piotr-gbyliczek · May 22, 2019 08:48
diff --git a/testcase.yml b/testcase.yml
 ---
 - name: testcase
  hosts: localhost
  connection: local
  gather_facts: true
 #  strategy: debug
  vars:
    project_name: "basic"

 # fill the belov variables with details relevant to your azure environment

    resource_group: ""
    vnet: ""
    subnet: ""
    subscription: ""

    self_signed_cert_name: "certificate1"
    self_signed_cert_data: ""

    ssl_cert_name: "certificate2"
    ssl_cert_data: ""
    ssl_cert_pass: ""
    
 # both certificates "data" elements need to be .pfx format files encoded in base64
 # <-------------------------

    azure_uri: "/subscriptions/{{ subscription }}/resourceGroups/{{ resource_group}}"
    subnet_id: "{{ azure_uri }}/providers/Microsoft.Network/virtualNetworks/{{ vnet }}/subnets/{{ subnet }}"
    ssl_policy_type: 'custom'
    ssl_policy_name: 'ssl_policy20170401_s'
    ssl_policy_min_protocol: 'tls_v1_2'
    ssl_policy_disabled_protocols:
     - 'tls_v1_0'
     - 'tls_v1_1'
    ssl_policy_cypher_suites:
     - tls_ecdhe_rsa_with_aes_256_gcm_sha384
     - tls_ecdhe_rsa_with_aes_256_cbc_sha384
     - tls_ecdhe_rsa_with_aes_256_cbc_sha

  tasks:
    - name: create an application gateway
      azure_rm_appgateway:
        resource_group: "{{ resource_group }}"
        name: "{{ project_name }}-agw"
        sku:
          name: "standard_small"
          tier: "standard"
          capacity: "2"
        gateway_ip_configurations:
          - subnet:
              id: "{{ subnet_id }}"
            name: "{{ project_name }}-agw-ip-config"
        frontend_ip_configurations:
          - subnet:
              id: "{{ subnet_id }}"
            name:  "{{ project_name }}-agw-frontend-ip"
        frontend_ports:
          - port: "80"
            name: "{{ project_name }}-agw-frontend-80"
          - port: "443"
            name: "{{ project_name }}-agw-frontend-443"
        backend_address_pools:
          - backend_addresses:
              - ip_address: 10.11.2.4
              - ip_address: 10.11.2.5
            name: "{{ project_name }}-agw-backend-pool"
        backend_http_settings_collection:
          - port: "80"
            protocol: http
            cookie_based_affinity: "enabled"
            name: "{{ project_name }}-agw-backend-settings-80"
          - port: "443"
            protocol: https
            cookie_based_affinity: "enabled"
            name: "{{ project_name }}-agw-backend-settings-443"
            authentication_certificates:
             - name: "{{ self_signed_cert_name }}"
               id: "{{ azure_uri }}/providers/Microsoft.Network/applicationGateways/{{ project_name }}-agw/authenticationCertificates/{{ self_signed_cert_name }}"
        http_listeners:
          - frontend_ip_configuration: "{{ project_name }}-agw-frontend-ip"
            frontend_port: "{{ project_name }}-agw-frontend-80"
            name: "{{ project_name }}-agw-listener-80"
          - frontend_ip_configuration: "{{ project_name }}-agw-frontend-ip"
            frontend_port: "{{ project_name }}-agw-frontend-443"
            name: "{{ project_name }}-agw-listener-443"
            protocol: https
            ssl_certificate: "{{ ssl_cert_name }}"
        ssl_policy:
          policy_type: "{{ ssl_policy_type }}"
          policy_name: "{{ ssl_policy_name }}"
          cipher_suites: "{{ ssl_policy_cypher_suites }}"
          disabled_ssl_protocols: "{{ ssl_policy_disabled_protocols }}"
          min_protocol_version: "{{ ssl_policy_min_protocol }}"
        ssl_certificates:
          - data: "{{ ssl_cert_data }}"
            name: "{{ ssl_cert_name }}"
            password: "{{ ssl_cert_pass }}"
        authentication_certificates:
          - data: "{{ self_signed_cert_data }}"
            name: "{{ self_signed_cert_name }}"
        request_routing_rules:
          - rule_type: Basic
            backend_address_pool: "{{ project_name }}-agw-backend-pool"
            backend_http_settings: "{{ project_name }}-agw-backend-settings-80"
            http_listener: "{{ project_name }}-agw-listener-80"
            name: rule1
          - rule_type: Basic
            backend_address_pool: "{{ project_name }}-agw-backend-pool"
            backend_http_settings: "{{ project_name }}-agw-backend-settings-443"
            http_listener: "{{ project_name }}-agw-listener-443"
            name: rule2
	---
	- name: testcase
	hosts: localhost
	connection: local
	gather_facts: true
	# strategy: debug
	vars:
	project_name: "basic"

	# fill the belov variables with details relevant to your azure environment

	resource_group: ""
	vnet: ""
	subnet: ""
	subscription: ""

	self_signed_cert_name: "certificate1"
	self_signed_cert_data: ""

	ssl_cert_name: "certificate2"
	ssl_cert_data: ""
	ssl_cert_pass: ""

	# both certificates "data" elements need to be .pfx format files encoded in base64
	# <-------------------------

	azure_uri: "/subscriptions/{{ subscription }}/resourceGroups/{{ resource_group}}"
	subnet_id: "{{ azure_uri }}/providers/Microsoft.Network/virtualNetworks/{{ vnet }}/subnets/{{ subnet }}"
	ssl_policy_type: 'custom'
	ssl_policy_name: 'ssl_policy20170401_s'
	ssl_policy_min_protocol: 'tls_v1_2'
	ssl_policy_disabled_protocols:
	- 'tls_v1_0'
	- 'tls_v1_1'
	ssl_policy_cypher_suites:
	- tls_ecdhe_rsa_with_aes_256_gcm_sha384
	- tls_ecdhe_rsa_with_aes_256_cbc_sha384
	- tls_ecdhe_rsa_with_aes_256_cbc_sha

	tasks:
	- name: create an application gateway
	azure_rm_appgateway:
	resource_group: "{{ resource_group }}"
	name: "{{ project_name }}-agw"
	sku:
	name: "standard_small"
	tier: "standard"
	capacity: "2"
	gateway_ip_configurations:
	- subnet:
	id: "{{ subnet_id }}"
	name: "{{ project_name }}-agw-ip-config"
	frontend_ip_configurations:
	- subnet:
	id: "{{ subnet_id }}"
	name: "{{ project_name }}-agw-frontend-ip"
	frontend_ports:
	- port: "80"
	name: "{{ project_name }}-agw-frontend-80"
	- port: "443"
	name: "{{ project_name }}-agw-frontend-443"
	backend_address_pools:
	- backend_addresses:
	- ip_address: 10.11.2.4
	- ip_address: 10.11.2.5
	name: "{{ project_name }}-agw-backend-pool"
	backend_http_settings_collection:
	- port: "80"
	protocol: http
	cookie_based_affinity: "enabled"
	name: "{{ project_name }}-agw-backend-settings-80"
	- port: "443"
	protocol: https
	cookie_based_affinity: "enabled"
	name: "{{ project_name }}-agw-backend-settings-443"
	authentication_certificates:
	- name: "{{ self_signed_cert_name }}"
	id: "{{ azure_uri }}/providers/Microsoft.Network/applicationGateways/{{ project_name }}-agw/authenticationCertificates/{{ self_signed_cert_name }}"
	http_listeners:
	- frontend_ip_configuration: "{{ project_name }}-agw-frontend-ip"
	frontend_port: "{{ project_name }}-agw-frontend-80"
	name: "{{ project_name }}-agw-listener-80"
	- frontend_ip_configuration: "{{ project_name }}-agw-frontend-ip"
	frontend_port: "{{ project_name }}-agw-frontend-443"
	name: "{{ project_name }}-agw-listener-443"
	protocol: https
	ssl_certificate: "{{ ssl_cert_name }}"
	ssl_policy:
	policy_type: "{{ ssl_policy_type }}"
	policy_name: "{{ ssl_policy_name }}"
	cipher_suites: "{{ ssl_policy_cypher_suites }}"
	disabled_ssl_protocols: "{{ ssl_policy_disabled_protocols }}"
	min_protocol_version: "{{ ssl_policy_min_protocol }}"
	ssl_certificates:
	- data: "{{ ssl_cert_data }}"
	name: "{{ ssl_cert_name }}"
	password: "{{ ssl_cert_pass }}"
	authentication_certificates:
	- data: "{{ self_signed_cert_data }}"
	name: "{{ self_signed_cert_name }}"
	request_routing_rules:
	- rule_type: Basic
	backend_address_pool: "{{ project_name }}-agw-backend-pool"
	backend_http_settings: "{{ project_name }}-agw-backend-settings-80"
	http_listener: "{{ project_name }}-agw-listener-80"
	name: rule1
	- rule_type: Basic
	backend_address_pool: "{{ project_name }}-agw-backend-pool"
	backend_http_settings: "{{ project_name }}-agw-backend-settings-443"
	http_listener: "{{ project_name }}-agw-listener-443"
	name: rule2