New aws_waf_web_acl module (#33212)

* Add aws_waf_web_acl rule

* Add new aws_waf_web_acl to CHANGELOG
This commit is contained in:
Will Thames 2018-02-07 22:06:15 +10:00 committed by Sloane Hertel
commit fcd09e2f02
3 changed files with 430 additions and 0 deletions

View file

@ -345,10 +345,149 @@
- remove_in_use_condition.failed
- "'Condition {{ resource_prefix }}_size_condition is in use' in remove_in_use_condition.msg"
##################################################
# aws_waf_web_acl tests
##################################################
- name: create web ACL
aws_waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
priority: 1
action: block
default_action: block
purge_rules: yes
state: present
<<: *aws_connection_info
register: create_web_acl
- name: recreate web acl
aws_waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
priority: 1
action: block
default_action: block
state: present
<<: *aws_connection_info
register: recreate_web_acl
- name: check web acl was not changed
assert:
that:
- not recreate_web_acl.changed
- recreate_web_acl.web_acl.rules|length == 1
- name: create a second WAF rule
aws_waf_rule:
name: "{{ resource_prefix }}_rule_2"
conditions:
- name: "{{ resource_prefix }}_ip_condition"
type: ip
negated: yes
- name: "{{ resource_prefix }}_sql_condition"
type: sql
negated: no
- name: "{{ resource_prefix }}_xss_condition"
type: xss
negated: no
<<: *aws_connection_info
- name: add a new rule to the web acl
aws_waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule_2"
priority: 2
action: allow
default_action: block
state: present
<<: *aws_connection_info
register: web_acl_add_rule
- name: check that rule was added to the web acl
assert:
that:
- web_acl_add_rule.changed
- web_acl_add_rule.web_acl.rules|length == 2
- name: use purge rules to remove the first rule
aws_waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule_2"
priority: 2
action: allow
purge_rules: yes
default_action: block
state: present
<<: *aws_connection_info
register: web_acl_add_rule
- name: check that rule was removed from the web acl
assert:
that:
- web_acl_add_rule.changed
- web_acl_add_rule.web_acl.rules|length == 1
- name: swap two rules of same priority
aws_waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
rules:
- name: "{{ resource_prefix }}_rule"
priority: 2
action: allow
purge_rules: yes
default_action: block
state: present
<<: *aws_connection_info
register: web_acl_swap_rule
- name: attempt to delete the inuse first rule
aws_waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
<<: *aws_connection_info
ignore_errors: yes
register: remove_inuse_rule
- name: check that removing in-use rule fails
assert:
that:
- remove_inuse_rule.failed
- name: delete the web acl
aws_waf_web_acl:
name: "{{ resource_prefix }}_web_acl"
state: absent
<<: *aws_connection_info
register: delete_web_acl
- name: check that web acl was deleted
assert:
that:
- delete_web_acl.changed
- not delete_web_acl.web_acl
- name: delete the no longer in use first rule
aws_waf_rule:
name: "{{ resource_prefix }}_rule"
state: absent
<<: *aws_connection_info
always:
- debug:
msg: "****** TEARDOWN STARTS HERE ******"
- name: remove second WAF rule
aws_waf_rule:
name: "{{ resource_prefix }}_rule_2"
state: absent
<<: *aws_connection_info
ignore_errors: yes
- name: remove WAF rule
aws_waf_rule:
name: "{{ resource_prefix }}_rule"