You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
ansible/test/integration/targets/incidental_ufw/tasks/tests/global-state.yml

151 lines
3.6 KiB
YAML

---
- name: Enable ufw
ufw:
state: enabled
# ############################################
- name: Make sure logging is off
ufw:
logging: no
- name: Logging (check mode)
ufw:
logging: yes
check_mode: yes
register: logging_check
- name: Logging
ufw:
logging: yes
register: logging
- name: Get logging
shell: |
ufw status verbose | grep "^Logging:"
register: ufw_logging
environment:
LC_ALL: C
- name: Logging (idempotency)
ufw:
logging: yes
register: logging_idem
- name: Logging (idempotency, check mode)
ufw:
logging: yes
check_mode: yes
register: logging_idem_check
- name: Logging (change, check mode)
ufw:
logging: full
check_mode: yes
register: logging_change_check
- name: Logging (change)
ufw:
logging: full
register: logging_change
- name: Get logging
shell: |
ufw status verbose | grep "^Logging:"
register: ufw_logging_change
environment:
LC_ALL: C
- assert:
that:
- logging_check is changed
- logging is changed
- "ufw_logging.stdout == 'Logging: on (low)'"
- logging_idem is not changed
- logging_idem_check is not changed
- "ufw_logging_change.stdout == 'Logging: on (full)'"
- logging_change is changed
- logging_change_check is changed
# ############################################
- name: Default (check mode)
ufw:
default: reject
direction: incoming
check_mode: yes
register: default_check
- name: Default
ufw:
default: reject
direction: incoming
register: default
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults
environment:
LC_ALL: C
- name: Default (idempotency)
ufw:
default: reject
direction: incoming
register: default_idem
- name: Default (idempotency, check mode)
ufw:
default: reject
direction: incoming
check_mode: yes
register: default_idem_check
- name: Default (change, check mode)
ufw:
default: allow
direction: incoming
check_mode: yes
register: default_change_check
- name: Default (change)
ufw:
default: allow
direction: incoming
register: default_change
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults_change
environment:
LC_ALL: C
- name: Default (change again)
ufw:
default: deny
direction: incoming
register: default_change_2
- name: Default (change incoming implicitly, check mode)
ufw:
default: allow
check_mode: yes
register: default_change_implicit_check
- name: Default (change incoming implicitly)
ufw:
default: allow
register: default_change_implicit
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults_change_implicit
environment:
LC_ALL: C
- name: Default (change incoming implicitly, idempotent, check mode)
ufw:
default: allow
check_mode: yes
register: default_change_implicit_idem_check
- name: Default (change incoming implicitly, idempotent)
ufw:
default: allow
register: default_change_implicit_idem
- assert:
that:
- default_check is changed
- default is changed
- "'reject (incoming)' in ufw_defaults.stdout"
- default_idem is not changed
- default_idem_check is not changed
- default_change_check is changed
- default_change is changed
- "'allow (incoming)' in ufw_defaults_change.stdout"
- default_change_2 is changed
- default_change_implicit_check is changed
- default_change_implicit is changed
- default_change_implicit_idem_check is not changed
- default_change_implicit_idem is not changed
- "'allow (incoming)' in ufw_defaults_change_implicit.stdout"