mirror of
https://github.com/ansible-collections/community.general.git
synced 2025-08-23 06:21:43 -07:00
Initial commit
This commit is contained in:
Ansible Core Team
commit
aebc1b03fd
4861 changed files with 812621 additions and 0 deletions
34
tests/integration/targets/ufw/tasks/main.yml
Normal file
34
tests/integration/targets/ufw/tasks/main.yml
Normal file
|
|
@ -0,0 +1,34 @@
|
|||
---
|
||||
# Make sure ufw is installed
|
||||
- name: Install EPEL repository (RHEL only)
|
||||
include_role:
|
||||
name: setup_epel
|
||||
when: ansible_distribution == 'RedHat'
|
||||
- name: Install iptables (SuSE only)
|
||||
package:
|
||||
name: iptables
|
||||
become: yes
|
||||
when: ansible_os_family == 'Suse'
|
||||
- name: Install ufw
|
||||
become: yes
|
||||
package:
|
||||
name: ufw
|
||||
|
||||
# Run the tests
|
||||
- block:
|
||||
- include_tasks: run-test.yml
|
||||
with_fileglob:
|
||||
- "tests/*.yml"
|
||||
become: yes
|
||||
|
||||
# Cleanup
|
||||
always:
|
||||
- pause:
|
||||
# ufw creates backups of the rule files with a timestamp; if reset is called
|
||||
# twice in a row fast enough (so that both timestamps are taken in the same second),
|
||||
# the second call will notice that the backup files are already there and fail.
|
||||
# Waiting one second fixes this problem.
|
||||
seconds: 1
|
||||
- name: Reset ufw to factory defaults and disable
|
||||
ufw:
|
||||
state: reset
|
||||
21
tests/integration/targets/ufw/tasks/run-test.yml
Normal file
21
tests/integration/targets/ufw/tasks/run-test.yml
Normal file
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
- pause:
|
||||
# ufw creates backups of the rule files with a timestamp; if reset is called
|
||||
# twice in a row fast enough (so that both timestamps are taken in the same second),
|
||||
# the second call will notice that the backup files are already there and fail.
|
||||
# Waiting one second fixes this problem.
|
||||
seconds: 1
|
||||
- name: Reset ufw to factory defaults
|
||||
ufw:
|
||||
state: reset
|
||||
- name: Disable ufw
|
||||
ufw:
|
||||
# Some versions of ufw have a bug which won't disable on reset.
|
||||
# That's why we explicitly deactivate here. See
|
||||
# https://bugs.launchpad.net/ufw/+bug/1810082
|
||||
state: disabled
|
||||
- name: "Loading tasks from {{ item }}"
|
||||
include_tasks: "{{ item }}"
|
||||
- name: Reset to factory defaults
|
||||
ufw:
|
||||
state: reset
|
||||
402
tests/integration/targets/ufw/tasks/tests/basic.yml
Normal file
402
tests/integration/targets/ufw/tasks/tests/basic.yml
Normal file
|
|
@ -0,0 +1,402 @@
|
|||
---
|
||||
# ############################################
|
||||
- name: Make sure it is off
|
||||
ufw:
|
||||
state: disabled
|
||||
- name: Enable (check mode)
|
||||
ufw:
|
||||
state: enabled
|
||||
check_mode: yes
|
||||
register: enable_check
|
||||
- name: Enable
|
||||
ufw:
|
||||
state: enabled
|
||||
register: enable
|
||||
- name: Enable (idempotency)
|
||||
ufw:
|
||||
state: enabled
|
||||
register: enable_idem
|
||||
- name: Enable (idempotency, check mode)
|
||||
ufw:
|
||||
state: enabled
|
||||
check_mode: yes
|
||||
register: enable_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- enable_check is changed
|
||||
- enable is changed
|
||||
- enable_idem is not changed
|
||||
- enable_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: ipv4 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
check_mode: yes
|
||||
register: ipv4_allow_check
|
||||
- name: ipv4 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
register: ipv4_allow
|
||||
- name: ipv4 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
register: ipv4_allow_idem
|
||||
- name: ipv4 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
check_mode: yes
|
||||
register: ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- ipv4_allow_check is changed
|
||||
- ipv4_allow is changed
|
||||
- ipv4_allow_idem is not changed
|
||||
- ipv4_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: delete ipv4 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv4_allow_check
|
||||
- name: delete ipv4 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
register: delete_ipv4_allow
|
||||
- name: delete ipv4 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
register: delete_ipv4_allow_idem
|
||||
- name: delete ipv4 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- delete_ipv4_allow_check is changed
|
||||
- delete_ipv4_allow is changed
|
||||
- delete_ipv4_allow_idem is not changed
|
||||
- delete_ipv4_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: ipv6 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
check_mode: yes
|
||||
register: ipv6_allow_check
|
||||
- name: ipv6 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
register: ipv6_allow
|
||||
- name: ipv6 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
register: ipv6_allow_idem
|
||||
- name: ipv6 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
check_mode: yes
|
||||
register: ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- ipv6_allow_check is changed
|
||||
- ipv6_allow is changed
|
||||
- ipv6_allow_idem is not changed
|
||||
- ipv6_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: delete ipv6 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv6_allow_check
|
||||
- name: delete ipv6 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
register: delete_ipv6_allow
|
||||
- name: delete ipv6 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
register: delete_ipv6_allow_idem
|
||||
- name: delete ipv6 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- delete_ipv6_allow_check is changed
|
||||
- delete_ipv6_allow is changed
|
||||
- delete_ipv6_allow_idem is not changed
|
||||
- delete_ipv6_allow_idem_check is not changed
|
||||
|
||||
|
||||
# ############################################
|
||||
- name: ipv4 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
check_mode: yes
|
||||
register: ipv4_allow_check
|
||||
- name: ipv4 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
register: ipv4_allow
|
||||
- name: ipv4 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
register: ipv4_allow_idem
|
||||
- name: ipv4 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
check_mode: yes
|
||||
register: ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- ipv4_allow_check is changed
|
||||
- ipv4_allow is changed
|
||||
- ipv4_allow_idem is not changed
|
||||
- ipv4_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: delete ipv4 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv4_allow_check
|
||||
- name: delete ipv4 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
register: delete_ipv4_allow
|
||||
- name: delete ipv4 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
register: delete_ipv4_allow_idem
|
||||
- name: delete ipv4 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- delete_ipv4_allow_check is changed
|
||||
- delete_ipv4_allow is changed
|
||||
- delete_ipv4_allow_idem is not changed
|
||||
- delete_ipv4_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: ipv6 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
check_mode: yes
|
||||
register: ipv6_allow_check
|
||||
- name: ipv6 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
register: ipv6_allow
|
||||
- name: ipv6 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
register: ipv6_allow_idem
|
||||
- name: ipv6 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
check_mode: yes
|
||||
register: ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- ipv6_allow_check is changed
|
||||
- ipv6_allow is changed
|
||||
- ipv6_allow_idem is not changed
|
||||
- ipv6_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: delete ipv6 allow (check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv6_allow_check
|
||||
- name: delete ipv6 allow
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
register: delete_ipv6_allow
|
||||
- name: delete ipv6 allow (idempotency)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
register: delete_ipv6_allow_idem
|
||||
- name: delete ipv6 allow (idempotency, check mode)
|
||||
ufw:
|
||||
rule: allow
|
||||
port: 23
|
||||
to_ip: "::"
|
||||
delete: yes
|
||||
check_mode: yes
|
||||
register: delete_ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- delete_ipv6_allow_check is changed
|
||||
- delete_ipv6_allow is changed
|
||||
- delete_ipv6_allow_idem is not changed
|
||||
- delete_ipv6_allow_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: Reload ufw
|
||||
ufw:
|
||||
state: reloaded
|
||||
register: reload
|
||||
- name: Reload ufw (check mode)
|
||||
ufw:
|
||||
state: reloaded
|
||||
check_mode: yes
|
||||
register: reload_check
|
||||
- assert:
|
||||
that:
|
||||
- reload is changed
|
||||
- reload_check is changed
|
||||
|
||||
# ############################################
|
||||
- name: Disable (check mode)
|
||||
ufw:
|
||||
state: disabled
|
||||
check_mode: yes
|
||||
register: disable_check
|
||||
- name: Disable
|
||||
ufw:
|
||||
state: disabled
|
||||
register: disable
|
||||
- name: Disable (idempotency)
|
||||
ufw:
|
||||
state: disabled
|
||||
register: disable_idem
|
||||
- name: Disable (idempotency, check mode)
|
||||
ufw:
|
||||
state: disabled
|
||||
check_mode: yes
|
||||
register: disable_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- disable_check is changed
|
||||
- disable is changed
|
||||
- disable_idem is not changed
|
||||
- disable_idem_check is not changed
|
||||
|
||||
# ############################################
|
||||
- name: Re-enable
|
||||
ufw:
|
||||
state: enabled
|
||||
- name: Reset (check mode)
|
||||
ufw:
|
||||
state: reset
|
||||
check_mode: yes
|
||||
register: reset_check
|
||||
- pause:
|
||||
# Should not be needed, but since ufw is ignoring --dry-run for reset
|
||||
# (https://bugs.launchpad.net/ufw/+bug/1810082) we have to wait here as well.
|
||||
seconds: 1
|
||||
- name: Reset
|
||||
ufw:
|
||||
state: reset
|
||||
register: reset
|
||||
- pause:
|
||||
# ufw creates backups of the rule files with a timestamp; if reset is called
|
||||
# twice in a row fast enough (so that both timestamps are taken in the same second),
|
||||
# the second call will notice that the backup files are already there and fail.
|
||||
# Waiting one second fixes this problem.
|
||||
seconds: 1
|
||||
- name: Reset (idempotency)
|
||||
ufw:
|
||||
state: reset
|
||||
register: reset_idem
|
||||
- pause:
|
||||
# Should not be needed, but since ufw is ignoring --dry-run for reset
|
||||
# (https://bugs.launchpad.net/ufw/+bug/1810082) we have to wait here as well.
|
||||
seconds: 1
|
||||
- name: Reset (idempotency, check mode)
|
||||
ufw:
|
||||
state: reset
|
||||
check_mode: yes
|
||||
register: reset_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- reset_check is changed
|
||||
- reset is changed
|
||||
- reset_idem is changed
|
||||
- reset_idem_check is changed
|
||||
150
tests/integration/targets/ufw/tasks/tests/global-state.yml
Normal file
150
tests/integration/targets/ufw/tasks/tests/global-state.yml
Normal file
|
|
@ -0,0 +1,150 @@
|
|||
---
|
||||
- name: Enable ufw
|
||||
ufw:
|
||||
state: enabled
|
||||
|
||||
# ############################################
|
||||
- name: Make sure logging is off
|
||||
ufw:
|
||||
logging: no
|
||||
- name: Logging (check mode)
|
||||
ufw:
|
||||
logging: yes
|
||||
check_mode: yes
|
||||
register: logging_check
|
||||
- name: Logging
|
||||
ufw:
|
||||
logging: yes
|
||||
register: logging
|
||||
- name: Get logging
|
||||
shell: |
|
||||
ufw status verbose | grep "^Logging:"
|
||||
register: ufw_logging
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- name: Logging (idempotency)
|
||||
ufw:
|
||||
logging: yes
|
||||
register: logging_idem
|
||||
- name: Logging (idempotency, check mode)
|
||||
ufw:
|
||||
logging: yes
|
||||
check_mode: yes
|
||||
register: logging_idem_check
|
||||
- name: Logging (change, check mode)
|
||||
ufw:
|
||||
logging: full
|
||||
check_mode: yes
|
||||
register: logging_change_check
|
||||
- name: Logging (change)
|
||||
ufw:
|
||||
logging: full
|
||||
register: logging_change
|
||||
- name: Get logging
|
||||
shell: |
|
||||
ufw status verbose | grep "^Logging:"
|
||||
register: ufw_logging_change
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- assert:
|
||||
that:
|
||||
- logging_check is changed
|
||||
- logging is changed
|
||||
- "ufw_logging.stdout == 'Logging: on (low)'"
|
||||
- logging_idem is not changed
|
||||
- logging_idem_check is not changed
|
||||
- "ufw_logging_change.stdout == 'Logging: on (full)'"
|
||||
- logging_change is changed
|
||||
- logging_change_check is changed
|
||||
|
||||
# ############################################
|
||||
- name: Default (check mode)
|
||||
ufw:
|
||||
default: reject
|
||||
direction: incoming
|
||||
check_mode: yes
|
||||
register: default_check
|
||||
- name: Default
|
||||
ufw:
|
||||
default: reject
|
||||
direction: incoming
|
||||
register: default
|
||||
- name: Get defaults
|
||||
shell: |
|
||||
ufw status verbose | grep "^Default:"
|
||||
register: ufw_defaults
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- name: Default (idempotency)
|
||||
ufw:
|
||||
default: reject
|
||||
direction: incoming
|
||||
register: default_idem
|
||||
- name: Default (idempotency, check mode)
|
||||
ufw:
|
||||
default: reject
|
||||
direction: incoming
|
||||
check_mode: yes
|
||||
register: default_idem_check
|
||||
- name: Default (change, check mode)
|
||||
ufw:
|
||||
default: allow
|
||||
direction: incoming
|
||||
check_mode: yes
|
||||
register: default_change_check
|
||||
- name: Default (change)
|
||||
ufw:
|
||||
default: allow
|
||||
direction: incoming
|
||||
register: default_change
|
||||
- name: Get defaults
|
||||
shell: |
|
||||
ufw status verbose | grep "^Default:"
|
||||
register: ufw_defaults_change
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- name: Default (change again)
|
||||
ufw:
|
||||
default: deny
|
||||
direction: incoming
|
||||
register: default_change_2
|
||||
- name: Default (change incoming implicitly, check mode)
|
||||
ufw:
|
||||
default: allow
|
||||
check_mode: yes
|
||||
register: default_change_implicit_check
|
||||
- name: Default (change incoming implicitly)
|
||||
ufw:
|
||||
default: allow
|
||||
register: default_change_implicit
|
||||
- name: Get defaults
|
||||
shell: |
|
||||
ufw status verbose | grep "^Default:"
|
||||
register: ufw_defaults_change_implicit
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- name: Default (change incoming implicitly, idempotent, check mode)
|
||||
ufw:
|
||||
default: allow
|
||||
check_mode: yes
|
||||
register: default_change_implicit_idem_check
|
||||
- name: Default (change incoming implicitly, idempotent)
|
||||
ufw:
|
||||
default: allow
|
||||
register: default_change_implicit_idem
|
||||
- assert:
|
||||
that:
|
||||
- default_check is changed
|
||||
- default is changed
|
||||
- "'reject (incoming)' in ufw_defaults.stdout"
|
||||
- default_idem is not changed
|
||||
- default_idem_check is not changed
|
||||
- default_change_check is changed
|
||||
- default_change is changed
|
||||
- "'allow (incoming)' in ufw_defaults_change.stdout"
|
||||
- default_change_2 is changed
|
||||
- default_change_implicit_check is changed
|
||||
- default_change_implicit is changed
|
||||
- default_change_implicit_idem_check is not changed
|
||||
- default_change_implicit_idem is not changed
|
||||
- "'allow (incoming)' in ufw_defaults_change_implicit.stdout"
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
---
|
||||
- name: Enable
|
||||
ufw:
|
||||
state: enabled
|
||||
register: enable
|
||||
|
||||
# ## CREATE RULES ############################
|
||||
- name: ipv4
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 22
|
||||
to_ip: 0.0.0.0
|
||||
- name: ipv4
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 23
|
||||
to_ip: 0.0.0.0
|
||||
|
||||
- name: ipv6
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 122
|
||||
to_ip: "::"
|
||||
- name: ipv6
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 123
|
||||
to_ip: "::"
|
||||
|
||||
- name: first-ipv4
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 10
|
||||
to_ip: 0.0.0.0
|
||||
insert: 0
|
||||
insert_relative_to: first-ipv4
|
||||
- name: last-ipv4
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 11
|
||||
to_ip: 0.0.0.0
|
||||
insert: 0
|
||||
insert_relative_to: last-ipv4
|
||||
|
||||
- name: first-ipv6
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 110
|
||||
to_ip: "::"
|
||||
insert: 0
|
||||
insert_relative_to: first-ipv6
|
||||
- name: last-ipv6
|
||||
ufw:
|
||||
rule: deny
|
||||
port: 111
|
||||
to_ip: "::"
|
||||
insert: 0
|
||||
insert_relative_to: last-ipv6
|
||||
|
||||
# ## CHECK RESULT ############################
|
||||
- name: Get rules
|
||||
shell: |
|
||||
ufw status | grep DENY | cut -f 1-2 -d ' ' | grep -E "^(0\.0\.0\.0|::) [123]+"
|
||||
# Note that there was also a rule "ff02::fb mDNS" on at least one CI run;
|
||||
# to ignore these, the extra filtering (grepping for DENY and the regex) makes
|
||||
# sure to remove all rules not added here.
|
||||
register: ufw_status
|
||||
- assert:
|
||||
that:
|
||||
- ufw_status.stdout_lines == expected_stdout
|
||||
vars:
|
||||
expected_stdout:
|
||||
- "0.0.0.0 10"
|
||||
- "0.0.0.0 22"
|
||||
- "0.0.0.0 11"
|
||||
- "0.0.0.0 23"
|
||||
- ":: 110"
|
||||
- ":: 122"
|
||||
- ":: 111"
|
||||
- ":: 123"
|
||||
81
tests/integration/targets/ufw/tasks/tests/interface.yml
Normal file
81
tests/integration/targets/ufw/tasks/tests/interface.yml
Normal file
|
|
@ -0,0 +1,81 @@
|
|||
- name: Enable
|
||||
ufw:
|
||||
state: enabled
|
||||
|
||||
- name: Route with interface in and out
|
||||
ufw:
|
||||
rule: allow
|
||||
route: yes
|
||||
interface_in: foo
|
||||
interface_out: bar
|
||||
proto: tcp
|
||||
from_ip: 1.1.1.1
|
||||
to_ip: 8.8.8.8
|
||||
from_port: 1111
|
||||
to_port: 2222
|
||||
|
||||
- name: Route with interface in
|
||||
ufw:
|
||||
rule: allow
|
||||
route: yes
|
||||
interface_in: foo
|
||||
proto: tcp
|
||||
from_ip: 1.1.1.1
|
||||
from_port: 1111
|
||||
|
||||
- name: Route with interface out
|
||||
ufw:
|
||||
rule: allow
|
||||
route: yes
|
||||
interface_out: bar
|
||||
proto: tcp
|
||||
from_ip: 1.1.1.1
|
||||
from_port: 1111
|
||||
|
||||
- name: Non-route with interface in
|
||||
ufw:
|
||||
rule: allow
|
||||
interface_in: foo
|
||||
proto: tcp
|
||||
from_ip: 1.1.1.1
|
||||
from_port: 3333
|
||||
|
||||
- name: Non-route with interface out
|
||||
ufw:
|
||||
rule: allow
|
||||
interface_out: bar
|
||||
proto: tcp
|
||||
from_ip: 1.1.1.1
|
||||
from_port: 4444
|
||||
|
||||
- name: Check result
|
||||
shell: ufw status |grep -E '(ALLOW|DENY|REJECT|LIMIT)' |sed -E 's/[ \t]+/ /g'
|
||||
register: ufw_status
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- '"8.8.8.8 2222/tcp on bar ALLOW FWD 1.1.1.1 1111/tcp on foo " in stdout'
|
||||
- '"Anywhere ALLOW FWD 1.1.1.1 1111/tcp on foo " in stdout'
|
||||
- '"Anywhere on bar ALLOW FWD 1.1.1.1 1111/tcp " in stdout'
|
||||
- '"Anywhere on foo ALLOW 1.1.1.1 3333/tcp " in stdout'
|
||||
- '"Anywhere ALLOW OUT 1.1.1.1 4444/tcp on bar " in stdout'
|
||||
vars:
|
||||
stdout: '{{ ufw_status.stdout_lines }}'
|
||||
|
||||
- name: Non-route with interface_in and interface_out
|
||||
ufw:
|
||||
rule: allow
|
||||
interface_in: foo
|
||||
interface_out: bar
|
||||
proto: tcp
|
||||
from_ip: 1.1.1.1
|
||||
from_port: 1111
|
||||
to_ip: 8.8.8.8
|
||||
to_port: 2222
|
||||
ignore_errors: yes
|
||||
register: ufw_non_route_iface
|
||||
|
||||
- assert:
|
||||
that:
|
||||
- ufw_non_route_iface is failed
|
||||
- '"Only route rules" in ufw_non_route_iface.msg'
|
||||
Loading…
Add table
Add a link
Reference in a new issue