mirror of
https://github.com/ansible-collections/community.general.git
synced 2024-09-14 20:13:21 +02:00
9226c4b0d5
* restart from last state
* test (sanity) doc fragment placeholder
* test (sanity) remove doc fragment placeholder
* remove internal params from DOCUMENTATION
* update ignore-2.10.txt
* doc: add changelog fragment
* shorten changelog fragment
* Revert "shorten changelog fragment"
This reverts commit f9aea0d1eaefda139fd5b79bd0eb127c09a433fb.
* test with posix/group1
* test with posix/group3
* test with posix/group5
* test with posix/group4
* test with posix/group3
* New modules/action plugins automatically get a changelog entry
* fix: styles
* Revert "remove internal params from DOCUMENTATION"
This reverts commit 7d5fcf4b17e4cd5b0afc08fd1bd3fcef5fcaee26.
* drop neutral/informative/stateless behaviour
* update tasks after changes in module
* use FQCN in EXAMPLES
* add tests to validate error handling about required params
* doc: remove outdated sentence
* do not document internal parameters
* display timeout value in failure message
* remove inapropriate comment
* merge results and clean them up only once
* conditionally remove tmp path
* at least one iteration is required
* remove deprecated code
* move variables declaration to conditional block
* dissociate async and connection timeout
* improve warnings (conditions + values)
* remove ANSIBLE_METADATA (no more needed); fix typo
* update DOCUMENTATION
* Drop field 'version_added' (no more needed).
* Add a note about check_mode support.
* catch early errors before resetting connection and processing the loop
* fix typo
* change posix group (due to xtables locks); add 'version_added' in doc
* update deprecation (replace Ansible 2.12 by community.general 2.0.0)
* bump version_added to 1.0.0
* update ignore-2.11.txt
* ignore errors for 2.9 as for 2.10 & 2.11
* move action plugin to system/ and replace it by a symlink
* remove action-plugin-docs override in tests/sanity/ignore*.txt
* update action plugin docstrings
* bump version_added to 1.1.0
* use lowercase booleans
* extend usage of namespaces to ansible builtin modules
(cherry picked from commit 92242d898d)
199 lines
5.7 KiB
YAML
199 lines
5.7 KiB
YAML
---
|
|
- name: "create a blocking ruleset with a DROP policy"
|
|
copy:
|
|
dest: "{{ iptables_tests }}"
|
|
content: |
|
|
*filter
|
|
:INPUT DROP
|
|
COMMIT
|
|
|
|
|
|
|
|
- name: "restore state from the test file (check_mode, must report a change)"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
register: iptables_state
|
|
check_mode: yes
|
|
|
|
- name: "assert that results are as expected"
|
|
assert:
|
|
that:
|
|
- iptables_state is changed
|
|
|
|
|
|
|
|
- name: "fail to restore state from the test file"
|
|
block:
|
|
- name: "restore state from the test file (bad policies, expected error -> rollback)"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
|
|
rescue:
|
|
- name: "explain expected failure"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
- not iptables_state.applied
|
|
success_msg: >-
|
|
The previous error has been triggered to test the rollback. If you
|
|
are there, it means that 1) connection has been lost right after the
|
|
bad rules have been restored; 2) a rollback happened, so the bad
|
|
rules are not applied, finally; 3) module failed because it didn't
|
|
reach the wanted state, but at least host is not lost !!!
|
|
fail_msg: >-
|
|
The previous error has been triggered but its results are not as
|
|
expected.
|
|
|
|
- name: "check that the expected failure happened"
|
|
assert:
|
|
that:
|
|
- iptables_state is failed
|
|
|
|
|
|
|
|
- name: "fail to restore state from the test file (again)"
|
|
block:
|
|
- name: "try again, with a higher timeout (bad policies, same expected error)"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
vars:
|
|
ansible_timeout: "{{ max_delay | d(300) }}"
|
|
|
|
rescue:
|
|
- name: "explain expected failure"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
- not iptables_state.applied
|
|
success_msg: >-
|
|
The previous error has been triggered to test the rollback. If you
|
|
are there, it means that 1) connection has been lost right after the
|
|
bad rules have been restored; 2) a rollback happened, so the bad
|
|
rules are not applied, finally; 3) module failed because it didn't
|
|
reach the wanted state, but at least host is not lost !!!
|
|
fail_msg: >-
|
|
The previous error has been triggered but its results are not as
|
|
expected.
|
|
|
|
- name: "check that the expected failure happened"
|
|
assert:
|
|
that:
|
|
- iptables_state is failed
|
|
|
|
|
|
|
|
- name: "restore state from backup (must NOT report a change)"
|
|
iptables_state:
|
|
path: "{{ iptables_saved }}"
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
|
|
- name: "assert that results are as expected"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
|
|
|
|
|
|
- name: "restore state from backup (mangle, must NOT report a change)"
|
|
iptables_state:
|
|
path: "{{ iptables_saved }}"
|
|
table: mangle
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
|
|
- name: "assert that results are as expected"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
|
|
|
|
|
|
- name: "create a blocking ruleset with a REJECT rule"
|
|
copy:
|
|
dest: "{{ iptables_tests }}"
|
|
content: |
|
|
*filter
|
|
-A INPUT -j REJECT
|
|
COMMIT
|
|
|
|
|
|
|
|
- name: "fail to restore state from the test file (again)"
|
|
block:
|
|
- name: "restore state from the test file (bad rules, expected error -> rollback)"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
|
|
rescue:
|
|
- name: "explain expected failure"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
- not iptables_state.applied
|
|
success_msg: >-
|
|
The previous error has been triggered to test the rollback. If you
|
|
are there, it means that 1) connection has been lost right after the
|
|
bad rules have been restored; 2) a rollback happened, so the bad
|
|
rules are not applied, finally; 3) module failed because it didn't
|
|
reach the wanted state, but at least host is not lost !!!
|
|
fail_msg: >-
|
|
The previous error has been triggered but its results are not as
|
|
expected.
|
|
|
|
- name: "check that the expected failure happened"
|
|
assert:
|
|
that:
|
|
- iptables_state is failed
|
|
|
|
|
|
|
|
- name: "fail to restore state from the test file (again)"
|
|
block:
|
|
- name: "try again, with a higher timeout (bad rules, same expected error)"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
vars:
|
|
ansible_timeout: "{{ max_delay | d(300) }}"
|
|
|
|
rescue:
|
|
- name: "explain expected failure"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
- not iptables_state.applied
|
|
success_msg: >-
|
|
The previous error has been triggered to test the rollback. If you
|
|
are there, it means that 1) connection has been lost right after the
|
|
bad rules have been restored; 2) a rollback happened, so the bad
|
|
rules are not applied, finally; 3) module failed because it didn't
|
|
reach the wanted state, but at least host is not lost !!!
|
|
fail_msg: >-
|
|
The previous error has been triggered but its results are not as
|
|
expected.
|
|
|
|
- name: "check that the expected failure happened"
|
|
assert:
|
|
that:
|
|
- iptables_state is failed
|