Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added fix for purpose field. Added description field in ansible. #509

Open
wants to merge 3 commits into
base: release/1.9.3
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions plugins/modules/ntnx_security_rules.py
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,10 @@
description: security_rule Name
required: false
type: str
desc:
description: security_rule Description
required: false
type: str
security_rule_uuid:
description:
- security_rule UUID
Expand Down Expand Up @@ -881,6 +885,7 @@
- name: create app security rule
ntnx_security_rules:
name: test_app_rule
desc: App Security Rule
allow_ipv6_traffic: true
policy_hitlog: true
app_rule:
Expand Down Expand Up @@ -986,6 +991,7 @@
type: dict
sample:
name: test_app_rule
description: App Security Rule
resources:
allow_ipv6_traffic: true
app_rule:
Expand Down Expand Up @@ -1184,6 +1190,7 @@ def get_module_spec():
)
module_args = dict(
name=dict(type="str"),
desc=dict(type="str"),
security_rule_uuid=dict(type="str"),
allow_ipv6_traffic=dict(type="bool"),
policy_hitlog=dict(type="bool"),
Expand Down
184 changes: 89 additions & 95 deletions tests/integration/targets/ntnx_security_rules/tasks/app_rule.yml
Original file line number Diff line number Diff line change
@@ -1,81 +1,74 @@
- name: create app security rule with inbound and outbound list
ntnx_security_rules:
name: test_app_rule
desc: App Security Rule
app_rule:
target_group:
categories:
apptype: Apache_Spark
apptype_filter_by_category:
AppFamily:
- Backup
apptiers:
- "{{categories.apptiers[0]}}"
- "{{categories.apptiers[1]}}"
categories:
apptype: Apache_Spark
apptype_filter_by_category:
AppFamily:
- Backup
apptiers:
- "{{categories.apptiers[0]}}"
- "{{categories.apptiers[1]}}"

default_internal_policy: DENY_ALL
default_internal_policy: DENY_ALL

inbounds:
-
categories:
AppFamily:
- Databases
- DevOps
description: test description
protocol:
tcp:
- start_port: 22
end_port: 80
-
categories:
AppFamily:
- Databases
- DevOps
protocol:
icmp:
- code: 1
type: 1
-
categories:
AppFamily:
- Databases
- DevOps
protocol:
udp:
- start_port: 82
end_port: 8080
-
categories:
AppFamily:
- Databases
- DevOps
protocol:
service:
name: 6a44
-
ip_subnet:
prefix_length: 24
ip: 192.168.1.0
description: test description
-
address:
- categories:
AppFamily:
- Databases
- DevOps
description: test description
protocol:
tcp:
- start_port: 22
end_port: 80
- categories:
AppFamily:
- Databases
- DevOps
protocol:
icmp:
- code: 1
type: 1
- categories:
AppFamily:
- Databases
- DevOps
protocol:
udp:
- start_port: 82
end_port: 8080
- categories:
AppFamily:
- Databases
- DevOps
protocol:
service:
name: 6a44
- ip_subnet:
prefix_length: 24
ip: 192.168.1.0
description: test description
- address:
name: dest
outbounds:
-
categories:
AppFamily:
- Databases
- DevOps
protocol:
icmp:
- code: 1
type: 1
- categories:
AppFamily:
- Databases
- DevOps
protocol:
icmp:
- code: 1
type: 1
policy_mode: MONITOR
allow_ipv6_traffic: true
policy_hitlog: true
register: result
ignore_errors: true


- name: Creation Status
assert:
that:
Expand All @@ -84,28 +77,28 @@
- result.response.status.state == 'COMPLETE'
- result.response.status.name=="test_app_rule"
- result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2
fail_msg: ' fail: unable to create app security rule with inbound and outbound list'
success_msg: 'pass: create app security rule with inbound and outbound list successfully'
- result.response.spec.description == "App Security Rule"
fail_msg: " fail: unable to create app security rule with inbound and outbound list"
success_msg: "pass: create app security rule with inbound and outbound list successfully"

- name: update app security rule by adding to outbound list and remove tule from inbound list
ntnx_security_rules:
security_rule_uuid: '{{ result.response.metadata.uuid }}'
security_rule_uuid: "{{ result.response.metadata.uuid }}"
desc: App Security Rule Updated
app_rule:
policy_mode: APPLY
inbounds:
-
rule_id: "{{result.response.spec.resources.app_rule.inbound_allow_list.0.rule_id}}"
- rule_id: "{{result.response.spec.resources.app_rule.inbound_allow_list.0.rule_id}}"
state: absent
outbounds:
-
protocol:
icmp:
- code: 1
type: 1
categories:
AppFamily:
- Databases
- DevOps
- protocol:
icmp:
- code: 1
type: 1
categories:
AppFamily:
- Databases
- DevOps
register: result
ignore_errors: true

Expand All @@ -115,15 +108,16 @@
- result.response is defined
- result.failed == false
- result.response.status.state == 'COMPLETE'
- result.response.spec.description == "App Security Rule Updated"
- result.response.spec.resources.app_rule.action == "APPLY"
- result.response.spec.resources.app_rule.outbound_allow_list.0.icmp_type_code_list is defined
fail_msg: ' fail: unable to update app security rule with outbound list '
success_msg: 'pass :update app security rule with outbound list successfully'
fail_msg: " fail: unable to update app security rule with outbound list "
success_msg: "pass :update app security rule with outbound list successfully"

- name: delete app security rule
ntnx_security_rules:
state: absent
security_rule_uuid: '{{ result.response.metadata.uuid }}'
security_rule_uuid: "{{ result.response.metadata.uuid }}"
register: result
ignore_errors: true

Expand All @@ -133,22 +127,22 @@
- result.response is defined
- result.failed == false
- result.response.status == 'SUCCEEDED'
fail_msg: ' fail: unable to delete app security rule '
success_msg: 'pass : delete app security rule successfully'
fail_msg: " fail: unable to delete app security rule "
success_msg: "pass : delete app security rule successfully"
- name: create app security rule with allow all inbound and outbound list
ntnx_security_rules:
name: test_app_rule
app_rule:
target_group:
categories:
apptype: Apache_Spark
apptype_filter_by_category:
AppFamily:
- Backup
apptiers:
- "{{categories.apptiers[0]}}"
- "{{categories.apptiers[1]}}"
default_internal_policy: DENY_ALL
categories:
apptype: Apache_Spark
apptype_filter_by_category:
AppFamily:
- Backup
apptiers:
- "{{categories.apptiers[0]}}"
- "{{categories.apptiers[1]}}"
default_internal_policy: DENY_ALL
allow_all_outbounds: true
allow_all_inbounds: true
policy_mode: MONITOR
Expand All @@ -166,12 +160,12 @@
- result.response.spec.name=="test_app_rule"
- result.response.status.resources.app_rule.target_group.filter.params.AppTier | length == 2

fail_msg: ' fail: unable to create app security rule with allow all inbound and outbound list'
success_msg: 'pass: create app security rule with allow all inbound and outbound list successfully'
fail_msg: " fail: unable to create app security rule with allow all inbound and outbound list"
success_msg: "pass: create app security rule with allow all inbound and outbound list successfully"
- name: delete app security rule
ntnx_security_rules:
state: absent
security_rule_uuid: '{{ result.response.metadata.uuid }}'
security_rule_uuid: "{{ result.response.metadata.uuid }}"
register: result
ignore_errors: true

Expand All @@ -181,5 +175,5 @@
- result.response is defined
- result.failed == false
- result.response.status == 'SUCCEEDED'
fail_msg: ' fail: unable to delete app security rule '
success_msg: 'pass : delete app security rule successfully'
fail_msg: " fail: unable to delete app security rule "
success_msg: "pass : delete app security rule successfully"
Loading