ufw: add integration tests (#50374)

* Add basic integration tests for ufw. * Being more honest.
6 years ago · a707f1a79c
parent e6ced9c73f
commit a707f1a79c
4 changed files with 222 additions and 0 deletions
--- a/test/integration/targets/ufw/aliases
+++ b/test/integration/targets/ufw/aliases
@ -0,0 +1,7 @@
+shippable/posix/group2
+skip/osx
+skip/freebsd
+skip/rhel8.0
+skip/docker
+needs/root
+destructive
--- a/test/integration/targets/ufw/tasks/main.yml
+++ b/test/integration/targets/ufw/tasks/main.yml
@ -0,0 +1,23 @@
+---
+# Make sure ufw is installed
+- name: Install EPEL repository (RHEL only)
+  yum:
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
+    state: present
+  when: ansible_distribution == 'RedHat'
+- name: Install iptables (SuSE only)
+  package:
+    name: iptables
+  when: ansible_os_family == 'Suse'
+- name: Install ufw
+  package:
+    name: ufw
+# Make sure ufw is not enabled
+- name: Disable ufw in case it is running
+  ufw:
+    state: disabled
+# Run the tests
+- block:
+  - include_tasks: run-test.yml
+    with_fileglob:
+    - "tests/*.yml"
--- a/test/integration/targets/ufw/tasks/run-test.yml
+++ b/test/integration/targets/ufw/tasks/run-test.yml
@ -0,0 +1,3 @@
+---
+- name: "Loading tasks from {{ item }}"
+  include_tasks: "{{ item }}"
--- a/test/integration/targets/ufw/tasks/tests/basic.yml
+++ b/test/integration/targets/ufw/tasks/tests/basic.yml
@ -0,0 +1,189 @@
+---
+# ############################################
+- name: Enable
+  ufw:
+    state: enabled
+  register: enable
+- name: Enable (idempotency)
+  ufw:
+    state: enabled
+  register: enable_idem
+- assert:
+    that:
+    - enable is changed
+    - enable_idem is not changed
+
+# ############################################
+- name: ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  register: ipv4_allow
+- name: ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  become: yes
+  register: ipv4_allow_idem
+- assert:
+    that:
+    - ipv4_allow is changed
+    - ipv4_allow_idem is not changed
+
+# ############################################
+- name: delete ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  register: delete_ipv4_allow
+- name: delete ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  become: yes
+  register: delete_ipv4_allow_idem
+- assert:
+    that:
+    - delete_ipv4_allow is changed
+    - delete_ipv4_allow_idem is not changed
+
+# ############################################
+- name: ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  register: ipv6_allow
+- name: ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  become: yes
+  register: ipv6_allow_idem
+- assert:
+    that:
+    - ipv6_allow is changed
+    - ipv6_allow_idem is not changed
+
+# ############################################
+- name: delete ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  register: delete_ipv6_allow
+- name: delete ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  become: yes
+  register: delete_ipv6_allow_idem
+- assert:
+    that:
+    - delete_ipv6_allow is changed
+    - delete_ipv6_allow_idem is not changed
+
+
+# ############################################
+- name: ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  register: ipv4_allow
+- name: ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  become: yes
+  register: ipv4_allow_idem
+- assert:
+    that:
+    - ipv4_allow is changed
+    - ipv4_allow_idem is not changed
+
+# ############################################
+- name: delete ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  register: delete_ipv4_allow
+- name: delete ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  become: yes
+  register: delete_ipv4_allow_idem
+- assert:
+    that:
+    - delete_ipv4_allow is changed
+    - delete_ipv4_allow_idem is not changed
+
+# ############################################
+- name: ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  register: ipv6_allow
+- name: ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  become: yes
+  register: ipv6_allow_idem
+- assert:
+    that:
+    - ipv6_allow is changed
+    - ipv6_allow_idem is not changed
+
+# ############################################
+- name: delete ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  register: delete_ipv6_allow
+- name: delete ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  become: yes
+  register: delete_ipv6_allow_idem
+- assert:
+    that:
+    - delete_ipv6_allow is changed
+    - delete_ipv6_allow_idem is not changed
+
+# ############################################
+- name: Disable
+  ufw:
+    state: disabled
+  register: disable
+- name: Disable (idempotency)
+  ufw:
+    state: disabled
+  register: disable_idem
+- assert:
+    that:
+    - disable is changed
+    - disable_idem is not changed