--- - name: Create security group openstack.cloud.security_group: cloud: "{{ cloud }}" name: ansible_security_group state: present - name: Create empty ICMP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: icmp remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert return values of security_group_rule module assert: that: # allow new fields to be introduced but prevent fields from being removed - expected_fields|difference(security_group_rule.rule.keys())|length == 0 - name: Assert changed assert: that: security_group_rule is changed - name: Fetch all security group rule openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" register: security_group_rules - name: Assert return values of security_group_rule_info module assert: that: - security_group_rules.security_group_rules | length > 0 # allow new fields to be introduced but prevent fields from being removed - expected_fields|difference(security_group_rules.security_group_rules.0.keys())|length == 0 - name: Fetch security group rule based on rule openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" id: "{{ security_group_rule.rule.id }}" register: security_group_rules - name: Assert return fields security_group_rule_info assert: that: security_group_rules.security_group_rules | length > 0 - name: Create empty ICMP rule again openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: icmp remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert not changed assert: that: security_group_rule is not changed - name: Create -1 ICMP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: icmp port_range_min: -1 port_range_max: -1 remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert not changed assert: that: security_group_rule is not changed - name: Create -1 ICMP rule again openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: icmp port_range_min: -1 port_range_max: -1 remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert not changed assert: that: security_group_rule is not changed - name: Create empty TCP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: tcp remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert changed assert: that: security_group_rule is changed - name: Create TCP rule again with port range (1, 65535) openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: tcp port_range_min: 1 port_range_max: 65535 remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert changed assert: that: security_group_rule is not changed - name: Create TCP rule again with port range (-1, -1) openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: tcp port_range_min: -1 port_range_max: -1 remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert changed assert: that: security_group_rule is not changed - name: Create TCP rule again with defined range openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: tcp port_range_min: 8000 port_range_max: 9000 remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert changed assert: that: security_group_rule is changed - name: Create empty UDP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: udp remote_ip_prefix: 0.0.0.0/0 - name: Create UDP rule again with port range (1, 65535) openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: udp port_range_min: 1 port_range_max: 65535 remote_ip_prefix: 0.0.0.0/0 - name: Create UDP rule again with port range (-1, -1) openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: udp port_range_min: -1 port_range_max: -1 remote_ip_prefix: 0.0.0.0/0 - name: Create HTTP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: tcp port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 - name: Create egress rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: tcp port_range_min: 30000 port_range_max: 30001 remote_ip_prefix: 0.0.0.0/0 direction: egress - name: List all available rules of all security groups in a project openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" register: security_group_rules - name: Check - List all available rules of all security groups in a project assert: that: - security_group_rules.security_group_rules | length > 0 - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Check - List all available rules of a specific security group assert: that: - security_group_rules.security_group_rules | length > 0 - name: List all available rules with filters openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group protocol: tcp port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 - name: Delete egress rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: tcp port_range_min: 30000 port_range_max: 30001 remote_ip_prefix: 0.0.0.0/0 direction: egress - name: Delete HTTP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: tcp port_range_min: 80 port_range_max: 80 remote_ip_prefix: 0.0.0.0/0 - name: Delete empty UDP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: udp remote_ip_prefix: 0.0.0.0/0 - name: Delete TCP rule again with defined range openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: tcp port_range_min: 8000 port_range_max: 9000 remote_ip_prefix: 0.0.0.0/0 - name: Delete empty TCP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: tcp remote_ip_prefix: 0.0.0.0/0 - name: Delete -1 ICMP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: icmp port_range_min: -1 port_range_max: -1 remote_ip_prefix: 0.0.0.0/0 - name: Delete empty ICMP rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: absent protocol: icmp remote_ip_prefix: 0.0.0.0/0 - name: Delete security group openstack.cloud.security_group: cloud: "{{ cloud }}" name: ansible_security_group state: absent - name: Create security group openstack.cloud.security_group: cloud: "{{ cloud }}" name: ansible_security_group security_group_rules: [] state: present - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Assert security group without rules assert: that: - security_group_rules.security_group_rules | length == 0 - name: Create 'any' rule openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: any remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert 'any' rule assert: that: - security_group_rule is changed - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Assert security group with a single rule assert: that: - security_group_rules.security_group_rules | length == 1 - name: Create 'any' rule with port range [-1, -1] openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: any port_range_min: -1 port_range_max: -1 remote_ip_prefix: 0.0.0.0/0 register: security_group_rule - name: Assert 'any' rule with port range [-1, -1] assert: that: - security_group_rule is not changed - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Assert security group with a single rule assert: that: - security_group_rules.security_group_rules | length == 1 - name: Delete security group openstack.cloud.security_group: cloud: "{{ cloud }}" name: ansible_security_group state: absent - name: Create security group openstack.cloud.security_group: cloud: "{{ cloud }}" name: ansible_security_group security_group_rules: [] state: present - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Assert security group without rules assert: that: - security_group_rules.security_group_rules | length == 0 - name: Create rule with remote ip prefix having no cidr slash openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: any remote_ip_prefix: 5.6.7.8 register: security_group_rule - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Assert security group with a rule with remote ip prefix having no cidr slash assert: that: - security_group_rules.security_group_rules | length == 1 - security_group_rules.security_group_rules.0.remote_ip_prefix == '5.6.7.8/32' - name: Create rule with remote ip prefix having no cidr slash again openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: any remote_ip_prefix: 5.6.7.8 register: security_group_rule ignore_errors: true - name: Assert rule with remote ip prefix having no cidr slash assert: that: - security_group_rule is failed - "'Security group rule already exists.' in security_group_rule.msg" - name: Create rule with remote ip prefix having a cidr slash again openstack.cloud.security_group_rule: cloud: "{{ cloud }}" security_group: ansible_security_group state: present protocol: any remote_ip_prefix: 5.6.7.8/32 register: security_group_rule - name: Assert rule with remote ip prefix having a cidr slash assert: that: - security_group_rule is not changed - name: List all available rules of a specific security group openstack.cloud.security_group_rule_info: cloud: "{{ cloud }}" security_group: ansible_security_group register: security_group_rules - name: Assert security group with a rule with remote ip prefix having a cidr slash again assert: that: - security_group_rules.security_group_rules | length == 1 - security_group_rules.security_group_rules.0.remote_ip_prefix == '5.6.7.8/32' - name: Delete security group openstack.cloud.security_group: cloud: "{{ cloud }}" name: ansible_security_group state: absent