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/network-integration.cfg @@ -0,0 +1,4 @@ +[persistent_connection] +command_timeout = 100 +connect_timeout = 100 +connect_retry_timeout = 100 diff --git a/ansible_collections/splunk/es/tests/integration/target-prefixes.network b/ansible_collections/splunk/es/tests/integration/target-prefixes.network new file mode 100644 index 000000000..2a852434e --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/target-prefixes.network @@ -0,0 +1 @@ +splunk diff --git a/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases new file mode 100644 index 000000000..f4c7f6a2b --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/aliases @@ -0,0 +1 @@ +network/splunk diff --git a/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml new file mode 100644 index 000000000..d111fea78 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/adaptive_response_notable_event/tasks/main.yml @@ -0,0 +1,55 @@ +--- +- name: remove previous correlation_search + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "absent" + +- name: create correlation_search + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "present" + +- name: Test splunk.es.adaptive_response_notable_event + adaptive_response_notable_event: + name: "Fake notable event from playbook" + correlation_search_name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake notable event from playbook, description edition." + state: "present" + next_steps: + - ping + - nslookup + recommended_actions: + - script + - ansiblesecurityautomation + default_status: unassigned + register: adaptive_response_notable_event_out + +- name: Assert Create splunk.es.adaptive_response_notable_event CHANGED + assert: + that: + - adaptive_response_notable_event_out['changed'] == True + - adaptive_response_notable_event_out['failed'] == False + +- name: Validate splunk.es.adaptive_response_notable_event idempotent + adaptive_response_notable_event: + name: "Fake notable event from playbook" + correlation_search_name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake notable event from playbook, description edition." + state: "present" + next_steps: + - ping + - nslookup + recommended_actions: + - script + - ansiblesecurityautomation + register: adaptive_response_notable_event_out2 + +- name: Assert Create splunk.es.adaptive_response_notable_event IDEMPOTENT + assert: + that: + - adaptive_response_notable_event_out2['changed'] == False + - adaptive_response_notable_event_out2['failed'] == False diff --git a/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases new file mode 100644 index 000000000..f4c7f6a2b --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/aliases @@ -0,0 +1 @@ +network/splunk diff --git a/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml new file mode 100644 index 000000000..a2ae59ef4 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/correlation_search_info/tasks/main.yml @@ -0,0 +1,74 @@ +--- +- name: Cleanup old correlation_search + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "absent" + +- name: Test correlation_search - CREATE + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "present" + register: correlation_search_create_output + +- name: Assert Create splunk.es.correlation_search CHANGED + assert: + that: + - correlation_search_create_output['changed'] == True + - correlation_search_create_output['failed'] == False + +- name: Test correlation_search - CREATE IDEMPOTENT + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "present" + register: correlation_search_create_output2 + +- name: Assert Create splunk.es.correlation_search IDEMPOTENT + assert: + that: + - correlation_search_create_output2['changed'] == False + - correlation_search_create_output2['failed'] == False + +- name: Test correlation_search_info + correlation_search_info: + name: "Test Fake Coorelation Search From Playbook" + register: correlation_search_info_output + +- name: Assert Create splunk.es.correlation_search CHANGED + assert: + that: + - correlation_search_info_output['changed'] == False + - correlation_search_info_output['failed'] == False + +- name: Test correlation_search - DELETE + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "absent" + register: correlation_search_delete_output + +- name: Assert Create splunk.es.correlation_search CHANGED + assert: + that: + - correlation_search_delete_output['changed'] == True + - correlation_search_delete_output['failed'] == False + +- name: Test correlation_search - DELETE IDEMPOTENT + correlation_search: + name: "Test Fake Coorelation Search From Playbook" + description: "Test Fake Coorelation Search From Playbook, description edition." + search: 'source="/var/log/snort.log"' + state: "absent" + register: correlation_search_delete_output2 + +- name: Assert Create splunk.es.correlation_search IDEMPOTENT + assert: + that: + - correlation_search_delete_output2['changed'] == False + - correlation_search_delete_output2['failed'] == False diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases new file mode 100644 index 000000000..f4c7f6a2b --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/aliases @@ -0,0 +1 @@ +network/splunk diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml new file mode 100644 index 000000000..87459760e --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_monitor/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- name: Clean up previous data_input_monitor + data_input_monitor: + name: "/var/log/messages" + state: "absent" + recursive: True + +- name: Test data_input_monitor - CREATE + data_input_monitor: + name: "/var/log/messages" + state: "present" + recursive: True + register: data_input_monitor_output + +- name: Assert Create splunk.es.data_input_monitor CHANGED + assert: + that: + - data_input_monitor_output['changed'] == True + - data_input_monitor_output['failed'] == False + +- name: Test data_input_monitor - CREATE IDEMPOTENT + data_input_monitor: + name: "/var/log/messages" + state: "present" + recursive: True + register: data_input_monitor_output2 + +- name: Assert Create splunk.es.data_input_monitor CREATE IDEMPOTENT + assert: + that: + - data_input_monitor_output2['changed'] == False + - data_input_monitor_output2['failed'] == False + +- name: Test data_input_monitor - DELETE + data_input_monitor: + name: "/var/log/messages" + state: "absent" + recursive: True + register: data_input_monitor_absent_output + +- name: Assert Create splunk.es.data_input_monitor CHANGED + assert: + that: + - data_input_monitor_absent_output['changed'] == True + - data_input_monitor_absent_output['failed'] == False + +- name: Test data_input_monitor - DELETE IDEMPOTENT + data_input_monitor: + name: "/var/log/messages" + state: "absent" + recursive: True + register: data_input_monitor_absent_output2 + +- name: Assert Create splunk.es.data_input_monitor DELETE IDEMPOTENT + assert: + that: + - data_input_monitor_absent_output2['changed'] == False + - data_input_monitor_absent_output2['failed'] == False diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases new file mode 100644 index 000000000..f4c7f6a2b --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/aliases @@ -0,0 +1 @@ +network/splunk diff --git a/ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml new file mode 100644 index 000000000..5082458c0 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/data_input_network/tasks/main.yml @@ -0,0 +1,58 @@ +--- +- name: Cleanup previous data_input_network + data_input_network: + name: "8099" + protocol: "tcp" + state: "absent" + +- name: Test data_input_network - CREATE + data_input_network: + name: "8099" + protocol: "tcp" + state: "present" + register: data_input_network_output + +- name: Assert Create splunk.es.data_input_network CHANGED + assert: + that: + - data_input_network_output is changed + - data_input_network_output is not failed + +- name: Test data_input_network - CREATE IDEMPOTENT + data_input_network: + name: "8099" + protocol: "tcp" + state: "present" + register: data_input_network_output2 + +- name: Assert Create splunk.es.data_input_network CREATE IDEMPOTENT + assert: + that: + - data_input_network_output2 is not changed + - data_input_network_output2 is not failed + +- name: Test data_input_network - DELETE + data_input_network: + name: "8099" + protocol: "tcp" + state: "absent" + register: data_input_network_absent_output + +- name: Assert Create splunk.es.data_input_network CHANGED + assert: + that: + - data_input_network_absent_output is changed + - data_input_network_absent_output is not failed + +- name: Test data_input_network - DELETE IDEMPOTENT + data_input_network: + name: "8099" + protocol: "tcp" + state: "absent" + register: data_input_network_absent_output2 + +- name: Assert Create splunk.es.data_input_network DELETE IDEMPOTENT + assert: + that: + - data_input_network_absent_output2 is not changed + - data_input_network_absent_output2 is not failed diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases new file mode 100644 index 000000000..f4c7f6a2b --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/aliases @@ -0,0 +1 @@ +network/splunk diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_event/tasks/main.yml new file mode 100644 index 000000000..e69de29bb diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml new file mode 100644 index 000000000..10c0fabcb --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml new file mode 100644 index 000000000..23d65c7ef --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml new file mode 100644 index 000000000..dcc81f25f --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/cli.yaml @@ -0,0 +1,18 @@ +--- +- name: collect all test cases + find: + paths: '{{ role_path }}/tests' + patterns: '{{ testcase }}.yaml' + register: test_cases + +- name: set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + include: '{{ test_case_to_run }}' + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: '{{ test_items }}' + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml new file mode 100644 index 000000000..62cc1ae1e --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- include: cli.yaml + tags: + - cli + +- include: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml new file mode 100644 index 000000000..bafc23a45 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: collect all test cases + find: + paths: '{{ role_path }}/tests/redirection' + patterns: '{{ testcase }}.yaml' + register: test_cases diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml new file mode 100644 index 000000000..02e9074da --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_populate_dim_config.yaml @@ -0,0 +1,49 @@ +--- +- name: create test correlation search + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + description: test description + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + state: merged + +- name: populate notable event adaptive response for test correlation search + splunk.es.splunk_adaptive_response_notable_events: + config: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + drilldown_name: test_drill_name + drilldown_search: test_drill + extract_artifacts: + asset: + - src + - dest + - dvc + - orig_host + identity: + - src_user + - user + - src_user_id + - src_user_role + - user_id + - user_role + - vendor_account + investigation_profiles: + - test profile 1 + - test profile 2 + - test profile 3 + next_steps: + - makestreams + - nbtstat + - nslookup + name: ansible_test_notable + recommended_actions: + - email + - logevent + - makestreams + - nbtstat + security_domain: threat + severity: high + state: merged \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml new file mode 100644 index 000000000..ab4a4a278 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/_remove_dim_config.yaml @@ -0,0 +1,6 @@ +--- +- name: create test correlation search + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + state: deleted diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml new file mode 100644 index 000000000..e2fa5c8cf --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/deleted.yaml @@ -0,0 +1,33 @@ +--- +- debug: + msg: Start Deleted integration state for adaptive_response_notable_events ansible_connection={{ ansible_connection }} + +- include_tasks: _remove_dim_config.yaml + +- include_tasks: _populate_dim_config.yaml + +- block: + - name: Delete adaptive response notable events config + splunk.es.splunk_adaptive_response_notable_events: &id001 + config: + - correlation_search_name: Ansible Test + state: deleted + register: result + + - assert: + that: + - result.changed == true + - merged['after'] == result['adaptive_response_notable_events']['before'] + - merged['before'] == result['adaptive_response_notable_events']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + splunk.es.splunk_adaptive_response_notable_events: *id001 + + - name: Assert that the previous delete task was idempotent + assert: + that: + - result.changed == false + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml new file mode 100644 index 000000000..f5003ee06 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/gathered.yaml @@ -0,0 +1,22 @@ +--- +- debug: + msg: START adaptive_response_notable_events gathered integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_dim_config.yaml + +- include_tasks: _populate_dim_config.yaml + +- block: + - name: Gather adaptive response notable events config + splunk.es.splunk_adaptive_response_notable_events: + config: + - correlation_search_name: Ansible Test + state: gathered + register: result + + - assert: + that: + - merged['after'] == result['adaptive_response_notable_events']['gathered'] + - result['changed'] == false + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml new file mode 100644 index 000000000..6c949f830 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/merged.yaml @@ -0,0 +1,82 @@ +--- +- debug: + msg: + START Merged adaptive_response_notable_events state for integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_dim_config.yaml + +- block: + - name: create test correlation search + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + description: test description + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + state: merged + + - name: Merge and create new adaptive response notable events configuration + tags: merged + register: result + splunk.es.splunk_adaptive_response_notable_events: &id001 + state: merged + config: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + drilldown_name: test_drill_name + drilldown_search: test_drill + extract_artifacts: + asset: + - src + - dest + - dvc + - orig_host + identity: + - src_user + - user + - src_user_id + - src_user_role + - user_id + - user_role + - vendor_account + investigation_profiles: + - test profile 1 + - test profile 2 + - test profile 3 + next_steps: + - makestreams + - nbtstat + - nslookup + name: ansible_test_notable + recommended_actions: + - email + - logevent + - makestreams + - nbtstat + security_domain: threat + severity: high + + - name: Assert that task reports change and after dict is correctly generated + assert: + that: + - result['changed'] == true + - merged['after'] == result['adaptive_response_notable_events']['after'] + + - name: Assert that before dicts are correctly generated + assert: + that: + - merged['before'] == result['adaptive_response_notable_events']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + splunk.es.splunk_adaptive_response_notable_events: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml new file mode 100644 index 000000000..47cf117b2 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/replaced.yaml @@ -0,0 +1,53 @@ +--- +- debug: + msg: START Replaced adaptive_response_notable_events state for integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_dim_config.yaml +- include_tasks: _populate_dim_config.yaml + +- block: + - name: Replace existing adaptive response notable events configuration + register: result + splunk.es.splunk_adaptive_response_notable_events: &id001 + state: replaced + config: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + extract_artifacts: + asset: + - src + - dest + identity: + - src_user + - user + - src_user_id + next_steps: + - makestreams + name: ansible_test_notable + recommended_actions: + - email + - logevent + security_domain: threat + severity: high + + - assert: + that: + - result.changed == true + - replaced['before'] == result['adaptive_response_notable_events']['before'] + - replaced['after'] == result['adaptive_response_notable_events']['after'] + + - name: + Replaces device configuration of listed adaptive response notable events configuration with + provided configuration (IDEMPOTENT) + register: result + splunk.es.splunk_adaptive_response_notable_events: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml new file mode 100644 index 000000000..dfb936ff0 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/tests/rtt.yaml @@ -0,0 +1,102 @@ +--- +- debug: + msg: START adaptive_response_notable_events round trip integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_dim_config.yaml +- include_tasks: _populate_dim_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + splunk.es.splunk_adaptive_response_notable_events: &id001 + state: merged + config: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + drilldown_name: test_drill_name + drilldown_search: test_drill + extract_artifacts: + asset: + - src + - dest + - dvc + - orig_host + identity: + - src_user + - user + - src_user_id + - src_user_role + - user_id + - user_role + - vendor_account + investigation_profiles: + - test profile 1 + - test profile 2 + - test profile 3 + next_steps: + - makestreams + - nbtstat + - nslookup + name: ansible_test_notable + recommended_actions: + - email + - logevent + - makestreams + - nbtstat + security_domain: threat + severity: high + + - name: Gather adaptive response notable events configuration facts + register: gather_result + splunk.es.splunk_adaptive_response_notable_events: + config: + - correlation_search_name: Ansible Test + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + splunk.es.splunk_adaptive_response_notable_events: + config: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + extract_artifacts: + asset: + - src + - dest + identity: + - src_user + - user + - src_user_id + next_steps: + - makestreams + name: ansible_test_notable + recommended_actions: + - email + - logevent + security_domain: threat + severity: high + state: replaced + + - assert: + that: + - result.changed == true + - replaced['before'] == result['adaptive_response_notable_events']['before'] + - replaced['after'] == result['adaptive_response_notable_events']['after'] + + - name: Revert back to base config using facts round trip + register: revert + splunk.es.splunk_adaptive_response_notable_events: + config: "{{ gather_result['adaptive_response_notable_events']['gathered'] }}" + state: replaced + + - assert: + that: + - revert['changed'] == true + - merged['after'] == revert['adaptive_response_notable_events']['after'] + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml new file mode 100644 index 000000000..8116add0d --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_adaptive_response_notable_events/vars/main.yaml @@ -0,0 +1,101 @@ +--- +merged: + before: [] + + after: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + drilldown_name: test_drill_name + drilldown_search: test_drill + extract_artifacts: + asset: + - src + - dest + - dvc + - orig_host + identity: + - src_user + - user + - src_user_id + - src_user_role + - user_id + - user_role + - vendor_account + investigation_profiles: + - test profile 1 + - test profile 2 + - test profile 3 + next_steps: + - makestreams + - nbtstat + - nslookup + name: ansible_test_notable + recommended_actions: + - email + - logevent + - makestreams + - nbtstat + security_domain: threat + severity: high + +replaced: + before: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + drilldown_name: test_drill_name + drilldown_search: test_drill + extract_artifacts: + asset: + - src + - dest + - dvc + - orig_host + identity: + - src_user + - user + - src_user_id + - src_user_role + - user_id + - user_role + - vendor_account + investigation_profiles: + - test profile 1 + - test profile 2 + - test profile 3 + next_steps: + - makestreams + - nbtstat + - nslookup + name: ansible_test_notable + recommended_actions: + - email + - logevent + - makestreams + - nbtstat + security_domain: threat + severity: high + after: + - correlation_search_name: Ansible Test + description: test notable event + drilldown_earliest_offset: $info_min_time$ + drilldown_latest_offset: $info_max_time$ + extract_artifacts: + asset: + - src + - dest + identity: + - src_user + - user + - src_user_id + next_steps: + - makestreams + name: ansible_test_notable + recommended_actions: + - email + - logevent + security_domain: threat + severity: high \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml new file mode 100644 index 000000000..39b507ff3 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_populate_config.yaml @@ -0,0 +1,38 @@ +--- +- name: merge corre config + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + disabled: false + description: test description + app: DA-ESS-EndpointProtection + annotations: + cis20: + - test1 + mitre_attack: + - test2 + kill_chain_phases: + - test3 + nist: + - test4 + custom: + - framework: test_framework + custom_annotations: + - test5 + ui_dispatch_context: SplunkEnterpriseSecuritySuite + time_earliest: -24h + time_latest: now + cron_schedule: "*/5 * * * *" + scheduling: realtime + schedule_window: 0 + schedule_priority: default + trigger_alert: once + trigger_alert_when: number of events + trigger_alert_when_condition: greater than + trigger_alert_when_value: 10 + throttle_window_duration: 5s + throttle_fields_to_group_by: + - test_field1 + suppress_alerts: False + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + state: merged \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml new file mode 100644 index 000000000..7707f9191 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/_remove_config.yaml @@ -0,0 +1,6 @@ +--- +- name: delete correlation search + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + state: deleted \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml new file mode 100644 index 000000000..363f0f3b5 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/deleted.yaml @@ -0,0 +1,33 @@ +--- +- debug: + msg: Start Deleted integration state for correlation_searches ansible_connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Delete correlation searches config + splunk.es.splunk_correlation_searches: &id001 + config: + - name: Ansible Test + state: deleted + register: result + + - assert: + that: + - result.changed == true + - merged['after'] == result['correlation_searches']['before'] + - merged['before'] == result['correlation_searches']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + splunk.es.splunk_correlation_searches: *id001 + + - name: Assert that the previous delete task was idempotent + assert: + that: + - result.changed == false + + always: + - include_tasks: _remove_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml new file mode 100644 index 000000000..f612ab397 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/gathered.yaml @@ -0,0 +1,23 @@ +--- +- debug: + msg: START correlation_searches gathered integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml + +- include_tasks: _populate_config.yaml + +- block: + - name: Gather correlation searches config + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + - name: Ansible Test1 + state: gathered + register: result + + - assert: + that: + - merged['after'] == result['gathered'] + - result['changed'] == false + always: + - include_tasks: _remove_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml new file mode 100644 index 000000000..a83d1aacf --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/merged.yaml @@ -0,0 +1,70 @@ +--- +- debug: + msg: START Merged correlation_searches state for integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_config.yaml + +- block: + - name: Merge and create new correlation searches configuration + tags: merged + register: result + splunk.es.splunk_correlation_searches: &id001 + state: merged + config: + - name: Ansible Test + disabled: false + description: test description + app: DA-ESS-EndpointProtection + annotations: + cis20: + - test1 + mitre_attack: + - test2 + kill_chain_phases: + - test3 + nist: + - test4 + custom: + - framework: test_framework + custom_annotations: + - test5 + ui_dispatch_context: SplunkEnterpriseSecuritySuite + time_earliest: -24h + time_latest: now + cron_schedule: "*/5 * * * *" + scheduling: realtime + schedule_window: 0 + schedule_priority: default + trigger_alert: once + trigger_alert_when: number of events + trigger_alert_when_condition: greater than + trigger_alert_when_value: 10 + throttle_window_duration: 5s + throttle_fields_to_group_by: + - test_field1 + suppress_alerts: False + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + + - name: Assert that task reports change and after dict is correctly generated + assert: + that: + - result['changed'] == true + - merged['after'] == result['correlation_searches']['after'] + + - name: Assert that before dicts are correctly generated + assert: + that: + - merged['before'] == result['correlation_searches']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + splunk.es.splunk_correlation_searches: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml new file mode 100644 index 000000000..a41649a5b --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/replaced.yaml @@ -0,0 +1,72 @@ +--- +- debug: + msg: START Replaced correlation_searches state for integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml +- include_tasks: _populate_config.yaml + +- block: + + - name: Replace existing correlation searches configuration + register: result + splunk.es.splunk_correlation_searches: &id001 + state: replaced + config: + - name: Ansible Test + disabled: false + description: test description + app: SplunkEnterpriseSecuritySuite + annotations: + cis20: + - test1 + - test2 + mitre_attack: + - test3 + - test4 + kill_chain_phases: + - test5 + - test6 + nist: + - test7 + - test8 + custom: + - framework: test_framework2 + custom_annotations: + - test9 + - test10 + ui_dispatch_context: SplunkEnterpriseSecuritySuite + time_earliest: -24h + time_latest: now + cron_schedule: "*/5 * * * *" + scheduling: continuous + schedule_window: auto + schedule_priority: default + trigger_alert: once + trigger_alert_when: number of events + trigger_alert_when_condition: greater than + trigger_alert_when_value: 10 + throttle_window_duration: 5s + throttle_fields_to_group_by: + - test_field1 + - test_field2 + suppress_alerts: True + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + + - assert: + that: + - result.changed == true + - replaced['before'] == result['correlation_searches']['before'] + - replaced['after'] == result['correlation_searches']['after'] + + - name: Replaces device configuration of listed data inputs networks configuration with + provided configuration (IDEMPOTENT) + register: result + splunk.es.splunk_correlation_searches: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml new file mode 100644 index 000000000..151e7305a --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_correlation_searches/tests/rtt.yaml @@ -0,0 +1,118 @@ +--- +- debug: + msg: START correlation_searches round trip integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_config.yaml +- include_tasks: _populate_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + splunk.es.splunk_correlation_searches: &id001 + state: merged + config: + - name: Ansible Test 3 + disabled: false + description: test description + app: DA-ESS-EndpointProtection + annotations: + cis20: + - test1 + mitre_attack: + - test2 + kill_chain_phases: + - test3 + nist: + - test4 + custom: + - framework: test_framework + custom_annotations: + - test5 + ui_dispatch_context: SplunkEnterpriseSecuritySuite + time_earliest: -24h + time_latest: now + cron_schedule: "*/5 * * * *" + scheduling: realtime + schedule_window: 0 + schedule_priority: default + trigger_alert: once + trigger_alert_when: number of events + trigger_alert_when_condition: greater than + trigger_alert_when_value: 10 + throttle_window_duration: 5s + throttle_fields_to_group_by: + - test_field1 + suppress_alerts: False + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + + - name: Gather correlation searches configuration facts + register: gather_result + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + splunk.es.splunk_correlation_searches: + config: + - name: Ansible Test + disabled: false + description: test description + app: SplunkEnterpriseSecuritySuite + annotations: + cis20: + - test1 + - test2 + mitre_attack: + - test3 + - test4 + kill_chain_phases: + - test5 + - test6 + nist: + - test7 + - test8 + custom: + - framework: test_framework2 + custom_annotations: + - test9 + - test10 + ui_dispatch_context: SplunkEnterpriseSecuritySuite + time_earliest: -24h + time_latest: now + cron_schedule: "*/5 * * * *" + scheduling: continuous + schedule_window: auto + schedule_priority: default + trigger_alert: once + trigger_alert_when: number of events + trigger_alert_when_condition: greater than + trigger_alert_when_value: 10 + throttle_window_duration: 5s + throttle_fields_to_group_by: + - test_field1 + - test_field2 + suppress_alerts: True + search: '| tstats summariesonly=true values("Authentication.tag") as "tag",dc("Authentication.user") as "user_count",dc("Authentication.dest") as "dest_count",count from datamodel="Authentication"."Authentication" where nodename="Authentication.Failed_Authentication" by "Authentication.app","Authentication.src" | rename "Authentication.app" as "app","Authentication.src" as "src" | where "count">=6' + state: replaced + + - assert: + that: + - result.changed == true + - replaced['before'] == result['correlation_searches']['before'] + - replaced['after'] == result['correlation_searches']['after'] + + - name: Revert back to base config using facts round trip + register: revert + splunk.es.splunk_correlation_searches: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - assert: + that: + - revert['changed'] == true + - merged['after'] == revert['correlation_searches']['after'] + + always: + - include_tasks: _remove_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml new file mode 100644 index 000000000..10c0fabcb --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml new file mode 100644 index 000000000..23d65c7ef --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml new file mode 100644 index 000000000..dcc81f25f --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/cli.yaml @@ -0,0 +1,18 @@ +--- +- name: collect all test cases + find: + paths: '{{ role_path }}/tests' + patterns: '{{ testcase }}.yaml' + register: test_cases + +- name: set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + include: '{{ test_case_to_run }}' + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: '{{ test_items }}' + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml new file mode 100644 index 000000000..62cc1ae1e --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- include: cli.yaml + tags: + - cli + +- include: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml new file mode 100644 index 000000000..bafc23a45 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: collect all test cases + find: + paths: '{{ role_path }}/tests/redirection' + patterns: '{{ testcase }}.yaml' + register: test_cases diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml new file mode 100644 index 000000000..2bb0129a4 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_populate_dim_config.yaml @@ -0,0 +1,22 @@ +--- +- name: Populate data inputs config + splunk.es.splunk_data_inputs_monitor: + config: + - name: "/var/log" + blacklist: '/\/var\/log\/[a-z]/gm' + check_index: True + check_path: True + crc_salt: + disabled: False + follow_tail: False + host: "$decideOnStartup" + host_regex: "/(test_host)/gm" + host_segment: 3 + ignore_older_than: 5d + index: default + recursive: True + rename_source: test + sourcetype: test_source_type + time_before_close: 4 + whitelist: '/\/var\/log\/[a-z]/gm' + state: merged \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml new file mode 100644 index 000000000..d0fdb2d90 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/_remove_dim_config.yaml @@ -0,0 +1,6 @@ +--- +- name: Delete data inputs config + splunk.es.splunk_data_inputs_monitor: + config: + - name: "/var/log" + state: deleted \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml new file mode 100644 index 000000000..8f19b500f --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/deleted.yaml @@ -0,0 +1,36 @@ +--- +- debug: + msg: Start Deleted integration state for data_inputs_monitors ansible_connection={{ ansible_connection + }} + +- include_tasks: _remove_dim_config.yaml + +- include_tasks: _populate_dim_config.yaml + +- block: + - name: Delete data inputs monitors config + splunk.es.splunk_data_inputs_monitor: &id001 + config: + - name: /var/log + state: deleted + register: result + + - assert: + that: + - result.changed == true + - "{{ merged['after'] | dict2items |\ + symmetric_difference(result['data_inputs_monitor']['before'][0] |\ + dict2items)| length==5}}" + - merged['before'] == result['data_inputs_monitor']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + splunk.es.splunk_data_inputs_monitor: *id001 + + - name: Assert that the previous delete task was idempotent + assert: + that: + - result.changed == false + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml new file mode 100644 index 000000000..84aae2076 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/gathered.yaml @@ -0,0 +1,25 @@ +--- +- debug: + msg: START data_inputs_monitors gathered integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_dim_config.yaml + +- include_tasks: _populate_dim_config.yaml + +- block: + - name: Gather data inputs monitors config + splunk.es.splunk_data_inputs_monitor: + config: + - name: "/var/log" + state: gathered + register: result + + - assert: + that: + - "{{ merged['after'] | dict2items |\ + symmetric_difference(result['gathered'][0] |\ + dict2items)| length==5}}" + - result['changed'] == false + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml new file mode 100644 index 000000000..0388c26c1 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/merged.yaml @@ -0,0 +1,57 @@ +--- +- debug: + msg: START Merged data_inputs_monitor state for integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_dim_config.yaml + +- block: + - name: Merge and create new data inputs monitors configuration + tags: merged + register: result + splunk.es.splunk_data_inputs_monitor: &id001 + state: merged + config: + - name: "/var/log" + blacklist: '/\/var\/log\/[a-z]/gm' + check_index: True + check_path: True + crc_salt: + disabled: False + follow_tail: False + host: "$decideOnStartup" + host_regex: "/(test_host)/gm" + host_segment: 3 + ignore_older_than: 5d + index: default + recursive: True + rename_source: test + sourcetype: test_source_type + time_before_close: 4 + whitelist: '/\/var\/log\/[a-z]/gm' + + - name: Assert that task reports change and after dict is correctly generated + assert: + that: + - result['changed'] == true + - "{{ merged['after'] | dict2items |\ + symmetric_difference(result['data_inputs_monitor']['after'][0] |\ + dict2items)| length==5}}" + + - name: Assert that before dicts are correctly generated + assert: + that: + - merged['before'] == result['data_inputs_monitor']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + splunk.es.splunk_data_inputs_monitor: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + + always: + + - include_tasks: _remove_dim_config.yaml \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml new file mode 100644 index 000000000..7a9dd8c46 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/replaced.yaml @@ -0,0 +1,43 @@ +--- +- debug: + msg: START Replaced data_inputs_monitor state for integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_dim_config.yaml +- include_tasks: _populate_dim_config.yaml + +- block: + + - name: Replace existing data inputs monitors configuration + register: result + splunk.es.splunk_data_inputs_monitor: &id001 + state: replaced + config: + - name: "/var/log" + blacklist: '/\/var\/log\/[a-z0-9]/gm' + crc_salt: + + + - assert: + that: + - result.changed == true + - "{{ replaced['before'] | dict2items |\ + symmetric_difference(result['data_inputs_monitor']['before'][0] |\ + dict2items) | length==5}}" + - "{{ replaced['after'] | dict2items |\ + symmetric_difference(result['data_inputs_monitor']['after'][0] |\ + dict2items) | length==3}}" + + - name: Replaces device configuration of listed data inputs networks configuration with + provided configuration (IDEMPOTENT) + register: result + splunk.es.splunk_data_inputs_monitor: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + + always: + + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml new file mode 100644 index 000000000..4025c446c --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/tests/rtt.yaml @@ -0,0 +1,73 @@ +--- +- debug: + msg: START data_inputs_monitor round trip integration tests on connection={{ ansible_connection }} + +- include_tasks: _remove_dim_config.yaml +- include_tasks: _populate_dim_config.yaml + +- block: + + - name: Apply the provided configuration (base config) + register: base_config + splunk.es.splunk_data_inputs_monitor: &id001 + state: merged + config: + - name: "/var/log" + blacklist: '/\/var\/log\/[a-z]/gm' + check_index: True + check_path: True + crc_salt: + disabled: False + follow_tail: False + host: "$decideOnStartup" + host_regex: "/(test_host)/gm" + host_segment: 3 + ignore_older_than: 5d + index: default + recursive: True + rename_source: test + sourcetype: test_source_type + time_before_close: 4 + whitelist: '/\/var\/log\/[a-z]/gm' + + - name: Gather data inputs monitors configuration facts + register: gather_result + splunk.es.splunk_data_inputs_monitor: + config: + - name: "/var/log" + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + splunk.es.splunk_data_inputs_monitor: + config: + - name: "/var/log" + blacklist: '/\/var\/log\/[a-z0-9]/gm' + crc_salt: + state: replaced + + - assert: + that: + - result.changed == true + - "{{ replaced['before'] | dict2items |\ + symmetric_difference(result['data_inputs_monitor']['before'][0] |\ + dict2items) | length==5}}" + - "{{ replaced['after'] | dict2items |\ + symmetric_difference(result['data_inputs_monitor']['after'][0] |\ + dict2items) | length==3}}" + + - name: Revert back to base config using facts round trip + register: revert + splunk.es.splunk_data_inputs_monitor: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | dict2items |\ + symmetric_difference(revert['data_inputs_monitor']['after'][0] |\ + dict2items)| length==5}}" + + always: + - include_tasks: _remove_dim_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml new file mode 100644 index 000000000..881a750b4 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_monitor/vars/main.yaml @@ -0,0 +1,46 @@ +--- +merged: + before: [] + + after: + name: "/var/log" + blacklist: '/\/var\/log\/[a-z]/gm' + check_index: True + check_path: True + crc_salt: + disabled: False + follow_tail: False + host: "$decideOnStartup" + host_regex: "/(test_host)/gm" + host_segment: 3 + ignore_older_than: 5d + index: default + recursive: True + rename_source: test + sourcetype: test_source_type + time_before_close: + whitelist: '/\/var\/log\/[a-z]/gm' + +replaced: + before: + name: "/var/log" + blacklist: '/\/var\/log\/[a-z]/gm' + check_index: True + check_path: True + crc_salt: + disabled: False + follow_tail: False + host: "$decideOnStartup" + host_regex: "/(test_host)/gm" + host_segment: 3 + ignore_older_than: 5d + index: default + recursive: True + rename_source: test + sourcetype: test_source_type + time_before_close: + whitelist: '/\/var\/log\/[a-z]/gm' + after: + name: "/var/log" + blacklist: '/\/var\/log\/[a-z0-9]/gm' + crc_salt: \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml new file mode 100644 index 000000000..10c0fabcb --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/defaults/main.yaml @@ -0,0 +1,2 @@ +--- +testcase: '*' diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml new file mode 100644 index 000000000..23d65c7ef --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/meta/main.yaml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml new file mode 100644 index 000000000..dcc81f25f --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/cli.yaml @@ -0,0 +1,18 @@ +--- +- name: collect all test cases + find: + paths: '{{ role_path }}/tests' + patterns: '{{ testcase }}.yaml' + register: test_cases + +- name: set test_items + set_fact: test_items="{{ test_cases.files | map(attribute='path') | list }}" + +- name: Run test case (connection=ansible.netcommon.httpapi) + include: '{{ test_case_to_run }}' + vars: + ansible_connection: ansible.netcommon.httpapi + with_items: '{{ test_items }}' + loop_control: + loop_var: test_case_to_run + tags: connection_httpapi diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml new file mode 100644 index 000000000..62cc1ae1e --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/main.yaml @@ -0,0 +1,7 @@ +--- +- include: cli.yaml + tags: + - cli + +- include: redirection.yaml + when: ansible_version.full is version('2.10.0', '>=') diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml new file mode 100644 index 000000000..bafc23a45 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tasks/redirection.yaml @@ -0,0 +1,6 @@ +--- +- name: collect all test cases + find: + paths: '{{ role_path }}/tests/redirection' + patterns: '{{ testcase }}.yaml' + register: test_cases diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml new file mode 100644 index 000000000..60f87afbf --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_populate_din_config.yaml @@ -0,0 +1,43 @@ +--- +- name: merge data inputs config + splunk.es.splunk_data_inputs_network: + config: + - protocol: tcp + datatype: raw + name: 8100 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + queue: parsingQueue + raw_tcp_done_timeout: 9 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: 8101 + connection_host: ip + disabled: False + host: "$decideOnStartup" + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: test_token + token: "01234567-0123-0123-0123-012345678901" + - protocol: tcp + datatype: ssl + name: test_host + - protocol: udp + name: 7890 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + no_appending_timestamp: True + no_priority_stripping: True + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + state: merged \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml new file mode 100644 index 000000000..bf904c27d --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/_remove_din_config.yaml @@ -0,0 +1,16 @@ +--- +- name: delete data inputs config + splunk.es.splunk_data_inputs_network: + config: + - protocol: tcp + datatype: raw + name: default:8100 + - protocol: tcp + datatype: cooked + name: default:8101 + - protocol: tcp + datatype: splunktcptoken + name: test_token + - protocol: udp + name: default:7890 + state: deleted \ No newline at end of file diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml new file mode 100644 index 000000000..08974bab5 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/deleted.yaml @@ -0,0 +1,47 @@ +--- +- debug: + msg: + Start Deleted integration state for data_inputs_network ansible_connection={{ ansible_connection + }} + +- include_tasks: _remove_din_config.yaml + +- include_tasks: _populate_din_config.yaml + +- block: + - name: Delete data inputs networks config + splunk.es.splunk_data_inputs_network: &id001 + config: + - protocol: tcp + datatype: raw + name: default:8100 + - protocol: tcp + datatype: cooked + name: default:8101 + - protocol: tcp + datatype: splunktcptoken + name: test_token + token: "01234567-0123-0123-0123-012345678901" + - protocol: udp + name: default:7890 + state: deleted + register: result + + - assert: + that: + - result.changed == true + - "{{ merged['after'] | symmetric_difference(result['data_inputs_network']['before']) |\ + \ length == 1 }}" + - merged['before'] == result['data_inputs_network']['after'] + + - name: Delete attributes of all configured interfaces (IDEMPOTENT) + register: result + splunk.es.splunk_data_inputs_network: *id001 + + - name: Assert that the previous delete task was idempotent + assert: + that: + - result.changed == false + + always: + - include_tasks: _remove_din_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml new file mode 100644 index 000000000..252ddc7df --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/gathered.yaml @@ -0,0 +1,38 @@ +--- +- debug: + msg: + START data_inputs_network gathered integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_din_config.yaml + +- include_tasks: _populate_din_config.yaml + +- block: + - name: Gather data inputs networks config + splunk.es.splunk_data_inputs_network: + config: + - protocol: tcp + datatype: raw + name: default:8100 + - protocol: tcp + datatype: cooked + name: default:8101 + - protocol: tcp + datatype: splunktcptoken + name: test_token + - protocol: tcp + datatype: ssl + name: test_host + - protocol: udp + name: default:7890 + state: gathered + register: result + + - assert: + that: + - "{{ merged['after'] | symmetric_difference(result['gathered']) |\ + \ length == 0 }}" + - result['changed'] == false + always: + - include_tasks: _remove_din_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml new file mode 100644 index 000000000..842524ec6 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/merged.yaml @@ -0,0 +1,77 @@ +--- +- debug: + msg: + START Merged data_inputs_network state for integration tests on connection={{ + ansible_connection }} + +- include_tasks: _remove_din_config.yaml + +- block: + - name: Merge and create new data inputs networks configuration + tags: merged + register: result + splunk.es.splunk_data_inputs_network: &id001 + state: merged + config: + - protocol: tcp + datatype: raw + name: 8100 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + queue: parsingQueue + raw_tcp_done_timeout: 9 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: 8101 + connection_host: ip + disabled: False + host: "$decideOnStartup" + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: test_token + token: 01234567-0123-0123-0123-012345678901 + - protocol: tcp + datatype: ssl + name: test_host + - protocol: udp + name: 7890 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + no_appending_timestamp: True + no_priority_stripping: True + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + + - name: Assert that task reports change and after dict is correctly generated + assert: + that: + - result['changed'] == true + - "{{ merged['after'] | symmetric_difference(result['data_inputs_network']['after']) |\ + \ length == 0 }}" + + - name: Assert that before dicts are correctly generated + assert: + that: + - merged['before_merged'] == result['data_inputs_network']['before'] + + - name: Merge provided configuration with device configuration (IDEMPOTENT) + register: result + splunk.es.splunk_data_inputs_network: *id001 + + - name: Assert that the previous task was idempotent + assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_din_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml new file mode 100644 index 000000000..340df5282 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/replaced.yaml @@ -0,0 +1,72 @@ +--- +- debug: + msg: + START Replaced data_inputs_network state for integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_din_config.yaml +- include_tasks: _populate_din_config.yaml + +- block: + - name: Replace existing data inputs networks configuration + register: result + splunk.es.splunk_data_inputs_network: &id001 + state: replaced + config: + - protocol: tcp + datatype: raw + name: 8100 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + queue: parsingQueue + raw_tcp_done_timeout: 10 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: 8101 + connection_host: ip + disabled: True + host: "$decideOnStartup" + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: test_token + token: 01234567-0123-0123-0123-012345678900 + - protocol: udp + name: 7890 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + no_appending_timestamp: False + no_priority_stripping: False + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + + - assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['data_inputs_network']['before']) |\ + \ length == 0 }}" + - "{{ replaced['after'] | symmetric_difference(result['data_inputs_network']['after']) |\ + \ length == 0 }}" + + - name: + Replaces device configuration of listed data inputs networks configuration with + provided configuration (IDEMPOTENT) + register: result + splunk.es.splunk_data_inputs_network: *id001 + + - name: Assert that task was idempotent + assert: + that: + - result['changed'] == false + + always: + - include_tasks: _remove_din_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml new file mode 100644 index 000000000..1fa3e577c --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/tests/rtt.yaml @@ -0,0 +1,131 @@ +--- +- debug: + msg: + START data_inputs_network round trip integration tests on connection={{ ansible_connection + }} + +- include_tasks: _remove_din_config.yaml +- include_tasks: _populate_din_config.yaml + +- block: + - name: Apply the provided configuration (base config) + register: base_config + splunk.es.splunk_data_inputs_network: &id001 + state: merged + config: + - protocol: tcp + datatype: raw + name: 8100 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + queue: parsingQueue + raw_tcp_done_timeout: 9 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: 8101 + connection_host: ip + disabled: False + host: "$decideOnStartup" + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: test_token + token: 01234567-0123-0123-0123-012345678901 + - protocol: udp + name: 7890 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + no_appending_timestamp: True + no_priority_stripping: True + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + + - name: Gather data inputs networks configuration facts + register: gather_result + splunk.es.splunk_data_inputs_network: + config: + - protocol: tcp + datatype: raw + name: default:8100 + - protocol: tcp + datatype: cooked + name: default:8101 + - protocol: tcp + datatype: splunktcptoken + name: test_token + - protocol: udp + name: default:7890 + state: gathered + + - name: Apply the configuration which need to be reverted + register: result + splunk.es.splunk_data_inputs_network: + config: + - protocol: tcp + datatype: raw + name: 8100 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + queue: parsingQueue + raw_tcp_done_timeout: 10 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: 8101 + connection_host: ip + disabled: True + host: "$decideOnStartup" + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: test_token + token: 01234567-0123-0123-0123-012345678900 + - protocol: udp + name: 7890 + connection_host: ip + disabled: True + host: "$decideOnStartup" + index: default + no_appending_timestamp: False + no_priority_stripping: False + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + state: replaced + + - assert: + that: + - result.changed == true + - "{{ replaced['before'] | symmetric_difference(result['data_inputs_network']['before']) |\ + \ length == 0 }}" + - "{{ replaced['after'] | symmetric_difference(result['data_inputs_network']['after']) |\ + \ length == 0 }}" + + - name: Revert back to base config using facts round trip + register: revert + splunk.es.splunk_data_inputs_network: + config: "{{ gather_result['gathered'] }}" + state: replaced + + - assert: + that: + - revert['changed'] == true + - "{{ merged['after'] | symmetric_difference(revert['data_inputs_network']['after']) |\ + \ length == 1 }}" + + always: + - include_tasks: _remove_din_config.yaml diff --git a/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml new file mode 100644 index 000000000..942b75851 --- /dev/null +++ b/ansible_collections/splunk/es/tests/integration/targets/splunk_data_inputs_network/vars/main.yaml @@ -0,0 +1,129 @@ +--- +merged: + before: [] + before_merged: + - cipher_suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 + datatype: ssl + disabled: true + host: $decideOnStartup + index: default + name: test_host + protocol: tcp + + after: + - protocol: tcp + datatype: raw + name: default:8100 + connection_host: ip + disabled: True + host: $decideOnStartup + index: default + queue: parsingQueue + raw_tcp_done_timeout: 9 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: default:8101 + connection_host: ip + disabled: False + host: $decideOnStartup + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: splunktcptoken://test_token + token: 01234567-0123-0123-0123-012345678901 + - protocol: tcp + datatype: ssl + name: test_host + cipher_suite: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 + disabled: true + host: $decideOnStartup + index: default + - protocol: udp + name: default:7890 + connection_host: ip + disabled: True + host: $decideOnStartup + index: default + no_appending_timestamp: True + no_priority_stripping: True + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + +replaced: + before: + - protocol: tcp + datatype: raw + name: default:8100 + connection_host: ip + disabled: True + host: $decideOnStartup + index: default + queue: parsingQueue + raw_tcp_done_timeout: 9 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: default:8101 + connection_host: ip + disabled: False + host: $decideOnStartup + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: splunktcptoken://test_token + token: 01234567-0123-0123-0123-012345678901 + - protocol: udp + name: default:7890 + connection_host: ip + disabled: True + host: $decideOnStartup + index: default + no_appending_timestamp: True + no_priority_stripping: True + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type + after: + - protocol: tcp + datatype: raw + name: default:8100 + connection_host: ip + disabled: True + host: $decideOnStartup + index: default + queue: parsingQueue + raw_tcp_done_timeout: 10 + restrict_to_host: default + source: test_source + sourcetype: test_source_type + - protocol: tcp + datatype: cooked + name: default:8101 + connection_host: ip + disabled: True + host: $decideOnStartup + restrict_to_host: default + - protocol: tcp + datatype: splunktcptoken + name: splunktcptoken://test_token + token: 01234567-0123-0123-0123-012345678900 + - protocol: udp + name: default:7890 + connection_host: ip + disabled: True + host: $decideOnStartup + index: default + no_appending_timestamp: False + no_priority_stripping: False + queue: parsingQueue + restrict_to_host: default + source: test_source + sourcetype: test_source_type -- cgit v1.2.3