From 80fb81414b16a590bbfdfc34f69aed1b40547df0 Mon Sep 17 00:00:00 2001 From: Adam Miller Date: Mon, 8 Jan 2018 14:23:50 -0800 Subject: [PATCH] initial firewalld integration tests (#31725) * Add a couple test cases to get some baseline integration testing in for firewalld. Signed-off-by: Adam Miller --- test/integration/targets/firewalld/aliases | 4 ++ .../targets/firewalld/tasks/main.yml | 35 ++++++++++ .../firewalld/tasks/port_test_cases.yml | 65 +++++++++++++++++++ .../targets/firewalld/tasks/run_all_tests.yml | 28 ++++++++ .../firewalld/tasks/service_test_cases.yml | 65 +++++++++++++++++++ 5 files changed, 197 insertions(+) create mode 100644 test/integration/targets/firewalld/aliases create mode 100644 test/integration/targets/firewalld/tasks/main.yml create mode 100644 test/integration/targets/firewalld/tasks/port_test_cases.yml create mode 100644 test/integration/targets/firewalld/tasks/run_all_tests.yml create mode 100644 test/integration/targets/firewalld/tasks/service_test_cases.yml diff --git a/test/integration/targets/firewalld/aliases b/test/integration/targets/firewalld/aliases new file mode 100644 index 00000000000..20bbbe1f95b --- /dev/null +++ b/test/integration/targets/firewalld/aliases @@ -0,0 +1,4 @@ +destructive +posix/ci/group3 +skip/freebsd +skip/osx diff --git a/test/integration/targets/firewalld/tasks/main.yml b/test/integration/targets/firewalld/tasks/main.yml new file mode 100644 index 00000000000..1cc98956980 --- /dev/null +++ b/test/integration/targets/firewalld/tasks/main.yml @@ -0,0 +1,35 @@ +# Test playbook for the firewalld module +# (c) 2017, Adam Miller + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: Run firewalld tests + block: + - name: Ensure firewalld is installed + package: + name: firewalld + state: installed + # This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6 + + - name: Check to make sure the firewalld python module is available. + shell: "{{ansible_python.executable}} -c 'import firewall'" + register: check_output + ignore_errors: true + + - import_tasks: run_all_tests.yml + when: check_output.rc == 0 + when: not (ansible_os_family == "RedHat" and ansible_distribution_major_version|int < 7) and + not (ansible_distribution == "Ubuntu" and ansible_distribution_version == "14.04") diff --git a/test/integration/targets/firewalld/tasks/port_test_cases.yml b/test/integration/targets/firewalld/tasks/port_test_cases.yml new file mode 100644 index 00000000000..5891e7520e3 --- /dev/null +++ b/test/integration/targets/firewalld/tasks/port_test_cases.yml @@ -0,0 +1,65 @@ +# Test playbook for the firewalld module - port operations +# (c) 2017, Adam Miller + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: firewalld port test permanent enabled + firewalld: + port: 8081/tcp + permanent: true + state: enabled + register: result + +- name: assert firewalld port test permanent enabled worked + assert: + that: + - result is changed + +- name: firewalld port test permanent enabled rerun (verify not changed) + firewalld: + port: 8081/tcp + permanent: true + state: enabled + register: result + +- name: assert firewalld port test permanent enabled rerun worked (verify not changed) + assert: + that: + - result is not changed + +- name: firewalld port test permanent disabled + firewalld: + port: 8081/tcp + permanent: true + state: disabled + register: result + +- name: assert firewalld port test permanent disabled worked + assert: + that: + - result is changed + +- name: firewalld port test permanent disabled rerun (verify not changed) + firewalld: + port: 8081/tcp + permanent: true + state: disabled + register: result + +- name: assert firewalld port test permanent disabled rerun worked (verify not changed) + assert: + that: + - result is not changed diff --git a/test/integration/targets/firewalld/tasks/run_all_tests.yml b/test/integration/targets/firewalld/tasks/run_all_tests.yml new file mode 100644 index 00000000000..e8976f5922d --- /dev/null +++ b/test/integration/targets/firewalld/tasks/run_all_tests.yml @@ -0,0 +1,28 @@ +# Test playbook for the firewalld module +# (c) 2017, Adam Miller + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: Ensure /run/firewalld exists + file: + path: /run/firewalld + state: directory + +# firewalld service operation test cases +- import_tasks: service_test_cases.yml + +# firewalld port operation test cases +- import_tasks: port_test_cases.yml diff --git a/test/integration/targets/firewalld/tasks/service_test_cases.yml b/test/integration/targets/firewalld/tasks/service_test_cases.yml new file mode 100644 index 00000000000..3c95d81d251 --- /dev/null +++ b/test/integration/targets/firewalld/tasks/service_test_cases.yml @@ -0,0 +1,65 @@ +# Test playbook for the firewalld module - service operations +# (c) 2017, Adam Miller + +# This file is part of Ansible +# +# Ansible is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# Ansible is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with Ansible. If not, see . + +- name: firewalld service test permanent enabled + firewalld: + service: https + permanent: true + state: enabled + register: result + +- name: assert firewalld service test permanent enabled worked + assert: + that: + - result is changed + +- name: firewalld service test permanent enabled rerun (verify not changed) + firewalld: + service: https + permanent: true + state: enabled + register: result + +- name: assert firewalld service test permanent enabled rerun worked (verify not changed) + assert: + that: + - result is not changed + +- name: firewalld service test permanent disabled + firewalld: + service: https + permanent: true + state: disabled + register: result + +- name: assert firewalld service test permanent disabled worked + assert: + that: + - result is changed + +- name: firewalld service test permanent disabled rerun (verify not changed) + firewalld: + service: https + permanent: true + state: disabled + register: result + +- name: assert firewalld service test permanent disabled rerun worked (verify not changed) + assert: + that: + - result is not changed