initial integration tests

tests/integration/targets/networkfirewall_rule_group/aliases

@@ -0,0 +1,3 @@
+cloud/aws
+
+networkfirewall_rule_group_info

tests/integration/targets/networkfirewall_rule_group/defaults/main.yml

@@ -0,0 +1,2 @@
+---
+group_name_prefix: 'AnsibleTest-{{ tiny_prefix }}'

tests/integration/targets/networkfirewall_rule_group/meta/main.yml

@@ -0,0 +1,4 @@
+dependencies:
+  - role: setup_botocore_pip
+    vars:
+      botocore_version: "1.23.23"

tests/integration/targets/networkfirewall_rule_group/tasks/cleanup.yml

@@ -0,0 +1,19 @@
+---
+- name: 'Fetch all account rule groups'
+  networkfirewall_rule_group_info: {}
+  register: account_rules_info
+  ignore_errors: true
+
+- name: 'Get a list of all rules matching {{ group_name_prefix }}'
+  set_fact:
+    matching_rules: '{{ account_rules_info.rule_list | select("search", group_name_prefix) | list }}'
+  ignore_errors: true
+
+# These should just be "no-ops" caused by the deletion being in-progress.
+# Waiters are not supported at this time.
+- name: 'Delete matching rule groups'
+  networkfirewall_rule_group:
+    arn: '{{ item }}'
+    state: absent
+  ignore_errors: true
+  loop: '{{ matching_rules }}'

tests/integration/targets/networkfirewall_rule_group/tasks/main.yml

@@ -0,0 +1,44 @@
+---
+- module_defaults:
+    group/aws:
+      aws_access_key: '{{ aws_access_key | default(omit) }}'
+      aws_secret_key: '{{ aws_secret_key | default(omit) }}'
+      security_token: '{{ security_token | default(omit) }}'
+      region: '{{ aws_region | default(omit) }}'
+  collections:
+    - amazon.aws
+    - community.aws
+  block:
+    # Fetch some info about the account so we can build ARNs
+    - aws_caller_info: {}
+      register: caller_info
+    - name: 'Generate the ARN pattern to search for'
+      vars:
+        _caller_info: '{{ caller_info.arn.split(":") }}'
+        _base_arn: 'arn:{{_caller_info[1]}}:network-firewall:{{aws_region}}'
+      set_fact:
+        account_arn: '{{_base_arn}}:{{_caller_info[4]}}:stateful-rulegroup/'
+        managed_arn: '{{_base_arn}}:aws-managed:stateful-rulegroup/'
+
+    # List the Managed Rule Groups (there's no access to the rules themselves)
+    - include_tasks: 'managed.yml'
+      vars:
+        ansible_python_interpreter: "{{ botocore_virtualenv_interpreter }}"
+
+    # Minimal tests and manipulation of common metadata
+    - include_tasks: 'minimal.yml'
+
+    # Tests Manipulation of common Stateful settings
+    - include_tasks: 'stateful.yml'
+
+    # Tests Manipulation of Suricata formatted rule strings
+    - include_tasks: 'rule_strings.yml'
+
+    # Tests Manipulation of DomainList rule groups
+    - include_tasks: 'domain_list.yml'
+
+    # Tests Manipulation of 5-Tuple rule groups
+    - include_tasks: '5-tuple.yml'
+
+  always:
+    - include_tasks: 'cleanup.yml'

tests/integration/targets/networkfirewall_rule_group/tasks/managed.yml

@@ -0,0 +1,10 @@
+---
+# Tests related to the Managed Firewall rules
+- networkfirewall_rule_group_info:
+    scope: managed
+  register: managed_rules_info
+
+- assert:
+    that:
+      - '"rule_list" in managed_rules_info'
+      - managed_rules_info.rule_list | length > 0