1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/tests/integration/targets/iptables_state/tasks/tests/00-basic.yml
Felix Fontein 24efe9ee9a
Normalize bools in tests (#5996)
* Normalize bools in tests.

* Fix typo.
2023-02-15 22:55:23 +01:00

320 lines
7.9 KiB
YAML

---
# Copyright (c) Ansible Project
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
# SPDX-License-Identifier: GPL-3.0-or-later
- name: "ensure our next backup is not there (file)"
file:
path: "{{ iptables_saved }}"
state: absent
- name: "ensure our next rule is not there (iptables)"
iptables:
chain: OUTPUT
jump: ACCEPT
state: absent
#
# Basic checks about invalid param/value handling.
#
- name: "trigger error about invalid param"
iptables_state:
name: foobar
register: iptables_state
ignore_errors: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("Invalid options")
quiet: true
- name: "trigger error about missing param 'state'"
iptables_state:
path: foobar
register: iptables_state
ignore_errors: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("missing required arguments")
quiet: true
- name: "trigger error about missing param 'path'"
iptables_state:
state: saved
register: iptables_state
ignore_errors: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("missing required arguments")
quiet: true
- name: "trigger error about invalid value for param 'state'"
iptables_state:
path: foobar
state: present
register: iptables_state
ignore_errors: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is failed
- iptables_state.msg is match("value of state must be one of")
quiet: true
#
# Play with the current state first. We will create a file to store it in, but
# no more. These tests are for:
# - idempotency
# - check_mode
#
- name: "save state (check_mode, must report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
check_mode: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state == iptables_state.saved
quiet: true
- name: "save state (must report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state == iptables_state.saved
quiet: true
- name: "save state (idempotency, must NOT report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.saved
quiet: true
- name: "save state (check_mode, must NOT report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: saved
register: iptables_state
check_mode: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.saved
quiet: true
# We begin with 'state=restored' by restoring the current state on itself.
# This at least ensures the file produced with state=saved is suitable for
# state=restored.
- name: "state=restored check_mode=true changed=false"
block:
- name: "restore state (check_mode, must NOT report a change, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
check_mode: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: true
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: true
register: xtables_lock
- name: "state=restored changed=false"
block:
- name: "restore state (must NOT report a change, warning about rollback & async)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: true
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: true
register: xtables_lock
- name: "change iptables state (iptables)"
iptables:
chain: OUTPUT
jump: ACCEPT
- name: "state=restored changed=true"
block:
- name: "restore state (check_mode, must report a change)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
check_mode: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state != iptables_state.restored
quiet: true
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: true
register: xtables_lock
- name: "state=restored changed=true"
block:
- name: "restore state (must report a change, async, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
- name: "assert that results are as expected"
assert:
that:
- iptables_state is changed
- iptables_state.initial_state != iptables_state.restored
- iptables_state.applied
quiet: true
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: true
register: xtables_lock
- name: "state=restored changed=false"
block:
- name: "restore state (must NOT report a change, async, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
async: "{{ ansible_timeout }}"
poll: 0
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: true
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: true
register: xtables_lock
- name: "state=restored changed=false"
block:
- name: "restore state (check_mode=yes, must NOT report a change, no warning)"
iptables_state:
path: "{{ iptables_saved }}"
state: restored
register: iptables_state
check_mode: true
- name: "assert that results are as expected"
assert:
that:
- iptables_state is not changed
- iptables_state.initial_state == iptables_state.restored
quiet: true
rescue:
- name: "assert that results are not as expected for only one reason (xtables lock)"
assert:
that:
- iptables_state is failed
- iptables_state.stderr is search('xtables lock')
quiet: true
register: xtables_lock