cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
ansible/test/integration/targets/ufw/tasks/tests/basic.yml
Jérôme BAROTIN b99de25f32 Enable changed var with ufw check mode (#49948) 
* Enable 'changed' var with ufw check mode

* Fix from comment of the PR + Unit Test

* Fix on ufw module after the second review

- delete rules change works in check mode
- simplify execute def & use it on every call process
- improved regexp
- rename vars defaults to current_default_values

* Add ignore error to execute() and use it in get_current_rules()

* Update after third code review (introduce change in changed status)

* Adjust tests and fix some problems (#1)

* 'active' also appears in 'inactive'.

* 'reject' is also a valid option here.

* For example for reloaded, changed will be set back to False here.

* Improve and adjust tests.

* Fix after merging integration test

* handle "disabled" on default routed

* Add /var/lib/ufw/.. rules files

* add unit test

* Fix pep8 formatting error

* Separate ipv6 and ipv4 rules process from checkmode

* fix non-ascii error on ci

* Some change after review

* Add unit test with sub network mask

* rename is_match function by is_starting

* add changelog fragment
2019-02-11 11:05:35 +00:00

402 lines
8.7 KiB
YAML
Raw Blame History

---
# ############################################
- name: Make sure it is off
ufw:
state: disabled
- name: Enable (check mode)
ufw:
state: enabled
check_mode: yes
register: enable_check
- name: Enable
ufw:
state: enabled
register: enable
- name: Enable (idempotency)
ufw:
state: enabled
register: enable_idem
- name: Enable (idempotency, check mode)
ufw:
state: enabled
check_mode: yes
register: enable_idem_check
- assert:
that:
- enable_check is changed
- enable is changed
- enable_idem is not changed
- enable_idem_check is not changed
# ############################################
- name: ipv4 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
check_mode: yes
register: ipv4_allow_check
- name: ipv4 allow
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
register: ipv4_allow
- name: ipv4 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
register: ipv4_allow_idem
- name: ipv4 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
check_mode: yes
register: ipv4_allow_idem_check
- assert:
that:
- ipv4_allow_check is changed
- ipv4_allow is changed
- ipv4_allow_idem is not changed
- ipv4_allow_idem_check is not changed
# ############################################
- name: delete ipv4 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
check_mode: yes
register: delete_ipv4_allow_check
- name: delete ipv4 allow
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
register: delete_ipv4_allow
- name: delete ipv4 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
register: delete_ipv4_allow_idem
- name: delete ipv4 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
check_mode: yes
register: delete_ipv4_allow_idem_check
- assert:
that:
- delete_ipv4_allow_check is changed
- delete_ipv4_allow is changed
- delete_ipv4_allow_idem is not changed
- delete_ipv4_allow_idem_check is not changed
# ############################################
- name: ipv6 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
check_mode: yes
register: ipv6_allow_check
- name: ipv6 allow
ufw:
rule: allow
port: 23
to_ip: "::"
register: ipv6_allow
- name: ipv6 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: "::"
register: ipv6_allow_idem
- name: ipv6 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
check_mode: yes
register: ipv6_allow_idem_check
- assert:
that:
- ipv6_allow_check is changed
- ipv6_allow is changed
- ipv6_allow_idem is not changed
- ipv6_allow_idem_check is not changed
# ############################################
- name: delete ipv6 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
check_mode: yes
register: delete_ipv6_allow_check
- name: delete ipv6 allow
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
register: delete_ipv6_allow
- name: delete ipv6 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
register: delete_ipv6_allow_idem
- name: delete ipv6 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
check_mode: yes
register: delete_ipv6_allow_idem_check
- assert:
that:
- delete_ipv6_allow_check is changed
- delete_ipv6_allow is changed
- delete_ipv6_allow_idem is not changed
- delete_ipv6_allow_idem_check is not changed
# ############################################
- name: ipv4 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
check_mode: yes
register: ipv4_allow_check
- name: ipv4 allow
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
register: ipv4_allow
- name: ipv4 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
register: ipv4_allow_idem
- name: ipv4 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
check_mode: yes
register: ipv4_allow_idem_check
- assert:
that:
- ipv4_allow_check is changed
- ipv4_allow is changed
- ipv4_allow_idem is not changed
- ipv4_allow_idem_check is not changed
# ############################################
- name: delete ipv4 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
check_mode: yes
register: delete_ipv4_allow_check
- name: delete ipv4 allow
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
register: delete_ipv4_allow
- name: delete ipv4 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
register: delete_ipv4_allow_idem
- name: delete ipv4 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: 0.0.0.0
delete: yes
check_mode: yes
register: delete_ipv4_allow_idem_check
- assert:
that:
- delete_ipv4_allow_check is changed
- delete_ipv4_allow is changed
- delete_ipv4_allow_idem is not changed
- delete_ipv4_allow_idem_check is not changed
# ############################################
- name: ipv6 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
check_mode: yes
register: ipv6_allow_check
- name: ipv6 allow
ufw:
rule: allow
port: 23
to_ip: "::"
register: ipv6_allow
- name: ipv6 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: "::"
register: ipv6_allow_idem
- name: ipv6 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
check_mode: yes
register: ipv6_allow_idem_check
- assert:
that:
- ipv6_allow_check is changed
- ipv6_allow is changed
- ipv6_allow_idem is not changed
- ipv6_allow_idem_check is not changed
# ############################################
- name: delete ipv6 allow (check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
check_mode: yes
register: delete_ipv6_allow_check
- name: delete ipv6 allow
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
register: delete_ipv6_allow
- name: delete ipv6 allow (idempotency)
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
register: delete_ipv6_allow_idem
- name: delete ipv6 allow (idempotency, check mode)
ufw:
rule: allow
port: 23
to_ip: "::"
delete: yes
check_mode: yes
register: delete_ipv6_allow_idem_check
- assert:
that:
- delete_ipv6_allow_check is changed
- delete_ipv6_allow is changed
- delete_ipv6_allow_idem is not changed
- delete_ipv6_allow_idem_check is not changed
# ############################################
- name: Reload ufw
ufw:
state: reloaded
register: reload
- name: Reload ufw (check mode)
ufw:
state: reloaded
check_mode: yes
register: reload_check
- assert:
that:
- reload is changed
- reload_check is changed
# ############################################
- name: Disable (check mode)
ufw:
state: disabled
check_mode: yes
register: disable_check
- name: Disable
ufw:
state: disabled
register: disable
- name: Disable (idempotency)
ufw:
state: disabled
register: disable_idem
- name: Disable (idempotency, check mode)
ufw:
state: disabled
check_mode: yes
register: disable_idem_check
- assert:
that:
- disable_check is changed
- disable is changed
- disable_idem is not changed
- disable_idem_check is not changed
# ############################################
- name: Re-enable
ufw:
state: enabled
- name: Reset (check mode)
ufw:
state: reset
check_mode: yes
register: reset_check
- pause:
# Should not be needed, but since ufw is ignoring --dry-run for reset
# (https://bugs.launchpad.net/ufw/+bug/1810082) we have to wait here as well.
seconds: 1
- name: Reset
ufw:
state: reset
register: reset
- pause:
# ufw creates backups of the rule files with a timestamp; if reset is called
# twice in a row fast enough (so that both timestamps are taken in the same second),
# the second call will notice that the backup files are already there and fail.
# Waiting one second fixes this problem.
seconds: 1
- name: Reset (idempotency)
ufw:
state: reset
register: reset_idem
- pause:
# Should not be needed, but since ufw is ignoring --dry-run for reset
# (https://bugs.launchpad.net/ufw/+bug/1810082) we have to wait here as well.
seconds: 1
- name: Reset (idempotency, check mode)
ufw:
state: reset
check_mode: yes
register: reset_idem_check
- assert:
that:
- reset_check is changed
- reset is changed
- reset_idem is changed
- reset_idem_check is changed
Reference in a new issue View git blame Copy permalink