fix: Fixed drift with url filtering and firewall rules

zscaler · May 24, 2024 · f955cc0 · f955cc0
1 parent 507ef9c
commit f955cc0
Show file tree

Hide file tree

Showing 7 changed files with 414 additions and 25 deletions.
diff --git a/tests/integration/helper_tasks/zia_rule_labels/create_rule_labels.yml b/tests/integration/helper_tasks/zia_rule_labels/create_rule_labels.yml
@@ -0,0 +1,48 @@
+---
+- name: Set initial variables
+  ansible.builtin.set_fact:
+    label_name: test_zia_ansible
+    label_description: test_zia_ansible
+
+- name: Ensure required environment variables are set
+  ansible.builtin.fail:
+    msg: "{{ env_var }} is not defined as environment variable"
+  when: lookup('env', env_var) is none
+  loop:
+    - ZIA_USERNAME
+    - ZIA_PASSWORD
+    - ZIA_API_KEY
+    - ZIA_CLOUD
+  loop_control:
+    loop_var: env_var
+
+- name: Ensure ZIA Credential environment variables are set
+  ansible.builtin.set_fact:
+    zia_cloud:
+      username: "{{ lookup('env', 'ZIA_USERNAME') }}"
+      password: "{{ lookup('env', 'ZIA_PASSWORD') }}"
+      api_key: "{{ lookup('env', 'ZIA_API_KEY') }}"
+      cloud: "{{ lookup('env', 'ZIA_CLOUD') | default(omit) }}"
+  no_log: true
+
+- name: Import Random String Generator Tasks
+  ansible.builtin.import_tasks: ../../generate_random_string.yml
+
+- name: Set dynamic name values with random string
+  ansible.builtin.set_fact:
+    label_name: "{{ label_name }}_{{ random_string }}"
+    label_description: "{{ label_description }}_{{ random_string }}"
+
+- name: Main block to Test Rule Label Configuration
+  block:
+    - name: Create Helper Rule Label
+      zscaler.ziacloud.zia_rule_labels:
+        provider: "{{ zia_cloud }}"
+        state: present
+        name: "{{ label_name }}"
+        description: "{{ label_description }}"
+      register: label_id
+
+    - name: Set Rule Label ID as fact
+      ansible.builtin.set_fact:
+        label_id: "{{ label_id.data.id }}"
diff --git a/tests/integration/helper_tasks/zia_rule_labels/delete_rule_labels.yml b/tests/integration/helper_tasks/zia_rule_labels/delete_rule_labels.yml
@@ -0,0 +1,38 @@
+---
+- name: Ensure required environment variables are set
+  ansible.builtin.fail:
+    msg: "{{ env_var }} is not defined as environment variable"
+  when: lookup('env', env_var) is none
+  loop:
+    - ZIA_USERNAME
+    - ZIA_PASSWORD
+    - ZIA_API_KEY
+    - ZIA_CLOUD
+  loop_control:
+    loop_var: env_var
+
+- name: Ensure ZIA Credential environment variables are set
+  ansible.builtin.set_fact:
+    zia_cloud:
+      username: "{{ lookup('env', 'ZIA_USERNAME') }}"
+      password: "{{ lookup('env', 'ZIA_PASSWORD') }}"
+      api_key: "{{ lookup('env', 'ZIA_API_KEY') }}"
+      cloud: "{{ lookup('env', 'ZIA_CLOUD') | default(omit) }}"
+  no_log: true
+
+- name: Main block to List All Rule Labels Configuration
+  block:
+    - name: List all Rule Labels
+      zscaler.ziacloud.zia_rule_labels_facts:
+        provider: "{{ zia_cloud }}"
+      register: all_labels
+
+    - name: Delete all Rule Label 💥
+      zscaler.ziacloud.zia_rule_labels:
+        provider: "{{ zia_cloud }}"
+        state: absent
+        name: "{{ rule_label.name }}"
+      loop: "{{ all_labels.data }}"
+      when: all_labels.data is defined
+      loop_control:
+        loop_var: rule_label
diff --git a/tests/integration/helper_tasks/zia_rule_labels/verify_rule_labels.yml b/tests/integration/helper_tasks/zia_rule_labels/verify_rule_labels.yml
@@ -0,0 +1,37 @@
+---
+- name: Ensure required environment variables are set
+  ansible.builtin.fail:
+    msg: "{{ env_var }} is not defined as environment variable"
+  when: lookup('env', env_var) is none
+  loop:
+    - ZIA_USERNAME
+    - ZIA_PASSWORD
+    - ZIA_API_KEY
+    - ZIA_CLOUD
+  loop_control:
+    loop_var: env_var
+
+- name: Ensure ZIA Credential environment variables are set
+  ansible.builtin.set_fact:
+    zia_cloud:
+      username: "{{ lookup('env', 'ZIA_USERNAME') }}"
+      password: "{{ lookup('env', 'ZIA_PASSWORD') }}"
+      api_key: "{{ lookup('env', 'ZIA_API_KEY') }}"
+      cloud: "{{ lookup('env', 'ZIA_CLOUD') | default(omit) }}"
+  no_log: true
+
+- name: Main block to Fetch The Created Rule Label Configuration
+  block:
+    - name: Fetch the created Rule Label
+      zscaler.ziacloud.zia_rule_labels_facts:
+        provider: "{{ zia_cloud }}"
+        id: "{{ label_id }}" # assuming you have the ID stored in this variable
+      register: fetched_label
+
+    - name: Verify App Rule Label attributes
+      ansible.builtin.assert:
+        that:
+          - fetched_label.data[0].name == label_name
+          - fetched_label.data[0].name == label_description
+        fail_msg: Verification failed for Rule Label!
+        success_msg: Verification successful for Rule Label!
diff --git a/tests/integration/run_all_tests.yml b/tests/integration/run_all_tests.yml
@@ -16,29 +16,30 @@
     - name: Run initial sweep to clean tenant
       ansible.builtin.include_tasks: ./sweep.yml
 
-    # - name: Running ZIA Integration Tests
-    #   ansible.builtin.include_tasks: "{{ item }}"
-    #   loop:
-    #     - targets/zia_authentication_settings/tasks/main.yml
-    #     - targets/zia_cloud_firewall_filtering_rule/tasks/main.yml
-    #     - targets/zia_cloud_firewall_ip_destination_groups/tasks/main.yml
-    #     - targets/zia_cloud_firewall_ip_source_groups/tasks/main.yml
-    #     - targets/zia_cloud_firewall_network_application_groups/tasks/main.yml
-    #     - targets/zia_cloud_firewall_network_services/tasks/main.yml
-    #     - targets/zia_cloud_firewall_network_services_groups/tasks/main.yml
-    #     - targets/zia_cloud_firewall_time_windows_facts/tasks/main.yml
-    #     - targets/zia_dlp_dictionaries/tasks/main.yml
-    #     - targets/zia_dlp_engines/tasks/main.yml
-    #     - targets/zia_dlp_icap_server_facts/tasks/main.yml
-    #     - targets/zia_dlp_incident_receiver_facts/tasks/main.yml
-    #     - targets/zia_dlp_notification_template/tasks/main.yml
-    #     - targets/zia_dlp_web_rules/tasks/main.yml
-    #     - targets/zia_location_management/tasks/main.yml
-    #     - targets/zia_rule_labels/tasks/main.yml
-    #     - targets/zia_sandbox_advanced_settings/tasks/main.yml
-    #     - targets/zia_traffic_forwarding_gre_tunnels/tasks/main.yml
-    #     - targets/zia_traffic_forwarding_static_ip/tasks/main.yml
-    #     - targets/zia_traffic_forwarding_vpn_credentials/tasks/main.yml
+    - name: Running ZIA Integration Tests
+      ansible.builtin.include_tasks: "{{ item }}"
+      loop:
+        - targets/zia_authentication_settings/tasks/main.yml
+        - targets/zia_cloud_firewall_filtering_rule/tasks/main.yml
+        - targets/zia_cloud_firewall_ip_destination_groups/tasks/main.yml
+        - targets/zia_cloud_firewall_ip_source_groups/tasks/main.yml
+        - targets/zia_cloud_firewall_network_application_groups/tasks/main.yml
+        - targets/zia_cloud_firewall_network_services/tasks/main.yml
+        - targets/zia_cloud_firewall_network_services_groups/tasks/main.yml
+        - targets/zia_cloud_firewall_time_windows_facts/tasks/main.yml
+        - targets/zia_dlp_dictionaries/tasks/main.yml
+        - targets/zia_dlp_engines/tasks/main.yml
+        - targets/zia_dlp_icap_server_facts/tasks/main.yml
+        - targets/zia_dlp_incident_receiver_facts/tasks/main.yml
+        - targets/zia_dlp_notification_template/tasks/main.yml
+        - targets/zia_dlp_web_rules/tasks/main.yml
+        - targets/zia_location_management/tasks/main.yml
+        - targets/zia_rule_labels/tasks/main.yml
+        - targets/zia_sandbox_advanced_settings/tasks/main.yml
+        - targets/zia_traffic_forwarding_gre_tunnels/tasks/main.yml
+        - targets/zia_traffic_forwarding_static_ip/tasks/main.yml
+        - targets/zia_traffic_forwarding_vpn_credentials/tasks/main.yml
+        - targets/zia_url_filtering_rules/tasks/main.yml
 
-    # - name: Run final sweep to clean tenant
-    #   ansible.builtin.include_tasks: ./sweep.yml
+    - name: Run final sweep to clean tenant
+      ansible.builtin.include_tasks: ./sweep.yml
diff --git a/tests/integration/targets/zia_url_filtering_rules/defaults/main.yml b/tests/integration/targets/zia_url_filtering_rules/defaults/main.yml
@@ -0,0 +1,45 @@
+---
+rule_name: test_zia_ansible
+description: test_zia_ansible
+rule_action: ALLOW
+rule_order: 1
+enabled: true
+url_categories:
+  - ANY
+protocols:
+  - ANY_RULE
+device_trust_levels:
+  - UNKNOWN_DEVICETRUSTLEVEL
+  - LOW_TRUST
+  - MEDIUM_TRUST
+  - HIGH_TRUST
+user_agent_types:
+  - OPERA
+  - FIREFOX
+  - MSIE
+  - MSEDGE
+  - CHROME
+  - SAFARI
+  - MSCHREDGE
+  - OTHER
+user_risk_score_levels:
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+request_methods:
+  - CONNECT
+  - DELETE
+  - GET
+  - HEAD
+  - OPTIONS
+  - OTHER
+  - POST
+  - PUT
+  - TRACE
+
+# URL Filtering Rule Update
+name_update: test_zia_ansible
+description_update: test_zia_ansible_update
+action_update: BLOCK
+enabled_update: false
diff --git a/tests/integration/targets/zia_url_filtering_rules/meta/main.yml b/tests/integration/targets/zia_url_filtering_rules/meta/main.yml
@@ -0,0 +1,2 @@
+---
+dependencies: []