Skip to content

Commit bf66a43

Browse files
richmrichm
authored
remove customzone zone in cleanup (#74)
* remove customzone zone in cleanup * fix test failure in tests_purge_config; add cleanups * ensure default zone is set to other than dmz for test
1 parent 361cb02 commit bf66a43

File tree

4 files changed

+393
-337
lines changed

4 files changed

+393
-337
lines changed

tests/tests_ansible.yml

Lines changed: 53 additions & 44 deletions
Original file line numberDiff line numberDiff line change
@@ -361,6 +361,9 @@
361361
register: result
362362
failed_when: result is failed or result is changed
363363

364+
- name: Set the default zone to something other than dmz
365+
command: firewall-cmd --set-default-zone public
366+
364367
- name: set default zone
365368
firewall_lib:
366369
set_default_zone: dmz
@@ -375,49 +378,55 @@
375378
register: result
376379
failed_when: result is failed or result is changed
377380

378-
379381
always:
380382

381-
# CLEANUP: RESET TO ZONE DEFAULTS
382-
383-
- name: Remove custom zone
384-
command: firewall-cmd --permanent --delete-zone=custom
385-
register: result
386-
failed_when: result.failed and "INVALID_ZONE" not in result.stderr
387-
388-
- name: Reset internal zone to defaults
389-
command: firewall-cmd --permanent --load-zone-defaults=internal
390-
register: result
391-
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
392-
393-
- name: Reset trusted zone to defaults
394-
command: firewall-cmd --permanent --load-zone-defaults=trusted
395-
register: result
396-
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
397-
398-
- name: Reset dmz zone to defaults
399-
command: firewall-cmd --permanent --load-zone-defaults=dmz
400-
register: result
401-
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
402-
403-
- name: Reset drop zone to defaults
404-
command: firewall-cmd --permanent --load-zone-defaults=drop
405-
register: result
406-
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
407-
408-
- name: Reset public zone to defaults
409-
command: firewall-cmd --permanent --load-zone-defaults=public
410-
register: result
411-
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
412-
413-
- name: Reset default zone to defaults
414-
shell:
415-
cmd: |
416-
firewall-cmd --permanent --load-zone-defaults=public
417-
register: result
418-
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
419-
420-
- name: Reload firewalld
421-
command: firewall-cmd --reload
422-
register: result
423-
failed_when: result.failed or not result.changed
383+
- name: Cleanup
384+
tags:
385+
- tests::cleanup
386+
block:
387+
# CLEANUP: RESET TO ZONE DEFAULTS
388+
389+
- name: Remove custom zone
390+
command: firewall-cmd --permanent --delete-zone=custom
391+
register: result
392+
failed_when: result.failed and "INVALID_ZONE" not in result.stderr
393+
394+
- name: Remove customzone zone
395+
command: firewall-cmd --permanent --delete-zone=customzone
396+
register: result
397+
failed_when: result.failed and "INVALID_ZONE" not in result.stderr
398+
399+
- name: Reset internal zone to defaults
400+
command: firewall-cmd --permanent --load-zone-defaults=internal
401+
register: result
402+
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
403+
404+
- name: Reset trusted zone to defaults
405+
command: firewall-cmd --permanent --load-zone-defaults=trusted
406+
register: result
407+
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
408+
409+
- name: Reset dmz zone to defaults
410+
command: firewall-cmd --permanent --load-zone-defaults=dmz
411+
register: result
412+
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
413+
414+
- name: Reset drop zone to defaults
415+
command: firewall-cmd --permanent --load-zone-defaults=drop
416+
register: result
417+
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
418+
419+
- name: Reset public zone to defaults
420+
command: firewall-cmd --permanent --load-zone-defaults=public
421+
register: result
422+
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
423+
424+
- name: Reset default zone to defaults
425+
command: firewall-cmd --permanent --load-zone-defaults=public
426+
register: result
427+
failed_when: result.failed and "NO_DEFAULTS" not in result.stderr
428+
429+
- name: Reload firewalld
430+
command: firewall-cmd --reload
431+
register: result
432+
failed_when: result.failed or not result.changed

tests/tests_purge_config.yml

Lines changed: 133 additions & 101 deletions
Original file line numberDiff line numberDiff line change
@@ -22,104 +22,136 @@
2222
- service: http
2323
state: enabled
2424
tasks:
25-
- name: Run the role with no config
26-
include_role:
27-
name: linux-system-roles.firewall
28-
29-
- name: Verify that nothing changed
30-
fail:
31-
msg: The role changed something
32-
when: firewall_lib_result.changed
33-
34-
- name: Apply basic config
35-
include_role:
36-
name: linux-system-roles.firewall
37-
vars:
38-
firewall: "{{ basic_config }}"
39-
40-
- name: Verify role reports changed
41-
fail:
42-
msg: The role reported no changes
43-
when: not firewall_lib_result.changed
44-
45-
- name: Apply again basic config
46-
include_role:
47-
name: linux-system-roles.firewall
48-
vars:
49-
firewall: "{{ basic_config }}"
50-
51-
- name: Verify role reports nothing changed
52-
fail:
53-
msg: The role reported changes
54-
when: firewall_lib_result.changed
55-
56-
- name: Use previous replaced and basic config
57-
include_role:
58-
name: linux-system-roles.firewall
59-
vars:
60-
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"
61-
62-
- name: Verify role reports changes
63-
fail:
64-
msg: The role reported no changes
65-
when: not firewall_lib_result.changed
66-
67-
- name: Use again previous replaced and basic config
68-
include_role:
69-
name: linux-system-roles.firewall
70-
vars:
71-
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"
72-
73-
- name: Verify role reports no changes
74-
fail:
75-
msg: The role reported changes
76-
when: firewall_lib_result.changed
77-
78-
- name: Apply basic config
79-
include_role:
80-
name: linux-system-roles.firewall
81-
vars:
82-
firewall: "{{ basic_config }}"
83-
84-
- name: Verify role reports no changes
85-
fail:
86-
msg: The role reported changes
87-
when: firewall_lib_result.changed
88-
89-
- name: Use only previous replaced
90-
include_role:
91-
name: linux-system-roles.firewall
92-
vars:
93-
firewall:
94-
- previous: replaced
95-
96-
- name: Verify role reports changed
97-
fail:
98-
msg: The role reported no changes
99-
when: not firewall_lib_result.changed
100-
101-
- name: Apply only default zone
102-
include_role:
103-
name: linux-system-roles.firewall
104-
vars:
105-
firewall:
106-
- set_default_zone: dmz
107-
state: enabled
108-
109-
- name: Verify role reports changed
110-
fail:
111-
msg: The role reported no changes
112-
when: not firewall_lib_result.changed
113-
114-
- name: Apply only default zone again
115-
include_role:
116-
name: linux-system-roles.firewall
117-
vars:
118-
firewall:
119-
- set_default_zone: dmz
120-
state: enabled
121-
122-
- name: Verify role reports not changed
123-
fail:
124-
msg: The role reported changes
125-
when: firewall_lib_result.changed
25+
- name: Run previous replaced tests
26+
block:
27+
- name: Start from a clean slate
28+
include_role:
29+
name: linux-system-roles.firewall
30+
vars:
31+
firewall:
32+
- previous: replaced
33+
34+
- name: Run the role with no config
35+
include_role:
36+
name: linux-system-roles.firewall
37+
38+
- name: Verify that nothing changed
39+
fail:
40+
msg: The role changed something
41+
when: firewall_lib_result.changed
42+
43+
- name: Apply basic config
44+
include_role:
45+
name: linux-system-roles.firewall
46+
vars:
47+
firewall: "{{ basic_config }}"
48+
49+
- name: Verify role reports changed
50+
fail:
51+
msg: The role reported no changes
52+
when: not firewall_lib_result.changed
53+
54+
- name: Apply again basic config
55+
include_role:
56+
name: linux-system-roles.firewall
57+
vars:
58+
firewall: "{{ basic_config }}"
59+
60+
- name: Verify role reports nothing changed
61+
fail:
62+
msg: The role reported changes
63+
when: firewall_lib_result.changed
64+
65+
- name: Use previous replaced and basic config
66+
include_role:
67+
name: linux-system-roles.firewall
68+
vars:
69+
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"
70+
71+
- name: Verify role reports no changes
72+
fail:
73+
msg: The role reported changes
74+
when: firewall_lib_result.changed
75+
76+
- name: Use again previous replaced and basic config
77+
include_role:
78+
name: linux-system-roles.firewall
79+
vars:
80+
firewall: "{{ basic_config + [{'previous': 'replaced'}] }}"
81+
82+
- name: Verify role reports no changes
83+
fail:
84+
msg: The role reported changes
85+
when: firewall_lib_result.changed
86+
87+
- name: Apply basic config
88+
include_role:
89+
name: linux-system-roles.firewall
90+
vars:
91+
firewall: "{{ basic_config }}"
92+
93+
- name: Verify role reports no changes
94+
fail:
95+
msg: The role reported changes
96+
when: firewall_lib_result.changed
97+
98+
- name: Use only previous replaced
99+
include_role:
100+
name: linux-system-roles.firewall
101+
vars:
102+
firewall:
103+
- previous: replaced
104+
105+
- name: Verify role reports changed
106+
fail:
107+
msg: The role reported no changes
108+
when: not firewall_lib_result.changed
109+
110+
- name: Apply only default zone
111+
include_role:
112+
name: linux-system-roles.firewall
113+
vars:
114+
firewall:
115+
- set_default_zone: dmz
116+
state: enabled
117+
118+
- name: Verify role reports changed
119+
fail:
120+
msg: The role reported no changes
121+
when: not firewall_lib_result.changed
122+
123+
- name: Apply only default zone again
124+
include_role:
125+
name: linux-system-roles.firewall
126+
vars:
127+
firewall:
128+
- set_default_zone: dmz
129+
state: enabled
130+
131+
- name: Verify role reports not changed
132+
fail:
133+
msg: The role reported changes
134+
when: firewall_lib_result.changed
135+
136+
- name: Apply only default zone again with previous replaced
137+
include_role:
138+
name: linux-system-roles.firewall
139+
vars:
140+
firewall:
141+
- previous: replaced
142+
- set_default_zone: dmz
143+
state: enabled
144+
145+
- name: Verify role reports not changed
146+
fail:
147+
msg: The role reported changes
148+
when: firewall_lib_result.changed
149+
always:
150+
- name: Cleanup
151+
tags:
152+
- tests::cleanup
153+
include_role:
154+
name: linux-system-roles.firewall
155+
vars:
156+
firewall:
157+
- previous: replaced

0 commit comments

Comments
 (0)