internet/community.general
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2026-05-06 13:22:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

azure_rm_azurefirewall (#56359)

Browse Source 
* azure_rm_azurefirewall

* a few updates

* fixed mistake

* updated docs, fixed syntax

* updated priority

* use checkmode for idempotence test, as it's very long

* fix check mode
This commit is contained in:
Zim Kalinowski
2019-05-21 01:38:55 +08:00
committed by Matt Davis
parent ea4842c0d3
commit b37ae35ba0
5 changed files with 1161 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
test/integration/targets/azure_rm_azurefirewall/aliases Normal file
View File

@@ -0,0 +1,3 @@
cloud/azure
shippable/azure/group2
destructive

2
test/integration/targets/azure_rm_azurefirewall/meta/main.yml Normal file
View File

@@ -0,0 +1,2 @@
dependencies:
- setup_azure

248
test/integration/targets/azure_rm_azurefirewall/tasks/main.yml Normal file
View File

@@ -0,0 +1,248 @@
- name: Fix resource prefix
set_fact:
virtual_network_name: myVirtualNetwork
subnet_name: AzureFirewallSubnet
public_ipaddress_name: myPublicIpAddress
azure_firewall_name: myFirewall
- name: Create virtual network
azure_rm_virtualnetwork:
name: "{{ virtual_network_name }}"
address_prefixes_cidr:
- 10.1.0.0/16
- 172.100.0.0/16
dns_servers:
- 127.0.0.1
- 127.0.0.3
tags:
testing: testing
delete: on-exit
resource_group: "{{ resource_group }}"
- name: Create subnet
azure_rm_subnet:
name: "{{ subnet_name }}"
virtual_network_name: "{{ virtual_network_name }}"
resource_group: "{{ resource_group }}"
address_prefix_cidr: "10.1.0.0/24"
- name: Create public IP address
azure_rm_publicipaddress:
resource_group: "{{ resource_group }}"
allocation_method: Static
name: "{{ public_ipaddress_name }}"
sku: Standard
register: pip_output
- debug:
var: pip_output
- name: Create Azure Firewall
azure_rm_azurefirewall:
resource_group: '{{resource_group}}'
name: '{{azure_firewall_name}}'
#tags:
# key1: value1
application_rule_collections:
- priority: 110
action: deny
rules:
- name: rule1
description: Deny inbound rule
source_addresses:
- 216.58.216.164
- 10.0.0.0/25
protocols:
- type: https
port: '443'
target_fqdns:
- www.test.com
name: apprulecoll
nat_rule_collections:
- priority: 112
action: dnat
rules:
- name: DNAT-HTTPS-traffic
description: D-NAT all outbound web traffic for inspection
source_addresses:
- '*'
destination_addresses:
- "{{ pip_output.state.ip_address }}"
destination_ports:
- '443'
protocols:
- tcp
translated_address: 1.2.3.5
translated_port: '8443'
name: natrulecoll
network_rule_collections:
- priority: 112
action: deny
rules:
- name: L4-traffic
description: Block traffic based on source IPs and ports
protocols:
- tcp
source_addresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
destination_addresses:
- '*'
destination_ports:
- 443-444
- '8443'
name: netrulecoll
ip_configurations:
- subnet:
virtual_network_name: "{{ virtual_network_name }}"
name: "{{ subnet_name }}"
public_ip_address:
name: "{{ public_ipaddress_name }}"
name: azureFirewallIpConfiguration
register: output
- debug:
var: output
- name: Assert that output has changed
assert:
that:
- output.changed
- name: Create Azure Firewall -- idempotent
azure_rm_azurefirewall:
resource_group: '{{resource_group}}'
name: '{{azure_firewall_name}}'
application_rule_collections:
- priority: 110
action: deny
rules:
- name: rule1
description: Deny inbound rule
source_addresses:
- 216.58.216.164
- 10.0.0.0/25
protocols:
- type: https
port: '443'
target_fqdns:
- www.test.com
name: apprulecoll
nat_rule_collections:
- priority: 112
action: dnat
rules:
- name: DNAT-HTTPS-traffic
description: D-NAT all outbound web traffic for inspection
source_addresses:
- '*'
destination_addresses:
- "{{ pip_output.state.ip_address }}"
destination_ports:
- '443'
protocols:
- tcp
translated_address: 1.2.3.5
translated_port: '8443'
name: natrulecoll
network_rule_collections:
- priority: 112
action: deny
rules:
- name: L4-traffic
description: Block traffic based on source IPs and ports
protocols:
- tcp
source_addresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
destination_addresses:
- '*'
destination_ports:
- 443-444
- '8443'
name: netrulecoll
ip_configurations:
- subnet:
virtual_network_name: "{{ virtual_network_name }}"
name: "{{ subnet_name }}"
public_ip_address:
name: "{{ public_ipaddress_name }}"
name: azureFirewallIpConfiguration
register: output
- debug:
var: output
- name: Assert that output has not changed
assert:
that:
- not output.changed
- name: Create Azure Firewall -- change something
azure_rm_azurefirewall:
resource_group: '{{resource_group}}'
name: '{{azure_firewall_name}}'
application_rule_collections:
- priority: 110
action: deny
rules:
- name: rule1
description: Deny inbound rule
source_addresses:
- 216.58.216.165
- 10.0.0.0/25
protocols:
- type: https
port: '443'
target_fqdns:
- www.test.com
name: apprulecoll
nat_rule_collections:
- priority: 112
action: dnat
rules:
- name: DNAT-HTTPS-traffic
description: D-NAT all outbound web traffic for inspection
source_addresses:
- '*'
destination_addresses:
- "{{ pip_output.state.ip_address }}"
destination_ports:
- '443'
protocols:
- tcp
translated_address: 1.2.3.6
translated_port: '8443'
name: natrulecoll
network_rule_collections:
- priority: 112
action: deny
rules:
- name: L4-traffic
description: Block traffic based on source IPs and ports
protocols:
- tcp
source_addresses:
- 192.168.1.1-192.168.1.12
- 10.1.4.12-10.1.4.255
destination_addresses:
- '*'
destination_ports:
- 443-445
- '8443'
name: netrulecoll
ip_configurations:
- subnet:
virtual_network_name: "{{ virtual_network_name }}"
name: "{{ subnet_name }}"
public_ip_address:
name: "{{ public_ipaddress_name }}"
name: azureFirewallIpConfiguration
check_mode: yes
register: output
- name: Assert that output has changed
assert:
that:
- output.changed