mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-07-23 05:10:22 -07:00
New aws_waf_web_acl module (#33212)
* Add aws_waf_web_acl rule * Add new aws_waf_web_acl to CHANGELOG
This commit is contained in:
parent
1a8ed08e6c
commit
fcd09e2f02
3 changed files with 430 additions and 0 deletions
|
@ -345,10 +345,149 @@
|
|||
- remove_in_use_condition.failed
|
||||
- "'Condition {{ resource_prefix }}_size_condition is in use' in remove_in_use_condition.msg"
|
||||
|
||||
##################################################
|
||||
# aws_waf_web_acl tests
|
||||
##################################################
|
||||
|
||||
- name: create web ACL
|
||||
aws_waf_web_acl:
|
||||
name: "{{ resource_prefix }}_web_acl"
|
||||
rules:
|
||||
- name: "{{ resource_prefix }}_rule"
|
||||
priority: 1
|
||||
action: block
|
||||
default_action: block
|
||||
purge_rules: yes
|
||||
state: present
|
||||
<<: *aws_connection_info
|
||||
register: create_web_acl
|
||||
|
||||
- name: recreate web acl
|
||||
aws_waf_web_acl:
|
||||
name: "{{ resource_prefix }}_web_acl"
|
||||
rules:
|
||||
- name: "{{ resource_prefix }}_rule"
|
||||
priority: 1
|
||||
action: block
|
||||
default_action: block
|
||||
state: present
|
||||
<<: *aws_connection_info
|
||||
register: recreate_web_acl
|
||||
|
||||
- name: check web acl was not changed
|
||||
assert:
|
||||
that:
|
||||
- not recreate_web_acl.changed
|
||||
- recreate_web_acl.web_acl.rules|length == 1
|
||||
|
||||
- name: create a second WAF rule
|
||||
aws_waf_rule:
|
||||
name: "{{ resource_prefix }}_rule_2"
|
||||
conditions:
|
||||
- name: "{{ resource_prefix }}_ip_condition"
|
||||
type: ip
|
||||
negated: yes
|
||||
- name: "{{ resource_prefix }}_sql_condition"
|
||||
type: sql
|
||||
negated: no
|
||||
- name: "{{ resource_prefix }}_xss_condition"
|
||||
type: xss
|
||||
negated: no
|
||||
<<: *aws_connection_info
|
||||
|
||||
- name: add a new rule to the web acl
|
||||
aws_waf_web_acl:
|
||||
name: "{{ resource_prefix }}_web_acl"
|
||||
rules:
|
||||
- name: "{{ resource_prefix }}_rule_2"
|
||||
priority: 2
|
||||
action: allow
|
||||
default_action: block
|
||||
state: present
|
||||
<<: *aws_connection_info
|
||||
register: web_acl_add_rule
|
||||
|
||||
- name: check that rule was added to the web acl
|
||||
assert:
|
||||
that:
|
||||
- web_acl_add_rule.changed
|
||||
- web_acl_add_rule.web_acl.rules|length == 2
|
||||
|
||||
- name: use purge rules to remove the first rule
|
||||
aws_waf_web_acl:
|
||||
name: "{{ resource_prefix }}_web_acl"
|
||||
rules:
|
||||
- name: "{{ resource_prefix }}_rule_2"
|
||||
priority: 2
|
||||
action: allow
|
||||
purge_rules: yes
|
||||
default_action: block
|
||||
state: present
|
||||
<<: *aws_connection_info
|
||||
register: web_acl_add_rule
|
||||
|
||||
- name: check that rule was removed from the web acl
|
||||
assert:
|
||||
that:
|
||||
- web_acl_add_rule.changed
|
||||
- web_acl_add_rule.web_acl.rules|length == 1
|
||||
|
||||
- name: swap two rules of same priority
|
||||
aws_waf_web_acl:
|
||||
name: "{{ resource_prefix }}_web_acl"
|
||||
rules:
|
||||
- name: "{{ resource_prefix }}_rule"
|
||||
priority: 2
|
||||
action: allow
|
||||
purge_rules: yes
|
||||
default_action: block
|
||||
state: present
|
||||
<<: *aws_connection_info
|
||||
register: web_acl_swap_rule
|
||||
|
||||
- name: attempt to delete the inuse first rule
|
||||
aws_waf_rule:
|
||||
name: "{{ resource_prefix }}_rule"
|
||||
state: absent
|
||||
<<: *aws_connection_info
|
||||
ignore_errors: yes
|
||||
register: remove_inuse_rule
|
||||
|
||||
- name: check that removing in-use rule fails
|
||||
assert:
|
||||
that:
|
||||
- remove_inuse_rule.failed
|
||||
|
||||
- name: delete the web acl
|
||||
aws_waf_web_acl:
|
||||
name: "{{ resource_prefix }}_web_acl"
|
||||
state: absent
|
||||
<<: *aws_connection_info
|
||||
register: delete_web_acl
|
||||
|
||||
- name: check that web acl was deleted
|
||||
assert:
|
||||
that:
|
||||
- delete_web_acl.changed
|
||||
- not delete_web_acl.web_acl
|
||||
|
||||
- name: delete the no longer in use first rule
|
||||
aws_waf_rule:
|
||||
name: "{{ resource_prefix }}_rule"
|
||||
state: absent
|
||||
<<: *aws_connection_info
|
||||
|
||||
always:
|
||||
- debug:
|
||||
msg: "****** TEARDOWN STARTS HERE ******"
|
||||
|
||||
- name: remove second WAF rule
|
||||
aws_waf_rule:
|
||||
name: "{{ resource_prefix }}_rule_2"
|
||||
state: absent
|
||||
<<: *aws_connection_info
|
||||
ignore_errors: yes
|
||||
|
||||
- name: remove WAF rule
|
||||
aws_waf_rule:
|
||||
name: "{{ resource_prefix }}_rule"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue