diff --git a/test/integration/targets/ufw/aliases b/test/integration/targets/ufw/aliases new file mode 100644 index 00000000000..03c559ec519 --- /dev/null +++ b/test/integration/targets/ufw/aliases @@ -0,0 +1,7 @@ +shippable/posix/group2 +skip/osx +skip/freebsd +skip/rhel8.0 +skip/docker +needs/root +destructive diff --git a/test/integration/targets/ufw/tasks/main.yml b/test/integration/targets/ufw/tasks/main.yml new file mode 100644 index 00000000000..357e3a70e5f --- /dev/null +++ b/test/integration/targets/ufw/tasks/main.yml @@ -0,0 +1,23 @@ +--- +# Make sure ufw is installed +- name: Install EPEL repository (RHEL only) + yum: + name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm + state: present + when: ansible_distribution == 'RedHat' +- name: Install iptables (SuSE only) + package: + name: iptables + when: ansible_os_family == 'Suse' +- name: Install ufw + package: + name: ufw +# Make sure ufw is not enabled +- name: Disable ufw in case it is running + ufw: + state: disabled +# Run the tests +- block: + - include_tasks: run-test.yml + with_fileglob: + - "tests/*.yml" diff --git a/test/integration/targets/ufw/tasks/run-test.yml b/test/integration/targets/ufw/tasks/run-test.yml new file mode 100644 index 00000000000..a2999370142 --- /dev/null +++ b/test/integration/targets/ufw/tasks/run-test.yml @@ -0,0 +1,3 @@ +--- +- name: "Loading tasks from {{ item }}" + include_tasks: "{{ item }}" diff --git a/test/integration/targets/ufw/tasks/tests/basic.yml b/test/integration/targets/ufw/tasks/tests/basic.yml new file mode 100644 index 00000000000..91b99889ce8 --- /dev/null +++ b/test/integration/targets/ufw/tasks/tests/basic.yml @@ -0,0 +1,189 @@ +--- +# ############################################ +- name: Enable + ufw: + state: enabled + register: enable +- name: Enable (idempotency) + ufw: + state: enabled + register: enable_idem +- assert: + that: + - enable is changed + - enable_idem is not changed + +# ############################################ +- name: ipv4 allow + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + register: ipv4_allow +- name: ipv4 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + become: yes + register: ipv4_allow_idem +- assert: + that: + - ipv4_allow is changed + - ipv4_allow_idem is not changed + +# ############################################ +- name: delete ipv4 allow + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + delete: yes + register: delete_ipv4_allow +- name: delete ipv4 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + delete: yes + become: yes + register: delete_ipv4_allow_idem +- assert: + that: + - delete_ipv4_allow is changed + - delete_ipv4_allow_idem is not changed + +# ############################################ +- name: ipv6 allow + ufw: + rule: allow + port: 23 + to_ip: "::" + register: ipv6_allow +- name: ipv6 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: "::" + become: yes + register: ipv6_allow_idem +- assert: + that: + - ipv6_allow is changed + - ipv6_allow_idem is not changed + +# ############################################ +- name: delete ipv6 allow + ufw: + rule: allow + port: 23 + to_ip: "::" + delete: yes + register: delete_ipv6_allow +- name: delete ipv6 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: "::" + delete: yes + become: yes + register: delete_ipv6_allow_idem +- assert: + that: + - delete_ipv6_allow is changed + - delete_ipv6_allow_idem is not changed + + +# ############################################ +- name: ipv4 allow + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + register: ipv4_allow +- name: ipv4 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + become: yes + register: ipv4_allow_idem +- assert: + that: + - ipv4_allow is changed + - ipv4_allow_idem is not changed + +# ############################################ +- name: delete ipv4 allow + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + delete: yes + register: delete_ipv4_allow +- name: delete ipv4 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: 0.0.0.0 + delete: yes + become: yes + register: delete_ipv4_allow_idem +- assert: + that: + - delete_ipv4_allow is changed + - delete_ipv4_allow_idem is not changed + +# ############################################ +- name: ipv6 allow + ufw: + rule: allow + port: 23 + to_ip: "::" + register: ipv6_allow +- name: ipv6 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: "::" + become: yes + register: ipv6_allow_idem +- assert: + that: + - ipv6_allow is changed + - ipv6_allow_idem is not changed + +# ############################################ +- name: delete ipv6 allow + ufw: + rule: allow + port: 23 + to_ip: "::" + delete: yes + register: delete_ipv6_allow +- name: delete ipv6 allow (idempotency) + ufw: + rule: allow + port: 23 + to_ip: "::" + delete: yes + become: yes + register: delete_ipv6_allow_idem +- assert: + that: + - delete_ipv6_allow is changed + - delete_ipv6_allow_idem is not changed + +# ############################################ +- name: Disable + ufw: + state: disabled + register: disable +- name: Disable (idempotency) + ufw: + state: disabled + register: disable_idem +- assert: + that: + - disable is changed + - disable_idem is not changed