From b40968db01ebaca7e91e4eeb6d270c8cdd4fac69 Mon Sep 17 00:00:00 2001 From: William Guilherme Date: Sun, 8 Oct 2023 01:08:58 -0700 Subject: [PATCH] feat: Added several integration test cases --- examples/main.yml | 21 + plugins/module_utils/utils.py | 18 + plugins/module_utils/zpa_client.py | 82 ++-- plugins/modules/zpa_app_connector_groups.py | 36 +- .../zpa_application_segment_browser_access.py | 23 +- plugins/modules/zpa_application_server.py | 90 +++-- .../zpa_policy_access_app_protection_rule.py | 8 +- .../zpa_policy_access_isolation_rule.py | 8 +- plugins/modules/zpa_policy_access_rule.py | 8 +- plugins/modules/zpa_policy_forwarding_rule.py | 8 +- plugins/modules/zpa_policy_timeout_rule.py | 8 +- plugins/modules/zpa_posture_profile_info.py | 11 +- plugins/modules/zpa_segment_group.py | 132 +++---- plugins/modules/zpa_server_group.py | 107 +++-- plugins/modules/zpa_trusted_networks_info.py | 14 +- tests/integration/generate_random_string.yml | 3 + .../create_app_connector_group.yml | 64 +++ .../delete_app_connector_group.yml | 31 ++ .../verify_app_connector_group.yml | 33 ++ .../zpa_ba_certificate_info.yml | 28 ++ .../zpa_enrollement_certificate.yml | 38 ++ .../create_segment_group.yml | 44 +++ .../delete_segment_group.yml | 31 ++ .../verify_segment_group.yml | 33 ++ .../zpa_server_group/create_server_group.yml | 62 +++ .../zpa_server_group/delete_server_group.yml | 31 ++ .../zpa_server_group/verify_server_group.yml | 33 ++ .../create_service_edge_group.yml | 64 +++ .../delete_service_edge_group.yml | 31 ++ .../verify_service_edge_group.yml | 33 ++ .../integration_config.yml.template | 4 - tests/integration/run_all_tests.yml | 38 ++ tests/integration/sweep.yml | 73 ++++ .../defaults/main.yml | 2 + .../defaults/main.yml | 15 +- .../zpa_app_connector_groups/meta/main.yml | 2 + .../zpa_app_connector_groups/tasks/main.yml | 105 ++--- .../zpa_app_connector_groups_info/aliases | 0 .../tasks/main.yml | 23 -- .../zpa_application_segment/defaults/main.yml | 27 +- .../zpa_application_segment/meta/main.yml | 2 + .../zpa_application_segment/tasks/main.yml | 371 ++++++++---------- .../defaults/main.yml | 30 ++ .../meta/main.yml | 2 + .../tasks/main.yml | 330 +++++++++++++++- .../zpa_application_segment_info/aliases | 0 .../defaults/main.yml | 0 .../tasks/main.yml | 25 -- .../zpa_application_server/defaults/main.yml | 5 +- .../zpa_application_server/meta/main.yml | 2 + .../zpa_application_server/tasks/main.yml | 134 +++++-- .../zpa_ba_certificate_info/defaults/main.yml | 6 + .../zpa_ba_certificate_info/meta/main.yml | 2 + .../zpa_ba_certificate_info/tasks/main.yml | 98 ++++- .../meta/main.yml | 2 + .../meta/main.yml | 2 + .../defaults/main.yml | 6 + .../meta/main.yml | 2 + .../tasks/main.yml | 131 ++++--- .../zpa_idp_controller_info/defaults/main.yml | 2 + .../zpa_idp_controller_info/meta/main.yml | 2 + .../zpa_idp_controller_info/tasks/main.yml | 62 ++- .../zpa_lss_client_types_info/meta/main.yml | 2 + .../meta/main.yml | 2 + .../meta/main.yml | 2 + .../zpa_machine_group_info/defaults/main.yml | 9 + .../zpa_machine_group_info/meta/main.yml | 2 + .../zpa_machine_group_info/tasks/main.yml | 148 ++++++- .../zpa_policy_access_rule/meta/main.yml | 2 + .../zpa_policy_access_rule_info/meta/main.yml | 2 + .../defaults/main.yml | 3 + .../zpa_posture_profile_info/meta/main.yml | 2 + .../zpa_posture_profile_info/tasks/main.yml | 78 +++- .../zpa_provisioning_key/defaults/main.yml | 8 + .../zpa_provisioning_key/meta/main.yml | 2 + .../zpa_provisioning_key/tasks/main.yml | 340 ++++++++++++---- .../zpa_saml_attribute_info/meta/main.yml | 2 + .../zpa_saml_attribute_info/tasks/main.yml | 41 +- .../meta/main.yml | 2 + .../tasks/main.yml | 38 +- .../targets/zpa_scim_group_info/meta/main.yml | 2 + .../zpa_segment_group/defaults/main.yml | 7 +- .../targets/zpa_segment_group/meta/main.yml | 2 + .../targets/zpa_segment_group/tasks/main.yml | 127 +++--- .../zpa_segment_group_info/defaults/main.yml | 0 .../zpa_segment_group_info/tasks/main.yml | 25 -- .../zpa_server_group/defaults/main.yml | 5 +- .../targets/zpa_server_group/meta/main.yml | 2 + .../targets/zpa_server_group/tasks/main.yml | 209 +++++----- .../targets/zpa_server_group_info/aliases | 0 .../zpa_server_group_info/defaults/main.yml | 0 .../zpa_server_group_info/tasks/main.yml | 25 -- .../zpa_service_edge_groups/defaults/main.yml | 13 +- .../zpa_service_edge_groups/meta/main.yml | 2 + .../zpa_service_edge_groups/tasks/main.yml | 122 +++--- .../zpa_service_edge_groups_info/aliases | 0 .../defaults/main.yml | 0 .../tasks/main.yml | 25 -- .../defaults/main.yml | 3 + .../zpa_trusted_networks_info/meta/main.yml | 2 + .../zpa_trusted_networks_info/tasks/main.yml | 78 +++- 101 files changed, 2769 insertions(+), 1203 deletions(-) create mode 100644 examples/main.yml create mode 100644 tests/integration/generate_random_string.yml create mode 100644 tests/integration/helper_tasks/zpa_app_connector_group/create_app_connector_group.yml create mode 100644 tests/integration/helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml create mode 100644 tests/integration/helper_tasks/zpa_app_connector_group/verify_app_connector_group.yml create mode 100644 tests/integration/helper_tasks/zpa_ba_certificate_info/zpa_ba_certificate_info.yml create mode 100644 tests/integration/helper_tasks/zpa_enrollement_certificate/zpa_enrollement_certificate.yml create mode 100644 tests/integration/helper_tasks/zpa_segment_group/create_segment_group.yml create mode 100644 tests/integration/helper_tasks/zpa_segment_group/delete_segment_group.yml create mode 100644 tests/integration/helper_tasks/zpa_segment_group/verify_segment_group.yml create mode 100644 tests/integration/helper_tasks/zpa_server_group/create_server_group.yml create mode 100644 tests/integration/helper_tasks/zpa_server_group/delete_server_group.yml create mode 100644 tests/integration/helper_tasks/zpa_server_group/verify_server_group.yml create mode 100644 tests/integration/helper_tasks/zpa_service_edge_group/create_service_edge_group.yml create mode 100644 tests/integration/helper_tasks/zpa_service_edge_group/delete_service_edge_group.yml create mode 100644 tests/integration/helper_tasks/zpa_service_edge_group/verify_service_edge_group.yml delete mode 100644 tests/integration/integration_config.yml.template create mode 100644 tests/integration/run_all_tests.yml create mode 100644 tests/integration/sweep.yml create mode 100644 tests/integration/targets/zpa_app_connector_groups/meta/main.yml delete mode 100644 tests/integration/targets/zpa_app_connector_groups_info/aliases delete mode 100644 tests/integration/targets/zpa_app_connector_groups_info/tasks/main.yml create mode 100644 tests/integration/targets/zpa_application_segment/meta/main.yml create mode 100644 tests/integration/targets/zpa_application_segment_browser_access/meta/main.yml delete mode 100644 tests/integration/targets/zpa_application_segment_info/aliases delete mode 100644 tests/integration/targets/zpa_application_segment_info/defaults/main.yml delete mode 100644 tests/integration/targets/zpa_application_segment_info/tasks/main.yml create mode 100644 tests/integration/targets/zpa_application_server/meta/main.yml create mode 100644 tests/integration/targets/zpa_ba_certificate_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_cloud_connector_group_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_customer_version_profile_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_enrollement_certificate_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_idp_controller_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_lss_client_types_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_lss_config_log_types_formats_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_lss_config_status_codes_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_machine_group_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_policy_access_rule/meta/main.yml create mode 100644 tests/integration/targets/zpa_policy_access_rule_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_posture_profile_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_provisioning_key/meta/main.yml create mode 100644 tests/integration/targets/zpa_saml_attribute_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_scim_attribute_header_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_scim_group_info/meta/main.yml create mode 100644 tests/integration/targets/zpa_segment_group/meta/main.yml delete mode 100644 tests/integration/targets/zpa_segment_group_info/defaults/main.yml delete mode 100644 tests/integration/targets/zpa_segment_group_info/tasks/main.yml create mode 100644 tests/integration/targets/zpa_server_group/meta/main.yml delete mode 100644 tests/integration/targets/zpa_server_group_info/aliases delete mode 100644 tests/integration/targets/zpa_server_group_info/defaults/main.yml delete mode 100644 tests/integration/targets/zpa_server_group_info/tasks/main.yml create mode 100644 tests/integration/targets/zpa_service_edge_groups/meta/main.yml delete mode 100644 tests/integration/targets/zpa_service_edge_groups_info/aliases delete mode 100644 tests/integration/targets/zpa_service_edge_groups_info/defaults/main.yml delete mode 100644 tests/integration/targets/zpa_service_edge_groups_info/tasks/main.yml create mode 100644 tests/integration/targets/zpa_trusted_networks_info/meta/main.yml diff --git a/examples/main.yml b/examples/main.yml new file mode 100644 index 0000000..58d04a3 --- /dev/null +++ b/examples/main.yml @@ -0,0 +1,21 @@ +- name: Policy rule + hosts: localhost + + vars: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + + tasks: + - name: Gather information about specific Posture Profile UDID + zscaler.zpacloud.zpa_posture_profile_info: + # name: "CrowdStrike_ZPA_Pre-ZTA" + register: pp_crowdstrike_zta40 + - debug: + msg: "{{ pp_crowdstrike_zta40}}" + + - name: pp_crowdstrike_zta40 + debug: + msg: "{{ pp_crowdstrike_zta40}}" diff --git a/plugins/module_utils/utils.py b/plugins/module_utils/utils.py index 41781eb..f2a0182 100644 --- a/plugins/module_utils/utils.py +++ b/plugins/module_utils/utils.py @@ -3,6 +3,8 @@ __metaclass__ = type import pycountry +import re + def deleteNone(_dict): """Delete None values recursively from all of the dictionaries, tuples, lists, sets""" @@ -16,6 +18,10 @@ def deleteNone(_dict): _dict = type(_dict)(deleteNone(item) for item in _dict if item is not None) return _dict +def remove_cloud_suffix(s: str) -> str: + reg = re.compile(r"(.*)[\s]+\([a-zA-Z0-9\-_\.]*\)[\s]*$") + res = reg.sub(r"\1", s) + return res.strip() # Function to handle application segment port conversion list def convert_ports_list(obj_list): @@ -104,6 +110,8 @@ def normalize_app(app): "is_incomplete_dr_config", "inspect_traffic_with_zia", "adp_enabled", + "app_id", + "ip_anchored", ] for attr in computed_values: normalized.pop(attr, None) @@ -125,6 +133,13 @@ def normalize_app(app): normalized["common_apps_dto"] ) + # Normalizing clientless_app_ids attributes + if "clientless_app_ids" in normalized: + for clientless_app in normalized["clientless_app_ids"]: + for field in ["app_id", "id", "hidden", "portal", "path", "certificate_name", "cname", "local_domain"]: + clientless_app.pop(field, None) + + return normalized @@ -151,6 +166,7 @@ def validate_latitude(val): return (None, ["latitude value should be a valid float number or not empty"]) return (None, None) + def validate_longitude(val): try: v = float(val) @@ -160,6 +176,7 @@ def validate_longitude(val): return (None, ["longitude value should be a valid float number or not empty"]) return (None, None) + def diff_suppress_func_coordinate(old, new): try: o = round(float(old) * 1000000) / 1000000 @@ -168,6 +185,7 @@ def diff_suppress_func_coordinate(old, new): except ValueError: return False + def validate_tcp_quick_ack( tcp_quick_ack_app, tcp_quick_ack_assistant, tcp_quick_ack_read_assistant ): diff --git a/plugins/module_utils/zpa_client.py b/plugins/module_utils/zpa_client.py index aed14a5..308428a 100644 --- a/plugins/module_utils/zpa_client.py +++ b/plugins/module_utils/zpa_client.py @@ -48,7 +48,6 @@ def to_zscaler_sdk_cls(pkg_name, cls_name): sdk_name = "zscaler" - try: mod = importlib.import_module("{0}.{1}".format(sdk_name, pkg_name)) except ModuleNotFoundError: @@ -61,8 +60,6 @@ def to_zscaler_sdk_cls(pkg_name, cls_name): class ConnectionHelper: - """ConnectionHelper class for managing and verifying connectivity.""" - def __init__(self, min_sdk_version): self.min_sdk_version = min_sdk_version self.sdk_installed = self._check_sdk_installed() @@ -94,11 +91,22 @@ def __init__(self, module): self.connection_helper = ConnectionHelper(min_sdk_version=(1, 0, 0)) self.connection_helper.ensure_sdk_installed() - cloud_env = module.params.get("cloud") - if cloud_env is None: - cloud_env = "PRODUCTION" - else: - cloud_env = cloud_env.upper() + provider = module.params.get("provider") or {} + + client_id = provider.get("client_id") if provider else module.params.get("client_id") + if not client_id: + raise ValueError("client_id must be provided via provider or directly") + + client_secret = provider.get("client_secret") if provider else module.params.get("client_secret") + if not client_secret: + raise ValueError("client_secret must be provided via provider or directly") + + customer_id = provider.get("customer_id") if provider else module.params.get("customer_id") + if not customer_id: + raise ValueError("customer_id must be provided via provider or directly") + + cloud_env = (provider.get("cloud") if provider else module.params.get("cloud")) or "PRODUCTION" + cloud_env = cloud_env.upper() if cloud_env not in VALID_ZPA_ENVIRONMENTS: raise ValueError( @@ -106,46 +114,60 @@ def __init__(self, module): ) super().__init__( - client_id=module.params.get("client_id", ""), - client_secret=module.params.get("client_secret", ""), - customer_id=module.params.get("customer_id", ""), + client_id=client_id, + client_secret=client_secret, + customer_id=customer_id, + cloud=cloud_env, # using the validated cloud environment + ) + + super().__init__( + client_id=client_id, + client_secret=client_secret, + customer_id=customer_id, cloud=cloud_env, # using the validated cloud environment ) - # Set the User-Agent ansible_version = ansible.__version__ # Get the Ansible version - customer_id = module.params.get("customer_id", "") self.user_agent = f"zpa-ansible/{ansible_version}/({platform.system().lower()} {platform.machine()})/customer_id:{customer_id}" @staticmethod def zpa_argument_spec(): return dict( + provider=dict( + type="dict", + options=dict( + client_id=dict( + no_log=True, + fallback=(env_fallback, ["ZPA_CLIENT_ID"]), + ), + client_secret=dict( + no_log=True, + fallback=(env_fallback, ["ZPA_CLIENT_SECRET"]), + ), + customer_id=dict( + no_log=True, + fallback=(env_fallback, ["ZPA_CUSTOMER_ID"]), + ), + cloud=dict( + no_log=True, + fallback=(env_fallback, ["ZPA_CLOUD"]), + ), + ), + ), client_id=dict( no_log=True, - fallback=( - env_fallback, - ["ZPA_CLIENT_ID"], - ), + fallback=(env_fallback, ["ZPA_CLIENT_ID"]), ), client_secret=dict( no_log=True, - fallback=( - env_fallback, - ["ZPA_CLIENT_SECRET"], - ), + fallback=(env_fallback, ["ZPA_CLIENT_SECRET"]), ), customer_id=dict( no_log=True, - fallback=( - env_fallback, - ["ZPA_CUSTOMER_ID"], - ), + fallback=(env_fallback, ["ZPA_CUSTOMER_ID"]), ), cloud=dict( no_log=True, - fallback=( - env_fallback, - ["ZPA_CLOUD"], - ), + fallback=(env_fallback, ["ZPA_CLOUD"]), ), - ) + ) \ No newline at end of file diff --git a/plugins/modules/zpa_app_connector_groups.py b/plugins/modules/zpa_app_connector_groups.py index f0af60d..cc88461 100644 --- a/plugins/modules/zpa_app_connector_groups.py +++ b/plugins/modules/zpa_app_connector_groups.py @@ -270,17 +270,25 @@ def core(module): new_lat = group.get("latitude") if new_lat is not None: # Check if new_lat is not None before comparing if diff_suppress_func_coordinate(existing_lat, new_lat): - existing_group["latitude"] = existing_lat # reset to original if they're deemed equal + existing_group[ + "latitude" + ] = existing_lat # reset to original if they're deemed equal else: - existing_group["latitude"] = existing_lat # If new_lat is None, keep the existing value + existing_group[ + "latitude" + ] = existing_lat # If new_lat is None, keep the existing value existing_long = existing_group.get("longitude") new_long = group.get("longitude") if new_long is not None: # Check if new_long is not None before comparing if diff_suppress_func_coordinate(existing_long, new_long): - existing_group["longitude"] = existing_long # reset to original if they're deemed equal + existing_group[ + "longitude" + ] = existing_long # reset to original if they're deemed equal else: - existing_group["longitude"] = existing_long # If new_long is None, keep the existing value + existing_group[ + "longitude" + ] = existing_long # If new_long is None, keep the existing value existing_group = deleteNone( dict( @@ -296,19 +304,27 @@ def core(module): upgrade_day=existing_group.get("upgrade_day"), connector_ids=existing_group.get("connector_ids"), upgrade_time_in_secs=existing_group.get("upgrade_time_in_secs"), - override_version_profile=existing_group.get("override_version_profile"), + override_version_profile=existing_group.get( + "override_version_profile" + ), version_profile_id=existing_group.get("version_profile_id"), version_profile_name=existing_group.get("version_profile_name"), dns_query_type=existing_group.get("dns_query_type"), tcp_quick_ack_app=existing_group.get("tcp_quick_ack_app"), - tcp_quick_ack_assistant=existing_group.get("tcp_quick_ack_assistant"), - tcp_quick_ack_read_assistant=existing_group.get("tcp_quick_ack_read_assistant"), + tcp_quick_ack_assistant=existing_group.get( + "tcp_quick_ack_assistant" + ), + tcp_quick_ack_read_assistant=existing_group.get( + "tcp_quick_ack_read_assistant" + ), use_in_dr_mode=existing_group.get("use_in_dr_mode"), pra_enabled=existing_group.get("pra_enabled"), waf_disabled=existing_group.get("waf_disabled"), ) ) - existing_group = client.connectors.update_connector_group(**existing_group).to_dict() + existing_group = client.connectors.update_connector_group( + **existing_group + ).to_dict() module.exit_json(changed=True, data=existing_group) else: """Create""" @@ -331,7 +347,9 @@ def core(module): dns_query_type=group.get("dns_query_type"), tcp_quick_ack_app=group.get("tcp_quick_ack_app"), tcp_quick_ack_assistant=group.get("tcp_quick_ack_assistant"), - tcp_quick_ack_read_assistant=group.get("tcp_quick_ack_read_assistant"), + tcp_quick_ack_read_assistant=group.get( + "tcp_quick_ack_read_assistant" + ), use_in_dr_mode=group.get("use_in_dr_mode"), pra_enabled=group.get("pra_enabled"), waf_disabled=group.get("waf_disabled"), diff --git a/plugins/modules/zpa_application_segment_browser_access.py b/plugins/modules/zpa_application_segment_browser_access.py index f97ddd7..b155237 100644 --- a/plugins/modules/zpa_application_segment_browser_access.py +++ b/plugins/modules/zpa_application_segment_browser_access.py @@ -179,7 +179,7 @@ elements: str required: True description: "List of domains and IPs." - clientless_apps: + clientless_app_ids: description: "" type: list elements: dict @@ -264,7 +264,7 @@ enabled: true health_reporting: ON_ACCESS bypass_type: NEVER - clientless_apps: + clientless_app_ids: - name: "crm.example.com" application_protocol: "HTTP" application_port: "8080" @@ -294,6 +294,7 @@ # The newly created browser access application segment resource record. """ +# Need to review resource to ensure update occurs successfully. from traceback import format_exc from ansible.module_utils._text import to_native @@ -309,7 +310,6 @@ ZPAClientHelper, ) - def core(module): state = module.params.get("state", None) client = ZPAClientHelper(module) @@ -320,7 +320,7 @@ def core(module): "enabled", "description", "bypass_type", - "clientless_apps", + "clientless_app_ids", "domain_names", "double_encrypt", "health_check_type", @@ -341,6 +341,7 @@ def core(module): ] for param_name in params: app[param_name] = module.params.get(param_name) + # Usage for tcp_keep_alive tcp_keep_alive = module.params.get("tcp_keep_alive") converted_tcp_keep_alive = convert_bool_to_str( @@ -400,8 +401,9 @@ def core(module): existing_app.update(app) existing_app["id"] = id - if state == "present": - if existing_app is not None: + if state == "present": + if existing_app is not None: + if differences_detected: """Update""" existing_app = deleteNone( dict( @@ -410,7 +412,7 @@ def core(module): description=existing_app.get("description", None), enabled=existing_app.get("enabled", None), bypass_type=existing_app.get("bypass_type", None), - clientless_app_ids=existing_app.get("clientless_apps", None), + clientless_app_ids=existing_app.get("clientless_app_ids", None), domain_names=existing_app.get("domain_names", None), double_encrypt=existing_app.get("double_encrypt", None), health_check_type=existing_app.get("health_check_type", None), @@ -443,6 +445,7 @@ def core(module): ), ) ) + module.warn("Prepared payload for update_segment: {}".format(existing_app)) app = client.app_segments.update_segment(**existing_app) module.exit_json(changed=True, data=app) else: @@ -456,7 +459,7 @@ def core(module): description=app.get("description", None), enabled=app.get("enabled", None), bypass_type=app.get("bypass_type", None), - clientless_app_ids=app.get("clientless_apps", None), + clientless_app_ids=app.get("clientless_app_ids", None), domain_names=app.get("domain_names", None), double_encrypt=app.get("double_encrypt", None), health_check_type=app.get("health_check_type", None), @@ -480,7 +483,7 @@ def core(module): ) ) app = client.app_segments.add_segment(**app) - module.exit_json(changed=False, data=app) + module.exit_json(changed=True, data=app) elif state == "absent" and existing_app is not None: code = client.app_segments.delete_segment( segment_id=existing_app.get("id"), force_delete=True @@ -536,7 +539,7 @@ def main(): udp_port_range=dict( type="list", elements="dict", options=port_spec, required=False ), - clientless_apps=dict( + clientless_app_ids=dict( type="list", elements="dict", options=dict( diff --git a/plugins/modules/zpa_application_server.py b/plugins/modules/zpa_application_server.py index fd883cf..5be228f 100644 --- a/plugins/modules/zpa_application_server.py +++ b/plugins/modules/zpa_application_server.py @@ -47,42 +47,35 @@ description: "" required: false type: str - name: - description: - - This field defines the name of the server to create. - required: True - type: str id: description: "" required: false type: str - address: - description: "" - required: true + name: + description: + - This field defines the name of the server. + required: True type: str - app_server_group_ids: + description: description: - - This field defines the list of server groups IDs. + - This field defines the description of the server. required: False - type: list - elements: str + type: str enabled: description: - This field defines the status of the server, true or false. required: False type: bool - description: - description: - - This field defines the description of the server to create. - required: False + address: + description: "This field defines the domain or IP address of the server" + required: True type: str - config_space: + app_server_group_ids: description: - - This field defines the type of the server, DEFAULT or SIEM. + - This field defines the list of server groups IDs required: False - type: str - default: "DEFAULT" - choices: ["DEFAULT", "SIEM"] + type: list + elements: str state: description: "Whether the app should be present or absent." type: str @@ -95,6 +88,7 @@ EXAMPLES = """ - name: Create Second Application Server zscaler.zpacloud.zpa_application_server: + provider: "{{ zpa_cloud }}" name: Example1 description: Example1 address: example.acme.com @@ -112,7 +106,7 @@ from ansible.module_utils._text import to_native from ansible.module_utils.basic import AnsibleModule from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import ( - deleteNone, + deleteNone, normalize_app ) from ansible_collections.zscaler.zpacloud.plugins.module_utils.zpa_client import ( ZPAClientHelper, @@ -130,12 +124,12 @@ def core(module): "address", "enabled", "app_server_group_ids", - "config_space", ] for param_name in params: server[param_name] = module.params.get(param_name, None) server_id = server.get("id", None) server_name = server.get("name", None) + existing_server = None if server_id is not None: server_box = client.servers.get_server(server_id=server_id) @@ -146,26 +140,44 @@ def core(module): for server_ in servers: if server_.get("name") == server_name: existing_server = server_ + break + + # Normalize and compare existing and desired application data + desired_app = normalize_app(server) + current_app = normalize_app(existing_server) if existing_server else {} + + fields_to_exclude = ["id"] + differences_detected = False + for key, value in desired_app.items(): + if key not in fields_to_exclude and current_app.get(key) != value: + differences_detected = True + module.warn( + f"Difference detected in {key}. Current: {current_app.get(key)}, Desired: {value}" + ) if existing_server is not None: id = existing_server.get("id") existing_server.update(server) existing_server["id"] = id + if state == "present": if existing_server is not None: - """Update""" - existing_server = deleteNone( - dict( - server_id=existing_server.get("id"), - name=existing_server.get("name"), - description=existing_server.get("description"), - address=existing_server.get("address"), - enabled=existing_server.get("enabled"), - app_server_group_ids=existing_server.get("app_server_group_ids"), - config_space=existing_server.get("config_space"), + if differences_detected: + """Update""" + existing_server = deleteNone( + dict( + server_id=existing_server.get("id"), + name=existing_server.get("name"), + description=existing_server.get("description"), + address=existing_server.get("address"), + enabled=existing_server.get("enabled"), + app_server_group_ids=existing_server.get("app_server_group_ids"), + ) ) - ) - existing_server = client.servers.update_server(**existing_server).to_dict() - module.exit_json(changed=True, data=existing_server) + existing_server = client.servers.update_server(**existing_server).to_dict() + module.exit_json(changed=True, data=existing_server) + else: + """No Changes Needed""" + module.exit_json(changed=False, data=existing_server) else: """Create""" server = deleteNone( @@ -175,7 +187,6 @@ def core(module): address=server.get("address"), enable=server.get("enable"), app_server_group_ids=server.get("app_server_group_ids"), - config_space=server.get("config_space"), ) ) server = client.servers.add_server(**server).to_dict() @@ -198,10 +209,9 @@ def main(): id=dict(type="str", required=False), name=dict(type="str", required=True), description=dict(type="str", required=False), - address=dict(type="str", required=True), - enabled=dict(type="bool", required=False), + address=dict(type="str", required=False), + enabled=dict(type="bool", default=True, required=False), app_server_group_ids=dict(type="list", elements="str", required=False), - config_space=dict(type="str", required=False), state=dict(type="str", choices=["present", "absent"], default="present"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) diff --git a/plugins/modules/zpa_policy_access_app_protection_rule.py b/plugins/modules/zpa_policy_access_app_protection_rule.py index 0d2e208..cfcd492 100644 --- a/plugins/modules/zpa_policy_access_app_protection_rule.py +++ b/plugins/modules/zpa_policy_access_app_protection_rule.py @@ -266,7 +266,9 @@ def core(module): "rule_id": existing_policy.get("id", None), "name": existing_policy.get("name", None), "description": existing_policy.get("description", None), - "action": existing_policy.get("action", "").upper() if existing_policy.get("action") else None, + "action": existing_policy.get("action", "").upper() + if existing_policy.get("action") + else None, "zpn_inspection_profile_id": existing_policy.get( "zpn_inspection_profile_id", None ), @@ -282,7 +284,9 @@ def core(module): new_policy = { "name": policy.get("name", None), "description": policy.get("description", None), - "action": policy.get("action", "").upper() if policy.get("action") else None, + "action": policy.get("action", "").upper() + if policy.get("action") + else None, "rule_order": policy.get("rule_order", None), "zpn_inspection_profile_id": policy.get( "zpn_inspection_profile_id", None diff --git a/plugins/modules/zpa_policy_access_isolation_rule.py b/plugins/modules/zpa_policy_access_isolation_rule.py index faa6b4d..04ef539 100644 --- a/plugins/modules/zpa_policy_access_isolation_rule.py +++ b/plugins/modules/zpa_policy_access_isolation_rule.py @@ -266,7 +266,9 @@ def core(module): "rule_id": existing_policy.get("id", None), "name": existing_policy.get("name", None), "description": existing_policy.get("description", None), - "action": existing_policy.get("action", "").upper() if existing_policy.get("action") else None, + "action": existing_policy.get("action", "").upper() + if existing_policy.get("action") + else None, "zpn_isolation_profile_id": existing_policy.get( "zpn_isolation_profile_id", None ), @@ -282,7 +284,9 @@ def core(module): new_policy = { "name": policy.get("name", None), "description": policy.get("description", None), - "action": policy.get("action", "").upper() if policy.get("action") else None, + "action": policy.get("action", "").upper() + if policy.get("action") + else None, "rule_order": policy.get("rule_order", None), "zpn_isolation_profile_id": policy.get( "zpn_isolation_profile_id", None diff --git a/plugins/modules/zpa_policy_access_rule.py b/plugins/modules/zpa_policy_access_rule.py index 5090ee3..dc2f835 100644 --- a/plugins/modules/zpa_policy_access_rule.py +++ b/plugins/modules/zpa_policy_access_rule.py @@ -350,7 +350,9 @@ def core(module): "name": existing_policy.get("name", None), "description": existing_policy.get("description", None), "rule_order": existing_policy.get("rule_order", None), - "action": existing_policy.get("action", "").upper() if existing_policy.get("action") else None, + "action": existing_policy.get("action", "").upper() + if existing_policy.get("action") + else None, "conditions": map_conditions(existing_policy.get("conditions", [])), "custom_msg": existing_policy.get("custom_msg", None), "app_connector_group_ids": existing_policy.get( @@ -368,7 +370,9 @@ def core(module): new_policy = { "name": policy.get("name", None), "description": policy.get("description", None), - "action": policy.get("action", "").upper() if policy.get("action") else None, + "action": policy.get("action", "").upper() + if policy.get("action") + else None, "rule_order": policy.get("rule_order", None), "conditions": map_conditions(policy.get("conditions", [])), "custom_msg": policy.get("custom_msg", None), diff --git a/plugins/modules/zpa_policy_forwarding_rule.py b/plugins/modules/zpa_policy_forwarding_rule.py index 044c1f6..5dfb172 100644 --- a/plugins/modules/zpa_policy_forwarding_rule.py +++ b/plugins/modules/zpa_policy_forwarding_rule.py @@ -311,7 +311,9 @@ def core(module): "rule_id": existing_policy.get("id", None), "name": existing_policy.get("name", None), "description": existing_policy.get("description", None), - "action": existing_policy.get("action", "").upper() if existing_policy.get("action") else None, + "action": existing_policy.get("action", "").upper() + if existing_policy.get("action") + else None, "conditions": map_conditions(existing_policy.get("conditions", [])), "rule_order": existing_policy.get("rule_order", None), } @@ -323,7 +325,9 @@ def core(module): new_policy = { "name": policy.get("name", None), "description": policy.get("description", None), - "action": policy.get("action", "").upper() if policy.get("action") else None, + "action": policy.get("action", "").upper() + if policy.get("action") + else None, "rule_order": policy.get("rule_order", None), "conditions": map_conditions(policy.get("conditions", [])), } diff --git a/plugins/modules/zpa_policy_timeout_rule.py b/plugins/modules/zpa_policy_timeout_rule.py index 9266d01..d8746f0 100644 --- a/plugins/modules/zpa_policy_timeout_rule.py +++ b/plugins/modules/zpa_policy_timeout_rule.py @@ -312,7 +312,9 @@ def core(module): "rule_id": existing_policy.get("id", None), "name": existing_policy.get("name", None), "description": existing_policy.get("description", None), - "action": existing_policy.get("action", "").upper() if existing_policy.get("action") else None, + "action": existing_policy.get("action", "").upper() + if existing_policy.get("action") + else None, "custom_msg": existing_policy.get("custom_msg", None), "conditions": map_conditions(existing_policy.get("conditions", [])), "rule_order": existing_policy.get("rule_order", None), @@ -325,7 +327,9 @@ def core(module): new_policy = { "name": policy.get("name", None), "description": policy.get("description", None), - "action": policy.get("action", "").upper() if policy.get("action") else None, + "action": policy.get("action", "").upper() + if policy.get("action") + else None, "custom_msg": policy.get("custom_msg", None), "rule_order": policy.get("rule_order", None), "conditions": map_conditions(policy.get("conditions", [])), diff --git a/plugins/modules/zpa_posture_profile_info.py b/plugins/modules/zpa_posture_profile_info.py index 3e19f11..b7b29b5 100644 --- a/plugins/modules/zpa_posture_profile_info.py +++ b/plugins/modules/zpa_posture_profile_info.py @@ -79,17 +79,12 @@ from ansible.module_utils._text import to_native from ansible.module_utils.basic import AnsibleModule +from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import ( + remove_cloud_suffix +) from ansible_collections.zscaler.zpacloud.plugins.module_utils.zpa_client import ( ZPAClientHelper, ) -import re - - -def remove_cloud_suffix(s: str) -> str: - reg = re.compile(r"(.*)[\s]+\([a-zA-Z0-9\-_\.]*\)[\s]*$") - res = reg.sub(r"\1", s) - return res.strip() - def core(module: AnsibleModule): profile_id = module.params.get("id", None) diff --git a/plugins/modules/zpa_segment_group.py b/plugins/modules/zpa_segment_group.py index 7765f39..b21ffdc 100644 --- a/plugins/modules/zpa_segment_group.py +++ b/plugins/modules/zpa_segment_group.py @@ -47,50 +47,34 @@ description: "" required: false type: str - application_ids: - description: "" - type: list - required: False - elements: str - config_space: - description: "" - type: str - required: False - default: DEFAULT - choices: ['DEFAULT', 'SIEM'] - description: - description: "" - type: str - required: False - enabled: - description: "" - type: bool - required: False id: - description: "" + description: "The unique identifier of the Segment Group" type: str name: - description: "" + description: "Name of the segment group" type: str required: True - policy_migrated: - description: "" - type: bool - required: False - tcp_keep_alive_enabled: - description: "" + description: + description: "Description of the segment group" type: str required: False + enabled: + description: "Whether this segment group is enabled or not" + type: bool + required: False state: - description: "" - type: str - choices: ['present', 'absent'] - default: present + description: "Whether the app should be present or absent." + type: str + choices: + - present + - absent + default: present """ EXAMPLES = """ - name: Create/Update/Delete a Segment Group zscaler.zpacloud.zpa_segment_group: + provider: "{{ zpa_cloud }}" name: Example Segment Group description: Example Segment Group enabled: true @@ -106,12 +90,13 @@ from ansible.module_utils._text import to_native from ansible.module_utils.basic import AnsibleModule -from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import deleteNone +from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import ( + deleteNone, normalize_app +) from ansible_collections.zscaler.zpacloud.plugins.module_utils.zpa_client import ( ZPAClientHelper, ) - def core(module): state = module.params.get("state", None) client = ZPAClientHelper(module) @@ -121,13 +106,12 @@ def core(module): "description", "enabled", "name", - "policy_migrated", - "tcp_keep_alive_enabled", ] for param_name in params: group[param_name] = module.params.get(param_name, None) group_id = group.get("id", None) group_name = group.get("name", None) + existing_group = None if group_id is not None: group_box = client.segment_groups.get_group(group_id=group_id) @@ -138,65 +122,65 @@ def core(module): for group_ in groups: if group_.get("name") == group_name: existing_group = group_ + break + + desired_app = normalize_app(group) + current_app = normalize_app(existing_group) if existing_group else {} + + fields_to_exclude = ["id"] + differences_detected = False + for key, value in desired_app.items(): + if key not in fields_to_exclude and current_app.get(key) != value: + differences_detected = True + module.warn( + f"Difference detected in {key}. Current: {current_app.get(key)}, Desired: {value}" + ) + if existing_group is not None: id = existing_group.get("id") existing_group.update(group) existing_group["id"] = id + if state == "present": if existing_group is not None: - """Update""" - existing_group = deleteNone( - dict( - group_id=existing_group.get("id"), - name=existing_group.get("name"), - description=existing_group.get("description"), - enabled=existing_group.get("enabled"), - policy_migrated=existing_group.get("policy_migrated"), - tcp_keep_alive_enabled=existing_group.get("tcp_keep_alive_enabled"), - # application_ids=group.get("application_ids"), - ) - ) - existing_group = client.segment_groups.update_group( - **existing_group - ).to_dict() - module.exit_json(changed=True, data=existing_group) + if differences_detected: + """Update""" + existing_group = deleteNone({ + "group_id": existing_group.get("id"), + "name": existing_group.get("name"), + "description": existing_group.get("description"), + "enabled": existing_group.get("enabled"), + }) + existing_group = client.segment_groups.update_group(**existing_group).to_dict() + module.exit_json(changed=True, data=existing_group) + else: + """No Changes Needed""" + module.exit_json(changed=False, data=existing_group) else: """Create""" - group = deleteNone( - dict( - name=group.get("name"), - description=group.get("description"), - enabled=group.get("enabled"), - policy_migrated=group.get("policy_migrated"), - tcp_keep_alive_enabled=group.get("tcp_keep_alive_enabled"), - # application_ids=group.get("application_ids"), - ) - ) + group = deleteNone({ + "name": group.get("name"), + "description": group.get("description"), + "enabled": group.get("enabled"), + }) group = client.segment_groups.add_group(**group).to_dict() module.exit_json(changed=True, data=group) - elif state == "absent": - if existing_group is not None: - code = client.segment_groups.delete_group(group_id=existing_group.get("id")) - if code > 299: - module.exit_json(changed=False, data=None) - module.exit_json(changed=True, data=existing_group) + elif state == "absent" and existing_group is not None and existing_group.get("id") is not None: + code = client.segment_groups.delete_group(group_id=existing_group.get("id")) + if code > 299: + module.exit_json(changed=False, data=None) + module.exit_json(changed=True, data=existing_group) module.exit_json(changed=False, data={}) + def main(): argument_spec = ZPAClientHelper.zpa_argument_spec() argument_spec.update( - # application_ids=dict( - # type="list", - # elements="str", - # required=False, - # ), description=dict(type="str", required=False), enabled=dict(type="bool", required=False, default=True), id=dict(type="str"), name=dict(type="str", required=True), - policy_migrated=dict(type="bool", required=False), - tcp_keep_alive_enabled=dict(type="str", required=False), state=dict(type="str", choices=["present", "absent"], default="present"), ) module = AnsibleModule(argument_spec=argument_spec, supports_check_mode=True) diff --git a/plugins/modules/zpa_server_group.py b/plugins/modules/zpa_server_group.py index df03fb0..345516f 100644 --- a/plugins/modules/zpa_server_group.py +++ b/plugins/modules/zpa_server_group.py @@ -90,15 +90,6 @@ required: false description: - List of server_group-connector ID objects. - config_space: - description: - - config space. - type: str - required: false - choices: - - DEFAULT - - SIEM - default: DEFAULT description: type: str required: False @@ -107,10 +98,6 @@ id: type: str description: "" - ip_anchored: - type: bool - required: False - description: "" state: description: - Whether the server group should be present or absent. @@ -125,6 +112,7 @@ EXAMPLES = """ - name: Create/Update/Delete a Server Group - Dynamic Discovery Off zscaler.zpacloud.zpa_server_group: + provider: "{{ zpa_cloud }}" name: "Example" description: "Example" enabled: false @@ -133,8 +121,6 @@ - id: "216196257331291921" server_ids: - id: "216196257331291921" - application_ids: - - id: "216196257331291921" """ RETURN = """ @@ -145,32 +131,31 @@ from ansible.module_utils._text import to_native from ansible.module_utils.basic import AnsibleModule -from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import deleteNone +from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import ( + deleteNone, normalize_app +) from ansible_collections.zscaler.zpacloud.plugins.module_utils.zpa_client import ( ZPAClientHelper, ) - def core(module): state = module.params.get("state", None) client = ZPAClientHelper(module) server_group = dict() params = [ "id", - # "ip_anchored", "name", - # "config_space", - "enabled", "description", + "enabled", "dynamic_discovery", "server_ids", - "application_ids", "app_connector_group_ids", ] for param_name in params: server_group[param_name] = module.params.get(param_name, None) group_id = server_group.get("id", None) group_name = server_group.get("name", None) + existing_server_group = None if group_id is not None: group_box = client.server_groups.get_group(group_id=group_id) @@ -181,47 +166,55 @@ def core(module): for group_ in groups: if group_.get("name") == group_name: existing_server_group = group_ + break + + desired_app = normalize_app(server_group) + current_app = normalize_app(existing_server_group) if existing_server_group else {} + + fields_to_exclude = ["id"] + differences_detected = False + for key, value in desired_app.items(): + if key not in fields_to_exclude and current_app.get(key) != value: + differences_detected = True + module.warn( + f"Difference detected in {key}. Current: {current_app.get(key)}, Desired: {value}" + ) + if existing_server_group is not None: id = existing_server_group.get("id") existing_server_group.update(server_group) existing_server_group["id"] = id + if state == "present": if existing_server_group is not None: - """Update""" - existing_server_group = deleteNone( - dict( - group_id=existing_server_group.get("id"), - app_connector_group_ids=existing_server_group.get( - "app_connector_group_ids" - ), - application_ids=existing_server_group.get("application_ids"), - # config_space=existing_server_group.get("config_space"), - description=existing_server_group.get("description"), - enabled=existing_server_group.get("enabled"), - # ip_anchored=existing_server_group.get("ip_anchored"), - dynamic_discovery=existing_server_group.get("dynamic_discovery"), - server_ids=existing_server_group.get("server_ids"), - ) - ) - server_group = client.server_groups.update_group(**existing_server_group) - module.exit_json(changed=True, data=server_group) + if differences_detected: + """Update""" + existing_server_group = deleteNone({ + "group_id": existing_server_group.get("id"), + "name": existing_server_group.get("name"), + "description": existing_server_group.get("description"), + "enabled": existing_server_group.get("enabled"), + "app_connector_group_ids": existing_server_group.get("app_connector_group_ids"), + "dynamic_discovery": existing_server_group.get("dynamic_discovery"), + "server_ids": existing_server_group.get("server_ids"), + }) + existing_server_group = client.server_groups.update_group(**existing_server_group) + module.exit_json(changed=True, data=existing_server_group) + else: + # No Changes Needed + module.exit_json(changed=False, data=existing_server_group) else: """Create""" - server_group = deleteNone( - dict( - name=server_group.get("name"), - app_connector_group_ids=server_group.get("app_connector_group_ids"), - application_ids=server_group.get("application_ids"), - # config_space=server_group.get("config_space"), - description=server_group.get("description"), - enabled=server_group.get("enabled"), - # ip_anchored=server_group.get("ip_anchored"), - dynamic_discovery=server_group.get("dynamic_discovery"), - server_ids=server_group.get("server_ids"), - ) - ) + server_group = deleteNone({ + "name": server_group.get("name"), + "app_connector_group_ids": server_group.get("app_connector_group_ids"), + "description": server_group.get("description"), + "enabled": server_group.get("enabled"), + "dynamic_discovery": server_group.get("dynamic_discovery"), + "server_ids": server_group.get("server_ids"), + }) server_group = client.server_groups.add_group(**server_group).to_dict() - module.exit_json(changed=False, data=server_group) + module.exit_json(changed=True, data=server_group) elif state == "absent" and existing_server_group is not None: code = client.server_groups.delete_group(existing_server_group.get("id")) if code > 299: @@ -230,20 +223,16 @@ def core(module): module.exit_json(changed=False, data={}) + def main(): argument_spec = ZPAClientHelper.zpa_argument_spec() argument_spec.update( id=dict(type="str"), - # ip_anchored=dict(type="bool", required=False), name=dict(type="str", required=True), - # config_space=dict( - # type="str", required=False, default="DEFAULT", choices=["DEFAULT", "SIEM"] - # ), - enabled=dict(type="bool", required=False), + enabled=dict(type="bool", required=False, default=True), description=dict(type="str", required=False), dynamic_discovery=dict(type="bool", required=False), server_ids=dict(type="list", elements="str", required=False), - application_ids=dict(type="list", elements="str", required=False), app_connector_group_ids=dict(type="list", elements="str", required=False), state=dict(type="str", choices=["present", "absent"], default="present"), ) diff --git a/plugins/modules/zpa_trusted_networks_info.py b/plugins/modules/zpa_trusted_networks_info.py index 4e1c90f..5f47305 100644 --- a/plugins/modules/zpa_trusted_networks_info.py +++ b/plugins/modules/zpa_trusted_networks_info.py @@ -79,17 +79,12 @@ from ansible.module_utils._text import to_native from ansible.module_utils.basic import AnsibleModule +from ansible_collections.zscaler.zpacloud.plugins.module_utils.utils import ( + remove_cloud_suffix +) from ansible_collections.zscaler.zpacloud.plugins.module_utils.zpa_client import ( ZPAClientHelper, ) -import re - - -def remove_cloud_suffix(s: str) -> str: - reg = re.compile(r"(.*)[\s]+\([a-zA-Z0-9\-_\.]*\)[\s]*$") - res = reg.sub(r"\1", s) - return res.strip() - def core(module: AnsibleModule): network_id = module.params.get("id", None) @@ -115,7 +110,8 @@ def core(module: AnsibleModule): networks = [network] if not network_found: module.fail_json( - msg="Failed to retrieve Trusted Network Name: '%s'" % (network_name) + msg="Failed to retrieve Trusted Network Name: '%s'" + % (network_name) ) module.exit_json(changed=False, data=networks) diff --git a/tests/integration/generate_random_string.yml b/tests/integration/generate_random_string.yml new file mode 100644 index 0000000..596a3c4 --- /dev/null +++ b/tests/integration/generate_random_string.yml @@ -0,0 +1,3 @@ +- name: Generate a random string + set_fact: + random_string: "{{ lookup('password', '/dev/null length=6 chars=ascii_letters') }}" diff --git a/tests/integration/helper_tasks/zpa_app_connector_group/create_app_connector_group.yml b/tests/integration/helper_tasks/zpa_app_connector_group/create_app_connector_group.yml new file mode 100644 index 0000000..f1c548f --- /dev/null +++ b/tests/integration/helper_tasks/zpa_app_connector_group/create_app_connector_group.yml @@ -0,0 +1,64 @@ +--- +- name: Set initial variables + ansible.builtin.set_fact: + name: test_zpa_app_connector_group + description: test_zpa_app_connector_group + enabled: true + city_country: California, US + country_code: US + latitude: "37.3382082" + longitude: "-121.8863286" + location: San Jose, CA, USA + upgrade_day: SUNDAY + upgrade_time_in_secs: "66600" + override_version_profile: true + version_profile_id: "2" + dns_query_type: "IPV4_IPV6" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../generate_random_string.yml" + +- ansible.builtin.set_fact: + acg_name: "{{ name }}_{{ random_string }}" + acg_description: "{{ description }}_{{ random_string }}" + +- block: + - name: Create Helper App Connector Group + zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" + state: present + name: "{{ acg_name }}" + description: "{{ acg_description }}" + enabled: "{{ enabled }}" + city_country: "{{ city_country }}" + country_code: "{{ country_code }}" + latitude: "{{ latitude }}" + longitude: "{{ longitude }}" + location: "{{ location }}" + upgrade_day: "{{ upgrade_day }}" + upgrade_time_in_secs: "{{ upgrade_time_in_secs }}" + override_version_profile: "{{ override_version_profile }}" + version_profile_id: "{{ version_profile_id }}" + dns_query_type: "{{ dns_query_type }}" + register: app_connector_group_id + + - name: Set App Connector Group ID as fact + ansible.builtin.set_fact: + app_connector_group_id: "{{ app_connector_group_id.data.id }}" diff --git a/tests/integration/helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml b/tests/integration/helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml new file mode 100644 index 0000000..e4556f5 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml @@ -0,0 +1,31 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: List all App Connector Groups + zscaler.zpacloud.zpa_app_connector_groups_info: + provider: "{{ zpa_cloud }}" + register: all_app_connector_groups + + - name: Delete all App Connector Groups 💥 + zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_app_connector_groups.data }}" + when: all_app_connector_groups.data is defined diff --git a/tests/integration/helper_tasks/zpa_app_connector_group/verify_app_connector_group.yml b/tests/integration/helper_tasks/zpa_app_connector_group/verify_app_connector_group.yml new file mode 100644 index 0000000..a671ea9 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_app_connector_group/verify_app_connector_group.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: Fetch the created App Connector Group + zscaler.zpacloud.zpa_app_connector_groups_info: + provider: "{{ zpa_cloud }}" + id: "{{ app_connector_group_id }}" # assuming you have the ID stored in this variable + register: fetched_acg + + - name: Verify App Connector Group attributes + assert: + that: + - "fetched_acg.data[0].name == acg_name" + - "fetched_acg.data[0].description == acg_description" + # - "fetched_acg.data.some_other_attribute == expected_value" + fail_msg: "Verification failed for App Connector Group!" + success_msg: "Verification successful for App Connector Group!" diff --git a/tests/integration/helper_tasks/zpa_ba_certificate_info/zpa_ba_certificate_info.yml b/tests/integration/helper_tasks/zpa_ba_certificate_info/zpa_ba_certificate_info.yml new file mode 100644 index 0000000..fe73a1f --- /dev/null +++ b/tests/integration/helper_tasks/zpa_ba_certificate_info/zpa_ba_certificate_info.yml @@ -0,0 +1,28 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: Fetch the browser access certificate + zscaler.zpacloud.zpa_ba_certificate_info: + provider: "{{ zpa_cloud }}" + name: "sales.bd-hashicorp.com" + register: ba_certificate + + - name: Set Certificate ID as fact + ansible.builtin.set_fact: + segment_group_id: "{{ ba_certificate.data[0].id }}" diff --git a/tests/integration/helper_tasks/zpa_enrollement_certificate/zpa_enrollement_certificate.yml b/tests/integration/helper_tasks/zpa_enrollement_certificate/zpa_enrollement_certificate.yml new file mode 100644 index 0000000..228c626 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_enrollement_certificate/zpa_enrollement_certificate.yml @@ -0,0 +1,38 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: Fetch Connector Certificate + zscaler.zpacloud.zpa_enrollement_certificate_info: + provider: "{{ zpa_cloud }}" + name: "Connector" + register: connector_cert_id + + - name: Set Connector Certificate ID as fact + ansible.builtin.set_fact: + connector_cert_id: "{{ connector_cert_id.data[0].id }}" + + - name: Fetch Service Edge Certificate + zscaler.zpacloud.zpa_enrollement_certificate_info: + provider: "{{ zpa_cloud }}" + name: "Service Edge" + register: service_edge_cert_id + + - name: Set Service Edge Certificate ID as fact + ansible.builtin.set_fact: + service_edge_cert_id: "{{ service_edge_cert_id.data[0].id }}" diff --git a/tests/integration/helper_tasks/zpa_segment_group/create_segment_group.yml b/tests/integration/helper_tasks/zpa_segment_group/create_segment_group.yml new file mode 100644 index 0000000..d8e1445 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_segment_group/create_segment_group.yml @@ -0,0 +1,44 @@ +--- +- name: Set initial variables + ansible.builtin.set_fact: + name: "test_zpa_segment_group" + description: "test_zpa_segment_group" + enabled: true + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../generate_random_string.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- block: + - name: Create Helper Segment Group + zscaler.zpacloud.zpa_segment_group: + provider: "{{ zpa_cloud }}" + state: present + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + register: segment_group_result + + - name: Set Segment Group ID as fact + ansible.builtin.set_fact: + segment_group_id: "{{ segment_group_result.data.id }}" diff --git a/tests/integration/helper_tasks/zpa_segment_group/delete_segment_group.yml b/tests/integration/helper_tasks/zpa_segment_group/delete_segment_group.yml new file mode 100644 index 0000000..89eaf54 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_segment_group/delete_segment_group.yml @@ -0,0 +1,31 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: List all Segment Groups + zscaler.zpacloud.zpa_segment_group_info: + provider: "{{ zpa_cloud }}" + register: all_segment_groups + + - name: Delete all Segment Groups 💥 + zscaler.zpacloud.zpa_segment_group: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_segment_groups.data }}" + when: all_segment_groups.data is defined diff --git a/tests/integration/helper_tasks/zpa_segment_group/verify_segment_group.yml b/tests/integration/helper_tasks/zpa_segment_group/verify_segment_group.yml new file mode 100644 index 0000000..ac45251 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_segment_group/verify_segment_group.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: Fetch the created Segment Group + zscaler.zpacloud.zpa_segment_group_info: + provider: "{{ zpa_cloud }}" + id: "{{ segment_group_id }}" + register: fetched_sg + + - name: Verify Segment Group attributes + assert: + that: + - "fetched_sg.data[0].name == appended_name" + - "fetched_sg.data[0].description == appended_description" + # - "fetched_sg.data.some_other_attribute == expected_value" + fail_msg: "Verification failed for Segment Group!" + success_msg: "Verification successful for Segment Group!" diff --git a/tests/integration/helper_tasks/zpa_server_group/create_server_group.yml b/tests/integration/helper_tasks/zpa_server_group/create_server_group.yml new file mode 100644 index 0000000..5227a78 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_server_group/create_server_group.yml @@ -0,0 +1,62 @@ +--- +- name: Set initial variables + ansible.builtin.set_fact: + name: "test_zpa_server_group" + description: "test_zpa_server_group" + enabled: true + dynamic_discovery: true + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../generate_random_string.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- name: Include task to create app connector group + ansible.builtin.include_tasks: "../zpa_app_connector_group/create_app_connector_group.yml" + vars: + acg_name: "test_zpa_app_connector_group_{{ random_string }}" + acg_description: "test_zpa_app_connector_group_{{ random_string }}" + +- name: Verify App Connector Group + ansible.builtin.include_tasks: "../zpa_app_connector_group/verify_app_connector_group.yml" + +- name: Check if app_connector_group_id is defined + fail: + msg: "app_connector_group_id is not defined or is empty" + when: app_connector_group_id is not defined or app_connector_group_id == '' + +- block: + - name: Create Helper Server Group + zscaler.zpacloud.zpa_server_group: + state: present + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + dynamic_discovery: "{{ dynamic_discovery }}" + app_connector_group_ids: + - "{{ app_connector_group_id }}" + register: server_group_result + + - name: Set Server Group ID as fact + ansible.builtin.set_fact: + server_group_id: "{{ server_group_result.data.id }}" diff --git a/tests/integration/helper_tasks/zpa_server_group/delete_server_group.yml b/tests/integration/helper_tasks/zpa_server_group/delete_server_group.yml new file mode 100644 index 0000000..9fd5353 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_server_group/delete_server_group.yml @@ -0,0 +1,31 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: List all Server Groups + zscaler.zpacloud.zpa_server_group_info: + provider: "{{ zpa_cloud }}" + register: all_server_groups + + - name: Delete all Server Groups 💥 + zscaler.zpacloud.zpa_server_group: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_server_groups.data }}" + when: all_server_groups.data is defined diff --git a/tests/integration/helper_tasks/zpa_server_group/verify_server_group.yml b/tests/integration/helper_tasks/zpa_server_group/verify_server_group.yml new file mode 100644 index 0000000..e925fcb --- /dev/null +++ b/tests/integration/helper_tasks/zpa_server_group/verify_server_group.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: Fetch the created Server Group + zscaler.zpacloud.zpa_server_group_info: + provider: "{{ zpa_cloud }}" + id: "{{ server_group_id }}" + register: fetched_sg + + - name: Verify Server Group attributes + assert: + that: + - "fetched_sg.data[0].name == appended_name" + - "fetched_sg.data[0].description == appended_description" + # - "fetched_sg.data.some_other_attribute == expected_value" + fail_msg: "Verification failed for Server Group!" + success_msg: "Verification successful for Server Group!" diff --git a/tests/integration/helper_tasks/zpa_service_edge_group/create_service_edge_group.yml b/tests/integration/helper_tasks/zpa_service_edge_group/create_service_edge_group.yml new file mode 100644 index 0000000..9d5bcd8 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_service_edge_group/create_service_edge_group.yml @@ -0,0 +1,64 @@ +--- +- name: Set initial variables + ansible.builtin.set_fact: + name: test_zpa_service_edge_group + description: test_zpa_service_edge_group + enabled: true + city_country: California, US + country_code: US + latitude: "37.3382082" + longitude: "-121.8863286" + location: San Jose, CA, USA + is_public: "TRUE" + upgrade_day: SUNDAY + upgrade_time_in_secs: "66600" + override_version_profile: true + version_profile_id: "2" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../generate_random_string.yml" + +- ansible.builtin.set_fact: + seg_name: "{{ name }}_{{ random_string }}" + seg_description: "{{ description }}_{{ random_string }}" + +- block: + - name: Create Helper Service Edge Group + zscaler.zpacloud.zpa_service_edge_groups: + provider: "{{ zpa_cloud }}" + state: present + name: "{{ seg_name }}" + description: "{{ seg_description }}" + enabled: "{{ enabled }}" + city_country: "{{ city_country }}" + country_code: "{{ country_code }}" + latitude: "{{ latitude }}" + longitude: "{{ longitude }}" + location: "{{ location }}" + is_public: "{{ is_public }}" + upgrade_day: "{{ upgrade_day }}" + upgrade_time_in_secs: "{{ upgrade_time_in_secs }}" + override_version_profile: "{{ override_version_profile }}" + version_profile_id: "{{ version_profile_id }}" + register: service_edge_group_id + + - name: Set Service Edge Group ID as fact + ansible.builtin.set_fact: + service_edge_group_id: "{{ service_edge_group_id.data.id }}" diff --git a/tests/integration/helper_tasks/zpa_service_edge_group/delete_service_edge_group.yml b/tests/integration/helper_tasks/zpa_service_edge_group/delete_service_edge_group.yml new file mode 100644 index 0000000..25958cf --- /dev/null +++ b/tests/integration/helper_tasks/zpa_service_edge_group/delete_service_edge_group.yml @@ -0,0 +1,31 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: List all Service Edge Groups + zscaler.zpacloud.zpa_service_edge_groups_info: + provider: "{{ zpa_cloud }}" + register: all_service_edge_groups + + - name: Delete all Service Edge Groups 💥 + zscaler.zpacloud.zpa_service_edge_groups: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_service_edge_groups.data }}" + when: all_service_edge_groups.data is defined diff --git a/tests/integration/helper_tasks/zpa_service_edge_group/verify_service_edge_group.yml b/tests/integration/helper_tasks/zpa_service_edge_group/verify_service_edge_group.yml new file mode 100644 index 0000000..96f2cf4 --- /dev/null +++ b/tests/integration/helper_tasks/zpa_service_edge_group/verify_service_edge_group.yml @@ -0,0 +1,33 @@ +--- +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: + - name: Fetch the created Service Edge Group + zscaler.zpacloud.zpa_service_edge_groups_info: + provider: "{{ zpa_cloud }}" + id: "{{ service_edge_group_id }}" # assuming you have the ID stored in this variable + register: fetched_seg + + - name: Verify Service Edge Group attributes + assert: + that: + - "fetched_seg.data[0].name == seg_name" + - "fetched_seg.data[0].description == seg_description" + # - "fetched_seg.data.some_other_attribute == expected_value" + fail_msg: "Verification failed for Service Edge Group!" + success_msg: "Verification successful for Service Edge Group!" diff --git a/tests/integration/integration_config.yml.template b/tests/integration/integration_config.yml.template deleted file mode 100644 index c05e038..0000000 --- a/tests/integration/integration_config.yml.template +++ /dev/null @@ -1,4 +0,0 @@ ---- -client_id: ${ZPA_CLIENT_ID} -client_secret: ${ZPA_CLIENT_SECRET} -customer_id: ${ZPA_CUSTOMER_ID} diff --git a/tests/integration/run_all_tests.yml b/tests/integration/run_all_tests.yml new file mode 100644 index 0000000..2755775 --- /dev/null +++ b/tests/integration/run_all_tests.yml @@ -0,0 +1,38 @@ +--- +- name: ZPA Integration Tests + hosts: localhost + gather_facts: false + tasks: + - name: Set up environment variables + ansible.builtin.set_fact: + zpa_cloud: + client_id: '{{ lookup("env", "ZPA_CLIENT_ID") }}' + client_secret: '{{ lookup("env", "ZPA_CLIENT_SECRET") | default(omit) }}' + customer_id: '{{ lookup("env", "ZPA_CUSTOMER_ID") | default(omit) }}' + cloud: '{{ lookup("env", "ZPA_CLOUD") | default(omit) }}' + + # - name: Run initial sweep to clean tenant + # include_tasks: ./sweep.yml + + - name: Running ZPA Integration Tests + ansible.builtin.include_tasks: "{{ item }}" + loop: + # - targets/zpa_app_connector_groups/tasks/main.yml + # - targets/zpa_service_edge_groups/tasks/main.yml + # - targets/zpa_application_segment/tasks/main.yml + # - targets/zpa_application_segment_browser_access/tasks/main.yml + # - targets/zpa_application_server/tasks/main.yml + # - targets/zpa_segment_group/tasks/main.yml + # - targets/zpa_server_group/tasks/main.yml + # - targets/zpa_ba_certificate_info/tasks/main.yml + # - targets/zpa_enrollement_certificate_info/tasks/main.yml + # - targets/zpa_machine_group_info/tasks/main.yml + # - targets/zpa_posture_profile_info/tasks/main.yml + # - targets/zpa_trusted_networks_info/tasks/main.yml + # - targets/zpa_provisioning_key/tasks/main.yml + # - targets/zpa_saml_attribute_info/tasks/main.yml + # - targets/zpa_scim_attribute_header_info/tasks/main.yml + - targets/zpa_idp_controller_info/tasks/main.yml + + # - name: Run final sweep to clean tenant + # ansible.builtin.include_tasks: ./sweep.yml diff --git a/tests/integration/sweep.yml b/tests/integration/sweep.yml new file mode 100644 index 0000000..47f878b --- /dev/null +++ b/tests/integration/sweep.yml @@ -0,0 +1,73 @@ +--- +- name: List all Application Segments + zscaler.zpacloud.zpa_application_segment_info: + provider: "{{ zpa_cloud }}" + register: all_application_segments + +- name: Delete all Application Segments 💥 + zscaler.zpacloud.zpa_application_segment: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_application_segments.data }}" + when: all_application_segments.data is defined + +- name: List all Server Groups + zscaler.zpacloud.zpa_server_group_info: + provider: "{{ zpa_cloud }}" + register: all_server_groups + +- name: Delete all Server Groups 💥 + zscaler.zpacloud.zpa_server_group: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_server_groups.data }}" + when: all_server_groups.data is defined + +- name: List all App Connector Groups + zscaler.zpacloud.zpa_app_connector_groups_info: + provider: "{{ zpa_cloud }}" + register: all_app_connector_groups + +- name: Delete all App Connector Groups 💥 + zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_app_connector_groups.data }}" + when: all_app_connector_groups.data is defined + +- name: List all Segment Groups + zscaler.zpacloud.zpa_segment_group_info: + provider: "{{ zpa_cloud }}" + register: all_segment_groups + +- name: Delete all Segment Groups 💥 + zscaler.zpacloud.zpa_segment_group: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ item.name }}" + loop: "{{ all_segment_groups.data }}" + when: all_segment_groups.data is defined + +- name: Set fact for each task status + ansible.builtin.set_fact: + application_segments_failed: "{{ all_application_segments.failed | default(false) }}" + server_groups_failed: "{{ all_server_groups.failed | default(false) }}" + app_connector_groups_failed: "{{ all_app_connector_groups.failed | default(false) }}" + segment_groups_failed: "{{ all_segment_groups.failed | default(false) }}" + +- name: Set fact for overall status + ansible.builtin.set_fact: + sweep_successful: "{{ not (application_segments_failed or server_groups_failed or app_connector_groups_failed or segment_groups_failed) }}" + +- name: Print success message ✅ + ansible.builtin.debug: + msg: "Tenant sweep successfully completed!" + when: sweep_successful + +- name: Print failure message ❌ + ansible.builtin.debug: + msg: "Tenant sweep incomplete. Please check the above logs for errors." + when: not sweep_successful diff --git a/tests/integration/targets/zpa_app_connector_controller_info/defaults/main.yml b/tests/integration/targets/zpa_app_connector_controller_info/defaults/main.yml index e69de29..23d65c7 100644 --- a/tests/integration/targets/zpa_app_connector_controller_info/defaults/main.yml +++ b/tests/integration/targets/zpa_app_connector_controller_info/defaults/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_app_connector_groups/defaults/main.yml b/tests/integration/targets/zpa_app_connector_groups/defaults/main.yml index a38128c..3fd655c 100644 --- a/tests/integration/targets/zpa_app_connector_groups/defaults/main.yml +++ b/tests/integration/targets/zpa_app_connector_groups/defaults/main.yml @@ -1,13 +1,14 @@ -name: san_jose -description: san_jose +--- +name: test_zpa_app_connector_group +description: test_zpa_app_connector_group enabled: true city_country: California, US country_code: US -latitude: 37.3382082 -longitude: -121.8863286 +latitude: "37.3382082" +longitude: "-121.8863286" location: San Jose, CA, USA upgrade_day: SUNDAY -upgrade_time_in_secs: 66600 +upgrade_time_in_secs: "66600" override_version_profile: true -version_profile_id: "1" -dns_query_type: "IPV4_IPV6" \ No newline at end of file +version_profile_id: "2" +dns_query_type: "IPV4_IPV6" diff --git a/tests/integration/targets/zpa_app_connector_groups/meta/main.yml b/tests/integration/targets/zpa_app_connector_groups/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_app_connector_groups/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_app_connector_groups/tasks/main.yml b/tests/integration/targets/zpa_app_connector_groups/tasks/main.yml index 29bcc10..54b4f65 100644 --- a/tests/integration/targets/zpa_app_connector_groups/tasks/main.yml +++ b/tests/integration/targets/zpa_app_connector_groups/tasks/main.yml @@ -1,49 +1,59 @@ --- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: - name: Ensure App Connector Group is absent (leftover) zscaler.zpacloud.zpa_app_connector_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: absent - name: "{{ name }}" - ignore_errors: true # In case one was left from previous run + name: "{{ appended_name }}" register: result - name: Ensure App Connector Group is absent zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" + name: "{{ appended_name }}" register: result - name: Verify App Connector Group is absent ansible.builtin.assert: that: - not result.changed + - result.data is defined - # Create App Connector Groups (Present) - name: Ensure App Connector Group is (Present) zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" city_country: "{{ city_country }}" country_code: "{{ country_code }}" @@ -57,23 +67,21 @@ dns_query_type: "{{ dns_query_type }}" register: result - - name: Verify app connector group is present + - name: Verify App Connector Group is present ansible.builtin.assert: that: - - not result.changed + - result.changed - result.data is defined - result.data.name is defined - - result.data.name == name + - result.data.name == appended_name - result.data.enabled == true - name: Create the App Connector Group (again; idempotency check) zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" city_country: "{{ city_country }}" country_code: "{{ country_code }}" @@ -87,16 +95,14 @@ dns_query_type: "{{ dns_query_type }}" register: result - - name: Verify App Connector Group is absent (from absent) + - name: Ensure App Connector Group is absent (idempotency check) ansible.builtin.assert: that: - result.changed - name: Fetch all App Connector Groups zscaler.zpacloud.zpa_app_connector_groups_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result - name: Ensure all App Connector Groups found @@ -107,10 +113,8 @@ - name: Fetch this App Connector Group zscaler.zpacloud.zpa_app_connector_groups_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result - name: Ensure this App Connector Group is found @@ -119,16 +123,14 @@ - not result.changed - result.data is defined - result.data[0].name is defined - - result.data[0].name == name + - result.data[0].name == appended_name - result.data[0].enabled == true - name: Delete App Connector Group zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" + name: "{{ appended_name }}" register: result - name: Verify App Connector Group is Deleted @@ -138,14 +140,13 @@ - name: Delete App Connector Group (again; idempotency check) zscaler.zpacloud.zpa_app_connector_groups: + provider: "{{ zpa_cloud }}" state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" + name: "{{ appended_name }}" register: result - name: Verify App Connector Group is absent ansible.builtin.assert: that: - - not result.changed \ No newline at end of file + - not result.changed + - result.data is defined diff --git a/tests/integration/targets/zpa_app_connector_groups_info/aliases b/tests/integration/targets/zpa_app_connector_groups_info/aliases deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_app_connector_groups_info/tasks/main.yml b/tests/integration/targets/zpa_app_connector_groups_info/tasks/main.yml deleted file mode 100644 index d5d012f..0000000 --- a/tests/integration/targets/zpa_app_connector_groups_info/tasks/main.yml +++ /dev/null @@ -1,23 +0,0 @@ ---- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - name: Gather App Connector Group Information - zscaler.zpacloud.zpa_app_connector_groups_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - register: result - - name: Verify app connector group info fetched - ansible.builtin.assert: - that: - - not result.changed - - result.data is defined \ No newline at end of file diff --git a/tests/integration/targets/zpa_application_segment/defaults/main.yml b/tests/integration/targets/zpa_application_segment/defaults/main.yml index be0492d..9752259 100644 --- a/tests/integration/targets/zpa_application_segment/defaults/main.yml +++ b/tests/integration/targets/zpa_application_segment/defaults/main.yml @@ -1,12 +1,33 @@ -name: Dummy Application for integration test -description: Dummy Application for integration test +--- +name: test_zpa_application_segment +description: test_zpa_application_segment enabled: true +double_encrypt: false +is_cname_enabled: true +tcp_keep_alive: true +passive_health_enabled: true +select_connector_close_to_app: false +ip_anchored: false +use_in_dr_mode: false +is_incomplete_dr_config: false +inspect_traffic_with_zia: false +adp_enabled: false +health_check_type: "DEFAULT" health_reporting: ON_ACCESS bypass_type: NEVER -is_cname_enabled: true +icmp_access_type: false + tcp_port_range: - from: "80" to: "80" + - from: "443" + to: "443" + +udp_port_range: + - from: "80" + to: "80" + - from: "443" + to: "443" domain_names: - crm1.example.com - crm2.example.com diff --git a/tests/integration/targets/zpa_application_segment/meta/main.yml b/tests/integration/targets/zpa_application_segment/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_application_segment/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_application_segment/tasks/main.yml b/tests/integration/targets/zpa_application_segment/tasks/main.yml index 274a8bb..37a41d2 100644 --- a/tests/integration/targets/zpa_application_segment/tasks/main.yml +++ b/tests/integration/targets/zpa_application_segment/tasks/main.yml @@ -1,287 +1,260 @@ ---- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- name: Create segment group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_segment_group/create_segment_group.yml" + +- name: Verify segment group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_segment_group/verify_segment_group.yml" + +- name: Create server group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_server_group/create_server_group.yml" + +- name: Verify server group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_server_group/verify_server_group.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - name: Ensure Application Segment is absent (leftover) zscaler.zpacloud.zpa_application_segment: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" health_reporting: "{{ health_reporting }}" bypass_type: "{{ bypass_type }}" - is_cname_enabled: "{{ is_cname_enabled }}" + icmp_access_type: "{{ icmp_access_type }}" tcp_port_range: "{{ tcp_port_range }}" domain_names: "{{ domain_names }}" - segment_group_id: "216196257331291896" - server_groups: - - id: "216196257331291969" - ignore_errors: true # In case one was left from previous run + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" register: result + - name: Ensure Application Segment is absent zscaler.zpacloud.zpa_application_segment: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" health_reporting: "{{ health_reporting }}" bypass_type: "{{ bypass_type }}" - is_cname_enabled: "{{ is_cname_enabled }}" + icmp_access_type: "{{ icmp_access_type }}" tcp_port_range: "{{ tcp_port_range }}" domain_names: "{{ domain_names }}" - segment_group_id: "216196257331291896" - server_groups: - - id: "216196257331291969" - ignore_errors: true # In case one was left from previous run + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" register: result + - name: Verify Application Segment is absent ansible.builtin.assert: that: - not result.changed - - name: Create a segment group - zscaler.zpacloud.zpa_segment_group: - state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "DEFAULT" - name: Dummy Application group for integration test - description: Dummy Application group for integration test - enabled: true - policy_migrated: true - tcp_keep_alive_enabled: "1" - register: segment_group - - name: Verify Application Segment group is created - ansible.builtin.assert: - that: - - segment_group.data - - segment_group.data.name is defined - - segment_group.data.id is defined - - segment_group.data.enabled is true - - name: Create the App Connector Group - zscaler.zpacloud.zpa_app_connector_groups: - state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Dummy Application connector group for integration test" - description: "Dummy Application connector group for integration test" - enabled: true - city_country: California, US - country_code: US - latitude: 37.3382082 - longitude: -121.8863286 - location: San Jose, CA, USA - upgrade_day: SUNDAY - upgrade_time_in_secs: 66600 - override_version_profile: true - version_profile_id: "1" - dns_query_type: "IPV4" - register: app_connector_group - - name: Verify Application connector group is created - ansible.builtin.assert: - that: - - app_connector_group.data - - app_connector_group.data.name is defined - - app_connector_group.data.id is defined - - app_connector_group.data.enabled is true - - name: Create a server group - zscaler.zpacloud.zpa_server_group: - state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Dummy server group for integration test" - description: "Dummy server group for integration test" - enabled: true - dynamic_discovery: true - app_connector_groups: - - id: "{{app_connector_group.data.id}}" - register: server_group - - name: Verify Server group is created - ansible.builtin.assert: - that: - - server_group.data - - server_group.data.name is defined - - server_group.data.id is defined - - server_group.data.enabled is true + # Create Application Segments (Present) - name: Ensure Application Segment is (Present) zscaler.zpacloud.zpa_application_segment: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" health_reporting: "{{ health_reporting }}" bypass_type: "{{ bypass_type }}" - is_cname_enabled: "{{ is_cname_enabled }}" + icmp_access_type: "{{ icmp_access_type }}" tcp_port_range: "{{ tcp_port_range }}" domain_names: "{{ domain_names }}" - segment_group_id: "{{ segment_group.data.id }}" - server_groups: - - id: "{{ server_group.data.id }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" register: result + - name: Verify Application Segment is present ansible.builtin.assert: that: - result.data - result.data.name is defined - result.data.enabled is true + - name: Create the Application Segment (again; idempotency check) zscaler.zpacloud.zpa_application_segment: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" health_reporting: "{{ health_reporting }}" bypass_type: "{{ bypass_type }}" - is_cname_enabled: "{{ is_cname_enabled }}" + icmp_access_type: "{{ icmp_access_type }}" tcp_port_range: "{{ tcp_port_range }}" domain_names: "{{ domain_names }}" - segment_group_id: "{{ segment_group.data.id }}" - server_groups: - - id: "{{ server_group.data.id }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" register: result + - name: Verify Application Segment is present (again; idempotency check) ansible.builtin.assert: that: - - result.changed + - not result.changed + - name: Fetch all Application Segments zscaler.zpacloud.zpa_application_segment_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result + - name: Ensure all Application Segments found ansible.builtin.assert: that: - not result.changed - result.data[0] is defined + - name: Give the ZPA Cloud a 5 seconds to settle ansible.builtin.pause: seconds: 5 + - name: Delete Application Segment zscaler.zpacloud.zpa_application_segment: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" health_reporting: "{{ health_reporting }}" bypass_type: "{{ bypass_type }}" - is_cname_enabled: "{{ is_cname_enabled }}" + icmp_access_type: "{{ icmp_access_type }}" tcp_port_range: "{{ tcp_port_range }}" domain_names: "{{ domain_names }}" - segment_group_id: "{{ segment_group.data.id }}" - server_groups: - - id: "{{ server_group.data.id }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" register: result + - name: Verify Application Segment is absent ansible.builtin.assert: that: - result.changed + - name: Delete Application Segment (again; idempotency check) zscaler.zpacloud.zpa_application_segment: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" health_reporting: "{{ health_reporting }}" bypass_type: "{{ bypass_type }}" - is_cname_enabled: "{{ is_cname_enabled }}" + icmp_access_type: "{{ icmp_access_type }}" tcp_port_range: "{{ tcp_port_range }}" domain_names: "{{ domain_names }}" - segment_group_id: "{{ segment_group.data.id }}" - server_groups: - - id: "{{ server_group.data.id }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" register: result + - name: Verify Application Segment is absent ansible.builtin.assert: that: - not result.changed - - name: Delete Segment Group - zscaler.zpacloud.zpa_segment_group: - state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "DEFAULT" - name: "{{ segment_group.data.name }}" - description: Dummy Application group for integration test - enabled: true - policy_migrated: true - tcp_keep_alive_enabled: "1" - id: "{{ segment_group.data.id }}" - register: result - - name: Verify Segment Group is absent - ansible.builtin.assert: - that: - - result.changed - - name: Delete Server Group - zscaler.zpacloud.zpa_server_group: - state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Dummy server group for integration test" - description: "Dummy server group for integration test" - enabled: true - dynamic_discovery: true - id: "{{ server_group.data.id }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" - register: result - - name: Verify Server Group is absent - ansible.builtin.assert: - that: - - result.changed - - name: Delete App connector Group - zscaler.zpacloud.zpa_app_connector_groups: - state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{app_connector_group.data.name}}" - id: "{{app_connector_group.data.id}}" - description: "Dummy Application connector group for integration test" - enabled: true - city_country: California, US - country_code: US - latitude: 37.3382082 - longitude: -121.8863286 - location: San Jose, CA, USA - upgrade_day: SUNDAY - upgrade_time_in_secs: 66600 - override_version_profile: true - version_profile_id: "1" - dns_query_type: "IPV4" - register: result - - name: Verify App connector Group is absent - ansible.builtin.assert: - that: - - result.changed + +- name: Clean up segment group + include_tasks: "../../../helper_tasks/zpa_segment_group/delete_segment_group.yml" + +- name: Clean up server group + include_tasks: "../../../helper_tasks/zpa_server_group/delete_server_group.yml" + +- name: Clean up App Connector group + include_tasks: "../../../helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml" diff --git a/tests/integration/targets/zpa_application_segment_browser_access/defaults/main.yml b/tests/integration/targets/zpa_application_segment_browser_access/defaults/main.yml index e69de29..ebcaee3 100644 --- a/tests/integration/targets/zpa_application_segment_browser_access/defaults/main.yml +++ b/tests/integration/targets/zpa_application_segment_browser_access/defaults/main.yml @@ -0,0 +1,30 @@ +--- +name: test_zpa_ba_application_segment +description: test_zpa_ba_application_segment +enabled: true +double_encrypt: false +is_cname_enabled: true +tcp_keep_alive: true +passive_health_enabled: true +select_connector_close_to_app: false +ip_anchored: false +use_in_dr_mode: false +is_incomplete_dr_config: false +inspect_traffic_with_zia: false +adp_enabled: false +health_check_type: "DEFAULT" +health_reporting: ON_ACCESS +bypass_type: NEVER +icmp_access_type: false +clientless_app_ids: + - name: "sales.bd-hashicorp.com" + application_protocol: "HTTPS" + application_port: "443" + trust_untrusted_cert: true + enabled: true + domain: "sales.bd-hashicorp.com" +tcp_port_range: + - from: "443" + to: "443" +domain_names: + - sales.bd-hashicorp.com diff --git a/tests/integration/targets/zpa_application_segment_browser_access/meta/main.yml b/tests/integration/targets/zpa_application_segment_browser_access/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_application_segment_browser_access/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_application_segment_browser_access/tasks/main.yml b/tests/integration/targets/zpa_application_segment_browser_access/tasks/main.yml index 350dcca..0f882b2 100644 --- a/tests/integration/targets/zpa_application_segment_browser_access/tasks/main.yml +++ b/tests/integration/targets/zpa_application_segment_browser_access/tasks/main.yml @@ -1,12 +1,320 @@ ---- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- name: Create segment group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_segment_group/create_segment_group.yml" + +- name: Verify segment group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_segment_group/verify_segment_group.yml" + +- name: Create server group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_server_group/create_server_group.yml" + +- name: Verify server group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_server_group/verify_server_group.yml" + +- name: Import Certificate ID + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_ba_certificate_info/zpa_ba_certificate_info.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 \ No newline at end of file + - name: Ensure Browser Access Application Segment is absent (leftover) + zscaler.zpacloud.zpa_application_segment_browser_access: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" + health_reporting: "{{ health_reporting }}" + bypass_type: "{{ bypass_type }}" + icmp_access_type: "{{ icmp_access_type }}" + tcp_port_range: "{{ tcp_port_range }}" + domain_names: "{{ domain_names }}" + clientless_app_ids: + - name: "{{ clientless_app_ids[0].name }}" + application_protocol: "{{ clientless_app_ids[0].application_protocol }}" + application_port: "{{ clientless_app_ids[0].application_port }}" + certificate_id: "{{ ba_certificate }}" + trust_untrusted_cert: "{{ clientless_app_ids[0].trust_untrusted_cert }}" + enabled: "{{ clientless_app_ids[0].enabled }}" + domain: "{{ clientless_app_ids[0].domain }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" + register: result + + - name: Ensure Browser Access Application Segment is absent + zscaler.zpacloud.zpa_application_segment_browser_access: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" + health_reporting: "{{ health_reporting }}" + bypass_type: "{{ bypass_type }}" + icmp_access_type: "{{ icmp_access_type }}" + tcp_port_range: "{{ tcp_port_range }}" + domain_names: "{{ domain_names }}" + clientless_app_ids: + - name: "{{ clientless_app_ids[0].name }}" + application_protocol: "{{ clientless_app_ids[0].application_protocol }}" + application_port: "{{ clientless_app_ids[0].application_port }}" + certificate_id: "{{ ba_certificate }}" + trust_untrusted_cert: "{{ clientless_app_ids[0].trust_untrusted_cert }}" + enabled: "{{ clientless_app_ids[0].enabled }}" + domain: "{{ clientless_app_ids[0].domain }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" + register: result + + - name: Verify Application Segment is absent + ansible.builtin.assert: + that: + - not result.changed + + # Create Browser Access Application Segments (Present) + - name: Ensure Browser Access Application Segment is (Present) + zscaler.zpacloud.zpa_application_segment_browser_access: + state: present + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" + health_reporting: "{{ health_reporting }}" + bypass_type: "{{ bypass_type }}" + icmp_access_type: "{{ icmp_access_type }}" + tcp_port_range: "{{ tcp_port_range }}" + domain_names: "{{ domain_names }}" + clientless_app_ids: + - name: "{{ clientless_app_ids[0].name }}" + application_protocol: "{{ clientless_app_ids[0].application_protocol }}" + application_port: "{{ clientless_app_ids[0].application_port }}" + certificate_id: "{{ ba_certificate }}" + trust_untrusted_cert: "{{ clientless_app_ids[0].trust_untrusted_cert }}" + enabled: "{{ clientless_app_ids[0].enabled }}" + domain: "{{ clientless_app_ids[0].domain }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" + register: result + + - name: Debug - Show appended_name + debug: + var: appended_name + + - name: Debug - Show result.data + debug: + var: result.data + + - name: Verify Browser Access Application Segment is present + ansible.builtin.assert: + that: + - result is defined + - result.data is defined and result.data is not none and result.data | length > 0 + - "result.data[0].name is defined and result.data[0].name == appended_name" + - "result.data[0].enabled is defined and result.data[0].enabled" + fail_msg: "Expected segment is not present or doesn't match the expected state." + + - name: Create the Browser Access Application Segment (again; idempotency check) + zscaler.zpacloud.zpa_application_segment_browser_access: + state: present + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" + health_reporting: "{{ health_reporting }}" + bypass_type: "{{ bypass_type }}" + icmp_access_type: "{{ icmp_access_type }}" + tcp_port_range: "{{ tcp_port_range }}" + domain_names: "{{ domain_names }}" + clientless_app_ids: + - name: "{{ clientless_app_ids[0].name }}" + application_protocol: "{{ clientless_app_ids[0].application_protocol }}" + application_port: "{{ clientless_app_ids[0].application_port }}" + certificate_id: "{{ ba_certificate }}" + trust_untrusted_cert: "{{ clientless_app_ids[0].trust_untrusted_cert }}" + enabled: "{{ clientless_app_ids[0].enabled }}" + domain: "{{ clientless_app_ids[0].domain }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" + register: result + + - name: Verify Browser Access Application Segment is present (again; idempotency check) + ansible.builtin.assert: + that: + - not result.changed + + - name: Fetch all Browser Access Application Segments + zscaler.zpacloud.zpa_application_segment_browser_access_info: + provider: "{{ zpa_cloud }}" + register: result + - name: Ensure all Browser Access Application Segments found + ansible.builtin.assert: + that: + - not result.changed + - result.data[0] is defined + + - name: Give the ZPA Cloud a 5 seconds to settle + ansible.builtin.pause: + seconds: 5 + + - name: Delete Browser Access Application Segment + zscaler.zpacloud.zpa_application_segment_browser_access: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" + health_reporting: "{{ health_reporting }}" + bypass_type: "{{ bypass_type }}" + icmp_access_type: "{{ icmp_access_type }}" + tcp_port_range: "{{ tcp_port_range }}" + domain_names: "{{ domain_names }}" + clientless_app_ids: + - name: "{{ clientless_app_ids[0].name }}" + application_protocol: "{{ clientless_app_ids[0].application_protocol }}" + application_port: "{{ clientless_app_ids[0].application_port }}" + certificate_id: "{{ ba_certificate }}" + trust_untrusted_cert: "{{ clientless_app_ids[0].trust_untrusted_cert }}" + enabled: "{{ clientless_app_ids[0].enabled }}" + domain: "{{ clientless_app_ids[0].domain }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" + register: result + + - name: Verify Browser Access Application Segment is absent + ansible.builtin.assert: + that: + - result.changed + + - name: Delete Browser Access Application Segment (again; idempotency check) + zscaler.zpacloud.zpa_application_segment_browser_access: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + double_encrypt: "{{ double_encrypt }}" + is_cname_enabled: "{{ is_cname_enabled }}" + tcp_keep_alive: "{{ tcp_keep_alive }}" + passive_health_enabled: "{{ passive_health_enabled }}" + select_connector_close_to_app: "{{ select_connector_close_to_app }}" + ip_anchored: "{{ ip_anchored }}" + use_in_dr_mode: "{{ use_in_dr_mode }}" + is_incomplete_dr_config: "{{ is_incomplete_dr_config }}" + inspect_traffic_with_zia: "{{ inspect_traffic_with_zia }}" + adp_enabled: "{{ adp_enabled }}" + health_check_type: "{{ health_check_type }}" + health_reporting: "{{ health_reporting }}" + bypass_type: "{{ bypass_type }}" + icmp_access_type: "{{ icmp_access_type }}" + tcp_port_range: "{{ tcp_port_range }}" + domain_names: "{{ domain_names }}" + clientless_app_ids: + - name: "{{ clientless_app_ids[0].name }}" + application_protocol: "{{ clientless_app_ids[0].application_protocol }}" + application_port: "{{ clientless_app_ids[0].application_port }}" + certificate_id: "{{ ba_certificate }}" + trust_untrusted_cert: "{{ clientless_app_ids[0].trust_untrusted_cert }}" + enabled: "{{ clientless_app_ids[0].enabled }}" + domain: "{{ clientless_app_ids[0].domain }}" + segment_group_id: "{{ segment_group_id }}" + server_group_ids: + - "{{ server_group_id }}" + register: result + + - name: Verify Browser Access Application Segment is absent + ansible.builtin.assert: + that: + - not result.changed + +- name: Clean up segment group + include_tasks: "../../../helper_tasks/zpa_segment_group/delete_segment_group.yml" + +- name: Clean up server group + include_tasks: "../../../helper_tasks/zpa_server_group/delete_server_group.yml" + +- name: Clean up App Connector group + include_tasks: "../../../helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml" diff --git a/tests/integration/targets/zpa_application_segment_info/aliases b/tests/integration/targets/zpa_application_segment_info/aliases deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_application_segment_info/defaults/main.yml b/tests/integration/targets/zpa_application_segment_info/defaults/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_application_segment_info/tasks/main.yml b/tests/integration/targets/zpa_application_segment_info/tasks/main.yml deleted file mode 100644 index 6c6164a..0000000 --- a/tests/integration/targets/zpa_application_segment_info/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Gather Application Segment Information - zscaler.zpacloud.zpa_application_segment_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - register: result - - - name: Verify application segment info fetched - ansible.builtin.assert: - that: - - not result.changed - - result.data is defined diff --git a/tests/integration/targets/zpa_application_server/defaults/main.yml b/tests/integration/targets/zpa_application_server/defaults/main.yml index d0f5078..3132d07 100644 --- a/tests/integration/targets/zpa_application_server/defaults/main.yml +++ b/tests/integration/targets/zpa_application_server/defaults/main.yml @@ -1,5 +1,4 @@ -name: Dummy Application for integration test -description: Dummy Application for integration test +name: test_zpa_application_server +description: test_zpa_application_server enabled: true address: "192.168.1.1" -config_space: DEFAULT \ No newline at end of file diff --git a/tests/integration/targets/zpa_application_server/meta/main.yml b/tests/integration/targets/zpa_application_server/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_application_server/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_application_server/tasks/main.yml b/tests/integration/targets/zpa_application_server/tasks/main.yml index 6ef76bb..1d22b88 100644 --- a/tests/integration/targets/zpa_application_server/tasks/main.yml +++ b/tests/integration/targets/zpa_application_server/tasks/main.yml @@ -1,61 +1,121 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Create Application Server + - name: Ensure Application Server is absent (leftover) + zscaler.zpacloud.zpa_application_server: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + register: result + + - name: Ensure Application Server is absent + zscaler.zpacloud.zpa_application_server: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + register: result + + - name: Verify Application Server is absent + ansible.builtin.assert: + that: + - not result.changed + + # Create Application Server (Present) + - name: Ensure Application Server is (Present) + zscaler.zpacloud.zpa_application_server: + state: present + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" + enabled: "{{ enabled }}" + address: "{{ address }}" + register: result + + - name: Verify application Server is present + ansible.builtin.assert: + that: + - result.data + - result.data.name is defined + - result.data.enabled is true + + # Create Application Server (Present) + - name: Create the Application Server (again; idempotency check) zscaler.zpacloud.zpa_application_server: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" address: "{{ address }}" - config_space: "{{ config_space }}" register: result - - name: Find the Application Server + - name: Ensure Application Server is present (again; idempotency check) + ansible.builtin.assert: + that: + - not result.changed + + - name: Fetch all Application Servers zscaler.zpacloud.zpa_application_server_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" + provider: "{{ zpa_cloud }}" register: result - - name: Verify application server info fetched + - name: Ensure all Application Server found ansible.builtin.assert: that: - not result.changed - - result.data is defined - - result.data[0].name is defined - - result.data[0].name == name - - result.data[0].address is defined - - result.data[0].address == address - - result.data[0].enabled == true + - result.data[0] is defined - always: + - name: Give the ZPA Cloud a 5 seconds to settle + ansible.builtin.pause: + seconds: 5 - name: Delete Application Server zscaler.zpacloud.zpa_application_server: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - address: "{{ address }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + register: result + + - name: Verify Application Server is Deleted + ansible.builtin.assert: + that: + - result.changed + + - name: Delete Application Server (again; idempotency check) + zscaler.zpacloud.zpa_application_server: + state: absent + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result - name: Verify Application Server is absent ansible.builtin.assert: that: - - not result.changed \ No newline at end of file + - not result.changed diff --git a/tests/integration/targets/zpa_ba_certificate_info/defaults/main.yml b/tests/integration/targets/zpa_ba_certificate_info/defaults/main.yml index e69de29..7e15815 100644 --- a/tests/integration/targets/zpa_ba_certificate_info/defaults/main.yml +++ b/tests/integration/targets/zpa_ba_certificate_info/defaults/main.yml @@ -0,0 +1,6 @@ +--- +wildcard_certificate: bd-hashicorp.com +sales_certificate: sales.bd-hashicorp.com +jenkins_certificate: jenkins.bd-hashicorp.com +pra01_certificate: pra01.bd-hashicorp.com +pra02_certificate: pra02.bd-hashicorp.com diff --git a/tests/integration/targets/zpa_ba_certificate_info/meta/main.yml b/tests/integration/targets/zpa_ba_certificate_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_ba_certificate_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_ba_certificate_info/tasks/main.yml b/tests/integration/targets/zpa_ba_certificate_info/tasks/main.yml index b6a88cc..2b3a3f7 100644 --- a/tests/integration/targets/zpa_ba_certificate_info/tasks/main.yml +++ b/tests/integration/targets/zpa_ba_certificate_info/tasks/main.yml @@ -1,25 +1,93 @@ --- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True +- block: - name: Fetch all Browser Certificates zscaler.zpacloud.zpa_ba_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result - name: Ensure all Browser Certificates found ansible.builtin.assert: that: - not result.changed - - result.data is defined \ No newline at end of file + - result.data is defined + + - name: Fetch Wildcard Certificate(s) + zscaler.zpacloud.zpa_ba_certificate_info: + provider: "{{ zpa_cloud }}" + name: "{{ wildcard_certificate }}" + register: result + + - name: Ensure Wildcard Certificates found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch Sales Certificate + zscaler.zpacloud.zpa_ba_certificate_info: + provider: "{{ zpa_cloud }}" + name: "{{ sales_certificate }}" + register: result + + - name: Ensure Sales Certificate is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch Jenkins Certificate + zscaler.zpacloud.zpa_ba_certificate_info: + provider: "{{ zpa_cloud }}" + name: "{{ jenkins_certificate }}" + register: result + + - name: Ensure Jenkins Certificate is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch PRA01 Certificate + zscaler.zpacloud.zpa_ba_certificate_info: + provider: "{{ zpa_cloud }}" + name: "{{ pra01_certificate }}" + register: result + + - name: Ensure PRA01 Certificate is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch PRA02 Certificate + zscaler.zpacloud.zpa_ba_certificate_info: + provider: "{{ zpa_cloud }}" + name: "{{ pra02_certificate }}" + register: result + + - name: Ensure PRA02 Certificate is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined diff --git a/tests/integration/targets/zpa_cloud_connector_group_info/meta/main.yml b/tests/integration/targets/zpa_cloud_connector_group_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_cloud_connector_group_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_customer_version_profile_info/meta/main.yml b/tests/integration/targets/zpa_customer_version_profile_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_customer_version_profile_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_enrollement_certificate_info/defaults/main.yml b/tests/integration/targets/zpa_enrollement_certificate_info/defaults/main.yml index e69de29..6c5c002 100644 --- a/tests/integration/targets/zpa_enrollement_certificate_info/defaults/main.yml +++ b/tests/integration/targets/zpa_enrollement_certificate_info/defaults/main.yml @@ -0,0 +1,6 @@ +--- +root_certificate: Root +client_certificate: Client +connector_certificate: Connector +service_edge_certificate: Service Edge +isolation_certificate: Isolation Client diff --git a/tests/integration/targets/zpa_enrollement_certificate_info/meta/main.yml b/tests/integration/targets/zpa_enrollement_certificate_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_enrollement_certificate_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_enrollement_certificate_info/tasks/main.yml b/tests/integration/targets/zpa_enrollement_certificate_info/tasks/main.yml index 4f34616..19a41c4 100644 --- a/tests/integration/targets/zpa_enrollement_certificate_info/tasks/main.yml +++ b/tests/integration/targets/zpa_enrollement_certificate_info/tasks/main.yml @@ -1,92 +1,93 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 + - name: Fetch all Enrollment Certificates + zscaler.zpacloud.zpa_enrollement_certificate_info: + provider: "{{ zpa_cloud }}" + register: result + + - name: Ensure all Enrollment Certificates found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined - - name: Fetch Isolation Client Enrollment Certificate Information + - name: Fetch Root Certificate(s) zscaler.zpacloud.zpa_enrollement_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Isolation Client" - register: isolation + provider: "{{ zpa_cloud }}" + name: "{{ root_certificate }}" + register: result - - name: Ensure isolation certificate info fetched + - name: Ensure Root Certificates found ansible.builtin.assert: that: - - not isolation.changed - - isolation.data is defined - - isolation.data[0].name is defined - - isolation.data[0].name == "Isolation Client" + - not result.changed + - result.data is defined - - name: Fetch Service Edge Enrollment Certificate Information + - name: Fetch Client Certificate zscaler.zpacloud.zpa_enrollement_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Service Edge" - register: service_edge + provider: "{{ zpa_cloud }}" + name: "{{ client_certificate }}" + register: result - - name: Ensure service_edge certificate info fetched + - name: Ensure Client Certificate is found ansible.builtin.assert: that: - - not service_edge.changed - - service_edge.data is defined - - service_edge.data[0].name is defined - - service_edge.data[0].name == "Service Edge" + - not result.changed + - result.data is defined - - name: Fetch Connector Enrollment Certificate Information + - name: Fetch Connector Certificate zscaler.zpacloud.zpa_enrollement_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Connector" - register: connector + provider: "{{ zpa_cloud }}" + name: "{{ connector_certificate }}" + register: result - - name: Ensure service_edge certificate info fetched + - name: Ensure Connector Certificate is found ansible.builtin.assert: that: - - not connector.changed - - connector.data is defined - - connector.data[0].name is defined - - connector.data[0].name == "Connector" + - not result.changed + - result.data is defined - - name: Fetch Client Enrollment Certificate Information + - name: Fetch Service Edge Certificate zscaler.zpacloud.zpa_enrollement_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Client" - register: client + provider: "{{ zpa_cloud }}" + name: "{{ service_edge_certificate }}" + register: result - - name: Ensure Client certificate info fetched + - name: Ensure Service Edge Certificate is found ansible.builtin.assert: that: - - not client.changed - - client.data is defined - - client.data[0].name is defined - - client.data[0].name == "Client" + - not result.changed + - result.data is defined - - name: Fetch Root Enrollment Certificate Information + - name: Fetch Isolation Client Certificate zscaler.zpacloud.zpa_enrollement_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Root" - register: root + provider: "{{ zpa_cloud }}" + name: "{{ isolation_certificate }}" + register: result - - name: Ensure Root certificate info fetched + - name: Ensure Isolation Client Certificate is found ansible.builtin.assert: that: - - not root.changed - - root.data is defined - - root.data[0].name is defined - - root.data[0].name == "Root" \ No newline at end of file + - not result.changed + - result.data is defined diff --git a/tests/integration/targets/zpa_idp_controller_info/defaults/main.yml b/tests/integration/targets/zpa_idp_controller_info/defaults/main.yml index e69de29..77349bf 100644 --- a/tests/integration/targets/zpa_idp_controller_info/defaults/main.yml +++ b/tests/integration/targets/zpa_idp_controller_info/defaults/main.yml @@ -0,0 +1,2 @@ +idp_users: BD_Okta_Users +idp_admin: BD_Okta_Admin diff --git a/tests/integration/targets/zpa_idp_controller_info/meta/main.yml b/tests/integration/targets/zpa_idp_controller_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_idp_controller_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_idp_controller_info/tasks/main.yml b/tests/integration/targets/zpa_idp_controller_info/tasks/main.yml index a5028c3..53a75ba 100644 --- a/tests/integration/targets/zpa_idp_controller_info/tasks/main.yml +++ b/tests/integration/targets/zpa_idp_controller_info/tasks/main.yml @@ -1,25 +1,57 @@ --- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True +- block: - name: Gather Identity Provider Information zscaler.zpacloud.zpa_idp_controller_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result - name: Verify identity provider info fetched ansible.builtin.assert: that: - not result.changed - - result.data is defined \ No newline at end of file + - result.data is defined + + - name: Fetch BD_Okta_Users Identity Provider + zscaler.zpacloud.zpa_idp_controller_info: + provider: "{{ zpa_cloud }}" + name: "{{ idp_users }}" + register: result + + - name: Ensure BD_Okta_Users Identity Provider found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD_Okta_Admin Identity Provider + zscaler.zpacloud.zpa_idp_controller_info: + provider: "{{ zpa_cloud }}" + name: "{{ idp_admin }}" + register: result + + - name: Ensure BD_Okta_Admin Identity Provider found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined diff --git a/tests/integration/targets/zpa_lss_client_types_info/meta/main.yml b/tests/integration/targets/zpa_lss_client_types_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_lss_client_types_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_lss_config_log_types_formats_info/meta/main.yml b/tests/integration/targets/zpa_lss_config_log_types_formats_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_lss_config_log_types_formats_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_lss_config_status_codes_info/meta/main.yml b/tests/integration/targets/zpa_lss_config_status_codes_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_lss_config_status_codes_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_machine_group_info/defaults/main.yml b/tests/integration/targets/zpa_machine_group_info/defaults/main.yml index e69de29..d6dbb1e 100644 --- a/tests/integration/targets/zpa_machine_group_info/defaults/main.yml +++ b/tests/integration/targets/zpa_machine_group_info/defaults/main.yml @@ -0,0 +1,9 @@ +bd_mgr01: BD-MGR01 +bd_mgr02: BD-MGR02 +bd_mgr03: BD MGR 03 +bd_mgr04: BD MGR 04 +bd_mgr05: BD MGR 05 +bd_mgr06: BD MGR06 +bd_mgr07: BD MGR 07 +bd_mgr08: BD M GR 08 +bd_mgr09: BD M GR 09 diff --git a/tests/integration/targets/zpa_machine_group_info/meta/main.yml b/tests/integration/targets/zpa_machine_group_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_machine_group_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_machine_group_info/tasks/main.yml b/tests/integration/targets/zpa_machine_group_info/tasks/main.yml index 111dcf9..95dfa40 100644 --- a/tests/integration/targets/zpa_machine_group_info/tasks/main.yml +++ b/tests/integration/targets/zpa_machine_group_info/tasks/main.yml @@ -1,25 +1,141 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 + - name: Fetch All Machine Groups + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + register: result + + - name: Ensure All Machine Groups found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR01 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr01 }}" + register: result + + - name: Ensure BD-MGR01 Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR02 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr02 }}" + register: result + + - name: Ensure BD-MGR02 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR03 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr03 }}" + register: result + + - name: Ensure BD-MGR03 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR04 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr04 }}" + register: result + + - name: Ensure BD-MGR04 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR05 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr05 }}" + register: result + + - name: Ensure BD-MGR05 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR06 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr06 }}" + register: result + + - name: Ensure BD-MGR06 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR07 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr07 }}" + register: result + + - name: Ensure BD-MGR07 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-MGR08 Machine Group + zscaler.zpacloud.zpa_machine_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr08 }}" + register: result + + - name: Ensure BD-MGR08 is Machine Group found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined - - name: Gather Machine Group Information + - name: Fetch BD-MGR09 Machine Group zscaler.zpacloud.zpa_machine_group_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" + name: "{{ bd_mgr09 }}" register: result - - name: Verify machine group fetched + - name: Ensure BD-MGR09 is Machine Group found ansible.builtin.assert: that: - not result.changed - - result.data is defined \ No newline at end of file + - result.data is defined diff --git a/tests/integration/targets/zpa_policy_access_rule/meta/main.yml b/tests/integration/targets/zpa_policy_access_rule/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_policy_access_rule/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_policy_access_rule_info/meta/main.yml b/tests/integration/targets/zpa_policy_access_rule_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_policy_access_rule_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_posture_profile_info/defaults/main.yml b/tests/integration/targets/zpa_posture_profile_info/defaults/main.yml index e69de29..b4f2405 100644 --- a/tests/integration/targets/zpa_posture_profile_info/defaults/main.yml +++ b/tests/integration/targets/zpa_posture_profile_info/defaults/main.yml @@ -0,0 +1,3 @@ +bd_pp01: CrowdStrike_ZPA_Pre-ZTA +bd_pp02: CrowdStrike_ZPA_ZTA_40 +bd_pp03: CrowdStrike_ZPA_ZTA_80 diff --git a/tests/integration/targets/zpa_posture_profile_info/meta/main.yml b/tests/integration/targets/zpa_posture_profile_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_posture_profile_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_posture_profile_info/tasks/main.yml b/tests/integration/targets/zpa_posture_profile_info/tasks/main.yml index 24c6a26..5230cf3 100644 --- a/tests/integration/targets/zpa_posture_profile_info/tasks/main.yml +++ b/tests/integration/targets/zpa_posture_profile_info/tasks/main.yml @@ -1,25 +1,69 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Gather Posture Profile Information + - name: Fetch All Posture Profiles + zscaler.zpacloud.zpa_posture_profile_info: + provider: "{{ zpa_cloud }}" + register: result + + - name: Ensure All Posture Profiles found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch CrowdStrike_ZPA_Pre-ZTA Posture Profile + zscaler.zpacloud.zpa_posture_profile_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_pp01 }}" + register: result + + - name: Ensure CrowdStrike_ZPA_Pre-ZTA Posture Profile found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch CrowdStrike_ZPA_ZTA_40 Posture Profile + zscaler.zpacloud.zpa_posture_profile_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_pp02 }}" + register: result + + - name: Ensure CrowdStrike_ZPA_ZTA_40 Posture Profile found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch CrowdStrike_ZPA_ZTA_80 Posture Profile zscaler.zpacloud.zpa_posture_profile_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" + name: "{{ bd_pp03 }}" register: result - - name: Verify posture profile fetched + - name: Ensure CrowdStrike_ZPA_ZTA_80 Posture Profile found ansible.builtin.assert: that: - not result.changed - - result.data is defined \ No newline at end of file + - result.data is defined diff --git a/tests/integration/targets/zpa_provisioning_key/defaults/main.yml b/tests/integration/targets/zpa_provisioning_key/defaults/main.yml index e69de29..bcba61c 100644 --- a/tests/integration/targets/zpa_provisioning_key/defaults/main.yml +++ b/tests/integration/targets/zpa_provisioning_key/defaults/main.yml @@ -0,0 +1,8 @@ +--- +acg_name: test_acg_zpa_provisioning_key +acg_association_type: connector +acg_max_usage: "10" + +seg_name: test_seg_zpa_provisioning_key +seg_association_type: service_edge +seg_max_usage: "10" diff --git a/tests/integration/targets/zpa_provisioning_key/meta/main.yml b/tests/integration/targets/zpa_provisioning_key/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_provisioning_key/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_provisioning_key/tasks/main.yml b/tests/integration/targets/zpa_provisioning_key/tasks/main.yml index 9110810..540872a 100644 --- a/tests/integration/targets/zpa_provisioning_key/tasks/main.yml +++ b/tests/integration/targets/zpa_provisioning_key/tasks/main.yml @@ -1,99 +1,281 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- name: Create app connector group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_app_connector_group/create_app_connector_group.yml" + +- name: Verify app connector group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_app_connector_group/verify_app_connector_group.yml" + +- name: Create service edge group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_service_edge_group/create_service_edge_group.yml" + +- name: Verify service edge group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_service_edge_group/verify_service_edge_group.yml" + +- name: Import Enrollment Certificate ID + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_enrollement_certificate/zpa_enrollement_certificate.yml" + +- ansible.builtin.set_fact: + acg_name: "{{ name }}_{{ random_string }}" + seg_name: "{{ name }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - -# Test Connector Group Provisioning Key - - name: Gather Information Details of All Enrollment Certificates - zscaler.zpacloud.zpa_enrollement_certificate_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Connector" - register: connector_cert_id - - - name: Create Dummy App Connector Group - zscaler.zpacloud.zpa_app_connector_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - state: "present" - name: "Dummy App Connector Group" - description: "Dummy App Connector Group" - enabled: true - city_country: California, US - country_code: US - latitude: "37.3382082" - longitude: "-121.8863286" - location: "San Jose, CA, USA" - upgrade_day: "SUNDAY" - upgrade_time_in_secs: "66600" - override_version_profile: true - version_profile_id: "1" - dns_query_type: "IPV4" - register: app_connector_group - - - name: Create Dummy Connector Group Provisioning Key + - name: Ensure Connector Provisioning Key is absent (leftover) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: "absent" + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + register: result + + - name: Ensure Connector Provisioning Key is absent zscaler.zpacloud.zpa_provisioning_key: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - state: "present" - name: "Dummy CONNECTOR_GRP Provisioning Key" - association_type: "CONNECTOR_GRP" - enabled: true - max_usage: "2" - enrollment_cert_id: "{{ connector_cert_id.data[0].id }}" - zcomponent_id: "{{ app_connector_group.data.id }}" - register: result - - - name: Verify Provisioning Keys found + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + register: result + + - name: Verify Connector Provisioning Key is absent ansible.builtin.assert: that: - not result.changed - result.data is defined + + - name: Ensure Connector Provisioning Key is (Present) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: present + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + max_usage: "{{ acg_max_usage }}" + enrollment_cert_id: "{{ connector_cert_id }}" + zcomponent_id: "{{ app_connector_group_id }}" + register: result + + - name: Verify Connector Provisioning Key is present + ansible.builtin.assert: + that: + - result.data - result.data.name is defined - - result.data.provisioning_key is defined - - result.data.max_usage | length > 0 - - result.data.enrollment_cert_name is defined - - result.data.enrollment_cert_name == "Connector" + - result.data.enabled is true - - name: Delete Dummy Connector Group Provisioning Key + - name: Ensure Connector Provisioning Key (again; idempotency check) zscaler.zpacloud.zpa_provisioning_key: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - state: "absent" - name: "Dummy CONNECTOR_GRP Provisioning Key" - association_type: "CONNECTOR_GRP" - max_usage: "2" - enrollment_cert_id: "{{ connector_cert_id.data[0].id }}" - zcomponent_id: "{{ app_connector_group.data.id }}" + provider: "{{ zpa_cloud }}" + state: present + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + max_usage: "{{ acg_max_usage }}" + enrollment_cert_id: "{{ connector_cert_id }}" + zcomponent_id: "{{ app_connector_group_id }}" register: result - - name: Verify Provisioning Key deleted + - name: Ensure Connector Provisioning Key is absent (idempotency check) ansible.builtin.assert: that: - - result is not changed + - result.changed + + - name: Fetch all Connector Provisioning Key + zscaler.zpacloud.zpa_provisioning_key_info: + provider: "{{ zpa_cloud }}" + association_type: "{{ acg_association_type }}" + register: result + + - name: Ensure all Connector Provisioning Key found + ansible.builtin.assert: + that: + - not result.changed + - result.data[0] is defined + + - name: Fetch this Connector Provisioning Key + zscaler.zpacloud.zpa_provisioning_key_info: + provider: "{{ zpa_cloud }}" + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + register: result + + - name: Ensure this Connector Provisioning Key is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + - result.data[0].name is defined + - result.data[0].name == acg_name + - result.data[0].enabled == true + + - name: Give the ZPA Cloud a 5 seconds to settle + ansible.builtin.pause: + seconds: 5 + + - name: Delete Connector Provisioning Key + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + register: result + + - name: Verify Connector Provisioning Key is Deleted + ansible.builtin.assert: + that: + - not result.changed + + - name: Delete Connector Provisioning Key (again; idempotency check) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ acg_name }}" + association_type: "{{ acg_association_type }}" + register: result + + - name: Verify Connector Provisioning Key is absent + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Clean up App Connector group + include_tasks: "../../../helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml" - - name: Delete Dummy App Connector Group - zscaler.zpacloud.zpa_app_connector_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + # Service Edge Group Provisioning Key Test + - name: Ensure Service Edge Provisioning Key is absent (leftover) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" state: "absent" - name: "Dummy App Connector Group" + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + register: result + + - name: Ensure Service Edge Provisioning Key is absent + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + register: result + + - name: Verify Service Edge Provisioning Key is absent + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Ensure Service Edge Provisioning Key is (Present) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: present + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + max_usage: "{{ seg_max_usage }}" + enrollment_cert_id: "{{ service_edge_cert_id }}" + zcomponent_id: "{{ service_edge_group_id }}" + register: result + + - name: Verify Service Edge Provisioning Key is present + ansible.builtin.assert: + that: + - result.data + - result.data.name is defined + - result.data.enabled is true + + - name: Ensure Service Edge Provisioning Key (again; idempotency check) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: present + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + max_usage: "{{ seg_max_usage }}" + enrollment_cert_id: "{{ service_edge_cert_id }}" + zcomponent_id: "{{ service_edge_group_id }}" + register: result + + - name: Ensure Service Edge Provisioning Key is absent (idempotency check) + ansible.builtin.assert: + that: + - result.changed + + - name: Fetch all Service Edge Provisioning Key + zscaler.zpacloud.zpa_provisioning_key_info: + provider: "{{ zpa_cloud }}" + association_type: "{{ seg_association_type }}" register: result - - name: Verify App Connector Group deleted + - name: Ensure all Service Edge Provisioning Key found ansible.builtin.assert: that: - - result is changed \ No newline at end of file + - not result.changed + - result.data[0] is defined + + - name: Fetch this Service Edge Provisioning Key + zscaler.zpacloud.zpa_provisioning_key_info: + provider: "{{ zpa_cloud }}" + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + register: result + + - name: Ensure this Service Edge Provisioning Key is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + - result.data[0].name is defined + - result.data[0].name == seg_name + - result.data[0].enabled == true + + - name: Give the ZPA Cloud a 5 seconds to settle + ansible.builtin.pause: + seconds: 5 + + - name: Delete Service Edge Provisioning Key + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + register: result + + - name: Verify Service Edge Provisioning Key is Deleted + ansible.builtin.assert: + that: + - not result.changed + + - name: Delete Service Edge Provisioning Key (again; idempotency check) + zscaler.zpacloud.zpa_provisioning_key: + provider: "{{ zpa_cloud }}" + state: absent + name: "{{ seg_name }}" + association_type: "{{ seg_association_type }}" + register: result + + - name: Verify Service Edge Provisioning Key is absent + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Clean up Service Edge group + include_tasks: "../../../helper_tasks/zpa_service_edge_group/delete_service_edge_group.yml" diff --git a/tests/integration/targets/zpa_saml_attribute_info/meta/main.yml b/tests/integration/targets/zpa_saml_attribute_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_saml_attribute_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_saml_attribute_info/tasks/main.yml b/tests/integration/targets/zpa_saml_attribute_info/tasks/main.yml index 72adaaf..57bde86 100644 --- a/tests/integration/targets/zpa_saml_attribute_info/tasks/main.yml +++ b/tests/integration/targets/zpa_saml_attribute_info/tasks/main.yml @@ -1,27 +1,32 @@ --- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True +- block: - name: Gather Saml Attribute Information zscaler.zpacloud.zpa_saml_attribute_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" name: "{{ name }}" register: result - - debug: - msg: "{{ result }}" - - name: Verify Saml Attribute found ansible.builtin.assert: that: @@ -30,4 +35,4 @@ - result.data[0].name is defined - result.data[0].name == "{{ name }}" - result.data[0].idp_name is defined - - result.data[0].idp_name == "{{ idp_name }}" \ No newline at end of file + - result.data[0].idp_name == "{{ idp_name }}" diff --git a/tests/integration/targets/zpa_scim_attribute_header_info/meta/main.yml b/tests/integration/targets/zpa_scim_attribute_header_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_scim_attribute_header_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_scim_attribute_header_info/tasks/main.yml b/tests/integration/targets/zpa_scim_attribute_header_info/tasks/main.yml index 229eb42..9b91905 100644 --- a/tests/integration/targets/zpa_scim_attribute_header_info/tasks/main.yml +++ b/tests/integration/targets/zpa_scim_attribute_header_info/tasks/main.yml @@ -1,21 +1,29 @@ --- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + +- block: - name: Gather Scim Attribute Header Information zscaler.zpacloud.zpa_scim_attribute_header_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" idp_name: "{{ idp_name }}" register: result @@ -24,4 +32,4 @@ that: - not result.changed - result.data is defined - - result.data[0].name is defined \ No newline at end of file + - result.data[0].name is defined diff --git a/tests/integration/targets/zpa_scim_group_info/meta/main.yml b/tests/integration/targets/zpa_scim_group_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_scim_group_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_segment_group/defaults/main.yml b/tests/integration/targets/zpa_segment_group/defaults/main.yml index 79535c3..dbbbc18 100644 --- a/tests/integration/targets/zpa_segment_group/defaults/main.yml +++ b/tests/integration/targets/zpa_segment_group/defaults/main.yml @@ -1,6 +1,3 @@ -config_space: "DEFAULT" -name: Dummy Application group for integration test -description: Dummy Application group for integration test +name: test_zpa_segment_group +description: test_zpa_segment_group enabled: true -policy_migrated: true -tcp_keep_alive_enabled: "1" diff --git a/tests/integration/targets/zpa_segment_group/meta/main.yml b/tests/integration/targets/zpa_segment_group/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_segment_group/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_segment_group/tasks/main.yml b/tests/integration/targets/zpa_segment_group/tasks/main.yml index e0f8bb6..5cd399b 100644 --- a/tests/integration/targets/zpa_segment_group/tasks/main.yml +++ b/tests/integration/targets/zpa_segment_group/tasks/main.yml @@ -1,128 +1,121 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - name: Ensure Segment Group is absent (leftover) zscaler.zpacloud.zpa_segment_group: + provider: "{{ zpa_cloud }}" state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "{{ config_space }}" - name: "{{ name }}" - description: "{{ description }}" - enabled: "{{ enabled }}" - policy_migrated: "{{ policy_migrated }}" - tcp_keep_alive_enabled: "{{ tcp_keep_alive_enabled }}" - ignore_errors: true # In case one was left from previous run + name: "{{ appended_name }}" register: result + - name: Ensure Segment Group is absent zscaler.zpacloud.zpa_segment_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "{{ config_space }}" - name: "{{ name }}" - description: "{{ description }}" - enabled: "{{ enabled }}" - policy_migrated: "{{ policy_migrated }}" - tcp_keep_alive_enabled: "{{ tcp_keep_alive_enabled }}" - ignore_errors: true # In case one was left from previous run + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result + - name: Verify Segment Group is absent ansible.builtin.assert: that: - not result.changed + # Create Segment Groups (Present) - name: Ensure Segment Group is (Present) zscaler.zpacloud.zpa_segment_group: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "{{ config_space }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" - policy_migrated: "{{ policy_migrated }}" - tcp_keep_alive_enabled: "{{ tcp_keep_alive_enabled }}" register: result + - name: Verify Segment Group is present ansible.builtin.assert: that: - result.data - result.data.name is defined - result.data.enabled is true + - name: Create the Segment Group (again; idempotency check) zscaler.zpacloud.zpa_segment_group: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "{{ config_space }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" - policy_migrated: "{{ policy_migrated }}" - tcp_keep_alive_enabled: "{{ tcp_keep_alive_enabled }}" register: result - - name: Verify Segment Group is present (again; idempotency check) + + - name: Ensure Segment Group is present (again; idempotency check) ansible.builtin.assert: that: - - result.changed + - not result.changed + - name: Fetch all Segment Groups zscaler.zpacloud.zpa_segment_group_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result + - name: Ensure all Segment Groups found ansible.builtin.assert: that: - not result.changed - result.data[0] is defined + - name: Give the ZPA Cloud a 5 seconds to settle ansible.builtin.pause: seconds: 5 + - name: Delete Segment Group zscaler.zpacloud.zpa_segment_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "{{ config_space }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" - policy_migrated: "{{ policy_migrated }}" - tcp_keep_alive_enabled: "{{ tcp_keep_alive_enabled }}" register: result + - name: Verify Segment Group is absent ansible.builtin.assert: that: - result.changed + - name: Delete Segment Group (again; idempotency check) zscaler.zpacloud.zpa_segment_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - config_space: "{{ config_space }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" - policy_migrated: "{{ policy_migrated }}" - tcp_keep_alive_enabled: "{{ tcp_keep_alive_enabled }}" register: result + - name: Verify Segment Group is absent ansible.builtin.assert: that: diff --git a/tests/integration/targets/zpa_segment_group_info/defaults/main.yml b/tests/integration/targets/zpa_segment_group_info/defaults/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_segment_group_info/tasks/main.yml b/tests/integration/targets/zpa_segment_group_info/tasks/main.yml deleted file mode 100644 index cdfe33c..0000000 --- a/tests/integration/targets/zpa_segment_group_info/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Gather Segment Group Information - zscaler.zpacloud.zpa_segment_group_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - register: result - - - name: Verify Segment Group fetched - ansible.builtin.assert: - that: - - not result.changed - - result.data is defined diff --git a/tests/integration/targets/zpa_server_group/defaults/main.yml b/tests/integration/targets/zpa_server_group/defaults/main.yml index 5853ba1..e170f68 100644 --- a/tests/integration/targets/zpa_server_group/defaults/main.yml +++ b/tests/integration/targets/zpa_server_group/defaults/main.yml @@ -1,4 +1,5 @@ -name: "Dummy server group for integration test" -description: "Dummy server group for integration test" +--- +name: "test_zpa_server_group" +description: "test_zpa_server_group" enabled: true dynamic_discovery: true diff --git a/tests/integration/targets/zpa_server_group/meta/main.yml b/tests/integration/targets/zpa_server_group/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_server_group/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_server_group/tasks/main.yml b/tests/integration/targets/zpa_server_group/tasks/main.yml index 256d583..be7b9d4 100644 --- a/tests/integration/targets/zpa_server_group/tasks/main.yml +++ b/tests/integration/targets/zpa_server_group/tasks/main.yml @@ -1,181 +1,152 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- name: Create App Connector Group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_app_connector_group/create_app_connector_group.yml" + +- name: Verify App Connector Group + ansible.builtin.include_tasks: "../../../helper_tasks/zpa_app_connector_group/verify_app_connector_group.yml" + +- ansible.builtin.set_fact: + appended_name: "{{ name }}_{{ random_string }}" + appended_description: "{{ description }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - name: Create the App Connector Group - zscaler.zpacloud.zpa_app_connector_groups: - state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "Dummy Application connector group for integration test" - description: "Dummy Application connector group for integration test" - enabled: true - city_country: California, US - country_code: US - latitude: 37.3382082 - longitude: -121.8863286 - location: San Jose, CA, USA - upgrade_day: SUNDAY - upgrade_time_in_secs: 66600 - override_version_profile: true - version_profile_id: "1" - dns_query_type: "IPV4" - register: app_connector_group - - name: Verify Application connector group is created - ansible.builtin.assert: - that: - - app_connector_group.data - - app_connector_group.data.name is defined - - app_connector_group.data.id is defined - - app_connector_group.data.enabled is true - name: Ensure Server Group is absent (leftover) zscaler.zpacloud.zpa_server_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" - enabled: "{{ enabled }}" - dynamic_discovery: "{{ dynamic_discovery }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" - ignore_errors: true # In case one was left from previous run + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result + - name: Ensure Server Group is absent zscaler.zpacloud.zpa_server_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" - enabled: "{{ enabled }}" - dynamic_discovery: "{{ dynamic_discovery }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" - ignore_errors: true # In case one was left from previous run + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result + - name: Verify Server Group is absent ansible.builtin.assert: that: - not result.changed + - result.data is defined + # Create Server Groups (Present) - name: Ensure Server Group is (Present) zscaler.zpacloud.zpa_server_group: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" dynamic_discovery: "{{ dynamic_discovery }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" + app_connector_group_ids: + - "{{ app_connector_group_id }}" register: result + - name: Verify Server Group is present ansible.builtin.assert: that: - - result.data + - result.changed + - result.data is defined - result.data.name is defined - - result.data.enabled is true + - result.data.name == appended_name + - result.data.enabled == true + - name: Create the Server Group (again; idempotency check) zscaler.zpacloud.zpa_server_group: state: present - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + description: "{{ appended_description }}" enabled: "{{ enabled }}" dynamic_discovery: "{{ dynamic_discovery }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" + app_connector_group_ids: + - "{{ app_connector_group_id }}" register: result + - name: Verify Server Group is present (again; idempotency check) ansible.builtin.assert: that: - result.changed + - name: Fetch all Server Groups zscaler.zpacloud.zpa_server_group_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result + - name: Ensure all Server Groups found ansible.builtin.assert: that: - not result.changed - result.data[0] is defined + + - name: Fetch this Server Group + zscaler.zpacloud.zpa_server_group_info: + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" + register: result + + - name: Ensure this Server Group is found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + - result.data[0].name is defined + - result.data[0].name == appended_name + - result.data[0].enabled == true + - name: Give the ZPA Cloud a 5 seconds to settle ansible.builtin.pause: seconds: 5 + - name: Delete Server Group zscaler.zpacloud.zpa_server_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" - enabled: "{{ enabled }}" - dynamic_discovery: "{{ dynamic_discovery }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result + - name: Verify Server Group is absent ansible.builtin.assert: that: - result.changed + - name: Delete Server Group (again; idempotency check) zscaler.zpacloud.zpa_server_group: state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" - description: "{{ description }}" - enabled: "{{ enabled }}" - dynamic_discovery: "{{ dynamic_discovery }}" - app_connector_groups: - - id: "{{app_connector_group.data.id}}" + provider: "{{ zpa_cloud }}" + name: "{{ appended_name }}" register: result + - name: Verify Server Group is absent ansible.builtin.assert: that: - not result.changed - - name: Delete App connector Group - zscaler.zpacloud.zpa_app_connector_groups: - state: absent - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{app_connector_group.data.name}}" - id: "{{app_connector_group.data.id}}" - description: "Dummy Application connector group for integration test" - enabled: true - city_country: California, US - country_code: US - latitude: 37.3382082 - longitude: -121.8863286 - location: San Jose, CA, USA - upgrade_day: SUNDAY - upgrade_time_in_secs: 66600 - override_version_profile: true - version_profile_id: "1" - dns_query_type: "IPV4" - register: result - - name: Verify App connector Group is absent - ansible.builtin.assert: - that: - - result.changed + - result.data is defined + +- name: Clean up App Connector group + include_tasks: "../../../helper_tasks/zpa_app_connector_group/delete_app_connector_group.yml" diff --git a/tests/integration/targets/zpa_server_group_info/aliases b/tests/integration/targets/zpa_server_group_info/aliases deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_server_group_info/defaults/main.yml b/tests/integration/targets/zpa_server_group_info/defaults/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_server_group_info/tasks/main.yml b/tests/integration/targets/zpa_server_group_info/tasks/main.yml deleted file mode 100644 index 089f5f4..0000000 --- a/tests/integration/targets/zpa_server_group_info/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Gather Server Group Information - zscaler.zpacloud.zpa_server_group_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - register: result - - - name: Verify Server Group fetched - ansible.builtin.assert: - that: - - not result.changed - - result.data is defined diff --git a/tests/integration/targets/zpa_service_edge_groups/defaults/main.yml b/tests/integration/targets/zpa_service_edge_groups/defaults/main.yml index e4929c5..f1b99aa 100644 --- a/tests/integration/targets/zpa_service_edge_groups/defaults/main.yml +++ b/tests/integration/targets/zpa_service_edge_groups/defaults/main.yml @@ -1,12 +1,13 @@ -name: san_jose -description: san_jose +name: test_zpa_service_edge_group +description: test_zpa_service_edge_group enabled: true city_country: California, US country_code: US -latitude: 37.3382082 -longitude: -121.8863286 +latitude: "37.3382082" +longitude: "-121.8863286" location: San Jose, CA, USA upgrade_day: SUNDAY -upgrade_time_in_secs: 66600 +is_public: "TRUE" +upgrade_time_in_secs: "66600" override_version_profile: true -version_profile_id: "2" \ No newline at end of file +version_profile_id: "2" diff --git a/tests/integration/targets/zpa_service_edge_groups/meta/main.yml b/tests/integration/targets/zpa_service_edge_groups/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_service_edge_groups/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_service_edge_groups/tasks/main.yml b/tests/integration/targets/zpa_service_edge_groups/tasks/main.yml index 2639b5c..bf1bcd5 100644 --- a/tests/integration/targets/zpa_service_edge_groups/tasks/main.yml +++ b/tests/integration/targets/zpa_service_edge_groups/tasks/main.yml @@ -1,54 +1,66 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Import Random String Generator Tasks + ansible.builtin.import_tasks: "../../../generate_random_string.yml" + +- ansible.builtin.set_fact: + seg_name: "{{ name }}_{{ random_string }}" + seg_description: "{{ description }}_{{ random_string }}" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Ensure Service Edge Group is Absent (leftover) + - name: Ensure Service Edge Group is absent (leftover) zscaler.zpacloud.zpa_service_edge_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: absent - name: "{{ name }}" - ignore_errors: true # In case one was left from previous run + name: "{{ seg_name }}" register: result - - name: Ensure Service Edge Group is Absent + - name: Ensure Service Edge Group is absent zscaler.zpacloud.zpa_service_edge_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: absent - name: "{{ name }}" + name: "{{ seg_name }}" register: result - name: Verify Service Edge Group is absent ansible.builtin.assert: that: - not result.changed + - result.data is defined - - name: Create Service Edge Group is (present) + - name: Ensure Service Edge Group is (Present) zscaler.zpacloud.zpa_service_edge_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: present - name: "{{ name }}" - description: "{{ description }}" + name: "{{ seg_name }}" + description: "{{ seg_description }}" enabled: "{{ enabled }}" city_country: "{{ city_country }}" country_code: "{{ country_code }}" latitude: "{{ latitude }}" longitude: "{{ longitude }}" location: "{{ location }}" + is_public: "{{ is_public }}" upgrade_day: "{{ upgrade_day }}" upgrade_time_in_secs: "{{ upgrade_time_in_secs }}" override_version_profile: "{{ override_version_profile }}" @@ -58,56 +70,51 @@ - name: Verify Service Edge Group is present ansible.builtin.assert: that: - - not result.changed + - result.changed - result.data is defined - result.data.name is defined - - result.data.name == name + - result.data.name == seg_name - result.data.enabled == true - - name: Create Service Edge Group is (again; idempotency check) + - name: Create the Service Edge Group (again; idempotency check) zscaler.zpacloud.zpa_service_edge_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: present - name: "{{ name }}" - description: "{{ description }}" + name: "{{ seg_name }}" + description: "{{ seg_description }}" enabled: "{{ enabled }}" city_country: "{{ city_country }}" country_code: "{{ country_code }}" latitude: "{{ latitude }}" longitude: "{{ longitude }}" location: "{{ location }}" + is_public: "{{ is_public }}" upgrade_day: "{{ upgrade_day }}" upgrade_time_in_secs: "{{ upgrade_time_in_secs }}" override_version_profile: "{{ override_version_profile }}" version_profile_id: "{{ version_profile_id }}" register: result - - name: Verify Service Edge Group is present + - name: Ensure Service Edge Group is absent (idempotency check) ansible.builtin.assert: that: - result.changed - - name: Fetch All Service Edge Group + - name: Fetch all Service Edge Groups zscaler.zpacloud.zpa_service_edge_groups_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" register: result - - name: Ensure all Service Edge Group found + - name: Ensure all Service Edge Groups found ansible.builtin.assert: that: - not result.changed - - result.data is defined + - result.data[0] is defined - name: Fetch this Service Edge Group zscaler.zpacloud.zpa_service_edge_groups_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - name: "{{ name }}" + provider: "{{ zpa_cloud }}" + name: "{{ seg_name }}" register: result - name: Ensure this Service Edge Group is found @@ -116,33 +123,30 @@ - not result.changed - result.data is defined - result.data[0].name is defined - - result.data[0].name == name + - result.data[0].name == seg_name - result.data[0].enabled == true - name: Delete Service Edge Group zscaler.zpacloud.zpa_service_edge_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: absent - name: "{{ name }}" + name: "{{ seg_name }}" register: result - name: Verify Service Edge Group is Deleted ansible.builtin.assert: that: - - not result.changed + - result.changed - name: Delete Service Edge Group (again; idempotency check) zscaler.zpacloud.zpa_service_edge_groups: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" state: absent - name: "{{ name }}" + name: "{{ seg_name }}" register: result - - name: Verify the Service Edge Group is deleted + - name: Verify Service Edge Group is absent ansible.builtin.assert: that: - - not result.changed \ No newline at end of file + - not result.changed + - result.data is defined diff --git a/tests/integration/targets/zpa_service_edge_groups_info/aliases b/tests/integration/targets/zpa_service_edge_groups_info/aliases deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_service_edge_groups_info/defaults/main.yml b/tests/integration/targets/zpa_service_edge_groups_info/defaults/main.yml deleted file mode 100644 index e69de29..0000000 diff --git a/tests/integration/targets/zpa_service_edge_groups_info/tasks/main.yml b/tests/integration/targets/zpa_service_edge_groups_info/tasks/main.yml deleted file mode 100644 index 4e067c1..0000000 --- a/tests/integration/targets/zpa_service_edge_groups_info/tasks/main.yml +++ /dev/null @@ -1,25 +0,0 @@ ---- -- block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Gather Service Edge Groups Information - zscaler.zpacloud.zpa_service_edge_groups_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" - register: result - - - name: Verify service edge groups fetched - ansible.builtin.assert: - that: - - not result.changed - - result.data is defined \ No newline at end of file diff --git a/tests/integration/targets/zpa_trusted_networks_info/defaults/main.yml b/tests/integration/targets/zpa_trusted_networks_info/defaults/main.yml index e69de29..837ffd2 100644 --- a/tests/integration/targets/zpa_trusted_networks_info/defaults/main.yml +++ b/tests/integration/targets/zpa_trusted_networks_info/defaults/main.yml @@ -0,0 +1,3 @@ +bd_tn01: BDTrustedNetwork01 +bd_tn02: BDTrustedNetwork02 +bd_tn03: BDTrustedNetwork03 diff --git a/tests/integration/targets/zpa_trusted_networks_info/meta/main.yml b/tests/integration/targets/zpa_trusted_networks_info/meta/main.yml new file mode 100644 index 0000000..23d65c7 --- /dev/null +++ b/tests/integration/targets/zpa_trusted_networks_info/meta/main.yml @@ -0,0 +1,2 @@ +--- +dependencies: [] diff --git a/tests/integration/targets/zpa_trusted_networks_info/tasks/main.yml b/tests/integration/targets/zpa_trusted_networks_info/tasks/main.yml index 0918e8a..26e0575 100644 --- a/tests/integration/targets/zpa_trusted_networks_info/tasks/main.yml +++ b/tests/integration/targets/zpa_trusted_networks_info/tasks/main.yml @@ -1,25 +1,69 @@ --- +- name: Include default variables + ansible.builtin.include_vars: + file: "../defaults/main.yml" + +- name: Ensure required environment variables are set + fail: + msg: "{{ item }} is not defined as environment variable" + when: lookup('env', item) is none + loop: + - ZPA_CLIENT_ID + - ZPA_CLIENT_SECRET + - ZPA_CUSTOMER_ID + +- ansible.builtin.set_fact: + zpa_cloud: + client_id: "{{ lookup('env', 'ZPA_CLIENT_ID') }}" + client_secret: "{{ lookup('env', 'ZPA_CLIENT_SECRET') }}" + customer_id: "{{ lookup('env', 'ZPA_CUSTOMER_ID') }}" + cloud: "{{ lookup('env', 'ZPA_CLOUD') | default(omit) }}" + no_log: True + - block: - - name: Ensure ZPA API Credential is Set - ansible.builtin.fail: - msg: client_id, client_secret and customer_id should be defined in tests/integration/integration_config.yml - when: - - client_id is not defined - - client_secret is not defined - - customer_id is not defined - - client_id | length == 0 - - client_secret | length == 0 - - customer_id | length == 0 - - - name: Gather Trusted Network Information + - name: Fetch All Trusted Networks + zscaler.zpacloud.zpa_trusted_networks_info: + provider: "{{ zpa_cloud }}" + register: result + + - name: Ensure All Trusted Networks found + ansible.builtin.assert: + that: + - not result.changed + - result.data is defined + + - name: Fetch BD-TrustedNetwork01 Trusted Networks + zscaler.zpacloud.zpa_trusted_networks_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_tn01 }}" + register: result + + - name: Ensure BD-TrustedNetwork01 Trusted Networks found + ansible.builtin.assert: + that: + - not result.changed + - result.data[0] is defined + + - name: Fetch BD-TrustedNetwork02 Trusted Networks + zscaler.zpacloud.zpa_trusted_networks_info: + provider: "{{ zpa_cloud }}" + name: "{{ bd_tn02 }}" + register: result + + - name: Ensure BD-TrustedNetwork02 Trusted Networks found + ansible.builtin.assert: + that: + - not result.changed + - result.data[0] is defined + + - name: Fetch BD-TrustedNetwork03 Trusted Networks zscaler.zpacloud.zpa_trusted_networks_info: - client_id: "{{ client_id }}" - client_secret: "{{ client_secret }}" - customer_id: "{{ customer_id }}" + provider: "{{ zpa_cloud }}" + name: "{{ bd_tn03 }}" register: result - - name: Verify trusted network fetched + - name: Ensure BD-TrustedNetwork03 Trusted Networks found ansible.builtin.assert: that: - not result.changed - - result.data is defined \ No newline at end of file + - result.data[0] is defined