ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/tests/integration/targets/iptables_state/tasks/tests/00-basic.yml

317 lines
7.7 KiB
YAML
Raw Normal View History

New module: iptables_state (#271) * restart from last state * test (sanity) doc fragment placeholder * test (sanity) remove doc fragment placeholder * remove internal params from DOCUMENTATION * update ignore-2.10.txt * doc: add changelog fragment * shorten changelog fragment * Revert "shorten changelog fragment" This reverts commit f9aea0d1eaefda139fd5b79bd0eb127c09a433fb. * test with posix/group1 * test with posix/group3 * test with posix/group5 * test with posix/group4 * test with posix/group3 * New modules/action plugins automatically get a changelog entry * fix: styles * Revert "remove internal params from DOCUMENTATION" This reverts commit 7d5fcf4b17e4cd5b0afc08fd1bd3fcef5fcaee26. * drop neutral/informative/stateless behaviour * update tasks after changes in module * use FQCN in EXAMPLES * add tests to validate error handling about required params * doc: remove outdated sentence * do not document internal parameters * display timeout value in failure message * remove inapropriate comment * merge results and clean them up only once * conditionally remove tmp path * at least one iteration is required * remove deprecated code * move variables declaration to conditional block * dissociate async and connection timeout * improve warnings (conditions + values) * remove ANSIBLE_METADATA (no more needed); fix typo * update DOCUMENTATION * Drop field 'version_added' (no more needed). * Add a note about check_mode support. * catch early errors before resetting connection and processing the loop * fix typo * change posix group (due to xtables locks); add 'version_added' in doc * update deprecation (replace Ansible 2.12 by community.general 2.0.0) * bump version_added to 1.0.0 * update ignore-2.11.txt * ignore errors for 2.9 as for 2.10 & 2.11 * move action plugin to system/ and replace it by a symlink * remove action-plugin-docs override in tests/sanity/ignore*.txt * update action plugin docstrings * bump version_added to 1.1.0 * use lowercase booleans * extend usage of namespaces to ansible builtin modules
2020-08-15 10:36:07 +02:00
---
- name: "ensure our next backup is not there (file)"
file:
path: "{{ iptables_saved }}"
state: absent
- name: "ensure our next rule is not there (iptables)"
iptables:
chain: OUTPUT
jump: ACCEPT
state: absent
#
# Basic checks about invalid param/value handling.
#
- name: "trigger error about invalid param"
iptables_state:
name: foobar
register: iptables_state
ignore_errors: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("Invalid options")
quiet: yes
- name: "trigger error about missing param 'state'"
iptables_state:
path: foobar
register: iptables_state
ignore_errors: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("missing required arguments")
quiet: yes
- name: "trigger error about missing param 'path'"
iptables_state:
state: saved
register: iptables_state
ignore_errors: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("missing required arguments")
quiet: yes
- name: "trigger error about invalid value for param 'state'"
iptables_state:
path: foobar
state: present
register: iptables_state
ignore_errors: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("value of state must be one of")
quiet: yes
#
# Play with the current state first. We will create a file to store it in, but
# no more. These tests are for:
# - idempotency
# - check_mode
#
- name: "save state (check_mode, must report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
check_mode: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state == iptables_state.saved
quiet: yes
- name: "save state (must report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state == iptables_state.saved
quiet: yes
- name: "save state (idempotency, must NOT report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.saved
quiet: yes
- name: "save state (check_mode, must NOT report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
check_mode: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.saved
quiet: yes
# We begin with 'state=restored' by restoring the current state on itself.
# This at least ensures the file produced with state=saved is suitable for
# state=restored.
- name: "state=restored check_mode=true changed=false"
block:
- name: "restore state (check_mode, must NOT report a change, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
check_mode: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: yes
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: yes
register: xtables_lock
- name: "state=restored changed=false"
block:
- name: "restore state (must NOT report a change, warning about rollback & async)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: yes
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: yes
register: xtables_lock
- name: "change iptables state (iptables)"
iptables:
chain: OUTPUT
jump: ACCEPT
- name: "state=restored changed=true"
block:
- name: "restore state (check_mode, must report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
check_mode: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state != iptables_state.restored
quiet: yes
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: yes
register: xtables_lock
- name: "state=restored changed=true"
block:
- name: "restore state (must report a change, async, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state != iptables_state.restored
- iptables_state.applied
quiet: yes
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: yes
register: xtables_lock
- name: "state=restored changed=false"
block:
- name: "restore state (must NOT report a change, async, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: yes
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: yes
register: xtables_lock
- name: "state=restored changed=false"
block:
- name: "restore state (check_mode=yes, must NOT report a change, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
check_mode: yes
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: yes
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: yes
register: xtables_lock
Copy permalink