ansible/community.general
1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
Code Releases Activity
community.general/tests/integration/targets/iptables_state/tasks/tests/10-rollback.yml

204 lines
5.9 KiB
YAML
Raw Normal View History

New module: iptables_state (#271) * restart from last state * test (sanity) doc fragment placeholder * test (sanity) remove doc fragment placeholder * remove internal params from DOCUMENTATION * update ignore-2.10.txt * doc: add changelog fragment * shorten changelog fragment * Revert "shorten changelog fragment" This reverts commit f9aea0d1eaefda139fd5b79bd0eb127c09a433fb. * test with posix/group1 * test with posix/group3 * test with posix/group5 * test with posix/group4 * test with posix/group3 * New modules/action plugins automatically get a changelog entry * fix: styles * Revert "remove internal params from DOCUMENTATION" This reverts commit 7d5fcf4b17e4cd5b0afc08fd1bd3fcef5fcaee26. * drop neutral/informative/stateless behaviour * update tasks after changes in module * use FQCN in EXAMPLES * add tests to validate error handling about required params * doc: remove outdated sentence * do not document internal parameters * display timeout value in failure message * remove inapropriate comment * merge results and clean them up only once * conditionally remove tmp path * at least one iteration is required * remove deprecated code * move variables declaration to conditional block * dissociate async and connection timeout * improve warnings (conditions + values) * remove ANSIBLE_METADATA (no more needed); fix typo * update DOCUMENTATION * Drop field 'version_added' (no more needed). * Add a note about check_mode support. * catch early errors before resetting connection and processing the loop * fix typo * change posix group (due to xtables locks); add 'version_added' in doc * update deprecation (replace Ansible 2.12 by community.general 2.0.0) * bump version_added to 1.0.0 * update ignore-2.11.txt * ignore errors for 2.9 as for 2.10 & 2.11 * move action plugin to system/ and replace it by a symlink * remove action-plugin-docs override in tests/sanity/ignore*.txt * update action plugin docstrings * bump version_added to 1.1.0 * use lowercase booleans * extend usage of namespaces to ansible builtin modules
2020-08-15 10:36:07 +02:00
---
Add default license header to files which have no copyright or license header yet (#5074) * Add default license header to files which have no copyright or license header yet. * yml extension should have been xml...
2022-08-05 14:03:38 +02:00
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
New module: iptables_state (#271) * restart from last state * test (sanity) doc fragment placeholder * test (sanity) remove doc fragment placeholder * remove internal params from DOCUMENTATION * update ignore-2.10.txt * doc: add changelog fragment * shorten changelog fragment * Revert "shorten changelog fragment" This reverts commit f9aea0d1eaefda139fd5b79bd0eb127c09a433fb. * test with posix/group1 * test with posix/group3 * test with posix/group5 * test with posix/group4 * test with posix/group3 * New modules/action plugins automatically get a changelog entry * fix: styles * Revert "remove internal params from DOCUMENTATION" This reverts commit 7d5fcf4b17e4cd5b0afc08fd1bd3fcef5fcaee26. * drop neutral/informative/stateless behaviour * update tasks after changes in module * use FQCN in EXAMPLES * add tests to validate error handling about required params * doc: remove outdated sentence * do not document internal parameters * display timeout value in failure message * remove inapropriate comment * merge results and clean them up only once * conditionally remove tmp path * at least one iteration is required * remove deprecated code * move variables declaration to conditional block * dissociate async and connection timeout * improve warnings (conditions + values) * remove ANSIBLE_METADATA (no more needed); fix typo * update DOCUMENTATION * Drop field 'version_added' (no more needed). * Add a note about check_mode support. * catch early errors before resetting connection and processing the loop * fix typo * change posix group (due to xtables locks); add 'version_added' in doc * update deprecation (replace Ansible 2.12 by community.general 2.0.0) * bump version_added to 1.0.0 * update ignore-2.11.txt * ignore errors for 2.9 as for 2.10 & 2.11 * move action plugin to system/ and replace it by a symlink * remove action-plugin-docs override in tests/sanity/ignore*.txt * update action plugin docstrings * bump version_added to 1.1.0 * use lowercase booleans * extend usage of namespaces to ansible builtin modules
2020-08-15 10:36:07 +02:00
- name: "create a blocking ruleset with a DROP policy"
copy:
dest: "{{ iptables_tests }}"
content: |
*filter
:INPUT DROP
COMMIT
- name: "restore state from the test file (check_mode, must report a change)"
iptables_state:
path: "{{ iptables_tests }}"
state: restored
register: iptables_state
Normalize bools in tests (#5996) * Normalize bools in tests. * Fix typo.
2023-02-15 22:55:23 +01:00
check_mode: true
New module: iptables_state (#271) * restart from last state * test (sanity) doc fragment placeholder * test (sanity) remove doc fragment placeholder * remove internal params from DOCUMENTATION * update ignore-2.10.txt * doc: add changelog fragment * shorten changelog fragment * Revert "shorten changelog fragment" This reverts commit f9aea0d1eaefda139fd5b79bd0eb127c09a433fb. * test with posix/group1 * test with posix/group3 * test with posix/group5 * test with posix/group4 * test with posix/group3 * New modules/action plugins automatically get a changelog entry * fix: styles * Revert "remove internal params from DOCUMENTATION" This reverts commit 7d5fcf4b17e4cd5b0afc08fd1bd3fcef5fcaee26. * drop neutral/informative/stateless behaviour * update tasks after changes in module * use FQCN in EXAMPLES * add tests to validate error handling about required params * doc: remove outdated sentence * do not document internal parameters * display timeout value in failure message * remove inapropriate comment * merge results and clean them up only once * conditionally remove tmp path * at least one iteration is required * remove deprecated code * move variables declaration to conditional block * dissociate async and connection timeout * improve warnings (conditions + values) * remove ANSIBLE_METADATA (no more needed); fix typo * update DOCUMENTATION * Drop field 'version_added' (no more needed). * Add a note about check_mode support. * catch early errors before resetting connection and processing the loop * fix typo * change posix group (due to xtables locks); add 'version_added' in doc * update deprecation (replace Ansible 2.12 by community.general 2.0.0) * bump version_added to 1.0.0 * update ignore-2.11.txt * ignore errors for 2.9 as for 2.10 & 2.11 * move action plugin to system/ and replace it by a symlink * remove action-plugin-docs override in tests/sanity/ignore*.txt * update action plugin docstrings * bump version_added to 1.1.0 * use lowercase booleans * extend usage of namespaces to ansible builtin modules
2020-08-15 10:36:07 +02:00
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- name: "fail to restore state from the test file"
block:
- name: "restore state from the test file (bad policies, expected error -> rollback)"
iptables_state:
path: "{{ iptables_tests }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
rescue:
- name: "explain expected failure"
assert:
that:
- iptables_state is not changed
- not iptables_state.applied
success_msg: >-
The previous error has been triggered to test the rollback. If you
are there, it means that 1) connection has been lost right after the
bad rules have been restored; 2) a rollback happened, so the bad
rules are not applied, finally; 3) module failed because it didn't
reach the wanted state, but at least host is not lost !!!
fail_msg: >-
The previous error has been triggered but its results are not as
expected.
- name: "check that the expected failure happened"
assert:
that:
- iptables_state is failed
- name: "fail to restore state from the test file (again)"
block:
- name: "try again, with a higher timeout (bad policies, same expected error)"
iptables_state:
path: "{{ iptables_tests }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
vars:
ansible_timeout: "{{ max_delay | d(300) }}"
rescue:
- name: "explain expected failure"
assert:
that:
- iptables_state is not changed
- not iptables_state.applied
success_msg: >-
The previous error has been triggered to test the rollback. If you
are there, it means that 1) connection has been lost right after the
bad rules have been restored; 2) a rollback happened, so the bad
rules are not applied, finally; 3) module failed because it didn't
reach the wanted state, but at least host is not lost !!!
fail_msg: >-
The previous error has been triggered but its results are not as
expected.
- name: "check that the expected failure happened"
assert:
that:
- iptables_state is failed
- name: "restore state from backup (must NOT report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- name: "restore state from backup (mangle, must NOT report a change)"
iptables_state:
path: "{{ iptables_saved }}"
table: mangle
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- name: "create a blocking ruleset with a REJECT rule"
copy:
dest: "{{ iptables_tests }}"
content: |
*filter
-A INPUT -j REJECT
COMMIT
- name: "fail to restore state from the test file (again)"
block:
- name: "restore state from the test file (bad rules, expected error -> rollback)"
iptables_state:
path: "{{ iptables_tests }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
rescue:
- name: "explain expected failure"
assert:
that:
- iptables_state is not changed
- not iptables_state.applied
success_msg: >-
The previous error has been triggered to test the rollback. If you
are there, it means that 1) connection has been lost right after the
bad rules have been restored; 2) a rollback happened, so the bad
rules are not applied, finally; 3) module failed because it didn't
reach the wanted state, but at least host is not lost !!!
fail_msg: >-
The previous error has been triggered but its results are not as
expected.
- name: "check that the expected failure happened"
assert:
that:
- iptables_state is failed
- name: "fail to restore state from the test file (again)"
block:
- name: "try again, with a higher timeout (bad rules, same expected error)"
iptables_state:
path: "{{ iptables_tests }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
vars:
ansible_timeout: "{{ max_delay | d(300) }}"
rescue:
- name: "explain expected failure"
assert:
that:
- iptables_state is not changed
- not iptables_state.applied
success_msg: >-
The previous error has been triggered to test the rollback. If you
are there, it means that 1) connection has been lost right after the
bad rules have been restored; 2) a rollback happened, so the bad
rules are not applied, finally; 3) module failed because it didn't
reach the wanted state, but at least host is not lost !!!
fail_msg: >-
The previous error has been triggered but its results are not as
expected.
- name: "check that the expected failure happened"
assert:
that:
- iptables_state is failed
Copy permalink