ansible/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-02-03 23:51:48 +00:00
Code Activity

refactor to comply with current ansible-lint and sanity guidelines

Browse source 
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit is contained in:
Adam Miller 2023-11-30 23:23:16 -06:00
parent 05ee6ebc2a
commit a85f736f6a
68 changed files with 2640 additions and 2407 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tests/integration/requirements.yml
View file

@ -1,3 +1,3 @@
---
collections:
- community.general
- community.general

138
tests/integration/targets/acl/tasks/acl.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -16,35 +17,38 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Create ansible user
user:
ansible.builtin.user:
name: "{{ test_user }}"
- name: Create ansible group
group:
ansible.builtin.group:
name: "{{ test_group }}"
- name: Clean up working directory and files
file:
ansible.builtin.file:
path: "{{ output_dir }}"
state: absent
- name: Create working directory
file:
ansible.builtin.file:
path: "{{ output_dir }}"
state: directory
mode: "0755"
- name: Create ansible file
file:
ansible.builtin.file:
path: "{{ test_file }}"
state: touch
mode: "0644"
- name: Create ansible dir
file:
ansible.builtin.file:
path: "{{ test_dir }}"
state: directory
mode: "0755"
##############################################################################
- name: Grant ansible user read access to a file
acl:
ansible.posix.acl:
path: "{{ test_file }}"
entity: "{{ test_user }}"
etype: user
@ -52,12 +56,21 @@
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_file | quote }}"
- name: Debug ansible.posix.acl output
ansible.builtin.debug:
msg: "{{ output }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_file | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Debug getfacl output
ansible.builtin.debug:
msg: "{{ getfacl_output.stdout_lines }}"
- name: Verify Output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -65,16 +78,25 @@
- "'user:{{ test_user }}:r--' in getfacl_output.stdout_lines"
##############################################################################
- name: Obtain the acl for a specific file
acl:
ansible.posix.acl:
path: "{{ test_file }}"
register: output
- name: get getfacl output
shell: "getfacl {{ test_file | quote }}"
- name: Debug ansible.posix.acl output
ansible.builtin.debug:
msg: "{{ output }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_file | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Debug getfacl output
ansible.builtin.debug:
msg: "{{ getfacl_output.stdout_lines }}"
- name: Verify output
ansible.builtin.assert:
that:
- output is not changed
- output is not failed
@ -89,20 +111,22 @@
- "'mask::r--' in getfacl_output.stdout_lines"
- "'other::r--' in getfacl_output.stdout_lines"
##############################################################################
#
- name: Removes the acl for ansible user on a specific file
acl:
ansible.posix.acl:
path: "{{ test_file }}"
entity: "{{ test_user }}"
etype: user
state: absent
register: output
- name: get getfacl output
shell: "getfacl {{ test_file | quote }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_file | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -110,21 +134,22 @@
- "'user:{{ test_user }}:r--' not in getfacl_output.stdout_lines"
##############################################################################
- name: Sets default acl for ansible user on ansible dir
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entity: "{{ test_user }}"
etype: user
permissions: rw
default: yes
default: true
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -132,22 +157,24 @@
- "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Cleanup
shell: "setfacl -b {{ test_dir | quote }}"
ansible.builtin.command: setfacl -b {{ test_dir | quote }}
changed_when: false
##############################################################################
- name: Same as previous but using entry shorthand
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "user:{{ test_user }}:rw-"
default: yes
entry: user:{{ test_user }}:rw-
default: true
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -155,19 +182,20 @@
- "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Same as previous, to test idempotence
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "user:{{ test_user }}:rw-"
default: yes
entry: user:{{ test_user }}:rw-
default: true
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is not changed
- output is not failed
@ -175,32 +203,34 @@
- "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Cleanup
shell: "setfacl -b {{ test_dir | quote }}"
ansible.builtin.command: setfacl -b {{ test_dir | quote }}
changed_when: false
##############################################################################
- name: Set default acls
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "{{ item }}"
default: yes
default: true
state: present
with_items:
- "user:{{ test_user }}:rw-"
- "group:{{ test_group }}:rw-"
- user:{{ test_user }}:rw-
- group:{{ test_group }}:rw-
- name: Remove default group test_user acl
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "group:{{ test_group }}:rw-"
default: yes
entry: group:{{ test_group }}:rw-
default: true
state: absent
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed

30
tests/integration/targets/acl/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -15,22 +16,21 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- block:
- include_tasks: acl.yml
when: ansible_system == 'Linux' # TODO enable acls mount option on FreeBSD to test it there too
always:
- name: delete created directory and file
file:
path: '{{ item }}'
state: absent
with_items:
- '{{ test_dir }}'
- '{{ test_file }}'
- name: Test ACL
vars:
test_user: ansible_user
test_group: ansible_group
test_file: '{{ output_dir }}/ansible file'
test_file: "{{ output_dir }}/ansible file"
test_dir: "{{ output_dir }}/ansible_dir/with some space"
block:
- name: Include tests task file
ansible.builtin.include_tasks: acl.yml
when: ansible_system == 'Linux' # TODO enable acls mount option on FreeBSD to test it there too
always:
- name: Delete created directory and file
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "{{ test_dir }}"
- "{{ test_file }}"

1
tests/integration/targets/at/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

66
tests/integration/targets/at/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# Test code for the at module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
@ -16,47 +17,56 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- set_fact: output_dir_test={{output_dir}}/at
- name: Set output_dir_test fast
ansible.builtin.set_fact:
output_dir_test: "{{ output_dir }}/at"
- name: make sure our testing sub-directory does not exist
file: path="{{ output_dir_test }}" state=absent
- name: Make sure our testing sub-directory does not exist
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: absent
- name: create our testing sub-directory
file: path="{{ output_dir_test }}" state=directory
- name: Create our testing sub-directory
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: directory
mode: "0755"
##
## at
##
- name: define distros to attempt installing at on
set_fact:
- name: Define distros to attempt installing at on
ansible.builtin.set_fact:
package_distros:
- RedHat
- CentOS
- ScientificLinux
- Fedora
- Ubuntu
- Debian
- openSUSE Leap
- RedHat
- CentOS
- ScientificLinux
- Fedora
- Ubuntu
- Debian
- openSUSE Leap
- name: ensure at is installed
package:
- name: Ensure at is installed
ansible.builtin.package:
name: at
state: present
when: ansible_distribution in package_distros
- name: run the first example
at:
command: "ls -d / > /dev/null"
- name: Run the first example
ansible.posix.at:
command: ls -d / > /dev/null
count: 20
units: minutes
register: at_test0
- debug: var=at_test0
- name: validate results
assert:
that:
- 'at_test0.changed is defined'
- 'at_test0.count is defined'
- 'at_test0.script_file is defined'
- 'at_test0.state is defined'
- 'at_test0.units is defined'
- name: Debug var=at_test0
ansible.builtin.debug:
var: at_test0
- name: Validate results
ansible.builtin.assert:
that:
- at_test0.changed is defined
- at_test0.count is defined
- at_test0.script_file is defined
- at_test0.state is defined
- at_test0.units is defined

31
tests/integration/targets/authorized_key/defaults/main.yml
View file

@ -1,3 +1,4 @@
---
dss_key_basic: ssh-dss DATA_BASIC root@testing
dss_key_unquoted_option: idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing
dss_key_command: command="/bin/true" ssh-dss DATA_COMMAND root@testing
@ -8,27 +9,27 @@ dss_key_trailing: ssh-dss DATA_TRAILING root@testing foo bar baz
rsa_key_basic: ssh-rsa DATA_BASIC root@testing
multiple_key_base: |
ssh-rsa DATA_BASIC 1@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-rsa DATA_BASIC 1@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_different_order: |
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_different_order_2: |
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-rsa WHATEVER 2.5@testing
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-rsa WHATEVER 2.5@testing
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_exclusive: |
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_keys_comments: |
ssh-rsa DATA_BASIC 1@testing

1
tests/integration/targets/authorized_key/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

19
tests/integration/targets/authorized_key/tasks/check_mode.yml
View file

@ -1,34 +1,37 @@
---
# -------------------------------------------------------------
# check mode
- name: CHECK MODE | copy an existing file in place with comments
copy:
ansible.builtin.copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
mode: "0600"
- name: CHECK MODE | add key in check mode to validate return codes
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_different_order_2 }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
check_mode: True
check_mode: true
register: result
- name: CHECK MODE | assert that authorized_keys return values are consistent
assert:
ansible.builtin.assert:
that:
- 'result.changed == True'
- result.changed == True
- '"user" in result'
- '"key" in result'
- name: CHECK MODE | recopy authorized_keys to ensure it was not changed
copy:
ansible.builtin.copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
mode: "0600"
register: result
- name: CHECK MODE | assert that the authorized_keys file was not changed
assert:
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False

20
tests/integration/targets/authorized_key/tasks/comments.yml
View file

@ -1,8 +1,9 @@
---
# -------------------------------------------------------------
# comments
- name: Add rsa key with existing comment
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ rsa_key_basic }}"
state: present
@ -10,7 +11,7 @@
register: result
- name: Change the comment on an existing key
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ rsa_key_basic }}"
comment: user@acme.com
@ -18,18 +19,18 @@
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: no
- name: Get the file content
ansible.builtin.command: fgrep DATA_BASIC "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: content
- name: Assert that comment on an existing key was changed
assert:
ansible.builtin.assert:
that:
- "'user@acme.com' in content.stdout"
- name: Set the same key with comment to ensure no changes are reported
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ rsa_key_basic }}"
comment: user@acme.com
@ -38,11 +39,12 @@
register: result
- name: Assert that no changes were made when running again
assert:
ansible.builtin.assert:
that:
- not result.changed
- debug:
- name: Debug the result and content
ansible.builtin.debug:
var: "{{ item }}"
verbosity: 1
with_items:

11
tests/integration/targets/authorized_key/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# test code for the authorized_key module
# - (c) 2014, James Cammarata <jcammarata@ansible.com>
# - (c) 2021, Hideki Saito <saito@fgrep.org>
@ -17,16 +18,16 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Setup testing environment
import_tasks: setup_steps.yml
ansible.builtin.import_tasks: setup_steps.yml
- name: Test for multiple keys handling
import_tasks: multiple_keys.yml
ansible.builtin.import_tasks: multiple_keys.yml
- name: Test for ssh-dss key handling
import_tasks: ssh_dss.yml
ansible.builtin.import_tasks: ssh_dss.yml
- name: Test for check mode
import_tasks: check_mode.yml
ansible.builtin.import_tasks: check_mode.yml
- name: Test for the management of comments with key
import_tasks: comments.yml
ansible.builtin.import_tasks: comments.yml

89
tests/integration/targets/authorized_key/tasks/multiple_keys.yml
View file

@ -1,38 +1,39 @@
---
# -------------------------------------------------------------
# multiple keys
- name: add multiple keys
authorized_key:
- name: Add multiple keys
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_base }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_base'
- 'result.key_options == None'
- result.changed == True
- result.key == multiple_key_base
- result.key_options == None
- name: add multiple keys different order
authorized_key:
- name: Add multiple keys different order
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_different_order }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_different_order'
- 'result.key_options == None'
- result.changed == True
- result.key == multiple_key_different_order
- result.key_options == None
- name: add multiple keys exclusive
authorized_key:
- name: Add multiple keys exclusive
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_exclusive }}"
state: present
@ -40,42 +41,42 @@
exclusive: true
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_exclusive'
- 'result.key_options == None'
- result.changed == True
- result.key == multiple_key_exclusive
- result.key_options == None
- name: add multiple keys in different calls
authorized_key:
- name: Add multiple keys in different calls
ansible.posix.authorized_key:
user: root
key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing"
key: ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: add multiple keys in different calls
authorized_key:
- name: Add multiple keys in different calls
ansible.posix.authorized_key:
user: root
key: "ssh-rsa DATA_BASIC 1@testing"
key: ssh-rsa DATA_BASIC 1@testing
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: multiple_keys_at_a_time
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == false'
- 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()'
- result.changed == false
- multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()
- name: add multiple keys comment
authorized_key:
- name: Add multiple keys comment
ansible.posix.authorized_key:
user: root
key: "{{ multiple_keys_comments }}"
state: present
@ -83,14 +84,14 @@
exclusive: true
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: multiple_keys_comments
- name: assert that the keys exist and comment only lines were not added
assert:
- name: Assert that the keys exist and comment only lines were not added
ansible.builtin.assert:
that:
- 'result.changed == False'
- 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
- 'result.key_options == None'
- result.changed == False
- multiple_keys_comments.stdout == multiple_key_exclusive.strip()
- result.key_options == None

48
tests/integration/targets/authorized_key/tasks/setup_steps.yml
View file

@ -1,37 +1,40 @@
---
# -------------------------------------------------------------
# Setup steps
- name: Clean up the working directory and files
file:
path: '{{ output_dir }}'
ansible.builtin.file:
path: "{{ output_dir }}"
state: absent
- name: Create the working directory
file:
path: '{{ output_dir }}'
ansible.builtin.file:
path: "{{ output_dir }}"
state: directory
mode: "0744"
- name: copy an existing file in place with comments
copy:
- name: Copy an existing file in place with comments
ansible.builtin.copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
mode: "0600"
- name: add multiple keys different order
authorized_key:
- name: Add multiple keys different order
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_different_order_2 }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: multiple_keys_existing
- name: assert that the key was added and comments and ordering preserved
assert:
- name: Assert that the key was added and comments and ordering preserved
ansible.builtin.assert:
that:
- 'result.changed == True'
- result.changed == True
- '"# I like candy" in multiple_keys_existing.stdout'
- '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
@ -41,19 +44,20 @@
# start afresh
- name: remove file foo.txt
file:
- name: Remove file foo.txt
ansible.builtin.file:
path: "{{ output_dir | expanduser }}/authorized_keys"
state: absent
- name: touch the authorized_keys file
file:
- name: Touch the authorized_keys file
ansible.builtin.file:
dest: "{{ output_dir }}/authorized_keys"
state: touch
mode: "0600"
register: result
- name: assert that the authorized_keys file was created
assert:
- name: Assert that the authorized_keys file was created
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.state == "file"'
- result.changed == True
- result.state == "file"

205
tests/integration/targets/authorized_key/tasks/ssh_dss.yml
View file

@ -1,241 +1,250 @@
---
# -------------------------------------------------------------
# basic ssh-dss key
- name: add basic ssh-dss key
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
- name: Add basic ssh-dss key
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_basic
- result.key_options == None
- name: re-add basic ssh-dss key
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
- name: Re-add basic ssh-dss key
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with an unquoted option
- name: add ssh-dss key with an unquoted option
authorized_key:
- name: Add ssh-dss key with an unquoted option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_unquoted_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_unquoted_option'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_unquoted_option
- result.key_options == None
- name: re-add ssh-dss key with an unquoted option
authorized_key:
- name: Re-add ssh-dss key with an unquoted option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_unquoted_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a leading command="/bin/foo"
- name: add ssh-dss key with a leading command
authorized_key:
- name: Add ssh-dss key with a leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_command
- result.key_options == None
- name: re-add ssh-dss key with a leading command
authorized_key:
- name: Re-add ssh-dss key with a leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a complex quoted leading command
# ie. command="/bin/echo foo 'bar baz'"
- name: add ssh-dss key with a complex quoted leading command
authorized_key:
- name: Add ssh-dss key with a complex quoted leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_complex_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_complex_command'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_complex_command
- result.key_options == None
- name: re-add ssh-dss key with a complex quoted leading command
authorized_key:
- name: Re-add ssh-dss key with a complex quoted leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_complex_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a command and a single option, which are
# in a comma-separated list
- name: add ssh-dss key with a command and a single option
authorized_key:
- name: Add ssh-dss key with a command and a single option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_single_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command_single_option'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_command_single_option
- result.key_options == None
- name: re-add ssh-dss key with a command and a single option
authorized_key:
- name: Re-add ssh-dss key with a command and a single option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_single_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a command and multiple other options
- name: add ssh-dss key with a command and multiple options
authorized_key:
- name: Add ssh-dss key with a command and multiple options
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_multiple_options }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command_multiple_options'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_command_multiple_options
- result.key_options == None
- name: re-add ssh-dss key with a command and multiple options
authorized_key:
- name: Re-add ssh-dss key with a command and multiple options
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_multiple_options }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with multiple trailing parts, which are space-
# separated and not quoted in any way
- name: add ssh-dss key with trailing parts
authorized_key:
- name: Add ssh-dss key with trailing parts
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_trailing }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_trailing'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_trailing
- result.key_options == None
- name: re-add ssh-dss key with trailing parts
authorized_key:
- name: Re-add ssh-dss key with trailing parts
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_trailing }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# basic ssh-dss key with mutliple permit-open options
# https://github.com/ansible/ansible-modules-core/issues/1715
- name: add basic ssh-dss key with multi-opts
authorized_key:
- name: Add basic ssh-dss key with multi-opts
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"'
key_options: no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key with multi-opts was added
assert:
- name: Assert that the key with multi-opts was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
- result.changed == True
- result.key == dss_key_basic
- result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: no
- name: Get the file content
ansible.builtin.command: fgrep DATA_BASIC "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: content
- name: validate content
assert:
- name: Validate content
ansible.builtin.assert:
that:
- 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
- content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"

1
tests/integration/targets/firewalld/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- setup_pkg_mgr

265
tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml
View file

@ -1,172 +1,173 @@
---
# Test playbook for the firewalld module - icmp block inversion operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Icmp block inversion enabled when icmp block inversion is truthy and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is falsy and state is enabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
register: result
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
register: result
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion enabled when icmp block inversion is falsy and state is disabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: disabled
register: result
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: disabled
register: result
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is truthy and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

133
tests/integration/targets/firewalld/tasks/interface_test_cases.yml
View file

@ -1,87 +1,88 @@
---
# Test playbook for the firewalld module - interface operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Validate adding interface
block:
- name: Add lo interface to trusted zone
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: Yes
state: enabled
register: result
- name: Add lo interface to trusted zone
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: true
state: enabled
register: result
- name: assert lo was added to trusted zone
assert:
that:
- result is changed
- name: Assert lo was added to trusted zone
ansible.builtin.assert:
that:
- result is changed
- name: Add lo interface to trusted zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: Yes
state: enabled
register: result
- name: Add lo interface to trusted zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: true
state: enabled
register: result
- name: assert lo was added to trusted zone (verify not changed)
assert:
that:
- result is not changed
- name: Assert lo was added to trusted zone (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Validate moving interfaces
block:
- name: Move lo interface from trusted zone to internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: enabled
register: result
- name: Move lo interface from trusted zone to internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: enabled
register: result
- name: Assert lo was moved from trusted zone to internal zone
assert:
that:
- result is changed
- name: Assert lo was moved from trusted zone to internal zone
ansible.builtin.assert:
that:
- result is changed
- name: Move lo interface from trusted zone to internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: enabled
register: result
- name: Move lo interface from trusted zone to internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: enabled
register: result
- name: assert lo was moved from trusted zone to internal zone (verify not changed)
assert:
that:
- result is not changed
- name: Assert lo was moved from trusted zone to internal zone (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Validate removing interface
block:
- name: Remove lo interface from internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: disabled
register: result
- name: Remove lo interface from internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: disabled
register: result
- name: Assert lo interface was removed from internal zone
assert:
that:
- result is changed
- name: Assert lo interface was removed from internal zone
ansible.builtin.assert:
that:
- result is changed
- name: Remove lo interface from internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: disabled
register: result
- name: Remove lo interface from internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: disabled
register: result
- name: Assert lo interface was removed from internal zone (verify not changed)
assert:
that:
- result is not changed
- name: Assert lo interface was removed from internal zone (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

34
tests/integration/targets/firewalld/tasks/main.yml
View file

@ -1,17 +1,24 @@
---
# Test playbook for the firewalld module
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Run firewalld tests
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
- not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('7', '==')) # FIXME
block:
- name: Ensure firewalld is installed
package:
ansible.builtin.package:
name: firewalld
state: present
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
- name: Enable dbus-broker daemon
service:
ansible.builtin.service:
name: dbus-broker
enabled: true
state: started
@ -19,25 +26,20 @@
- name: Test Online Operations
block:
- name: start firewalld
service:
- name: Start firewalld
ansible.builtin.service:
name: firewalld
state: started
- import_tasks: run_all_tests.yml
- name: Import test tasks
ansible.builtin.import_tasks: run_all_tests.yml
- name: Test Offline Operations
block:
- name: stop firewalld
service:
- name: Stop firewalld
ansible.builtin.service:
name: firewalld
state: stopped
- import_tasks: run_all_tests.yml
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
- not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('7', '==')) # FIXME
- name: Import test tasks
ansible.builtin.import_tasks: run_all_tests.yml

265
tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml
View file

@ -1,172 +1,173 @@
---
# Test playbook for the firewalld module - masquerade operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Masquerade enabled when masquerade is truthy and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is falsy and state is enabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: enabled
register: result
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: enabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: enabled
register: result
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: enabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade enabled when masquerade is falsy and state is disabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: disabled
register: result
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: disabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: disabled
register: result
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: disabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is truthy and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
# Validate backwards compatible behavior until masquerade is switched from string to boolean type
- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

41
tests/integration/targets/firewalld/tasks/port_forward_test_cases.yml
View file

@ -1,9 +1,10 @@
---
# Test playbook for the firewalld module - port operations
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: firewalld port forward test permanent enabled
firewalld:
- name: Firewalld port forward test permanent enabled
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -12,13 +13,13 @@
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -27,13 +28,13 @@
state: enabled
register: result
- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test permanent disabled
firewalld:
- name: Firewalld port test permanent disabled
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -42,13 +43,13 @@
state: disabled
register: result
- name: assert firewalld port test permanent disabled worked
assert:
- name: Assert firewalld port test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -57,7 +58,7 @@
state: disabled
register: result
- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

85
tests/integration/targets/firewalld/tasks/port_test_cases.yml
View file

@ -1,57 +1,58 @@
---
# Test playbook for the firewalld module - port operations
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: firewalld port range test permanent enabled
firewalld:
- name: Firewalld port range test permanent enabled
ansible.posix.firewalld:
port: 5500-6850/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port range test permanent enabled worked
assert:
- name: Assert firewalld port range test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port range test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld port range test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
port: 5500-6850/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port range test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port range test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test permanent enabled
firewalld:
- name: Firewalld port test permanent enabled
ansible.posix.firewalld:
port: 6900/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent enabled
firewalld:
- name: Firewalld port test permanent enabled
ansible.posix.firewalld:
port: 6900/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test disabled
firewalld:
- name: Firewalld port test disabled
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: disabled
@ -59,50 +60,50 @@
- 6900/tcp
- 5500-6850/tcp
- name: firewalld port test permanent enabled
firewalld:
- name: Firewalld port test permanent enabled
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test permanent disabled
firewalld:
- name: Firewalld port test permanent disabled
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: disabled
register: result
- name: assert firewalld port test permanent disabled worked
assert:
- name: Assert firewalld port test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: disabled
register: result
- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

41
tests/integration/targets/firewalld/tasks/protocol_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - protocol operations
# (c) 2022, Robért S. Guhr <rguhr@cronon.net>
@ -16,50 +17,50 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld protocol test permanent enabled
firewalld:
- name: Firewalld protocol test permanent enabled
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: enabled
register: result
- name: assert firewalld protocol test permanent enabled worked
assert:
- name: Assert firewalld protocol test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld protocol test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld protocol test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: enabled
register: result
- name: assert firewalld protocol test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld protocol test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld protocol test permanent disabled
firewalld:
- name: Firewalld protocol test permanent disabled
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: disabled
register: result
- name: assert firewalld protocol test permanent disabled worked
assert:
- name: Assert firewalld protocol test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld protocol test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld protocol test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: disabled
register: result
- name: assert firewalld protocol test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld protocol test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

34
tests/integration/targets/firewalld/tasks/run_all_tests.yml
View file

@ -1,38 +1,50 @@
---
# Test playbook for the firewalld module
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Ensure /run/firewalld exists
file:
ansible.builtin.file:
path: /run/firewalld
state: directory
mode: "0755"
# firewalld service operation test cases
- include_tasks: service_test_cases.yml
- name: Include service test cases for firewalld module
ansible.builtin.include_tasks: service_test_cases.yml
# firewalld protocol operation test cases
- include_tasks: protocol_test_cases.yml
- name: Include protocol test cases for firewalld module
ansible.builtin.include_tasks: protocol_test_cases.yml
# firewalld port operation test cases
- include_tasks: port_test_cases.yml
- name: Include port test cases for firewalld module
ansible.builtin.include_tasks: port_test_cases.yml
# firewalld source operation test cases
- include_tasks: source_test_cases.yml
- name: Include source test cases for firewalld module
ansible.builtin.include_tasks: source_test_cases.yml
# firewalld zone operation test cases
- include_tasks: zone_test_cases.yml
- name: Include zone test cases for firewalld module
ansible.builtin.include_tasks: zone_test_cases.yml
# firewalld zone target operation test cases
- include_tasks: zone_target_test_cases.yml
- name: Include zone target test cases for firewalld module
ansible.builtin.include_tasks: zone_target_test_cases.yml
# firewalld port forwarding operation test cases
- include_tasks: port_forward_test_cases.yml
- name: Include port forward target test cases for firewalld module
ansible.builtin.include_tasks: port_forward_test_cases.yml
# firewalld masquerade operation test cases
- include_tasks: masquerade_test_cases.yml
- name: Include masquerade target test cases for firewalld module
ansible.builtin.include_tasks: masquerade_test_cases.yml
# firewalld icmp block inversion operation test cases
- include_tasks: icmp_block_inversion_test_cases.yml
- name: Include icmp block inversion target test cases for firewalld module
ansible.builtin.include_tasks: icmp_block_inversion_test_cases.yml
# firewalld interface operation test cases
- include_tasks: interface_test_cases.yml
- name: Include interface target test cases for firewalld module
ansible.builtin.include_tasks: interface_test_cases.yml

41
tests/integration/targets/firewalld/tasks/service_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - service operations
# (c) 2017, Adam Miller <admiller@redhat.com>
@ -16,50 +17,50 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld service test permanent enabled
firewalld:
- name: Firewalld service test permanent enabled
ansible.posix.firewalld:
service: https
permanent: true
state: enabled
register: result
- name: assert firewalld service test permanent enabled worked
assert:
- name: Assert firewalld service test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld service test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld service test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
service: https
permanent: true
state: enabled
register: result
- name: assert firewalld service test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld service test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld service test permanent disabled
firewalld:
- name: Firewalld service test permanent disabled
ansible.posix.firewalld:
service: https
permanent: true
state: disabled
register: result
- name: assert firewalld service test permanent disabled worked
assert:
- name: Assert firewalld service test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld service test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld service test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
service: https
permanent: true
state: disabled
register: result
- name: assert firewalld service test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld service test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

64
tests/integration/targets/firewalld/tasks/source_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - source operations
# (c) 2019, Hideki Saito <saito@fgrep.org>
@ -16,70 +17,71 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld source test permanent enabled
firewalld:
- name: Firewalld source test permanent enabled
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: enabled
register: result
- name: assert firewalld source test permanent enabled worked
assert:
- name: Assert firewalld source test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld source test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld source test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: enabled
register: result
- name: assert firewalld source test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld source test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld source test permanent disabled
firewalld:
- name: Firewalld source test permanent disabled
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: disabled
register: result
- name: assert firewalld source test permanent disabled worked
assert:
- name: Assert firewalld source test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld source test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld source test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: disabled
register: result
- name: assert firewalld source test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld source test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld source test permanent enabled is exclusive (verify exclusive error)
firewalld:
- name: Firewalld source test permanent enabled is exclusive (verify exclusive error)
ansible.posix.firewalld:
source: 192.0.2.0/24
port: 8081/tcp
zone: internal
permanent: True
permanent: true
state: enabled
register: result
ignore_errors: true
- name: assert firewalld source test permanent enabled is exclusive (verify exclusive error)
assert:
- name: Assert firewalld source test permanent enabled is exclusive (verify exclusive error)
ansible.builtin.assert:
that:
- result is not changed
- "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"
- result is not changed
- "result.msg ==
'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"

105
tests/integration/targets/firewalld/tasks/zone_target_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - source operations
# (c) 2020, Adam Miller <admiller@redhat.com>
@ -16,106 +17,106 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld dmz zone target DROP
firewalld:
- name: Firewalld dmz zone target DROP
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: DROP
register: result
- name: assert firewalld dmz zone target DROP present worked
assert:
- name: Assert firewalld dmz zone target DROP present worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target DROP rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target DROP rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: DROP
register: result
- name: assert firewalld dmz zone target DROP present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target DROP present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld dmz zone target DROP absent
firewalld:
- name: Firewalld dmz zone target DROP absent
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: DROP
register: result
- name: assert firewalld dmz zone target DROP absent worked
assert:
- name: Assert firewalld dmz zone target DROP absent worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target DROP rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target DROP rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: DROP
register: result
- name: assert firewalld dmz zone target DROP present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target DROP present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld dmz zone target %%REJECT%%
firewalld:
- name: Firewalld dmz zone target %%REJECT%%
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% present worked
assert:
- name: Assert firewalld dmz zone target %%REJECT%% present worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target %%REJECT%% rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target %%REJECT%% rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld dmz zone target %%REJECT%% absent
firewalld:
- name: Firewalld dmz zone target %%REJECT%% absent
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% absent worked
assert:
- name: Assert firewalld dmz zone target %%REJECT%% absent worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target %%REJECT%% rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target %%REJECT%% rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

49
tests/integration/targets/firewalld/tasks/zone_test_cases.yml
View file

@ -1,47 +1,48 @@
- name: firewalld create zone custom
firewalld:
---
- name: Firewalld create zone custom
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: present
register: result
- name: assert firewalld custom zone created worked
assert:
- name: Assert firewalld custom zone created worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld create zone custom rerun (verify not changed)
firewalld:
- name: Firewalld create zone custom rerun (verify not changed)
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: present
register: result
- name: assert firewalld custom zone created worked (verify not changed)
assert:
- name: Assert firewalld custom zone created worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld remove zone custom
firewalld:
- name: Firewalld remove zone custom
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: absent
register: result
- name: assert firewalld custom zone removed worked
assert:
- name: Assert firewalld custom zone removed worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld remove custom zone rerun (verify not changed)
firewalld:
- name: Firewalld remove custom zone rerun (verify not changed)
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: absent
register: result
- name: assert firewalld custom zone removed worked (verify not changed)
assert:
- name: Assert firewalld custom zone removed worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

43
tests/integration/targets/firewalld_info/tasks/main.yml
View file

@ -1,52 +1,53 @@
---
# Test playbook for the firewalld_info module
# (c) 2021, Hideki Saito <saito@fgrep.org>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# This test is based on the integration test playbook for firewalld module.
- name: Run firewalld tests
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
block:
- name: Ensure firewalld is installed
package:
ansible.builtin.package:
name: firewalld
state: present
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
- name: Check to make sure the firewalld python module is available.
shell: "{{ansible_python.executable}} -c 'import firewall'"
ansible.builtin.command: "{{ ansible_python.executable }} -c 'import firewall'"
changed_when: false
register: check_output_firewall
ignore_errors: true
- name: Check to make sure the dbus python module is available.
shell: "{{ansible_python.executable}} -c 'import dbus'"
ansible.builtin.command: "{{ ansible_python.executable }} -c 'import dbus'"
changed_when: false
register: check_output_dbus
ignore_errors: true
- name: Test Online Operations
block:
- name: start firewalld
service:
- name: Start firewalld
ansible.builtin.service:
name: firewalld
state: started
- import_tasks: run_tests_in_started.yml
- name: Import test tasks from run_tests_in_started.yml
ansible.builtin.import_tasks: run_tests_in_started.yml
- name: Test Offline Operations
when:
- check_output_firewall.rc == 0
- check_output_dbus.rc == 0
- name: Test Offline Operations
block:
- name: stop firewalld
service:
- name: Stop firewalld
ansible.builtin.service:
name: firewalld
state: stopped
- import_tasks: run_tests_in_stopped.yml
when:
- check_output_firewall.rc == 0
- check_output_dbus.rc == 0
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
- name: Import test tasks from run_tests_in_stopped.yml
ansible.builtin.import_tasks: run_tests_in_stopped.yml

17
tests/integration/targets/firewalld_info/tasks/run_tests_in_started.yml
View file

@ -1,32 +1,33 @@
---
# Test playbook for the firewalld_info module
# (c) 2021, Hideki Saito <saito@fgrep.org>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Ensure firewalld_info without options
firewalld_info:
ansible.posix.firewalld_info:
register: result
- name: Assert collected_zones and undefined_zones
assert:
ansible.builtin.assert:
that:
- 'result.collected_zones and not result.undefined_zones'
- result.collected_zones and not result.undefined_zones
- name: Ensure firewalld_info with active_zones
firewalld_info:
active_zones: yes
ansible.posix.firewalld_info:
active_zones: true
register: result
- name: Assert turn active_zones true
assert:
ansible.builtin.assert:
that:
- name: Ensure firewalld_zones with zone list
firewalld_info:
ansible.posix.firewalld_info:
zones:
- public
- invalid_zone
register: result
- name: Assert specified zones
assert:
ansible.builtin.assert:
that:

21
tests/integration/targets/firewalld_info/tasks/run_tests_in_stopped.yml
View file

@ -1,40 +1,41 @@
---
# Test playbook for the firewalld_info module
# (c) 2021, Hideki Saito <saito@fgrep.org>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Ensure firewalld_info without options
firewalld_info:
ansible.posix.firewalld_info:
register: result
ignore_errors: yes
ignore_errors: true
- name: Assert firewalld_info fails if firewalld is not running.
assert:
ansible.builtin.assert:
that:
- result.failed
- "'firewalld probably not be running,' in result.msg"
- name: Ensure firewalld_info with active_zones
firewalld_info:
active_zones: yes
ansible.posix.firewalld_info:
active_zones: true
register: result
ignore_errors: yes
ignore_errors: true
- name: Assert firewalld_info with active_zones fails if firewalld is not running.
assert:
ansible.builtin.assert:
that:
- result.failed
- "'firewalld probably not be running,' in result.msg"
- name: Ensure firewalld_zones with zone list
firewalld_info:
ansible.posix.firewalld_info:
zones:
- public
- invalid_zone
register: result
ignore_errors: yes
ignore_errors: true
- name: Assert firewalld_info with zones list fails if firewalld is not running.
assert:
ansible.builtin.assert:
that:
- result.failed
- "'firewalld probably not be running,' in result.msg"

1030
tests/integration/targets/mount/tasks/main.yml
View file

File diff suppressed because it is too large Load diff

169
tests/integration/targets/patch/tasks/main.yml
View file

@ -1,124 +1,147 @@
- name: ensure idempotency installed
package:
---
- name: Ensure idempotency installed
ansible.builtin.package:
name: patch
when: ansible_distribution != "MacOSX"
- name: create a directory for the result
file:
dest: '{{ output_dir }}/patch'
- name: Create a directory for the result
ansible.builtin.file:
dest: "{{ output_dir }}/patch"
state: directory
mode: "0755"
register: result
- name: assert the directory was created
assert:
- name: Assert the directory was created
ansible.builtin.assert:
that:
- result.state == 'directory'
- name: copy the origin file
copy:
- result.state == 'directory'
- name: Copy the origin file
ansible.builtin.copy:
src: ./origin.txt
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
mode: "0644"
register: result
- name: patch the origin file in check mode
- name: Patch the origin file in check mode
check_mode: true
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
- name: verify patch the origin file in check mode
assert:
dest: "{{ output_dir }}/patch/workfile.txt"
- name: Verify patch the origin file in check mode
ansible.builtin.assert:
that:
- result is changed
- name: patch the origin file
- result is changed
- name: Patch the origin file
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
- name: verify patch the origin file
assert:
dest: "{{ output_dir }}/patch/workfile.txt"
- name: Verify patch the origin file
ansible.builtin.assert:
that:
- result is changed
- name: test patch the origin file idempotency
- result is changed
- name: Test patch the origin file idempotency
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
- name: verify test patch the origin file idempotency
assert:
dest: "{{ output_dir }}/patch/workfile.txt"
- name: Verify test patch the origin file idempotency
ansible.builtin.assert:
that:
- result is not changed
- name: verify the resulted file matches expectations
copy:
- result is not changed
- name: Verify the resulted file matches expectations
ansible.builtin.copy:
src: ./result.txt
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
mode: "0644"
register: result
failed_when: result is changed
- name: patch the workfile file in check mode state absent
- name: Patch the workfile file in check mode state absent
check_mode: true
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
state: absent
- name: verify patch the workfile file in check mode state absent
assert:
- name: Verify patch the workfile file in check mode state absent
ansible.builtin.assert:
that:
- result is changed
- name: patch the workfile file state absent
- result is changed
- name: Patch the workfile file state absent
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
state: absent
- name: verify patch the workfile file state absent
assert:
- name: Verify patch the workfile file state absent
ansible.builtin.assert:
that:
- result is changed
- name: patch the workfile file state absent idempotency
- result is changed
- name: Patch the workfile file state absent idempotency
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
state: absent
- name: verify patch the workfile file state absent idempotency
assert:
- name: Verify patch the workfile file state absent idempotency
ansible.builtin.assert:
that:
- result is not changed
- name: verify the resulted file matches expectations
copy:
- result is not changed
- name: Verify the resulted file matches expectations
ansible.builtin.copy:
src: ./origin.txt
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
mode: "0644"
register: result
failed_when: result is changed
- name: copy the origin file whitespace
copy:
- name: Copy the origin file whitespace
ansible.builtin.copy:
src: ./origin.txt
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
mode: "0644"
register: result
- name: patch the origin file
- name: Patch the origin file
register: result
patch:
ansible.posix.patch:
src: result_whitespace.patch
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
ignore_whitespace: yes
- name: verify patch the origin file
assert:
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
ignore_whitespace: true
- name: Verify patch the origin file
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: test patch the origin file idempotency
- name: Test patch the origin file idempotency
register: result
patch:
ansible.posix.patch:
src: result_whitespace.patch
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
ignore_whitespace: yes
- name: verify test patch the origin file idempotency
assert:
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
ignore_whitespace: true
- name: Verify test patch the origin file idempotency
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: verify the resulted file matches expectations
copy:
- name: Verify the resulted file matches expectations
ansible.builtin.copy:
src: ./result_whitespace.txt
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
mode: "0644"
register: result
failed_when: result is changed

6
tests/integration/targets/seboolean/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -15,8 +16,9 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- include_tasks: seboolean.yml
- name: Include_tasks for when SELinux is enabled
ansible.builtin.include_tasks: seboolean.yml
when:
- ansible_selinux is defined
- ansible_selinux != False
- ansible_selinux
- ansible_selinux.status == 'enabled'

77
tests/integration/targets/seboolean/tasks/seboolean.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -15,69 +16,89 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: install requirements for RHEL 7 and earlier
package:
- name: Install requirements for RHEL 7 and earlier
ansible.builtin.package:
name: policycoreutils-python
when:
- ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('7', '<=')
- name: install requirements for RHEL 8 and later
package:
- name: Install requirements for RHEL 8 and later
ansible.builtin.package:
name: policycoreutils-python-utils
when:
- ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('8', '>=')
- name: Get getsebool output preflight
ansible.builtin.shell:
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
executable: /bin/bash
changed_when: false
register: getsebool_output_preflight
- name: Cleanup
shell: setsebool -P httpd_can_network_connect 0
##########################################################################################
- name: set flag and don't keep it persistent
seboolean:
ansible.builtin.shell:
cmd: set -o pipefail && setsebool -P httpd_can_network_connect 0
executable: /bin/bash
changed_when: getsebool_output_preflight.stdout.startswith('httpd_can_network_connect --> on')
- name: Set flag and don't keep it persistent
ansible.posix.seboolean:
name: httpd_can_network_connect
state: yes
state: true
register: output
- name: get getsebool output
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
- name: Get getsebool output
ansible.builtin.shell:
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
executable: /bin/bash
changed_when: false
register: getsebool_output
- name: check output
assert:
- name: Check output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
- output.name == 'httpd_can_network_connect'
- getsebool_output.stdout.startswith('httpd_can_network_connect (on , off)')
##########################################################################################
- name: unset flag
seboolean:
- name: Unset flag
ansible.posix.seboolean:
name: httpd_can_network_connect
state: no
state: false
- name: get getsebool output
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
- name: Get getsebool output
ansible.builtin.shell:
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
executable: /bin/bash
changed_when: false
register: getsebool_output
- name: check output
assert:
- name: Check output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
- output.name == 'httpd_can_network_connect'
- getsebool_output.stdout.startswith('httpd_can_network_connect (off , off)')
##########################################################################################
- name: set flag and keep it persistent
seboolean:
- name: Set flag and keep it persistent
ansible.posix.seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
state: true
persistent: true
register: output
- name: get getsebool output
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
- name: Get getsebool output
ansible.builtin.shell:
cmd: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
executable: /bin/bash
changed_when: false
register: getsebool_output
- name: check output
assert:
- name: Check output
ansible.builtin.assert:
that:
- output is changed
- output is not failed

21
tests/integration/targets/selinux/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Sam Doran <sdoran@redhat.com>
# This file is part of Ansible
@ -15,22 +16,26 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- debug:
- name: Debug message for when SELinux is disabled
ansible.builtin.debug:
msg: SELinux is disabled
when: ansible_selinux is defined and ansible_selinux == False
when: ansible_selinux is defined and not ansible_selinux
- debug:
- name: Debug message for when SELinux is enabled and not disabled
ansible.builtin.debug:
msg: SELinux is {{ ansible_selinux.status }}
when: ansible_selinux is defined and ansible_selinux != False
when: ansible_selinux is defined and ansible_selinux
- include_tasks: selinux.yml
- name: Include_tasks for when SELinux is enabled
ansible.builtin.include_tasks: selinux.yml
when:
- ansible_selinux is defined
- ansible_selinux != False
- ansible_selinux
- ansible_selinux.status == 'enabled'
- include_tasks: selogin.yml
- name: Include tasks for selogin when SELinux is enabled
ansible.builtin.include_tasks: selogin.yml
when:
- ansible_selinux is defined
- ansible_selinux != False
- ansible_selinux
- ansible_selinux.status == 'enabled'

230
tests/integration/targets/selinux/tasks/selinux.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Sam Doran <sdoran@redhat.com>
# This file is part of Ansible
@ -14,67 +15,67 @@
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# First Test
# ##############################################################################
# Test changing the state, which requires a reboot
- name: TEST 1 | Make sure grubby is present
package:
ansible.builtin.package:
name: grubby
state: present
- name: TEST 1 | Get current SELinux config file contents
slurp:
ansible.builtin.slurp:
src: /etc/sysconfig/selinux
register: selinux_config_original_base64
- name: TEST 1 | Register SELinux config and SELinux status
set_fact:
ansible.builtin.set_fact:
selinux_config_original_raw: "{{ selinux_config_original_base64.content | b64decode }}"
before_test_sestatus: "{{ ansible_selinux }}"
- name: TEST 1 | Split by line and register original config
set_fact:
ansible.builtin.set_fact:
selinux_config_original: "{{ selinux_config_original_raw.split('\n') }}"
- debug:
- name: TEST 1 | Debug selinux_config_original, before_test_sestatus, and ansible_selinux
ansible.builtin.debug:
var: "{{ item }}"
verbosity: 1
with_items:
loop:
- selinux_config_original
- before_test_sestatus
- ansible_selinux
- name: TEST 1 | Setup SELinux configuration for tests
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
- name: TEST 1 | Disable SELinux
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
register: _disable_test1
- debug:
- name: TEST 1 | Debug _disable_test1
ansible.builtin.debug:
var: _disable_test1
verbosity: 1
- name: Before gathering the fact
debug:
ansible.builtin.debug:
msg: "{{ ansible_selinux }}"
- name: TEST 1 | Re-gather facts
setup:
ansible.builtin.setup:
- name: After gathering the fact
debug:
ansible.builtin.debug:
msg: "{{ ansible_selinux }}"
- name: TEST 1 | Assert that status was changed, reboot_required is True, a warning was displayed, and SELinux is configured properly
assert:
ansible.builtin.assert:
that:
- _disable_test1 is changed
- _disable_test1.reboot_required
@ -82,53 +83,56 @@
- ansible_selinux.config_mode == 'disabled'
- ansible_selinux.type == 'targeted'
- debug:
- name: TEST 1 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
- name: TEST 1 | Disable SELinux again
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
register: _disable_test2
- debug:
- name: Test 1 | Debug _disable_test2
ansible.builtin.debug:
var: _disable_test2
verbosity: 1
- name: TEST 1 | Assert that no change is reported, a warning was displayed, and reboot_required is True
assert:
ansible.builtin.assert:
that:
- _disable_test2 is not changed
- (_disable_test1.warnings | length ) >= 1
- _disable_test2.reboot_required
- name: TEST 1 | Get modified config file
slurp:
ansible.builtin.slurp:
src: /etc/sysconfig/selinux
register: selinux_config_after_base64
- name: TEST 1 | Register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
- name: TEST 1 | Split by line and register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
- debug:
- name: TEST 1 | Debug selinux_config_after
ansible.builtin.debug:
var: selinux_config_after
verbosity: 1
- name: TEST 1 | Ensure SELinux config file is properly formatted
assert:
ansible.builtin.assert:
that:
- selinux_config_original | length == selinux_config_after | length
- selinux_config_after[selinux_config_after.index('SELINUX=disabled')] is search("^SELINUX=\w+$")
- selinux_config_after[selinux_config_after.index('SELINUXTYPE=targeted')] is search("^SELINUXTYPE=\w+$")
- name: TEST 1 | Disable SELinux again, with kernel arguments update
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
update_kernel_param: true
@ -136,72 +140,76 @@
- name: Check kernel command-line arguments
ansible.builtin.command: grubby --info=DEFAULT
changed_when: false
register: _grubby_test1
- name: TEST 1 | Assert that kernel cmdline contains selinux=0
assert:
ansible.builtin.assert:
that:
- "' selinux=0' in _grubby_test1.stdout"
- name: TEST 1 | Enable SELinux, without kernel arguments update
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
register: _disable_test2
- name: Check kernel command-line arguments
ansible.builtin.command: grubby --info=DEFAULT
changed_when: false
register: _grubby_test1
- name: TEST 1 | Assert that kernel cmdline still contains selinux=0
assert:
ansible.builtin.assert:
that:
- "' selinux=0' in _grubby_test1.stdout"
- name: TEST 1 | Reset SELinux configuration for next test (also kernel args)
selinux:
ansible.posix.selinux:
state: enforcing
update_kernel_param: true
policy: targeted
- name: Check kernel command-line arguments
ansible.builtin.command: grubby --info=DEFAULT
changed_when: false
register: _grubby_test2
- name: TEST 1 | Assert that kernel cmdline doesn't contain selinux=0
assert:
ansible.builtin.assert:
that:
- "' selinux=0' not in _grubby_test2.stdout"
# Second Test
# ##############################################################################
# Test changing only the policy, which does not require a reboot
- name: TEST 2 | Make sure the policy is present
package:
ansible.builtin.package:
name: selinux-policy-mls
state: present
- name: TEST 2 | Set SELinux policy
selinux:
ansible.posix.selinux:
state: enforcing
policy: mls
register: _state_test1
- debug:
- name: TEST 2 | Debug _state_test1
ansible.builtin.debug:
var: _state_test1
verbosity: 1
- name: TEST 2 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 2 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
tags: debug
- name: TEST 2 | Assert that status was changed, reboot_required is False, no warnings were displayed, and SELinux is configured properly
assert:
ansible.builtin.assert:
that:
- _state_test1 is changed
- not _state_test1.reboot_required
@ -210,76 +218,79 @@
- ansible_selinux.type == 'mls'
- name: TEST 2 | Set SELinux policy again
selinux:
ansible.posix.selinux:
state: enforcing
policy: mls
register: _state_test2
- debug:
- name: TEST 2 | Debug _state_test2
ansible.builtin.debug:
var: _state_test2
verbosity: 1
- name: TEST 2 | Assert that no change was reported, no warnings were displayed, and reboot_required is False
assert:
ansible.builtin.assert:
that:
- _state_test2 is not changed
- _state_test2.warnings is not defined
- not _state_test2.reboot_required
- name: TEST 2 | Get modified config file
slurp:
ansible.builtin.slurp:
src: /etc/sysconfig/selinux
register: selinux_config_after_base64
- name: TEST 2 | Register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
- name: TEST 2 | Split by line and register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
- debug:
- name: TEST 2 | Debug selinux_config_after
ansible.builtin.debug:
var: selinux_config_after
verbosity: 1
- name: TEST 2 | Ensure SELinux config file is properly formatted
assert:
ansible.builtin.assert:
that:
- selinux_config_original | length == selinux_config_after | length
- selinux_config_after[selinux_config_after.index('SELINUX=enforcing')] is search("^SELINUX=\w+$")
- selinux_config_after[selinux_config_after.index('SELINUXTYPE=mls')] is search("^SELINUXTYPE=\w+$")
- name: TEST 2 | Reset SELinux configuration for next test
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
# Third Test
# ##############################################################################
# Test changing non-existing policy
- name: TEST 3 | Set SELinux policy
selinux:
ansible.posix.selinux:
state: enforcing
policy: non-existing-selinux-policy
register: _state_test1
ignore_errors: yes
ignore_errors: true
- debug:
- name: TEST 3 | Debug _state_test1
ansible.builtin.debug:
var: _state_test1
verbosity: 1
- name: TEST 3 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST3 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
tags: debug
- name: TEST 3 | Assert that status was not changed, the task failed, the msg contains proper information and SELinux was not changed
assert:
ansible.builtin.assert:
that:
- _state_test1 is not changed
- _state_test1 is failed
@ -287,40 +298,40 @@
- ansible_selinux.config_mode == 'enforcing'
- ansible_selinux.type == 'targeted'
# Fourth Test
# ##############################################################################
# Test if check mode returns correct changed values and
# doesn't make any changes
- name: TEST 4 | Set SELinux to enforcing
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _check_mode_test1
- debug:
- name: TEST 4 | Debug _check_mode_test1
ansible.builtin.debug:
var: _check_mode_test1
verbosity: 1
- name: TEST 4 | Set SELinux to enforcing in check mode
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _check_mode_test1
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4| Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode is idempotent
assert:
ansible.builtin.assert:
that:
- _check_mode_test1 is success
- not _check_mode_test1.reboot_required
@ -328,22 +339,23 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Set SELinux to permissive in check mode
selinux:
ansible.posix.selinux:
state: permissive
policy: targeted
register: _check_mode_test2
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode doesn't set state permissive and returns changed
assert:
ansible.builtin.assert:
that:
- _check_mode_test2 is changed
- not _check_mode_test2.reboot_required
@ -351,21 +363,22 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Disable SELinux in check mode
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test3
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode didn't change anything, status is changed, reboot_required is True, a warning was displayed
assert:
ansible.builtin.assert:
that:
- _check_mode_test3 is changed
- _check_mode_test3.reboot_required
@ -374,31 +387,33 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Set SELinux to permissive
selinux:
ansible.posix.selinux:
state: permissive
policy: targeted
register: _check_mode_test4
- debug:
- name: TEST 4 | Debug _check_mode_test4
ansible.builtin.debug:
var: _check_mode_test4
verbosity: 1
- name: TEST 4 | Disable SELinux in check mode
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test4
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode didn't change anything, status is changed, reboot_required is True, a warning was displayed
assert:
ansible.builtin.assert:
that:
- _check_mode_test4 is changed
- _check_mode_test4.reboot_required
@ -407,36 +422,38 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Set SELinux to enforcing
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _check_mode_test5
- debug:
- name: TEST 4 | Debug _check_mode_test5
ansible.builtin.debug:
var: _check_mode_test5
verbosity: 1
- name: TEST 4 | Disable SELinux
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test5
- name: TEST 4 | Disable SELinux in check mode
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test5
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that in check mode status was not changed, reboot_required is True, a warning was displayed, and SELinux is configured properly
assert:
ansible.builtin.assert:
that:
- _check_mode_test5 is success
- _check_mode_test5.reboot_required
@ -450,32 +467,34 @@
# sure the module re-adds the expected lines
- name: TEST 5 | Remove SELINUX key from /etc/selinux/config
lineinfile:
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
regexp: ^SELINUX=
state: absent
backup: yes
backup: true
register: _lineinfile_out1
- debug:
- name: TEST 5 | Debug _lineinfile_out1
ansible.builtin.debug:
var: _lineinfile_out1
verbosity: 1
- name: TEST 5 | Set SELinux to enforcing
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _set_enforcing1
- name: TEST 5 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 5 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
- name: TEST 5 | Assert that SELINUX key is populated
assert:
ansible.builtin.assert:
that:
- _set_enforcing1 is success
- _set_enforcing1 is changed
@ -483,31 +502,33 @@
- ansible_selinux.config_mode == 'enforcing'
- name: TEST 5 | Remove SELINUXTYPE key from /etc/selinux/config
lineinfile:
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUXTYPE='
regexp: ^SELINUXTYPE=
state: absent
register: _lineinfile_out2
- debug:
- name: TEST 5 | Debug _lineinfile_out2
ansible.builtin.debug:
var: _lineinfile_out2
verbosity: 1
- name: TEST 5 | Set SELinux Policy to targeted
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _set_policy2
- name: TEST 5 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 5 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
- name: TEST 5 | Assert that SELINUXTYPE key is populated
assert:
ansible.builtin.assert:
that:
- _set_policy2 is success
- _set_policy2 is changed
@ -515,7 +536,8 @@
- ansible_selinux.type == 'targeted'
- name: TEST 5 | Restore original SELinux config file /etc/selinux/config
copy:
ansible.builtin.copy:
dest: /etc/selinux/config
src: "{{ _lineinfile_out1['backup'] }}"
remote_src: yes
remote_src: true
mode: "0644"

89
tests/integration/targets/selinux/tasks/selogin.yml
View file

@ -1,70 +1,71 @@
- name: create user for testing
user:
---
- name: Create user for testing
ansible.builtin.user:
name: seuser
- name: attempt to add mapping without 'seuser'
- name: Attempt to add mapping without 'seuser'
register: selogin_error
ignore_errors: true
community.general.system.selogin:
login: seuser
- name: verify failure
assert:
- name: Verify failure
ansible.builtin.assert:
that:
- selogin_error is failed
- name: map login to SELinux user
- selogin_error is failed
- name: Map login to SELinux user
register: selogin_new_mapping
check_mode: '{{ item }}'
check_mode: "{{ item }}"
with_items:
- true
- false
- true
- false
- true
- false
- true
- false
community.general.system.selogin:
login: seuser
seuser: staff_u
- name: new mapping- verify functionality and check_mode
assert:
- name: New mapping- verify functionality and check_mode
ansible.builtin.assert:
that:
- selogin_new_mapping.results[0] is changed
- selogin_new_mapping.results[1] is changed
- selogin_new_mapping.results[2] is not changed
- selogin_new_mapping.results[3] is not changed
- name: change SELinux user login mapping
- selogin_new_mapping.results[0] is changed
- selogin_new_mapping.results[1] is changed
- selogin_new_mapping.results[2] is not changed
- selogin_new_mapping.results[3] is not changed
- name: Change SELinux user login mapping
register: selogin_mod_mapping
check_mode: '{{ item }}'
check_mode: "{{ item }}"
with_items:
- true
- false
- true
- false
- true
- false
- true
- false
community.general.system.selogin:
login: seuser
seuser: user_u
- name: changed mapping- verify functionality and check_mode
assert:
- name: Changed mapping- verify functionality and check_mode
ansible.builtin.assert:
that:
- selogin_mod_mapping.results[0] is changed
- selogin_mod_mapping.results[1] is changed
- selogin_mod_mapping.results[2] is not changed
- selogin_mod_mapping.results[3] is not changed
- name: remove SELinux user mapping
- selogin_mod_mapping.results[0] is changed
- selogin_mod_mapping.results[1] is changed
- selogin_mod_mapping.results[2] is not changed
- selogin_mod_mapping.results[3] is not changed
- name: Remove SELinux user mapping
register: selogin_del_mapping
check_mode: '{{ item }}'
check_mode: "{{ item }}"
with_items:
- true
- false
- true
- false
- true
- false
- true
- false
community.general.system.selogin:
login: seuser
state: absent
- name: delete mapping- verify functionality and check_mode
assert:
- name: Delete mapping- verify functionality and check_mode
ansible.builtin.assert:
that:
- selogin_del_mapping.results[0] is changed
- selogin_del_mapping.results[1] is changed
- selogin_del_mapping.results[2] is not changed
- selogin_del_mapping.results[3] is not changed
- name: remove test user
user:
- selogin_del_mapping.results[0] is changed
- selogin_del_mapping.results[1] is changed
- selogin_del_mapping.results[2] is not changed
- selogin_del_mapping.results[3] is not changed
- name: Remove test user
ansible.builtin.user:
name: seuser
state: absent

10
tests/integration/targets/setup_pkg_mgr/tasks/main.yml
View file

@ -4,14 +4,16 @@
# and should not be used as examples of how to write Ansible roles #
####################################################################
- set_fact:
- name: Set pkg_mgr and ansible_pkg_mgr on FreeBSD
ansible.builtin.set_fact:
pkg_mgr: community.general.pkgng
ansible_pkg_mgr: community.general.pkgng
cacheable: yes
cacheable: true
when: ansible_os_family == "FreeBSD"
- set_fact:
- name: Set pkg_mgr and ansible_pkg_mgr on Suse
ansible.builtin.set_fact:
pkg_mgr: community.general.zypper
ansible_pkg_mgr: community.general.zypper
cacheable: yes
cacheable: true
when: ansible_os_family == "Suse"

1
tests/integration/targets/synchronize/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

564
tests/integration/targets/synchronize/tasks/main.yml
View file

@ -1,310 +1,350 @@
- name: install rsync
package:
---
- name: Install rsync
ansible.builtin.package:
name: rsync
when: ansible_distribution != "MacOSX"
- name: Clean up the working directory and files
file:
path: '{{ output_dir }}'
- name: Clean up the working disrectory and files
ansible.builtin.file:
path: "{{ output_dir }}"
state: absent
- name: Create the working directory
file:
path: '{{ output_dir }}'
ansible.builtin.file:
path: "{{ output_dir }}"
state: directory
- name: create test new files
copy:
dest: '{{output_dir}}/{{item}}'
mode: '0644'
content: 'hello world'
with_items:
- foo.txt
- bar.txt
mode: "0755"
- name: synchronize file to new filename
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
- name: Create test new files
ansible.builtin.copy:
dest: "{{ output_dir }}/{{ item }}"
mode: "0644"
content: hello world
loop:
- foo.txt
- bar.txt
- name: Synchronize file to new filename
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
delegate_to: "{{ inventory_hostname }}"
'')'
- name: test that the file was really copied over
stat:
path: '{{ output_dir }}/foo.result'
- name: Check that the file was copied over correctly
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Test that the file was really copied over
ansible.builtin.stat:
path: "{{ output_dir }}/foo.result"
register: stat_result
- assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: test that the file is not copied a second time
synchronize:
src='{{output_dir}}/foo.txt'
dest='{{output_dir}}/foo.result'
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
- name: Test that the file was really copied over
ansible.builtin.assert:
that:
- sync_result.changed == False
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Test that the file is not copied a second time
ansible.posix.synchronize:
src: "'{{ output_dir }}/foo.txt'"
dest: "'{{ output_dir }}/foo.result'"
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Test that no change occurred
ansible.builtin.assert:
that:
- not sync_result.changed
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.result
- bar.result
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.result
- bar.result
- name: Synchronize using the mode=push param
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: push
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
delegate_to: "{{ inventory_hostname }}"
'')'
- name: test that the file was really copied over
stat:
path: '{{ output_dir }}/foo.result'
- name: Check that the file was copied over correctly mode=push
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Test that the file was really copied over
ansible.builtin.stat:
path: "{{ output_dir }}/foo.result"
register: stat_result
- assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: test that the file is not copied a second time
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
- name: Ensure file exists and checksum matches
ansible.builtin.assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Test that the file is not copied a second time
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: push
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
delegate_to: "{{ inventory_hostname }}"
- name: Ensure no change occorred
ansible.builtin.assert:
that:
- sync_result.changed == False
- sync_result.changed == False
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.result
- bar.result
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.result
- bar.result
- name: Synchronize using the mode=pull param
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: pull
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
delegate_to: "{{ inventory_hostname }}"
'')'
- name: test that the file was really copied over
stat:
path: '{{ output_dir }}/foo.result'
- name: Check that the file was copied over correctly mode=pull
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Test that the file was really copied over
ansible.builtin.stat:
path: "{{ output_dir }}/foo.result"
register: stat_result
- assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: test that the file is not copied a second time
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
- name: Ensure file exists and checksum matches
ansible.builtin.assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Test that the file is not copied a second time
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: pull
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
delegate_to: "{{ inventory_hostname }}"
- name: Ensure no change occorred
ansible.builtin.assert:
that:
- sync_result.changed == False
- sync_result.changed == False
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.result
- bar.result
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.result
- bar.result
- name: synchronize files using with_items (issue#5965)
synchronize:
src: '{{output_dir}}/{{item}}'
dest: '{{output_dir}}/{{item}}.result'
with_items:
- foo.txt
- bar.txt
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result.changed
- sync_result.msg == 'All items completed'
- '''results'' in sync_result'
- sync_result.results|length == 2
- 'sync_result.results[0].msg.endswith(''+ foo.txt
'')'
- 'sync_result.results[1].msg.endswith(''+ bar.txt
'')'
- name: Cleanup
file:
state: absent
path: '{{output_dir}}/{{item}}.result'
with_items:
- foo.txt
- bar.txt
- name: synchronize files using rsync_path (issue#7182)
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.rsync_path'
rsync_path: 'sudo rsync'
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''rsync_path'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
'')'
- name: Cleanup
file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.rsync_path
- name: add subdirectories for link-dest test
file:
path: '{{output_dir}}/{{item}}/'
state: directory
mode: '0755'
with_items:
- directory_a
- directory_b
- name: copy foo.txt into the first directory
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/{{item}}/foo.txt'
with_items:
- directory_a
delegate_to: '{{ inventory_hostname }}'
- name: synchronize files using link_dest
synchronize:
src: '{{output_dir}}/directory_a/foo.txt'
dest: '{{output_dir}}/directory_b/foo.txt'
link_dest:
- '{{output_dir}}/directory_a'
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- name: get stat information for directory_a
stat:
path: '{{ output_dir }}/directory_a/foo.txt'
register: stat_result_a
- name: get stat information for directory_b
stat:
path: '{{ output_dir }}/directory_b/foo.txt'
register: stat_result_b
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- stat_result_a.stat.inode == stat_result_b.stat.inode
- name: synchronize files using link_dest that would be recursive
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
link_dest:
- '{{output_dir}}'
register: sync_result
ignore_errors: true
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result is not changed
- sync_result is failed
- name: Cleanup
file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- directory_b/foo.txt
- directory_a/foo.txt
- directory_a
- directory_b
- name: setup - test for source with working dir with spaces in path
file:
state: directory
path: '{{output_dir}}/{{item}}'
delegate_to: '{{ inventory_hostname }}'
with_items:
- 'directory a'
- 'directory b'
- name: setup - create test new files
copy:
dest: '{{output_dir}}/directory a/{{item}}'
mode: '0644'
content: 'hello world'
- name: Synchronize files using with_items (issue#5965)
ansible.posix.synchronize:
src: "{{ output_dir }}/{{ item }}"
dest: "{{ output_dir }}/{{ item }}.result"
with_items:
- foo.txt
delegate_to: '{{ inventory_hostname }}'
- name: copy source with spaces in dir path
synchronize:
src: '{{output_dir}}/directory a/foo.txt'
dest: '{{output_dir}}/directory b/'
delegate_to: '{{ inventory_hostname }}'
- bar.txt
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Validate syncrhonize with_items
ansible.builtin.assert:
that:
- sync_result.changed
- sync_result.msg == 'All items completed'
- "'results' in sync_result"
- sync_result.results|length == 2
- "sync_result.results[0].msg.endswith('+ foo.txt\n')"
- "sync_result.results[1].msg.endswith('+ bar.txt\n')"
- name: Cleanup
ansible.builtin.file:
state: absent
path: "{{ output_dir }}/{{ item }}.result"
loop:
- foo.txt
- bar.txt
- name: Synchronize files using rsync_path (issue#7182)
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.rsync_path"
rsync_path: sudo rsync
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Validate syncrhonize using rsync_path (issue#7182)
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'rsync_path' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Cleanup
ansible.builtin.file:
state: absent
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.rsync_path
- name: Add subdirectories for link-dest test
ansible.builtin.file:
path: "{{ output_dir }}/{{ item }}/"
state: directory
mode: "0755"
loop:
- directory_a
- directory_b
- name: Copy foo.txt into the first directory
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/{{ item }}/foo.txt"
loop:
- directory_a
delegate_to: "{{ inventory_hostname }}"
- name: Synchronize files using link_dest
ansible.posix.synchronize:
src: "{{ output_dir }}/directory_a/foo.txt"
dest: "{{ output_dir }}/directory_b/foo.txt"
link_dest:
- "{{ output_dir }}/directory_a"
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Get stat information for directory_a
ansible.builtin.stat:
path: "{{ output_dir }}/directory_a/foo.txt"
register: stat_result_a
- name: Get stat information for directory_b
ansible.builtin.stat:
path: "{{ output_dir }}/directory_b/foo.txt"
register: stat_result_b
- name: Ensure file exists and inode matches
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- stat_result_a.stat.inode == stat_result_b.stat.inode
- name: Synchronize files using link_dest that would be recursive
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
link_dest:
- "{{ output_dir }}"
register: sync_result
ignore_errors: true
- name: get stat information for directory_b
stat:
path: '{{ output_dir }}/directory b/foo.txt'
register: stat_result_b
- assert:
delegate_to: "{{ inventory_hostname }}"
- name: Ensure no change occorred and failed
ansible.builtin.assert:
that:
- '''changed'' in sync_result'
- sync_result is not changed
- sync_result is failed
- name: Cleanup
ansible.builtin.file:
state: absent
path: "{{ output_dir }}/{{ item }}"
loop:
- directory_b/foo.txt
- directory_a/foo.txt
- directory_a
- directory_b
- name: Setup - test for source with working dir with spaces in path
ansible.builtin.file:
state: directory
path: "{{ output_dir }}/{{ item }}"
mode: "0755"
delegate_to: "{{ inventory_hostname }}"
loop:
- directory a
- directory b
- name: Setup - create test new files
ansible.builtin.copy:
dest: "{{ output_dir }}/directory a/{{ item }}"
mode: "0644"
content: hello world
loop:
- foo.txt
delegate_to: "{{ inventory_hostname }}"
- name: Copy source with spaces in dir path
ansible.posix.synchronize:
src: "{{ output_dir }}/directory a/foo.txt"
dest: "{{ output_dir }}/directory b/"
delegate_to: "{{ inventory_hostname }}"
register: sync_result
ignore_errors: true
- name: Get stat information for directory_b
ansible.builtin.stat:
path: "{{ output_dir }}/directory b/foo.txt"
register: stat_result_b
- name: Ensure file exists and checksum matches
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- stat_result_b.stat.exists == True
- stat_result_b.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- 'directory b/foo.txt'
- 'directory a/foo.txt'
- 'directory a'
- 'directory b'
path: "{{ output_dir }}/{{ item }}"
loop:
- directory b/foo.txt
- directory a/foo.txt
- directory a
- directory b

1
tests/integration/targets/sysctl/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

214
tests/integration/targets/sysctl/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# Test code for the sysctl module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
@ -24,79 +25,91 @@
when:
- ansible_facts.virtualization_type == 'docker' or ansible_facts.virtualization_type == 'container'
block:
- set_fact:
- name: Set output_dir_test fact
ansible.builtin.set_fact:
output_dir_test: "{{ output_dir }}/test_sysctl"
- name: make sure our testing sub-directory does not exist
file:
- name: Make sure our testing sub-directory does not exist
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: absent
- name: create our testing sub-directory
file:
- name: Create our testing sub-directory
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: directory
mode: "0755"
##
## sysctl - file manipulation
##
- name: copy the example conf to the test dir
copy:
- name: Copy the example conf to the test dir
ansible.builtin.copy:
src: sysctl.conf
dest: "{{ output_dir_test }}"
mode: "0644"
- name: Set vm.swappiness to 5
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: 5
state: present
reload: no
reload: false
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test0
- debug:
- name: Debug sysctl_test0
ansible.builtin.debug:
var: sysctl_test0
verbosity: 1
- name: get file content
shell: "cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\\#"
- name: Get file content
ansible.builtin.shell:
cmd: set -o pipefail && cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\#
executable: /bin/bash
changed_when: false
register: sysctl_content0
- debug:
- name: Debug sysctl_content0
ansible.builtin.debug:
var: sysctl_content0
verbosity: 1
- name: Set vm.swappiness to 5 again
sysctl:
name: vm.swappiness
value: 5
state: present
reload: no
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
ansible.posix.sysctl:
name: vm.swappiness
value: 5
state: present
reload: false
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test1
- name: validate results
assert:
that:
- sysctl_test0 is changed
- sysctl_test1 is not changed
- 'sysctl_content0.stdout_lines[sysctl_content0.stdout_lines.index("vm.swappiness=5")] == "vm.swappiness=5"'
- name: Validate results
ansible.builtin.assert:
that:
- sysctl_test0 is changed
- sysctl_test1 is not changed
- sysctl_content0.stdout_lines[sysctl_content0.stdout_lines.index("vm.swappiness=5")] == "vm.swappiness=5"
- name: Remove kernel.panic
sysctl:
ansible.posix.sysctl:
name: kernel.panic
value: 2
reload: no
reload: false
state: absent
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test2
- name: get file content
shell: "cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\\#"
- name: Get file content
ansible.builtin.shell:
cmd: set -o pipefail && cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\#
executable: /bin/bash
changed_when: false
register: sysctl_content2
- debug:
- name: Debug sysctl_test2 sysctl_content2
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
@ -104,38 +117,39 @@
- "{{ sysctl_content2 }}"
- name: Validate results for key removal
assert:
ansible.builtin.assert:
that:
- sysctl_test2 is changed
- "'kernel.panic' not in sysctl_content2.stdout_lines"
- name: Test remove kernel.panic again
sysctl:
ansible.posix.sysctl:
name: kernel.panic
value: 2
state: absent
reload: no
reload: false
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test2_change_test
- name: Assert that no change was made
assert:
ansible.builtin.assert:
that:
- sysctl_test2_change_test is not changed
- name: Try sysctl with an invalid name
sysctl:
ansible.posix.sysctl:
name: test.invalid
value: 1
register: sysctl_test3
ignore_errors: yes
ignore_errors: true
- debug:
- name: Debug sysctl_test3
ansible.builtin.debug:
var: sysctl_test3
verbosity: 1
- name: validate results for test 3
assert:
- name: Validate results for test 3
ansible.builtin.assert:
that:
- sysctl_test3 is failed
@ -143,77 +157,79 @@
## sysctl - sysctl_set
##
- name: set net.ipv4.ip_forward
sysctl:
- name: Set net.ipv4.ip_forward
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
reload: no
sysctl_set: true
reload: false
register: sysctl_test3
- name: check with sysctl command
shell: sysctl net.ipv4.ip_forward
- name: Check with sysctl command
ansible.builtin.command: sysctl net.ipv4.ip_forward
changed_when: false
register: sysctl_check3
- debug:
- name: Debug sysctl_test3 sysctl_check3
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
- "{{ sysctl_test3 }}"
- "{{ sysctl_check3 }}"
- name: validate results for test 3
assert:
- name: Validate results for test 3
ansible.builtin.assert:
that:
- sysctl_test3 is changed
- 'sysctl_check3.stdout_lines == ["net.ipv4.ip_forward = 1"]'
- sysctl_check3.stdout_lines == ["net.ipv4.ip_forward = 1"]
- name: Try sysctl with no name
sysctl:
ansible.posix.sysctl:
name: ""
value: 1
sysctl_set: yes
ignore_errors: True
sysctl_set: true
ignore_errors: true
register: sysctl_no_name
- name: validate nameless results
assert:
- name: Validate nameless results
ansible.builtin.assert:
that:
- sysctl_no_name is failed
- "sysctl_no_name.msg == 'name cannot be blank'"
- sysctl_no_name.msg == 'name cannot be blank'
- name: Try sysctl with no value
sysctl:
ansible.posix.sysctl:
name: Foo
value:
sysctl_set: yes
ignore_errors: True
sysctl_set: true
ignore_errors: true
register: sysctl_no_value
- name: validate nameless results
assert:
- name: Validate nameless results
ansible.builtin.assert:
that:
- sysctl_no_value is failed
- "sysctl_no_value.msg == 'value cannot be None'"
- sysctl_no_value.msg == 'value cannot be None'
- name: Try sysctl with an invalid name
sysctl:
ansible.posix.sysctl:
name: test.invalid
value: 1
sysctl_set: yes
sysctl_set: true
register: sysctl_test4
ignore_errors: yes
ignore_errors: true
- debug:
- name: Debug sysctl_test4
ansible.builtin.debug:
var: sysctl_test4
verbosity: 1
- name: validate results for test 4
assert:
- name: Validate results for test 4
ansible.builtin.assert:
that:
- sysctl_test4 is failed
- name: Test on RHEL VMs
when:
- ansible_facts.virtualization_type != 'docker'
@ -221,34 +237,37 @@
block:
# Test reload: yes
- name: Set sysctl property using module
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '22'
value: "22"
state: present
reload: yes
reload: true
register: sysctl_set1
- name: Change sysctl property using command
command: sysctl vm.swappiness=33
ansible.builtin.command: sysctl vm.swappiness=33
changed_when: true
- name: Set sysctl property using module
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '22'
value: "22"
state: present
reload: yes
reload: true
register: sysctl_set2
- name: Read /etc/sysctl.conf
command: 'egrep -v ^# /etc/sysctl.conf'
ansible.builtin.command: egrep -v ^# /etc/sysctl.conf
changed_when: false
register: sysctl_conf_content
- name: Get current value of vm.swappiness
command: sysctl -n vm.swappiness
ansible.builtin.command: sysctl -n vm.swappiness
changed_when: false
register: sysctl_current_vm_swappiness
- name: Ensure changes were made appropriately
assert:
ansible.builtin.assert:
that:
- sysctl_set1 is changed
- sysctl_set2 is changed
@ -257,33 +276,35 @@
# Test reload: yes in check mode
- name: Set the same value using module in check mode
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '22'
value: "22"
state: present
reload: yes
check_mode: yes
reload: true
check_mode: true
register: sysctl_check_mode1
- name: Set a different value using module in check mode
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '44'
value: "44"
state: present
reload: yes
check_mode: yes
reload: true
check_mode: true
register: sysctl_check_mode2
- name: Read /etc/sysctl.conf
command: 'egrep -v ^# /etc/sysctl.conf'
ansible.builtin.command: egrep -v ^# /etc/sysctl.conf
changed_when: false
register: sysctl_check_mode_conf_content
- name: Get current value of vm.swappiness
command: sysctl -n vm.swappiness
ansible.builtin.command: sysctl -n vm.swappiness
changed_when: false
register: sysctl_check_mode_current_vm_swappiness
- name: Ensure no changes were made in check mode
assert:
ansible.builtin.assert:
that:
- sysctl_check_mode1 is success
- sysctl_check_mode2 is changed
@ -292,21 +313,22 @@
# Test sysctl: invalid value
- name: Set invalid sysctl property using module
sysctl:
ansible.posix.sysctl:
name: vm.mmap_rnd_bits
value: '1024'
value: "1024"
state: present
reload: yes
sysctl_set: True
ignore_errors: True
reload: true
sysctl_set: true
ignore_errors: true
register: sysctl_invalid_set1
- name: Read /etc/sysctl.conf
command: 'cat /etc/sysctl.conf'
ansible.builtin.command: cat /etc/sysctl.conf
changed_when: false
register: sysctl_invalid_conf_content
- name: Ensure changes were not made
assert:
ansible.builtin.assert:
that:
- sysctl_invalid_set1 is failed
- "'vm.mmap_rnd_bits' not in sysctl_invalid_conf_content.stdout"

6
tests/sanity/ignore-2.14.txt
View file

@ -1,8 +1,2 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/check_matrix.py replace-urlopen
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.15.txt
View file

@ -1,8 +1,2 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/check_matrix.py replace-urlopen
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.16.txt
View file

@ -1,7 +1 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.17.txt
View file

@ -1,7 +1 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/timing.py shebang

8
tests/sanity/ignore-2.9.txt
View file

@ -1,8 +0,0 @@
plugins/modules/synchronize.py pylint:blacklisted-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/check_matrix.py replace-urlopen
tests/utils/shippable/timing.py shebang

27
tests/unit/plugins/action/fixtures/synchronize/basic/meta.yaml
View file

@ -1,17 +1,18 @@
---
fixtures:
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self._play_context.shell == 'sh'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self._play_context.shell == 'sh'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'

65
tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml
View file

@ -1,39 +1,40 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
#rsync_path: rsync
src: /tmp/deleteme
dest: /tmp/deleteme
# rsync_path: rsync
_task:
become: True
become_method: None
become: true
become_method: None
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
become: True
become_method: sudo
remote_addr: el6host
remote_user: root
become: true
become_method: sudo
remote_addr: el6host
remote_user: root
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- "self.final_module_args['rsync_path'] == 'sudo -u root rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.task.become == True"
- "self.task.become_user == None"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == 'el6host'"
- "self._play_context.remote_user == 'root'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- self.final_module_args['rsync_path'] == 'sudo -u root rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.task.become == True
- self.task.become_user == None
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == 'el6host'
- self._play_context.remote_user == 'root'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

65
tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml
View file

@ -1,39 +1,40 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
#rsync_path: rsync
src: /tmp/deleteme
dest: /tmp/deleteme
# rsync_path: rsync
_task:
become: None
become_method: None
become: None
become_method: None
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
become: True
become_method: sudo
remote_addr: el6host
remote_user: root
become: true
become_method: sudo
remote_addr: el6host
remote_user: root
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- "self.final_module_args['rsync_path'] == 'sudo -u root rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.task.become == None"
- "self.task.become_user == None"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == 'el6host'"
- "self._play_context.remote_user == 'root'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- self.final_module_args['rsync_path'] == 'sudo -u root rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.task.become == None
- self.task.become_user == None
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == 'el6host'
- self._play_context.remote_user == 'root'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

47
tests/unit/plugins/action/fixtures/synchronize/basic_vagrant/meta.yaml
View file

@ -1,29 +1,30 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
remote_addr: '127.0.0.1'
remote_user: vagrant
remote_addr: 127.0.0.1
remote_user: vagrant
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['dest_port'] == 2202"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == '127.0.0.1'"
- "self._play_context.remote_user == 'vagrant'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['dest_port'] == 2202
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == '127.0.0.1'
- self._play_context.remote_user == 'vagrant'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

51
tests/unit/plugins/action/fixtures/synchronize/basic_vagrant_become_cli/meta.yaml
View file

@ -1,32 +1,33 @@
---
task:
#become: None
# become: None
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
become: True
remote_addr: '127.0.0.1'
remote_user: vagrant
become: true
remote_addr: 127.0.0.1
remote_user: vagrant
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['dest_port'] == 2202"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == '127.0.0.1'"
- "self._play_context.remote_user == 'vagrant'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['dest_port'] == 2202
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == '127.0.0.1'
- self._play_context.remote_user == 'vagrant'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

47
tests/unit/plugins/action/fixtures/synchronize/basic_vagrant_sudo/meta.yaml
View file

@ -1,29 +1,30 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
remote_addr: '127.0.0.1'
remote_user: vagrant
remote_addr: 127.0.0.1
remote_user: vagrant
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['dest_port'] == 2202"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == '127.0.0.1'"
- "self._play_context.remote_user == 'vagrant'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['dest_port'] == 2202
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == '127.0.0.1'
- self._play_context.remote_user == 'vagrant'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

37
tests/unit/plugins/action/fixtures/synchronize/basic_with_private_key/meta.yaml
View file

@ -1,25 +1,26 @@
---
fixtures:
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
_play_context:
private_key_file: ~/test.pem
private_key_file: ~/test.pem
task_args:
private_key: ~/.ssh/id_rsa
dest: /tmp/deleteme
src: /tmp/deleteme
private_key: ~/.ssh/id_rsa
dest: /tmp/deleteme
src: /tmp/deleteme
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self._play_context.shell == 'sh'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.final_module_args['private_key'] == '~/.ssh/id_rsa'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self._play_context.shell == 'sh'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.final_module_args['private_key'] == '~/.ssh/id_rsa'

39
tests/unit/plugins/action/fixtures/synchronize/delegate_remote/meta.yaml
View file

@ -1,26 +1,27 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
shell: None
remote_addr: u1404
remote_user: root
shell: None
remote_addr: u1404
remote_user: root
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'

43
tests/unit/plugins/action/fixtures/synchronize/delegate_remote_play_context_private_key/meta.yaml
View file

@ -1,28 +1,29 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.final_module_args['private_key'] == '~/test.pem'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.final_module_args['private_key'] == '~/test.pem'

53
tests/unit/plugins/action/fixtures/synchronize/delegate_remote_su/meta.yaml
View file

@ -1,33 +1,34 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
become: True
become_user: None #if ! None|root, different testcase
become_method: su
shell: None
remote_addr: u1404
remote_user: root
become: true
become_user: None # if ! None|root, different testcase
become_method: su
shell: None
remote_addr: u1404
remote_user: root
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self._play_context.remote_addr == 'u1404'"
- "self._play_context.remote_user == 'root'"
- "not self._play_context.become"
- "self._play_context.become_method == 'su'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self._play_context.remote_addr == 'u1404'
- self._play_context.remote_user == 'root'
- not self._play_context.become
- self._play_context.become_method == 'su'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'

45
tests/unit/plugins/action/fixtures/synchronize/delegate_remote_with_private_key/meta.yaml
View file

@ -1,29 +1,30 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
private_key: ~/.ssh/id_rsa
src: /tmp/deleteme
dest: /tmp/deleteme
private_key: ~/.ssh/id_rsa
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.final_module_args['private_key'] == '~/.ssh/id_rsa'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.final_module_args['private_key'] == '~/.ssh/id_rsa'

2
tests/unit/requirements.yml
View file

@ -1,3 +1,3 @@
---
collections:
- community.general
- community.general