mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-05-03 17:03:06 +00:00
23396e62dc
* Implement integration test to reproduce #7463 * Make new iptables_state checks async * Add missing commit to iptable_state integration test * Remove async when using checkmode in iptables_state integration tests * Do per table comparison in check mode for iptables_state * Calculate changes of iptables state per table based on result * Output target iptables state in checkmode * Refactor calculation of invidual table states in iptables_state * Add missing return for table calculation * Add missing arg to regex check * Remove leftover debug output for target iptable state * Parse per table state from raw state string * Join restored state for extration of table specific rules * Switch arguments for joining restored iptable state * Output final ip table state * Compare content of tables * Complete iptables partial tables test cases * Correct order of test iptables data * Update docu for iptables tables_after * Add changelog fragment * Appease the linting gods for iptables_state * Adjust spelling and remove tables_after from return values
66 lines
No EOL
1.6 KiB
YAML
66 lines
No EOL
1.6 KiB
YAML
---
|
|
# Copyright (c) Ansible Project
|
|
# GNU General Public License v3.0+ (see LICENSES/GPL-3.0-or-later.txt or https://www.gnu.org/licenses/gpl-3.0.txt)
|
|
# SPDX-License-Identifier: GPL-3.0-or-later
|
|
|
|
- name: "Create initial rule set to use"
|
|
copy:
|
|
dest: "{{ iptables_tests }}"
|
|
content: |
|
|
*filter
|
|
:INPUT ACCEPT [0:0]
|
|
:FORWARD ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
COMMIT
|
|
*nat
|
|
:PREROUTING ACCEPT [151:17304]
|
|
:INPUT ACCEPT [151:17304]
|
|
:OUTPUT ACCEPT [151:17304]
|
|
:POSTROUTING ACCEPT [151:17304]
|
|
-A POSTROUTING -o eth0 -j MASQUERADE
|
|
COMMIT
|
|
|
|
- name: "Restore initial state"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
|
|
- name: "Create partial ruleset only specifying input"
|
|
copy:
|
|
dest: "{{ iptables_tests }}"
|
|
content: |
|
|
*filter
|
|
:INPUT ACCEPT [0:0]
|
|
:FORWARD ACCEPT [0:0]
|
|
:OUTPUT ACCEPT [0:0]
|
|
-A INPUT -m state --state NEW,ESTABLISHED -j ACCEPT
|
|
COMMIT
|
|
|
|
- name: "Check restoring partial state"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
check_mode: true
|
|
register: iptables_state
|
|
|
|
|
|
- name: "assert that no changes are detected in check mode"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed
|
|
|
|
- name: "Restore partial state"
|
|
iptables_state:
|
|
path: "{{ iptables_tests }}"
|
|
state: restored
|
|
register: iptables_state
|
|
async: "{{ ansible_timeout }}"
|
|
poll: 0
|
|
|
|
- name: "assert that no changes are made"
|
|
assert:
|
|
that:
|
|
- iptables_state is not changed |