Skip to content

Commit

Permalink
remove customzone zone in cleanup (#74)
Browse files Browse the repository at this point in the history 
* remove customzone zone in cleanup

* fix test failure in tests_purge_config; add cleanups

* ensure default zone is set to other than dmz for test
  • Loading branch information
@richm
richm authored May 10, 2022
1 parent 361cb02 commit bf66a43
Show file tree
Hide file tree
Showing 4 changed files with 393 additions and 337 deletions.
97 changes: 53 additions & 44 deletions tests/tests_ansible.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -361,6 +361,9 @@
register: result
failed_when: result is failed or result is changed

- name: Set the default zone to something other than dmz
command: firewall-cmd --set-default-zone public

- name: set default zone
firewall_lib:
set_default_zone: dmz
Expand All @@ -375,49 +378,55 @@
register: result
failed_when: result is failed or result is changed


always:

# CLEANUP: RESET TO ZONE DEFAULTS

- name: Remove custom zone
command: firewall-cmd --permanent --delete-zone=custom
register: result
failed_when: result.failed and "INVALID_ZONE" not in result.stderr

- name: Reset internal zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=internal
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset trusted zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=trusted
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset dmz zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=dmz
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset drop zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=drop
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset public zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=public
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset default zone to defaults
shell:
cmd: |
firewall-cmd --permanent --load-zone-defaults=public
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reload firewalld
command: firewall-cmd --reload
register: result
failed_when: result.failed or not result.changed
- name: Cleanup
tags:
- tests::cleanup
block:
# CLEANUP: RESET TO ZONE DEFAULTS

- name: Remove custom zone
command: firewall-cmd --permanent --delete-zone=custom
register: result
failed_when: result.failed and "INVALID_ZONE" not in result.stderr

- name: Remove customzone zone
command: firewall-cmd --permanent --delete-zone=customzone
register: result
failed_when: result.failed and "INVALID_ZONE" not in result.stderr

- name: Reset internal zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=internal
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset trusted zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=trusted
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset dmz zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=dmz
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset drop zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=drop
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset public zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=public
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reset default zone to defaults
command: firewall-cmd --permanent --load-zone-defaults=public
register: result
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr

- name: Reload firewalld
command: firewall-cmd --reload
register: result
failed_when: result.failed or not result.changed
234 changes: 133 additions & 101 deletions tests/tests_purge_config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,104 +22,136 @@
- service: http
state: enabled
tasks:
- name: Run the role with no config
include_role:
name: linux-system-roles.firewall

- name: Verify that nothing changed
fail:
msg: The role changed something
when: firewall_lib_result.changed

- name: Apply basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config }}"

- name: Verify role reports changed
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Apply again basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config }}"

- name: Verify role reports nothing changed
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Use previous replaced and basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"

- name: Verify role reports changes
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Use again previous replaced and basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"

- name: Verify role reports no changes
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Apply basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config }}"

- name: Verify role reports no changes
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Use only previous replaced
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- previous: replaced

- name: Verify role reports changed
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Apply only default zone
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- set_default_zone: dmz
state: enabled

- name: Verify role reports changed
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Apply only default zone again
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- set_default_zone: dmz
state: enabled

- name: Verify role reports not changed
fail:
msg: The role reported changes
when: firewall_lib_result.changed
- name: Run previous replaced tests
block:
- name: Start from a clean slate
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- previous: replaced

- name: Run the role with no config
include_role:
name: linux-system-roles.firewall

- name: Verify that nothing changed
fail:
msg: The role changed something
when: firewall_lib_result.changed

- name: Apply basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config }}"

- name: Verify role reports changed
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Apply again basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config }}"

- name: Verify role reports nothing changed
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Use previous replaced and basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"

- name: Verify role reports no changes
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Use again previous replaced and basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"

- name: Verify role reports no changes
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Apply basic config
include_role:
name: linux-system-roles.firewall
vars:
firewall: "{{ basic_config }}"

- name: Verify role reports no changes
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Use only previous replaced
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- previous: replaced

- name: Verify role reports changed
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Apply only default zone
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- set_default_zone: dmz
state: enabled

- name: Verify role reports changed
fail:
msg: The role reported no changes
when: not firewall_lib_result.changed

- name: Apply only default zone again
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- set_default_zone: dmz
state: enabled

- name: Verify role reports not changed
fail:
msg: The role reported changes
when: firewall_lib_result.changed

- name: Apply only default zone again with previous replaced
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- previous: replaced
- set_default_zone: dmz
state: enabled

- name: Verify role reports not changed
fail:
msg: The role reported changes
when: firewall_lib_result.changed
always:
- name: Cleanup
tags:
- tests::cleanup
include_role:
name: linux-system-roles.firewall
vars:
firewall:
- previous: replaced
Loading

0 comments on commit bf66a43

Please sign in to comment.