carroarmato0/ansible.posix
1
0
Fork 0
mirror of https://github.com/ansible-collections/ansible.posix.git synced 2026-01-12 23:55:19 +01:00
Code Issues Projects Releases Packages Wiki Activity

refactor to comply with current ansible-lint guidelines

Browse source 
Signed-off-by: Adam Miller <admiller@redhat.com>
This commit is contained in:
Adam Miller 2023-11-30 23:23:16 -06:00
parent 05ee6ebc2a
commit 280af6e372
66 changed files with 2531 additions and 2322 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
.azure-pipelines/azure-pipelines.yml
View file

@ -1,3 +1,4 @@
---
trigger:
batch: true
branches:
@ -13,7 +14,7 @@ pr:
- stable-*
schedules:
- cron: 0 9 * * *
- cron: "0 9 * * *"
displayName: Nightly
always: true
branches:
@ -41,7 +42,6 @@ resources:
pool: Standard
stages:
- stage: Sanity_devel
displayName: Ansible devel sanity
dependsOn: []
@ -49,14 +49,14 @@ stages:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: "devel/{0}"
testFormat: devel/{0}
targets:
- name: Sanity
test: sanity
- name: Units
test: units
# - name: Lint
# test: lint
# - name: Lint
# test: lint
- stage: Sanity_2_16
displayName: Ansible 2.16 sanity
dependsOn: []
@ -64,7 +64,7 @@ stages:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: "2.16/{0}"
testFormat: 2.16/{0}
targets:
- name: Sanity
test: sanity
@ -77,7 +77,7 @@ stages:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: "2.15/{0}"
testFormat: 2.15/{0}
targets:
- name: Sanity
test: sanity
@ -90,7 +90,7 @@ stages:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: "2.14/{0}"
testFormat: 2.14/{0}
targets:
- name: Sanity
test: sanity
@ -103,13 +103,13 @@ stages:
- template: templates/matrix.yml
parameters:
nameFormat: "{0}"
testFormat: "2.9/{0}"
testFormat: 2.9/{0}
targets:
- name: Sanity
test: sanity
- name: Units
test: units
## Docker
## Docker
- stage: Docker_devel
displayName: Docker devel
dependsOn: []
@ -198,7 +198,7 @@ stages:
- name: Ubuntu 18.04
test: ubuntu1804
## Remote
## Remote
- stage: Remote_devel
displayName: Remote devel
dependsOn: []
@ -273,7 +273,7 @@ stages:
- name: RHEL 8.1
test: rhel/8.1
## Finally
## Finally
- stage: Summary
condition: succeededOrFailed()

1
.github/BOTMETA.yml vendored
View file

@ -1,3 +1,4 @@
---
automerge: false
files:
$module_utils/mount.py:

1
codecov.yml
View file

@ -1 +1,2 @@
---
comment: false

1
galaxy.yml
View file

@ -1,3 +1,4 @@
---
namespace: ansible
name: posix
version: 1.5.4

4
meta/runtime.yml
View file

@ -1,8 +1,8 @@
---
requires_ansible: '>=2.9'
requires_ansible: ">=2.14.0"
plugin_routing:
callback:
skippy:
deprecation:
removal_date: '2022-06-01'
removal_date: "2022-06-01"
warning_text: See the plugin documentation for more details

16
plugins/doc_fragments/synchronize.py Normal file
View file

@ -0,0 +1,16 @@
# -*- coding: utf-8 -*-
# Copyright: Ansible Project
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
from __future__ import annotations
class ModuleDocFragment(object):
DOCUMENTATION = r'''
use_ssh_args:
description:
- In Ansible 2.10 and lower, it uses the ssh_args specified in C(ansible.cfg).
- In Ansible 2.11 and onwards, when set to C(true), it uses all SSH connection configurations like
C(ansible_ssh_args), C(ansible_ssh_common_args), and C(ansible_ssh_extra_args).
type: bool
default: false
'''

11
plugins/modules/synchronize.py
View file

@ -135,13 +135,6 @@ options:
that does not match the inventory user, you should set this parameter to C(false).
type: bool
default: true
use_ssh_args:
description:
- In Ansible 2.10 and lower, it uses the ssh_args specified in C(ansible.cfg).
- In Ansible 2.11 and onwards, when set to C(true), it uses all SSH connection configurations like
C(ansible_ssh_args), C(ansible_ssh_common_args), and C(ansible_ssh_extra_args).
type: bool
default: false
ssh_connection_multiplexing:
description:
- SSH connection multiplexing for rsync is disabled by default to prevent misconfigured ControlSockets from resulting in failed SSH connections.
@ -211,6 +204,8 @@ notes:
encounters an error. Those synchronizing large numbers of files that are willing to trade safety for performance should disable this option.
- link_destination is subject to the same limitations as the underlying rsync daemon. Hard links are only preserved if the relative subtrees
of the source and destination are the same. Attempts to hardlink into a directory that is a subdirectory of the source will be prevented.
extends_documentation_fragment:
- synchronize
seealso:
- module: ansible.builtin.copy
- module: community.windows.win_robocopy
@ -235,7 +230,7 @@ EXAMPLES = r'''
src: rsync://somehost.com/path/
dest: /some/absolute/path/
- name: Synchronization using rsync protocol on delegate host (push)
- name: Synchronization using rsync protocol on delegate host (push)
ansible.posix.synchronize:
src: /some/absolute/path/
dest: rsync://somehost.com/path/

13
shippable.yml
View file

@ -1,3 +1,4 @@
---
language: python
env:
@ -15,14 +16,14 @@ matrix:
- env: T=2.9/freebsd/12.0/1
- env: T=2.9/linux/centos6/1
- env: T=2.9/linux/centos7/1
# - env: T=2.9/linux/centos8/1
# - env: T=2.9/linux/centos8/1
- env: T=2.9/linux/fedora30/1
- env: T=2.9/linux/fedora31/1
- env: T=2.9/linux/opensuse15py2/1
- env: T=2.9/linux/opensuse15/1
- env: T=2.9/linux/ubuntu1604/1
- env: T=2.9/linux/ubuntu1804/1
# - env: T=2.10/aix/7.2/1
# - env: T=2.10/aix/7.2/1
- env: T=2.10/osx/10.11/1
- env: T=2.10/rhel/7.6/1
- env: T=2.10/rhel/8.2/1
@ -30,14 +31,14 @@ matrix:
- env: T=2.10/freebsd/12.1/1
- env: T=2.10/linux/centos6/1
- env: T=2.10/linux/centos7/1
# - env: T=2.10/linux/centos8/1
# - env: T=2.10/linux/centos8/1
- env: T=2.10/linux/fedora30/1
- env: T=2.10/linux/fedora31/1
- env: T=2.10/linux/opensuse15py2/1
- env: T=2.10/linux/opensuse15/1
- env: T=2.10/linux/ubuntu1604/1
- env: T=2.10/linux/ubuntu1804/1
# - env: T=devel/aix/7.2/1
# - env: T=devel/aix/7.2/1
- env: T=devel/osx/10.11/1
- env: T=devel/rhel/7.6/1
- env: T=devel/rhel/8.1/1
@ -45,7 +46,7 @@ matrix:
- env: T=devel/freebsd/12.1/1
- env: T=devel/linux/centos6/1
- env: T=devel/linux/centos7/1
# - env: T=devel/linux/centos8/1
# - env: T=devel/linux/centos8/1
- env: T=devel/linux/fedora30/1
- env: T=devel/linux/fedora31/1
- env: T=devel/linux/opensuse15py2/1
@ -56,7 +57,7 @@ matrix:
branches:
except:
- "*-patch-*"
- "revert-*-*"
- revert-*-*
build:
ci:

2
tests/integration/requirements.yml
View file

@ -1,3 +1,3 @@
---
collections:
- community.general
- community.general

121
tests/integration/targets/acl/tasks/acl.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -16,35 +17,38 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Create ansible user
user:
ansible.builtin.user:
name: "{{ test_user }}"
- name: Create ansible group
group:
ansible.builtin.group:
name: "{{ test_group }}"
- name: Clean up working directory and files
file:
ansible.builtin.file:
path: "{{ output_dir }}"
state: absent
- name: Create working directory
file:
ansible.builtin.file:
path: "{{ output_dir }}"
state: directory
mode: "0755"
- name: Create ansible file
file:
ansible.builtin.file:
path: "{{ test_file }}"
state: touch
mode: "0755"
- name: Create ansible dir
file:
ansible.builtin.file:
path: "{{ test_dir }}"
state: directory
mode: "0755"
##############################################################################
- name: Grant ansible user read access to a file
acl:
ansible.posix.acl:
path: "{{ test_file }}"
entity: "{{ test_user }}"
etype: user
@ -52,12 +56,13 @@
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_file | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_file | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify Output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -65,16 +70,17 @@
- "'user:{{ test_user }}:r--' in getfacl_output.stdout_lines"
##############################################################################
- name: Obtain the acl for a specific file
acl:
ansible.posix.acl:
path: "{{ test_file }}"
register: output
- name: get getfacl output
shell: "getfacl {{ test_file | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_file | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is not changed
- output is not failed
@ -90,19 +96,20 @@
- "'other::r--' in getfacl_output.stdout_lines"
##############################################################################
- name: Removes the acl for ansible user on a specific file
acl:
ansible.posix.acl:
path: "{{ test_file }}"
entity: "{{ test_user }}"
etype: user
state: absent
register: output
- name: get getfacl output
shell: "getfacl {{ test_file | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_file | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -110,21 +117,22 @@
- "'user:{{ test_user }}:r--' not in getfacl_output.stdout_lines"
##############################################################################
- name: Sets default acl for ansible user on ansible dir
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entity: "{{ test_user }}"
etype: user
permissions: rw
default: yes
default: true
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -132,22 +140,24 @@
- "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Cleanup
shell: "setfacl -b {{ test_dir | quote }}"
ansible.builtin.command: /bin/setfacl -b {{ test_dir | quote }}
changed_when: false
##############################################################################
- name: Same as previous but using entry shorthand
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "user:{{ test_user }}:rw-"
default: yes
entry: user:{{ test_user }}:rw-
default: true
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
@ -155,19 +165,20 @@
- "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Same as previous, to test idempotence
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "user:{{ test_user }}:rw-"
default: yes
entry: user:{{ test_user }}:rw-
default: true
state: present
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is not changed
- output is not failed
@ -175,32 +186,34 @@
- "'default:user:{{ test_user }}:rw-' in getfacl_output.stdout_lines"
##############################################################################
- name: Cleanup
shell: "setfacl -b {{ test_dir | quote }}"
ansible.builtin.command: /bin/setfacl -b {{ test_dir | quote }}
changed_when: false
##############################################################################
- name: Set default acls
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "{{ item }}"
default: yes
default: true
state: present
with_items:
- "user:{{ test_user }}:rw-"
- "group:{{ test_group }}:rw-"
- user:{{ test_user }}:rw-
- group:{{ test_group }}:rw-
- name: Remove default group test_user acl
acl:
ansible.posix.acl:
path: "{{ test_dir }}"
entry: "group:{{ test_group }}:rw-"
default: yes
entry: group:{{ test_group }}:rw-
default: true
state: absent
register: output
- name: get getfacl output
shell: "getfacl {{ test_dir | quote }}"
- name: Get getfacl output
ansible.builtin.command: /bin/getfacl {{ test_dir | quote }}
changed_when: false
register: getfacl_output
- name: verify output
assert:
- name: Verify output
ansible.builtin.assert:
that:
- output is changed
- output is not failed

30
tests/integration/targets/acl/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -15,22 +16,21 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- block:
- include_tasks: acl.yml
when: ansible_system == 'Linux' # TODO enable acls mount option on FreeBSD to test it there too
always:
- name: delete created directory and file
file:
path: '{{ item }}'
state: absent
with_items:
- '{{ test_dir }}'
- '{{ test_file }}'
- name: Test ACL
vars:
test_user: ansible_user
test_group: ansible_group
test_file: '{{ output_dir }}/ansible file'
test_file: "{{ output_dir }}/ansible file"
test_dir: "{{ output_dir }}/ansible_dir/with some space"
block:
- name: Include tests task file
ansible.builtin.include_tasks: acl.yml
when: ansible_system == 'Linux' # TODO enable acls mount option on FreeBSD to test it there too
always:
- name: Delete created directory and file
ansible.builtin.file:
path: "{{ item }}"
state: absent
with_items:
- "{{ test_dir }}"
- "{{ test_file }}"

1
tests/integration/targets/at/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

66
tests/integration/targets/at/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# Test code for the at module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
@ -16,47 +17,56 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- set_fact: output_dir_test={{output_dir}}/at
- name: Set output_dir_test fast
ansible.builtin.set_fact:
output_dir_test: "{{ output_dir }}/at"
- name: make sure our testing sub-directory does not exist
file: path="{{ output_dir_test }}" state=absent
- name: Make sure our testing sub-directory does not exist
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: absent
- name: create our testing sub-directory
file: path="{{ output_dir_test }}" state=directory
- name: Create our testing sub-directory
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: directory
mode: "0755"
##
## at
##
- name: define distros to attempt installing at on
set_fact:
- name: Define distros to attempt installing at on
ansible.builtin.set_fact:
package_distros:
- RedHat
- CentOS
- ScientificLinux
- Fedora
- Ubuntu
- Debian
- openSUSE Leap
- RedHat
- CentOS
- ScientificLinux
- Fedora
- Ubuntu
- Debian
- openSUSE Leap
- name: ensure at is installed
package:
- name: Ensure at is installed
ansible.builtin.package:
name: at
state: present
when: ansible_distribution in package_distros
- name: run the first example
at:
command: "ls -d / > /dev/null"
- name: Run the first example
ansible.posix.at:
command: ls -d / > /dev/null
count: 20
units: minutes
register: at_test0
- debug: var=at_test0
- name: validate results
assert:
that:
- 'at_test0.changed is defined'
- 'at_test0.count is defined'
- 'at_test0.script_file is defined'
- 'at_test0.state is defined'
- 'at_test0.units is defined'
- name: Debug var=at_test0
ansible.builtin.debug:
var: at_test0
- name: Validate results
ansible.builtin.assert:
that:
- at_test0.changed is defined
- at_test0.count is defined
- at_test0.script_file is defined
- at_test0.state is defined
- at_test0.units is defined

31
tests/integration/targets/authorized_key/defaults/main.yml
View file

@ -1,3 +1,4 @@
---
dss_key_basic: ssh-dss DATA_BASIC root@testing
dss_key_unquoted_option: idle-timeout=5m ssh-dss DATA_UNQUOTED_OPTION root@testing
dss_key_command: command="/bin/true" ssh-dss DATA_COMMAND root@testing
@ -8,27 +9,27 @@ dss_key_trailing: ssh-dss DATA_TRAILING root@testing foo bar baz
rsa_key_basic: ssh-rsa DATA_BASIC root@testing
multiple_key_base: |
ssh-rsa DATA_BASIC 1@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-rsa DATA_BASIC 1@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_different_order: |
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_different_order_2: |
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-rsa WHATEVER 2.5@testing
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-dss DATA_TRAILING 2@testing foo bar baz
ssh-rsa WHATEVER 2.5@testing
ssh-dss DATA_TRAILING 3@testing foo bar baz
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_key_exclusive: |
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
ssh-rsa DATA_BASIC 1@testing
ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
multiple_keys_comments: |
ssh-rsa DATA_BASIC 1@testing

1
tests/integration/targets/authorized_key/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

19
tests/integration/targets/authorized_key/tasks/check_mode.yml
View file

@ -1,34 +1,37 @@
---
# -------------------------------------------------------------
# check mode
- name: CHECK MODE | copy an existing file in place with comments
copy:
ansible.builtin.copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
mode: "0600"
- name: CHECK MODE | add key in check mode to validate return codes
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_different_order_2 }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
check_mode: True
check_mode: true
register: result
- name: CHECK MODE | assert that authorized_keys return values are consistent
assert:
ansible.builtin.assert:
that:
- 'result.changed == True'
- result.changed == True
- '"user" in result'
- '"key" in result'
- name: CHECK MODE | recopy authorized_keys to ensure it was not changed
copy:
ansible.builtin.copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
mode: "0600"
register: result
- name: CHECK MODE | assert that the authorized_keys file was not changed
assert:
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False

20
tests/integration/targets/authorized_key/tasks/comments.yml
View file

@ -1,8 +1,9 @@
---
# -------------------------------------------------------------
# comments
- name: Add rsa key with existing comment
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ rsa_key_basic }}"
state: present
@ -10,7 +11,7 @@
register: result
- name: Change the comment on an existing key
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ rsa_key_basic }}"
comment: user@acme.com
@ -18,18 +19,18 @@
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: false
register: content
- name: Assert that comment on an existing key was changed
assert:
ansible.builtin.assert:
that:
- "'user@acme.com' in content.stdout"
- name: Set the same key with comment to ensure no changes are reported
authorized_key:
ansible.posix.authorized_key:
user: root
key: "{{ rsa_key_basic }}"
comment: user@acme.com
@ -38,11 +39,12 @@
register: result
- name: Assert that no changes were made when running again
assert:
ansible.builtin.assert:
that:
- not result.changed
- debug:
- name: Debug the result and content
ansible.builtin.debug:
var: "{{ item }}"
verbosity: 1
with_items:

11
tests/integration/targets/authorized_key/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# test code for the authorized_key module
# - (c) 2014, James Cammarata <jcammarata@ansible.com>
# - (c) 2021, Hideki Saito <saito@fgrep.org>
@ -17,16 +18,16 @@
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: Setup testing environment
import_tasks: setup_steps.yml
ansible.builtin.import_tasks: setup_steps.yml
- name: Test for multiple keys handling
import_tasks: multiple_keys.yml
ansible.builtin.import_tasks: multiple_keys.yml
- name: Test for ssh-dss key handling
import_tasks: ssh_dss.yml
ansible.builtin.import_tasks: ssh_dss.yml
- name: Test for check mode
import_tasks: check_mode.yml
ansible.builtin.import_tasks: check_mode.yml
- name: Test for the management of comments with key
import_tasks: comments.yml
ansible.builtin.import_tasks: comments.yml

89
tests/integration/targets/authorized_key/tasks/multiple_keys.yml
View file

@ -1,38 +1,39 @@
---
# -------------------------------------------------------------
# multiple keys
- name: add multiple keys
authorized_key:
- name: Add multiple keys
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_base }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_base'
- 'result.key_options == None'
- result.changed == True
- result.key == multiple_key_base
- result.key_options == None
- name: add multiple keys different order
authorized_key:
- name: Add multiple keys different order
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_different_order }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_different_order'
- 'result.key_options == None'
- result.changed == True
- result.key == multiple_key_different_order
- result.key_options == None
- name: add multiple keys exclusive
authorized_key:
- name: Add multiple keys exclusive
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_exclusive }}"
state: present
@ -40,42 +41,42 @@
exclusive: true
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == multiple_key_exclusive'
- 'result.key_options == None'
- result.changed == True
- result.key == multiple_key_exclusive
- result.key_options == None
- name: add multiple keys in different calls
authorized_key:
- name: Add multiple keys in different calls
ansible.posix.authorized_key:
user: root
key: "ecdsa-sha2-nistp521 ECDSA_DATA 4@testing"
key: ecdsa-sha2-nistp521 ECDSA_DATA 4@testing
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: add multiple keys in different calls
authorized_key:
- name: Add multiple keys in different calls
ansible.posix.authorized_key:
user: root
key: "ssh-rsa DATA_BASIC 1@testing"
key: ssh-rsa DATA_BASIC 1@testing
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: multiple_keys_at_a_time
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == false'
- 'multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()'
- result.changed == false
- multiple_keys_at_a_time.stdout == multiple_key_exclusive.strip()
- name: add multiple keys comment
authorized_key:
- name: Add multiple keys comment
ansible.posix.authorized_key:
user: root
key: "{{ multiple_keys_comments }}"
state: present
@ -83,14 +84,14 @@
exclusive: true
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: multiple_keys_comments
- name: assert that the keys exist and comment only lines were not added
assert:
- name: Assert that the keys exist and comment only lines were not added
ansible.builtin.assert:
that:
- 'result.changed == False'
- 'multiple_keys_comments.stdout == multiple_key_exclusive.strip()'
- 'result.key_options == None'
- result.changed == False
- multiple_keys_comments.stdout == multiple_key_exclusive.strip()
- result.key_options == None

48
tests/integration/targets/authorized_key/tasks/setup_steps.yml
View file

@ -1,37 +1,40 @@
---
# -------------------------------------------------------------
# Setup steps
- name: Clean up the working directory and files
file:
path: '{{ output_dir }}'
ansible.builtin.file:
path: "{{ output_dir }}"
state: absent
- name: Create the working directory
file:
path: '{{ output_dir }}'
ansible.builtin.file:
path: "{{ output_dir }}"
state: directory
mode: "0744"
- name: copy an existing file in place with comments
copy:
- name: Copy an existing file in place with comments
ansible.builtin.copy:
src: existing_authorized_keys
dest: "{{ output_dir | expanduser }}/authorized_keys"
mode: "0600"
- name: add multiple keys different order
authorized_key:
- name: Add multiple keys different order
ansible.posix.authorized_key:
user: root
key: "{{ multiple_key_different_order_2 }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys"
changed_when: false
register: multiple_keys_existing
- name: assert that the key was added and comments and ordering preserved
assert:
- name: Assert that the key was added and comments and ordering preserved
ansible.builtin.assert:
that:
- 'result.changed == True'
- result.changed == True
- '"# I like candy" in multiple_keys_existing.stdout'
- '"# I like candy" in multiple_keys_existing.stdout_lines[0]'
- '"ssh-rsa DATA_BASIC 1@testing" in multiple_keys_existing.stdout'
@ -41,19 +44,20 @@
# start afresh
- name: remove file foo.txt
file:
- name: Remove file foo.txt
ansible.builtin.file:
path: "{{ output_dir | expanduser }}/authorized_keys"
state: absent
- name: touch the authorized_keys file
file:
- name: Touch the authorized_keys file
ansible.builtin.file:
dest: "{{ output_dir }}/authorized_keys"
state: touch
mode: "0600"
register: result
- name: assert that the authorized_keys file was created
assert:
- name: Assert that the authorized_keys file was created
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.state == "file"'
- result.changed == True
- result.state == "file"

205
tests/integration/targets/authorized_key/tasks/ssh_dss.yml
View file

@ -1,241 +1,250 @@
---
# -------------------------------------------------------------
# basic ssh-dss key
- name: add basic ssh-dss key
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
- name: Add basic ssh-dss key
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_basic
- result.key_options == None
- name: re-add basic ssh-dss key
authorized_key: user=root key="{{ dss_key_basic }}" state=present path="{{ output_dir | expanduser }}/authorized_keys"
- name: Re-add basic ssh-dss key
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with an unquoted option
- name: add ssh-dss key with an unquoted option
authorized_key:
- name: Add ssh-dss key with an unquoted option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_unquoted_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_unquoted_option'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_unquoted_option
- result.key_options == None
- name: re-add ssh-dss key with an unquoted option
authorized_key:
- name: Re-add ssh-dss key with an unquoted option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_unquoted_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a leading command="/bin/foo"
- name: add ssh-dss key with a leading command
authorized_key:
- name: Add ssh-dss key with a leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_command
- result.key_options == None
- name: re-add ssh-dss key with a leading command
authorized_key:
- name: Re-add ssh-dss key with a leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a complex quoted leading command
# ie. command="/bin/echo foo 'bar baz'"
- name: add ssh-dss key with a complex quoted leading command
authorized_key:
- name: Add ssh-dss key with a complex quoted leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_complex_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_complex_command'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_complex_command
- result.key_options == None
- name: re-add ssh-dss key with a complex quoted leading command
authorized_key:
- name: Re-add ssh-dss key with a complex quoted leading command
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_complex_command }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a command and a single option, which are
# in a comma-separated list
- name: add ssh-dss key with a command and a single option
authorized_key:
- name: Add ssh-dss key with a command and a single option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_single_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command_single_option'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_command_single_option
- result.key_options == None
- name: re-add ssh-dss key with a command and a single option
authorized_key:
- name: Re-add ssh-dss key with a command and a single option
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_single_option }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with a command and multiple other options
- name: add ssh-dss key with a command and multiple options
authorized_key:
- name: Add ssh-dss key with a command and multiple options
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_multiple_options }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_command_multiple_options'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_command_multiple_options
- result.key_options == None
- name: re-add ssh-dss key with a command and multiple options
authorized_key:
- name: Re-add ssh-dss key with a command and multiple options
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_command_multiple_options }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# ssh-dss key with multiple trailing parts, which are space-
# separated and not quoted in any way
- name: add ssh-dss key with trailing parts
authorized_key:
- name: Add ssh-dss key with trailing parts
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_trailing }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key was added
assert:
- name: Assert that the key was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_trailing'
- 'result.key_options == None'
- result.changed == True
- result.key == dss_key_trailing
- result.key_options == None
- name: re-add ssh-dss key with trailing parts
authorized_key:
- name: Re-add ssh-dss key with trailing parts
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_trailing }}"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that nothing changed
assert:
- name: Assert that nothing changed
ansible.builtin.assert:
that:
- 'result.changed == False'
- result.changed == False
# -------------------------------------------------------------
# basic ssh-dss key with mutliple permit-open options
# https://github.com/ansible/ansible-modules-core/issues/1715
- name: add basic ssh-dss key with multi-opts
authorized_key:
- name: Add basic ssh-dss key with multi-opts
ansible.posix.authorized_key:
user: root
key: "{{ dss_key_basic }}"
key_options: 'no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"'
key_options: no-agent-forwarding,no-X11-forwarding,permitopen="10.9.8.1:8080",permitopen="10.9.8.1:9001"
state: present
path: "{{ output_dir | expanduser }}/authorized_keys"
register: result
- name: assert that the key with multi-opts was added
assert:
- name: Assert that the key with multi-opts was added
ansible.builtin.assert:
that:
- 'result.changed == True'
- 'result.key == dss_key_basic'
- 'result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""'
- result.changed == True
- result.key == dss_key_basic
- result.key_options == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\""
- name: get the file content
shell: cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: no
- name: Get the file content
ansible.builtin.command: /bin/cat "{{ output_dir | expanduser }}/authorized_keys" | fgrep DATA_BASIC
changed_when: false
register: content
- name: validate content
assert:
- name: Validate content
ansible.builtin.assert:
that:
- 'content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"'
- content.stdout == "no-agent-forwarding,no-X11-forwarding,permitopen=\"10.9.8.1:8080\",permitopen=\"10.9.8.1:9001\" ssh-dss DATA_BASIC root@testing"

1
tests/integration/targets/firewalld/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- setup_pkg_mgr

265
tests/integration/targets/firewalld/tasks/icmp_block_inversion_test_cases.yml
View file

@ -1,172 +1,173 @@
---
# Test playbook for the firewalld module - icmp block inversion operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Icmp block inversion enabled when icmp block inversion is truthy and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is falsy and state is enabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
register: result
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: enabled
register: result
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion enabled when icmp block inversion is falsy and state is disabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: disabled
register: result
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: no
permanent: yes
state: disabled
register: result
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: false
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is truthy and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: yes
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: true
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
# Validate backwards compatible behavior until icmp block inversion is switched from string to boolean type
- name: Icmp block inversion enabled when icmp block inversion is non-boolean string and state is enabled
block:
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: enabled
register: result
- name: assert icmp block inversion is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Icmp block inversion disabled when icmp block inversion is non-boolean string and state is disabled
block:
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled
assert:
that:
- result is changed
- name: Assert icmp block inversion is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable icmp block inversion (verify not changed)
ansible.posix.firewalld:
zone: trusted
icmp_block_inversion: some string
permanent: true
state: disabled
register: result
- name: assert icmp block inversion is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert icmp block inversion is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

133
tests/integration/targets/firewalld/tasks/interface_test_cases.yml
View file

@ -1,87 +1,88 @@
---
# Test playbook for the firewalld module - interface operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Validate adding interface
block:
- name: Add lo interface to trusted zone
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: Yes
state: enabled
register: result
- name: Add lo interface to trusted zone
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: true
state: enabled
register: result
- name: assert lo was added to trusted zone
assert:
that:
- result is changed
- name: Assert lo was added to trusted zone
ansible.builtin.assert:
that:
- result is changed
- name: Add lo interface to trusted zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: Yes
state: enabled
register: result
- name: Add lo interface to trusted zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: trusted
permanent: true
state: enabled
register: result
- name: assert lo was added to trusted zone (verify not changed)
assert:
that:
- result is not changed
- name: Assert lo was added to trusted zone (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Validate moving interfaces
block:
- name: Move lo interface from trusted zone to internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: enabled
register: result
- name: Move lo interface from trusted zone to internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: enabled
register: result
- name: Assert lo was moved from trusted zone to internal zone
assert:
that:
- result is changed
- name: Assert lo was moved from trusted zone to internal zone
ansible.builtin.assert:
that:
- result is changed
- name: Move lo interface from trusted zone to internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: enabled
register: result
- name: Move lo interface from trusted zone to internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: enabled
register: result
- name: assert lo was moved from trusted zone to internal zone (verify not changed)
assert:
that:
- result is not changed
- name: Assert lo was moved from trusted zone to internal zone (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Validate removing interface
block:
- name: Remove lo interface from internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: disabled
register: result
- name: Remove lo interface from internal zone
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: disabled
register: result
- name: Assert lo interface was removed from internal zone
assert:
that:
- result is changed
- name: Assert lo interface was removed from internal zone
ansible.builtin.assert:
that:
- result is changed
- name: Remove lo interface from internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: Yes
state: disabled
register: result
- name: Remove lo interface from internal zone (verify not changed)
ansible.posix.firewalld:
interface: lo
zone: internal
permanent: true
state: disabled
register: result
- name: Assert lo interface was removed from internal zone (verify not changed)
assert:
that:
- result is not changed
- name: Assert lo interface was removed from internal zone (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

34
tests/integration/targets/firewalld/tasks/main.yml
View file

@ -1,17 +1,24 @@
---
# Test playbook for the firewalld module
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Run firewalld tests
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
- not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('7', '==')) # FIXME
block:
- name: Ensure firewalld is installed
package:
ansible.builtin.package:
name: firewalld
state: present
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
- name: Enable dbus-broker daemon
service:
ansible.builtin.service:
name: dbus-broker
enabled: true
state: started
@ -19,25 +26,20 @@
- name: Test Online Operations
block:
- name: start firewalld
service:
- name: Start firewalld
ansible.builtin.service:
name: firewalld
state: started
- import_tasks: run_all_tests.yml
- name: Import test tasks
ansible.builtin.import_tasks: run_all_tests.yml
- name: Test Offline Operations
block:
- name: stop firewalld
service:
- name: Stop firewalld
ansible.builtin.service:
name: firewalld
state: stopped
- import_tasks: run_all_tests.yml
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
- not (ansible_facts.distribution == "CentOS" and ansible_distribution_major_version is version('7', '==')) # FIXME
- name: Import test tasks
ansible.builtin.import_tasks: run_all_tests.yml

265
tests/integration/targets/firewalld/tasks/masquerade_test_cases.yml
View file

@ -1,172 +1,173 @@
---
# Test playbook for the firewalld module - masquerade operations
# (c) 2022, Gregory Furlong <gnfzdz@fzdz.io>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Masquerade enabled when masquerade is truthy and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is falsy and state is enabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: enabled
register: result
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: enabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: enabled
register: result
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: enabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade enabled when masquerade is falsy and state is disabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: disabled
register: result
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: disabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: no
permanent: yes
state: disabled
register: result
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: false
permanent: true
state: disabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is truthy and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: yes
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: true
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
# Validate backwards compatible behavior until masquerade is switched from string to boolean type
- name: Masquerade enabled when masquerade is non-boolean string and state is enabled
block:
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled
assert:
that:
- result is changed
- name: Assert masquerade is enabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: enabled
register: result
- name: Testing enable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: enabled
register: result
- name: assert masquerade is enabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is enabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- name: Masquerade disabled when masquerade is non-boolean string and state is disabled
block:
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled
assert:
that:
- result is changed
- name: Assert masquerade is disabled
ansible.builtin.assert:
that:
- result is changed
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: 'some string'
permanent: yes
state: disabled
register: result
- name: Testing disable masquerade (verify not changed)
ansible.posix.firewalld:
zone: trusted
masquerade: some string
permanent: true
state: disabled
register: result
- name: assert masquerade is disabled (verify not changed)
assert:
that:
- result is not changed
- name: Assert masquerade is disabled (verify not changed)
ansible.builtin.assert:
that:
- result is not changed

41
tests/integration/targets/firewalld/tasks/port_forward_test_cases.yml
View file

@ -1,9 +1,10 @@
---
# Test playbook for the firewalld module - port operations
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: firewalld port forward test permanent enabled
firewalld:
- name: Firewalld port forward test permanent enabled
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -12,13 +13,13 @@
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -27,13 +28,13 @@
state: enabled
register: result
- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test permanent disabled
firewalld:
- name: Firewalld port test permanent disabled
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -42,13 +43,13 @@
state: disabled
register: result
- name: assert firewalld port test permanent disabled worked
assert:
- name: Assert firewalld port test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
port_forward:
- port: 8080
proto: tcp
@ -57,7 +58,7 @@
state: disabled
register: result
- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

85
tests/integration/targets/firewalld/tasks/port_test_cases.yml
View file

@ -1,57 +1,58 @@
---
# Test playbook for the firewalld module - port operations
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: firewalld port range test permanent enabled
firewalld:
- name: Firewalld port range test permanent enabled
ansible.posix.firewalld:
port: 5500-6850/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port range test permanent enabled worked
assert:
- name: Assert firewalld port range test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port range test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld port range test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
port: 5500-6850/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port range test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port range test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test permanent enabled
firewalld:
- name: Firewalld port test permanent enabled
ansible.posix.firewalld:
port: 6900/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent enabled
firewalld:
- name: Firewalld port test permanent enabled
ansible.posix.firewalld:
port: 6900/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test disabled
firewalld:
- name: Firewalld port test disabled
ansible.posix.firewalld:
port: "{{ item }}"
permanent: true
state: disabled
@ -59,50 +60,50 @@
- 6900/tcp
- 5500-6850/tcp
- name: firewalld port test permanent enabled
firewalld:
- name: Firewalld port test permanent enabled
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled worked
assert:
- name: Assert firewalld port test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: enabled
register: result
- name: assert firewalld port test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld port test permanent disabled
firewalld:
- name: Firewalld port test permanent disabled
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: disabled
register: result
- name: assert firewalld port test permanent disabled worked
assert:
- name: Assert firewalld port test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld port test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld port test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
port: 8081/tcp
permanent: true
state: disabled
register: result
- name: assert firewalld port test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld port test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

41
tests/integration/targets/firewalld/tasks/protocol_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - protocol operations
# (c) 2022, Robért S. Guhr <rguhr@cronon.net>
@ -16,50 +17,50 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld protocol test permanent enabled
firewalld:
- name: Firewalld protocol test permanent enabled
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: enabled
register: result
- name: assert firewalld protocol test permanent enabled worked
assert:
- name: Assert firewalld protocol test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld protocol test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld protocol test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: enabled
register: result
- name: assert firewalld protocol test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld protocol test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld protocol test permanent disabled
firewalld:
- name: Firewalld protocol test permanent disabled
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: disabled
register: result
- name: assert firewalld protocol test permanent disabled worked
assert:
- name: Assert firewalld protocol test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld protocol test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld protocol test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
protocol: ospf
permanent: true
state: disabled
register: result
- name: assert firewalld protocol test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld protocol test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

34
tests/integration/targets/firewalld/tasks/run_all_tests.yml
View file

@ -1,38 +1,50 @@
---
# Test playbook for the firewalld module
# (c) 2017, Adam Miller <admiller@redhat.com>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Ensure /run/firewalld exists
file:
ansible.builtin.file:
path: /run/firewalld
state: directory
mode: "0755"
# firewalld service operation test cases
- include_tasks: service_test_cases.yml
- name: Include service test cases for firewalld module
ansible.builtin.include_tasks: service_test_cases.yml
# firewalld protocol operation test cases
- include_tasks: protocol_test_cases.yml
- name: Include protocol test cases for firewalld module
ansible.builtin.include_tasks: protocol_test_cases.yml
# firewalld port operation test cases
- include_tasks: port_test_cases.yml
- name: Include port test cases for firewalld module
ansible.builtin.include_tasks: port_test_cases.yml
# firewalld source operation test cases
- include_tasks: source_test_cases.yml
- name: Include source test cases for firewalld module
ansible.builtin.include_tasks: source_test_cases.yml
# firewalld zone operation test cases
- include_tasks: zone_test_cases.yml
- name: Include zone test cases for firewalld module
ansible.builtin.include_tasks: zone_test_cases.yml
# firewalld zone target operation test cases
- include_tasks: zone_target_test_cases.yml
- name: Include zone target test cases for firewalld module
ansible.builtin.include_tasks: zone_target_test_cases.yml
# firewalld port forwarding operation test cases
- include_tasks: port_forward_test_cases.yml
- name: Include port forward target test cases for firewalld module
ansible.builtin.include_tasks: port_forward_test_cases.yml
# firewalld masquerade operation test cases
- include_tasks: masquerade_test_cases.yml
- name: Include masquerade target test cases for firewalld module
ansible.builtin.include_tasks: masquerade_test_cases.yml
# firewalld icmp block inversion operation test cases
- include_tasks: icmp_block_inversion_test_cases.yml
- name: Include icmp block inversion target test cases for firewalld module
ansible.builtin.include_tasks: icmp_block_inversion_test_cases.yml
# firewalld interface operation test cases
- include_tasks: interface_test_cases.yml
- name: Include interface target test cases for firewalld module
ansible.builtin.include_tasks: interface_test_cases.yml

41
tests/integration/targets/firewalld/tasks/service_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - service operations
# (c) 2017, Adam Miller <admiller@redhat.com>
@ -16,50 +17,50 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld service test permanent enabled
firewalld:
- name: Firewalld service test permanent enabled
ansible.posix.firewalld:
service: https
permanent: true
state: enabled
register: result
- name: assert firewalld service test permanent enabled worked
assert:
- name: Assert firewalld service test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld service test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld service test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
service: https
permanent: true
state: enabled
register: result
- name: assert firewalld service test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld service test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld service test permanent disabled
firewalld:
- name: Firewalld service test permanent disabled
ansible.posix.firewalld:
service: https
permanent: true
state: disabled
register: result
- name: assert firewalld service test permanent disabled worked
assert:
- name: Assert firewalld service test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld service test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld service test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
service: https
permanent: true
state: disabled
register: result
- name: assert firewalld service test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld service test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

64
tests/integration/targets/firewalld/tasks/source_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - source operations
# (c) 2019, Hideki Saito <saito@fgrep.org>
@ -16,70 +17,71 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld source test permanent enabled
firewalld:
- name: Firewalld source test permanent enabled
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: enabled
register: result
- name: assert firewalld source test permanent enabled worked
assert:
- name: Assert firewalld source test permanent enabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld source test permanent enabled rerun (verify not changed)
firewalld:
- name: Firewalld source test permanent enabled rerun (verify not changed)
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: enabled
register: result
- name: assert firewalld source test permanent enabled rerun worked (verify not changed)
assert:
- name: Assert firewalld source test permanent enabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld source test permanent disabled
firewalld:
- name: Firewalld source test permanent disabled
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: disabled
register: result
- name: assert firewalld source test permanent disabled worked
assert:
- name: Assert firewalld source test permanent disabled worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld source test permanent disabled rerun (verify not changed)
firewalld:
- name: Firewalld source test permanent disabled rerun (verify not changed)
ansible.posix.firewalld:
source: 192.0.2.0/24
zone: internal
permanent: True
permanent: true
state: disabled
register: result
- name: assert firewalld source test permanent disabled rerun worked (verify not changed)
assert:
- name: Assert firewalld source test permanent disabled rerun worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld source test permanent enabled is exclusive (verify exclusive error)
firewalld:
- name: Firewalld source test permanent enabled is exclusive (verify exclusive error)
ansible.posix.firewalld:
source: 192.0.2.0/24
port: 8081/tcp
zone: internal
permanent: True
permanent: true
state: enabled
register: result
ignore_errors: true
- name: assert firewalld source test permanent enabled is exclusive (verify exclusive error)
assert:
- name: Assert firewalld source test permanent enabled is exclusive (verify exclusive error)
ansible.builtin.assert:
that:
- result is not changed
- "result.msg == 'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"
- result is not changed
- "result.msg ==
'parameters are mutually exclusive: icmp_block|icmp_block_inversion|service|protocol|port|port_forward|rich_rule|interface|masquerade|source|target'"

105
tests/integration/targets/firewalld/tasks/zone_target_test_cases.yml
View file

@ -1,3 +1,4 @@
---
# Test playbook for the firewalld module - source operations
# (c) 2020, Adam Miller <admiller@redhat.com>
@ -16,106 +17,106 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: firewalld dmz zone target DROP
firewalld:
- name: Firewalld dmz zone target DROP
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: DROP
register: result
- name: assert firewalld dmz zone target DROP present worked
assert:
- name: Assert firewalld dmz zone target DROP present worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target DROP rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target DROP rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: DROP
register: result
- name: assert firewalld dmz zone target DROP present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target DROP present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld dmz zone target DROP absent
firewalld:
- name: Firewalld dmz zone target DROP absent
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: DROP
register: result
- name: assert firewalld dmz zone target DROP absent worked
assert:
- name: Assert firewalld dmz zone target DROP absent worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target DROP rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target DROP rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: DROP
register: result
- name: assert firewalld dmz zone target DROP present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target DROP present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld dmz zone target %%REJECT%%
firewalld:
- name: Firewalld dmz zone target %%REJECT%%
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% present worked
assert:
- name: Assert firewalld dmz zone target %%REJECT%% present worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target %%REJECT%% rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target %%REJECT%% rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: present
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld dmz zone target %%REJECT%% absent
firewalld:
- name: Firewalld dmz zone target %%REJECT%% absent
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% absent worked
assert:
- name: Assert firewalld dmz zone target %%REJECT%% absent worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld dmz zone target %%REJECT%% rerun (verify not changed)
firewalld:
- name: Firewalld dmz zone target %%REJECT%% rerun (verify not changed)
ansible.posix.firewalld:
zone: dmz
permanent: True
permanent: true
state: absent
target: '%%REJECT%%'
target: "%%REJECT%%"
register: result
- name: assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
assert:
- name: Assert firewalld dmz zone target %%REJECT%% present worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

49
tests/integration/targets/firewalld/tasks/zone_test_cases.yml
View file

@ -1,47 +1,48 @@
- name: firewalld create zone custom
firewalld:
---
- name: Firewalld create zone custom
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: present
register: result
- name: assert firewalld custom zone created worked
assert:
- name: Assert firewalld custom zone created worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld create zone custom rerun (verify not changed)
firewalld:
- name: Firewalld create zone custom rerun (verify not changed)
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: present
register: result
- name: assert firewalld custom zone created worked (verify not changed)
assert:
- name: Assert firewalld custom zone created worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: firewalld remove zone custom
firewalld:
- name: Firewalld remove zone custom
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: absent
register: result
- name: assert firewalld custom zone removed worked
assert:
- name: Assert firewalld custom zone removed worked
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: firewalld remove custom zone rerun (verify not changed)
firewalld:
- name: Firewalld remove custom zone rerun (verify not changed)
ansible.posix.firewalld:
zone: custom
permanent: True
permanent: true
state: absent
register: result
- name: assert firewalld custom zone removed worked (verify not changed)
assert:
- name: Assert firewalld custom zone removed worked (verify not changed)
ansible.builtin.assert:
that:
- result is not changed
- result is not changed

43
tests/integration/targets/firewalld_info/tasks/main.yml
View file

@ -1,52 +1,53 @@
---
# Test playbook for the firewalld_info module
# (c) 2021, Hideki Saito <saito@fgrep.org>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
# This test is based on the integration test playbook for firewalld module.
- name: Run firewalld tests
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
block:
- name: Ensure firewalld is installed
package:
ansible.builtin.package:
name: firewalld
state: present
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
# This doesn't work for CentOS 6 because firewalld doesn't exist in CentOS6
- name: Check to make sure the firewalld python module is available.
shell: "{{ansible_python.executable}} -c 'import firewall'"
ansible.builtin.command: "{{ ansible_python.executable }} -c 'import firewall'"
changed_when: false
register: check_output_firewall
ignore_errors: true
- name: Check to make sure the dbus python module is available.
shell: "{{ansible_python.executable}} -c 'import dbus'"
ansible.builtin.command: "{{ ansible_python.executable }} -c 'import dbus'"
changed_when: false
register: check_output_dbus
ignore_errors: true
- name: Test Online Operations
block:
- name: start firewalld
service:
- name: Start firewalld
ansible.builtin.service:
name: firewalld
state: started
- import_tasks: run_tests_in_started.yml
- name: Import test tasks from run_tests_in_started.yml
ansible.builtin.import_tasks: run_tests_in_started.yml
- name: Test Offline Operations
when:
- check_output_firewall.rc == 0
- check_output_dbus.rc == 0
- name: Test Offline Operations
block:
- name: stop firewalld
service:
- name: Stop firewalld
ansible.builtin.service:
name: firewalld
state: stopped
- import_tasks: run_tests_in_stopped.yml
when:
- check_output_firewall.rc == 0
- check_output_dbus.rc == 0
when:
- ansible_facts.os_family == "RedHat" and ansible_facts.distribution_major_version is version('7', '>=')
- not (ansible_distribution == "Ubuntu" and ansible_distribution_version is version('14.04', '=='))
# Firewalld package on OpenSUSE (15+) require Python 3, so we skip on OpenSUSE running py2 on these newer distros
- not (ansible_os_family == "Suse" and ansible_distribution_major_version|int != 42 and ansible_python.version.major != 3)
- name: Import test tasks from run_tests_in_stopped.yml
ansible.builtin.import_tasks: run_tests_in_stopped.yml

17
tests/integration/targets/firewalld_info/tasks/run_tests_in_started.yml
View file

@ -1,32 +1,33 @@
---
# Test playbook for the firewalld_info module
# (c) 2021, Hideki Saito <saito@fgrep.org>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Ensure firewalld_info without options
firewalld_info:
ansible.posix.firewalld_info:
register: result
- name: Assert collected_zones and undefined_zones
assert:
ansible.builtin.assert:
that:
- 'result.collected_zones and not result.undefined_zones'
- result.collected_zones and not result.undefined_zones
- name: Ensure firewalld_info with active_zones
firewalld_info:
active_zones: yes
ansible.posix.firewalld_info:
active_zones: true
register: result
- name: Assert turn active_zones true
assert:
ansible.builtin.assert:
that:
- name: Ensure firewalld_zones with zone list
firewalld_info:
ansible.posix.firewalld_info:
zones:
- public
- invalid_zone
register: result
- name: Assert specified zones
assert:
ansible.builtin.assert:
that:

21
tests/integration/targets/firewalld_info/tasks/run_tests_in_stopped.yml
View file

@ -1,40 +1,41 @@
---
# Test playbook for the firewalld_info module
# (c) 2021, Hideki Saito <saito@fgrep.org>
# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt)
- name: Ensure firewalld_info without options
firewalld_info:
ansible.posix.firewalld_info:
register: result
ignore_errors: yes
ignore_errors: true
- name: Assert firewalld_info fails if firewalld is not running.
assert:
ansible.builtin.assert:
that:
- result.failed
- "'firewalld probably not be running,' in result.msg"
- name: Ensure firewalld_info with active_zones
firewalld_info:
active_zones: yes
ansible.posix.firewalld_info:
active_zones: true
register: result
ignore_errors: yes
ignore_errors: true
- name: Assert firewalld_info with active_zones fails if firewalld is not running.
assert:
ansible.builtin.assert:
that:
- result.failed
- "'firewalld probably not be running,' in result.msg"
- name: Ensure firewalld_zones with zone list
firewalld_info:
ansible.posix.firewalld_info:
zones:
- public
- invalid_zone
register: result
ignore_errors: yes
ignore_errors: true
- name: Assert firewalld_info with zones list fails if firewalld is not running.
assert:
ansible.builtin.assert:
that:
- result.failed
- "'firewalld probably not be running,' in result.msg"

979
tests/integration/targets/mount/tasks/main.yml
View file

File diff suppressed because it is too large Load diff

169
tests/integration/targets/patch/tasks/main.yml
View file

@ -1,124 +1,147 @@
- name: ensure idempotency installed
package:
---
- name: Ensure idempotency installed
ansible.builtin.package:
name: patch
when: ansible_distribution != "MacOSX"
- name: create a directory for the result
file:
dest: '{{ output_dir }}/patch'
- name: Create a directory for the result
ansible.builtin.file:
dest: "{{ output_dir }}/patch"
state: directory
mode: "0755"
register: result
- name: assert the directory was created
assert:
- name: Assert the directory was created
ansible.builtin.assert:
that:
- result.state == 'directory'
- name: copy the origin file
copy:
- result.state == 'directory'
- name: Copy the origin file
ansible.builtin.copy:
src: ./origin.txt
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
mode: "0644"
register: result
- name: patch the origin file in check mode
- name: Patch the origin file in check mode
check_mode: true
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
- name: verify patch the origin file in check mode
assert:
dest: "{{ output_dir }}/patch/workfile.txt"
- name: Verify patch the origin file in check mode
ansible.builtin.assert:
that:
- result is changed
- name: patch the origin file
- result is changed
- name: Patch the origin file
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
- name: verify patch the origin file
assert:
dest: "{{ output_dir }}/patch/workfile.txt"
- name: Verify patch the origin file
ansible.builtin.assert:
that:
- result is changed
- name: test patch the origin file idempotency
- result is changed
- name: Test patch the origin file idempotency
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
- name: verify test patch the origin file idempotency
assert:
dest: "{{ output_dir }}/patch/workfile.txt"
- name: Verify test patch the origin file idempotency
ansible.builtin.assert:
that:
- result is not changed
- name: verify the resulted file matches expectations
copy:
- result is not changed
- name: Verify the resulted file matches expectations
ansible.builtin.copy:
src: ./result.txt
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
mode: "0644"
register: result
failed_when: result is changed
- name: patch the workfile file in check mode state absent
- name: Patch the workfile file in check mode state absent
check_mode: true
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
state: absent
- name: verify patch the workfile file in check mode state absent
assert:
- name: Verify patch the workfile file in check mode state absent
ansible.builtin.assert:
that:
- result is changed
- name: patch the workfile file state absent
- result is changed
- name: Patch the workfile file state absent
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
state: absent
- name: verify patch the workfile file state absent
assert:
- name: Verify patch the workfile file state absent
ansible.builtin.assert:
that:
- result is changed
- name: patch the workfile file state absent idempotency
- result is changed
- name: Patch the workfile file state absent idempotency
register: result
patch:
ansible.posix.patch:
src: result.patch
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
state: absent
- name: verify patch the workfile file state absent idempotency
assert:
- name: Verify patch the workfile file state absent idempotency
ansible.builtin.assert:
that:
- result is not changed
- name: verify the resulted file matches expectations
copy:
- result is not changed
- name: Verify the resulted file matches expectations
ansible.builtin.copy:
src: ./origin.txt
dest: '{{ output_dir }}/patch/workfile.txt'
dest: "{{ output_dir }}/patch/workfile.txt"
mode: "0644"
register: result
failed_when: result is changed
- name: copy the origin file whitespace
copy:
- name: Copy the origin file whitespace
ansible.builtin.copy:
src: ./origin.txt
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
mode: "0644"
register: result
- name: patch the origin file
- name: Patch the origin file
register: result
patch:
ansible.posix.patch:
src: result_whitespace.patch
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
ignore_whitespace: yes
- name: verify patch the origin file
assert:
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
ignore_whitespace: true
- name: Verify patch the origin file
ansible.builtin.assert:
that:
- result is changed
- result is changed
- name: test patch the origin file idempotency
- name: Test patch the origin file idempotency
register: result
patch:
ansible.posix.patch:
src: result_whitespace.patch
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
ignore_whitespace: yes
- name: verify test patch the origin file idempotency
assert:
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
ignore_whitespace: true
- name: Verify test patch the origin file idempotency
ansible.builtin.assert:
that:
- result is not changed
- result is not changed
- name: verify the resulted file matches expectations
copy:
- name: Verify the resulted file matches expectations
ansible.builtin.copy:
src: ./result_whitespace.txt
dest: '{{ output_dir }}/patch/workfile_whitespace.txt'
dest: "{{ output_dir }}/patch/workfile_whitespace.txt"
mode: "0644"
register: result
failed_when: result is changed

6
tests/integration/targets/seboolean/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -15,8 +16,9 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- include_tasks: seboolean.yml
- name: Include_tasks for when SELinux is enabled
ansible.builtin.include_tasks: seboolean.yml
when:
- ansible_selinux is defined
- ansible_selinux != False
- ansible_selinux
- ansible_selinux.status == 'enabled'

67
tests/integration/targets/seboolean/tasks/seboolean.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Martin Krizek <mkrizek@redhat.com>
# This file is part of Ansible
@ -15,69 +16,79 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- name: install requirements for RHEL 7 and earlier
package:
- name: Install requirements for RHEL 7 and earlier
ansible.builtin.package:
name: policycoreutils-python
when:
- ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('7', '<=')
- name: install requirements for RHEL 8 and later
package:
- name: Install requirements for RHEL 8 and later
ansible.builtin.package:
name: policycoreutils-python-utils
when:
- ansible_distribution == 'RedHat' and ansible_distribution_major_version is version('8', '>=')
- name: Get getsebool output preflight
ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
changed_when: false
register: getsebool_output_preflight
- name: Cleanup
shell: setsebool -P httpd_can_network_connect 0
##########################################################################################
- name: set flag and don't keep it persistent
seboolean:
ansible.builtin.shell: set -o pipefail && setsebool -P httpd_can_network_connect 0
changed_when: getsebool_output_preflight.stdout.startswith('httpd_can_network_connect --> on')
- name: Set flag and don't keep it persistent
ansible.posix.seboolean:
name: httpd_can_network_connect
state: yes
state: true
register: output
- name: get getsebool output
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
- name: Get getsebool output
ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
changed_when: false
register: getsebool_output
- name: check output
assert:
- name: Check output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
- output.name == 'httpd_can_network_connect'
- getsebool_output.stdout.startswith('httpd_can_network_connect (on , off)')
##########################################################################################
- name: unset flag
seboolean:
- name: Unset flag
ansible.posix.seboolean:
name: httpd_can_network_connect
state: no
state: false
- name: get getsebool output
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
- name: Get getsebool output
ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
changed_when: false
register: getsebool_output
- name: check output
assert:
- name: Check output
ansible.builtin.assert:
that:
- output is changed
- output is not failed
- output.name == 'httpd_can_network_connect'
- getsebool_output.stdout.startswith('httpd_can_network_connect (off , off)')
##########################################################################################
- name: set flag and keep it persistent
seboolean:
- name: Set flag and keep it persistent
ansible.posix.seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
state: true
persistent: true
register: output
- name: get getsebool output
shell: semanage boolean -l | grep 'httpd_can_network_connect\W'
- name: Get getsebool output
ansible.builtin.shell: set -o pipefail && semanage boolean -l | grep 'httpd_can_network_connect\W'
changed_when: false
register: getsebool_output
- name: check output
assert:
- name: Check output
ansible.builtin.assert:
that:
- output is changed
- output is not failed

21
tests/integration/targets/selinux/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Sam Doran <sdoran@redhat.com>
# This file is part of Ansible
@ -15,22 +16,26 @@
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
- debug:
- name: Debug message for when SELinux is disabled
ansible.builtin.debug:
msg: SELinux is disabled
when: ansible_selinux is defined and ansible_selinux == False
when: ansible_selinux is defined and not ansible_selinux
- debug:
- name: Debug message for when SELinux is enabled and not disabled
ansible.builtin.debug:
msg: SELinux is {{ ansible_selinux.status }}
when: ansible_selinux is defined and ansible_selinux != False
when: ansible_selinux is defined and ansible_selinux
- include_tasks: selinux.yml
- name: Include_tasks for when SELinux is enabled
ansible.builtin.include_tasks: selinux.yml
when:
- ansible_selinux is defined
- ansible_selinux != False
- ansible_selinux
- ansible_selinux.status == 'enabled'
- include_tasks: selogin.yml
- name: Include tasks for selogin when SELinux is enabled
ansible.builtin.include_tasks: selogin.yml
when:
- ansible_selinux is defined
- ansible_selinux != False
- ansible_selinux
- ansible_selinux.status == 'enabled'

230
tests/integration/targets/selinux/tasks/selinux.yml
View file

@ -1,3 +1,4 @@
---
# (c) 2017, Sam Doran <sdoran@redhat.com>
# This file is part of Ansible
@ -14,67 +15,67 @@
#
# You should have received a copy of the GNU General Public License
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
# First Test
# ##############################################################################
# Test changing the state, which requires a reboot
- name: TEST 1 | Make sure grubby is present
package:
ansible.builtin.package:
name: grubby
state: present
- name: TEST 1 | Get current SELinux config file contents
slurp:
ansible.builtin.slurp:
src: /etc/sysconfig/selinux
register: selinux_config_original_base64
- name: TEST 1 | Register SELinux config and SELinux status
set_fact:
ansible.builtin.set_fact:
selinux_config_original_raw: "{{ selinux_config_original_base64.content | b64decode }}"
before_test_sestatus: "{{ ansible_selinux }}"
- name: TEST 1 | Split by line and register original config
set_fact:
ansible.builtin.set_fact:
selinux_config_original: "{{ selinux_config_original_raw.split('\n') }}"
- debug:
- name: TEST 1 | Debug selinux_config_original, before_test_sestatus, and ansible_selinux
ansible.builtin.debug:
var: "{{ item }}"
verbosity: 1
with_items:
loop:
- selinux_config_original
- before_test_sestatus
- ansible_selinux
- name: TEST 1 | Setup SELinux configuration for tests
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
- name: TEST 1 | Disable SELinux
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
register: _disable_test1
- debug:
- name: TEST 1 | Debug _disable_test1
ansible.builtin.debug:
var: _disable_test1
verbosity: 1
- name: Before gathering the fact
debug:
ansible.builtin.debug:
msg: "{{ ansible_selinux }}"
- name: TEST 1 | Re-gather facts
setup:
ansible.builtin.setup:
- name: After gathering the fact
debug:
ansible.builtin.debug:
msg: "{{ ansible_selinux }}"
- name: TEST 1 | Assert that status was changed, reboot_required is True, a warning was displayed, and SELinux is configured properly
assert:
ansible.builtin.assert:
that:
- _disable_test1 is changed
- _disable_test1.reboot_required
@ -82,53 +83,56 @@
- ansible_selinux.config_mode == 'disabled'
- ansible_selinux.type == 'targeted'
- debug:
- name: TEST 1 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
- name: TEST 1 | Disable SELinux again
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
register: _disable_test2
- debug:
- name: Test 1 | Debug _disable_test2
ansible.builtin.debug:
var: _disable_test2
verbosity: 1
- name: TEST 1 | Assert that no change is reported, a warning was displayed, and reboot_required is True
assert:
ansible.builtin.assert:
that:
- _disable_test2 is not changed
- (_disable_test1.warnings | length ) >= 1
- _disable_test2.reboot_required
- name: TEST 1 | Get modified config file
slurp:
ansible.builtin.slurp:
src: /etc/sysconfig/selinux
register: selinux_config_after_base64
- name: TEST 1 | Register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
- name: TEST 1 | Split by line and register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
- debug:
- name: TEST 1 | Debug selinux_config_after
ansible.builtin.debug:
var: selinux_config_after
verbosity: 1
- name: TEST 1 | Ensure SELinux config file is properly formatted
assert:
ansible.builtin.assert:
that:
- selinux_config_original | length == selinux_config_after | length
- selinux_config_after[selinux_config_after.index('SELINUX=disabled')] is search("^SELINUX=\w+$")
- selinux_config_after[selinux_config_after.index('SELINUXTYPE=targeted')] is search("^SELINUXTYPE=\w+$")
- name: TEST 1 | Disable SELinux again, with kernel arguments update
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
update_kernel_param: true
@ -136,72 +140,76 @@
- name: Check kernel command-line arguments
ansible.builtin.command: grubby --info=DEFAULT
changed_when: false
register: _grubby_test1
- name: TEST 1 | Assert that kernel cmdline contains selinux=0
assert:
ansible.builtin.assert:
that:
- "' selinux=0' in _grubby_test1.stdout"
- name: TEST 1 | Enable SELinux, without kernel arguments update
selinux:
ansible.posix.selinux:
state: disabled
policy: targeted
register: _disable_test2
- name: Check kernel command-line arguments
ansible.builtin.command: grubby --info=DEFAULT
changed_when: false
register: _grubby_test1
- name: TEST 1 | Assert that kernel cmdline still contains selinux=0
assert:
ansible.builtin.assert:
that:
- "' selinux=0' in _grubby_test1.stdout"
- name: TEST 1 | Reset SELinux configuration for next test (also kernel args)
selinux:
ansible.posix.selinux:
state: enforcing
update_kernel_param: true
policy: targeted
- name: Check kernel command-line arguments
ansible.builtin.command: grubby --info=DEFAULT
changed_when: false
register: _grubby_test2
- name: TEST 1 | Assert that kernel cmdline doesn't contain selinux=0
assert:
ansible.builtin.assert:
that:
- "' selinux=0' not in _grubby_test2.stdout"
# Second Test
# ##############################################################################
# Test changing only the policy, which does not require a reboot
- name: TEST 2 | Make sure the policy is present
package:
ansible.builtin.package:
name: selinux-policy-mls
state: present
- name: TEST 2 | Set SELinux policy
selinux:
ansible.posix.selinux:
state: enforcing
policy: mls
register: _state_test1
- debug:
- name: TEST 2 | Debug _state_test1
ansible.builtin.debug:
var: _state_test1
verbosity: 1
- name: TEST 2 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 2 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
tags: debug
- name: TEST 2 | Assert that status was changed, reboot_required is False, no warnings were displayed, and SELinux is configured properly
assert:
ansible.builtin.assert:
that:
- _state_test1 is changed
- not _state_test1.reboot_required
@ -210,76 +218,79 @@
- ansible_selinux.type == 'mls'
- name: TEST 2 | Set SELinux policy again
selinux:
ansible.posix.selinux:
state: enforcing
policy: mls
register: _state_test2
- debug:
- name: TEST 2 | Debug _state_test2
ansible.builtin.debug:
var: _state_test2
verbosity: 1
- name: TEST 2 | Assert that no change was reported, no warnings were displayed, and reboot_required is False
assert:
ansible.builtin.assert:
that:
- _state_test2 is not changed
- _state_test2.warnings is not defined
- not _state_test2.reboot_required
- name: TEST 2 | Get modified config file
slurp:
ansible.builtin.slurp:
src: /etc/sysconfig/selinux
register: selinux_config_after_base64
- name: TEST 2 | Register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after_raw: "{{ selinux_config_after_base64.content | b64decode }}"
- name: TEST 2 | Split by line and register modified config
set_fact:
ansible.builtin.set_fact:
selinux_config_after: "{{ selinux_config_after_raw.split('\n') }}"
- debug:
- name: TEST 2 | Debug selinux_config_after
ansible.builtin.debug:
var: selinux_config_after
verbosity: 1
- name: TEST 2 | Ensure SELinux config file is properly formatted
assert:
ansible.builtin.assert:
that:
- selinux_config_original | length == selinux_config_after | length
- selinux_config_after[selinux_config_after.index('SELINUX=enforcing')] is search("^SELINUX=\w+$")
- selinux_config_after[selinux_config_after.index('SELINUXTYPE=mls')] is search("^SELINUXTYPE=\w+$")
- name: TEST 2 | Reset SELinux configuration for next test
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
# Third Test
# ##############################################################################
# Test changing non-existing policy
- name: TEST 3 | Set SELinux policy
selinux:
ansible.posix.selinux:
state: enforcing
policy: non-existing-selinux-policy
register: _state_test1
ignore_errors: yes
ignore_errors: true
- debug:
- name: TEST 3 | Debug _state_test1
ansible.builtin.debug:
var: _state_test1
verbosity: 1
- name: TEST 3 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST3 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
tags: debug
- name: TEST 3 | Assert that status was not changed, the task failed, the msg contains proper information and SELinux was not changed
assert:
ansible.builtin.assert:
that:
- _state_test1 is not changed
- _state_test1 is failed
@ -287,40 +298,40 @@
- ansible_selinux.config_mode == 'enforcing'
- ansible_selinux.type == 'targeted'
# Fourth Test
# ##############################################################################
# Test if check mode returns correct changed values and
# doesn't make any changes
- name: TEST 4 | Set SELinux to enforcing
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _check_mode_test1
- debug:
- name: TEST 4 | Debug _check_mode_test1
ansible.builtin.debug:
var: _check_mode_test1
verbosity: 1
- name: TEST 4 | Set SELinux to enforcing in check mode
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _check_mode_test1
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4| Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode is idempotent
assert:
ansible.builtin.assert:
that:
- _check_mode_test1 is success
- not _check_mode_test1.reboot_required
@ -328,22 +339,23 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Set SELinux to permissive in check mode
selinux:
ansible.posix.selinux:
state: permissive
policy: targeted
register: _check_mode_test2
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode doesn't set state permissive and returns changed
assert:
ansible.builtin.assert:
that:
- _check_mode_test2 is changed
- not _check_mode_test2.reboot_required
@ -351,21 +363,22 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Disable SELinux in check mode
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test3
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode didn't change anything, status is changed, reboot_required is True, a warning was displayed
assert:
ansible.builtin.assert:
that:
- _check_mode_test3 is changed
- _check_mode_test3.reboot_required
@ -374,31 +387,33 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Set SELinux to permissive
selinux:
ansible.posix.selinux:
state: permissive
policy: targeted
register: _check_mode_test4
- debug:
- name: TEST 4 | Debug _check_mode_test4
ansible.builtin.debug:
var: _check_mode_test4
verbosity: 1
- name: TEST 4 | Disable SELinux in check mode
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test4
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that check mode didn't change anything, status is changed, reboot_required is True, a warning was displayed
assert:
ansible.builtin.assert:
that:
- _check_mode_test4 is changed
- _check_mode_test4.reboot_required
@ -407,36 +422,38 @@
- ansible_selinux.type == 'targeted'
- name: TEST 4 | Set SELinux to enforcing
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _check_mode_test5
- debug:
- name: TEST 4 | Debug _check_mode_test5
ansible.builtin.debug:
var: _check_mode_test5
verbosity: 1
- name: TEST 4 | Disable SELinux
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test5
- name: TEST 4 | Disable SELinux in check mode
selinux:
ansible.posix.selinux:
state: disabled
register: _check_mode_test5
check_mode: yes
check_mode: true
- name: TEST 4 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 4 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
tags: debug
- name: TEST 4 | Assert that in check mode status was not changed, reboot_required is True, a warning was displayed, and SELinux is configured properly
assert:
ansible.builtin.assert:
that:
- _check_mode_test5 is success
- _check_mode_test5.reboot_required
@ -450,32 +467,34 @@
# sure the module re-adds the expected lines
- name: TEST 5 | Remove SELINUX key from /etc/selinux/config
lineinfile:
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUX='
regexp: ^SELINUX=
state: absent
backup: yes
backup: true
register: _lineinfile_out1
- debug:
- name: TEST 5 | Debug _lineinfile_out1
ansible.builtin.debug:
var: _lineinfile_out1
verbosity: 1
- name: TEST 5 | Set SELinux to enforcing
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _set_enforcing1
- name: TEST 5 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 5 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
- name: TEST 5 | Assert that SELINUX key is populated
assert:
ansible.builtin.assert:
that:
- _set_enforcing1 is success
- _set_enforcing1 is changed
@ -483,31 +502,33 @@
- ansible_selinux.config_mode == 'enforcing'
- name: TEST 5 | Remove SELINUXTYPE key from /etc/selinux/config
lineinfile:
ansible.builtin.lineinfile:
path: /etc/selinux/config
regexp: '^SELINUXTYPE='
regexp: ^SELINUXTYPE=
state: absent
register: _lineinfile_out2
- debug:
- name: TEST 5 | Debug _lineinfile_out2
ansible.builtin.debug:
var: _lineinfile_out2
verbosity: 1
- name: TEST 5 | Set SELinux Policy to targeted
selinux:
ansible.posix.selinux:
state: enforcing
policy: targeted
register: _set_policy2
- name: TEST 5 | Re-gather facts
setup:
ansible.builtin.setup:
- debug:
- name: TEST 5 | Debug ansible_selinux
ansible.builtin.debug:
var: ansible_selinux
verbosity: 1
- name: TEST 5 | Assert that SELINUXTYPE key is populated
assert:
ansible.builtin.assert:
that:
- _set_policy2 is success
- _set_policy2 is changed
@ -515,7 +536,8 @@
- ansible_selinux.type == 'targeted'
- name: TEST 5 | Restore original SELinux config file /etc/selinux/config
copy:
ansible.builtin.copy:
dest: /etc/selinux/config
src: "{{ _lineinfile_out1['backup'] }}"
remote_src: yes
remote_src: true
mode: "0644"

89
tests/integration/targets/selinux/tasks/selogin.yml
View file

@ -1,70 +1,71 @@
- name: create user for testing
user:
---
- name: Create user for testing
ansible.builtin.user:
name: seuser
- name: attempt to add mapping without 'seuser'
- name: Attempt to add mapping without 'seuser'
register: selogin_error
ignore_errors: true
community.general.system.selogin:
login: seuser
- name: verify failure
assert:
- name: Verify failure
ansible.builtin.assert:
that:
- selogin_error is failed
- name: map login to SELinux user
- selogin_error is failed
- name: Map login to SELinux user
register: selogin_new_mapping
check_mode: '{{ item }}'
check_mode: "{{ item }}"
with_items:
- true
- false
- true
- false
- true
- false
- true
- false
community.general.system.selogin:
login: seuser
seuser: staff_u
- name: new mapping- verify functionality and check_mode
assert:
- name: New mapping- verify functionality and check_mode
ansible.builtin.assert:
that:
- selogin_new_mapping.results[0] is changed
- selogin_new_mapping.results[1] is changed
- selogin_new_mapping.results[2] is not changed
- selogin_new_mapping.results[3] is not changed
- name: change SELinux user login mapping
- selogin_new_mapping.results[0] is changed
- selogin_new_mapping.results[1] is changed
- selogin_new_mapping.results[2] is not changed
- selogin_new_mapping.results[3] is not changed
- name: Change SELinux user login mapping
register: selogin_mod_mapping
check_mode: '{{ item }}'
check_mode: "{{ item }}"
with_items:
- true
- false
- true
- false
- true
- false
- true
- false
community.general.system.selogin:
login: seuser
seuser: user_u
- name: changed mapping- verify functionality and check_mode
assert:
- name: Changed mapping- verify functionality and check_mode
ansible.builtin.assert:
that:
- selogin_mod_mapping.results[0] is changed
- selogin_mod_mapping.results[1] is changed
- selogin_mod_mapping.results[2] is not changed
- selogin_mod_mapping.results[3] is not changed
- name: remove SELinux user mapping
- selogin_mod_mapping.results[0] is changed
- selogin_mod_mapping.results[1] is changed
- selogin_mod_mapping.results[2] is not changed
- selogin_mod_mapping.results[3] is not changed
- name: Remove SELinux user mapping
register: selogin_del_mapping
check_mode: '{{ item }}'
check_mode: "{{ item }}"
with_items:
- true
- false
- true
- false
- true
- false
- true
- false
community.general.system.selogin:
login: seuser
state: absent
- name: delete mapping- verify functionality and check_mode
assert:
- name: Delete mapping- verify functionality and check_mode
ansible.builtin.assert:
that:
- selogin_del_mapping.results[0] is changed
- selogin_del_mapping.results[1] is changed
- selogin_del_mapping.results[2] is not changed
- selogin_del_mapping.results[3] is not changed
- name: remove test user
user:
- selogin_del_mapping.results[0] is changed
- selogin_del_mapping.results[1] is changed
- selogin_del_mapping.results[2] is not changed
- selogin_del_mapping.results[3] is not changed
- name: Remove test user
ansible.builtin.user:
name: seuser
state: absent

10
tests/integration/targets/setup_pkg_mgr/tasks/main.yml
View file

@ -4,14 +4,16 @@
# and should not be used as examples of how to write Ansible roles #
####################################################################
- set_fact:
- name: Set pkg_mgr and ansible_pkg_mgr on FreeBSD
ansible.builtin.set_fact:
pkg_mgr: community.general.pkgng
ansible_pkg_mgr: community.general.pkgng
cacheable: yes
cacheable: true
when: ansible_os_family == "FreeBSD"
- set_fact:
- name: Set pkg_mgr and ansible_pkg_mgr on Suse
ansible.builtin.set_fact:
pkg_mgr: community.general.zypper
ansible_pkg_mgr: community.general.zypper
cacheable: yes
cacheable: true
when: ansible_os_family == "Suse"

1
tests/integration/targets/synchronize/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

565
tests/integration/targets/synchronize/tasks/main.yml
View file

@ -1,310 +1,351 @@
- name: install rsync
package:
---
- name: Install rsync
ansible.builtin.package:
name: rsync
when: ansible_distribution != "MacOSX"
- name: Clean up the working directory and files
file:
path: '{{ output_dir }}'
- name: Clean up the working disrectory and files
ansible.builtin.file:
path: "{{ output_dir }}"
state: absent
- name: Create the working directory
file:
path: '{{ output_dir }}'
ansible.builtin.file:
path: "{{ output_dir }}"
state: directory
- name: create test new files
copy:
dest: '{{output_dir}}/{{item}}'
mode: '0644'
content: 'hello world'
with_items:
- foo.txt
- bar.txt
mode: "0755"
- name: synchronize file to new filename
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
- name: Create test new files
ansible.builtin.copy:
dest: "{{ output_dir }}/{{ item }}"
mode: "0644"
content: hello world
loop:
- foo.txt
- bar.txt
- name: Synchronize file to new filename
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
delegate_to: "{{ inventory_hostname }}"
'')'
- name: test that the file was really copied over
stat:
path: '{{ output_dir }}/foo.result'
- name: Check that the file was copied over correctly
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Test that the file was really copied over
ansible.builtin.stat:
path: "{{ output_dir }}/foo.result"
register: stat_result
- assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: test that the file is not copied a second time
synchronize:
src='{{output_dir}}/foo.txt'
dest='{{output_dir}}/foo.result'
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
- name: Test that the file was really copied over
ansible.builtin.assert:
that:
- sync_result.changed == False
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Test that the file is not copied a second time
ansible.posix.synchronize:
src: "'{{ output_dir }}/foo.txt'"
dest: "'{{ output_dir }}/foo.result'"
cmd: ""
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Test that no change occurred
ansible.builtin.assert:
that:
- not sync_result.changed
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.result
- bar.result
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.result
- bar.result
- name: Synchronize using the mode=push param
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: push
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
delegate_to: "{{ inventory_hostname }}"
'')'
- name: test that the file was really copied over
stat:
path: '{{ output_dir }}/foo.result'
- name: Check that the file was copied over correctly mode=push
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Test that the file was really copied over
ansible.builtin.stat:
path: "{{ output_dir }}/foo.result"
register: stat_result
- assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: test that the file is not copied a second time
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
- name: Ensure file exists and checksum matches
ansible.builtin.assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Test that the file is not copied a second time
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: push
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
delegate_to: "{{ inventory_hostname }}"
- name: Ensure no change occorred
ansible.builtin.assert:
that:
- sync_result.changed == False
- sync_result.changed == False
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.result
- bar.result
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.result
- bar.result
- name: Synchronize using the mode=pull param
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: pull
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
delegate_to: "{{ inventory_hostname }}"
'')'
- name: test that the file was really copied over
stat:
path: '{{ output_dir }}/foo.result'
- name: Check that the file was copied over correctly mode=pull
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Test that the file was really copied over
ansible.builtin.stat:
path: "{{ output_dir }}/foo.result"
register: stat_result
- assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: test that the file is not copied a second time
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
- name: Ensure file exists and checksum matches
ansible.builtin.assert:
that:
- stat_result.stat.exists == True
- stat_result.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Test that the file is not copied a second time
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
mode: pull
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
delegate_to: "{{ inventory_hostname }}"
- name: Ensure no change occorred
ansible.builtin.assert:
that:
- sync_result.changed == False
- sync_result.changed == False
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.result
- bar.result
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.result
- bar.result
- name: synchronize files using with_items (issue#5965)
synchronize:
src: '{{output_dir}}/{{item}}'
dest: '{{output_dir}}/{{item}}.result'
with_items:
- foo.txt
- bar.txt
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result.changed
- sync_result.msg == 'All items completed'
- '''results'' in sync_result'
- sync_result.results|length == 2
- 'sync_result.results[0].msg.endswith(''+ foo.txt
'')'
- 'sync_result.results[1].msg.endswith(''+ bar.txt
'')'
- name: Cleanup
file:
state: absent
path: '{{output_dir}}/{{item}}.result'
with_items:
- foo.txt
- bar.txt
- name: synchronize files using rsync_path (issue#7182)
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.rsync_path'
rsync_path: 'sudo rsync'
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- '''cmd'' in sync_result'
- '''rsync'' in sync_result.cmd'
- '''rsync_path'' in sync_result.cmd'
- '''msg'' in sync_result'
- sync_result.msg.startswith('>f+')
- 'sync_result.msg.endswith(''+ foo.txt
'')'
- name: Cleanup
file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- foo.rsync_path
- name: add subdirectories for link-dest test
file:
path: '{{output_dir}}/{{item}}/'
state: directory
mode: '0755'
with_items:
- directory_a
- directory_b
- name: copy foo.txt into the first directory
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/{{item}}/foo.txt'
with_items:
- directory_a
delegate_to: '{{ inventory_hostname }}'
- name: synchronize files using link_dest
synchronize:
src: '{{output_dir}}/directory_a/foo.txt'
dest: '{{output_dir}}/directory_b/foo.txt'
link_dest:
- '{{output_dir}}/directory_a'
register: sync_result
delegate_to: '{{ inventory_hostname }}'
- name: get stat information for directory_a
stat:
path: '{{ output_dir }}/directory_a/foo.txt'
register: stat_result_a
- name: get stat information for directory_b
stat:
path: '{{ output_dir }}/directory_b/foo.txt'
register: stat_result_b
- assert:
that:
- '''changed'' in sync_result'
- sync_result.changed == true
- stat_result_a.stat.inode == stat_result_b.stat.inode
- name: synchronize files using link_dest that would be recursive
synchronize:
src: '{{output_dir}}/foo.txt'
dest: '{{output_dir}}/foo.result'
link_dest:
- '{{output_dir}}'
register: sync_result
ignore_errors: true
delegate_to: '{{ inventory_hostname }}'
- assert:
that:
- sync_result is not changed
- sync_result is failed
- name: Cleanup
file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- directory_b/foo.txt
- directory_a/foo.txt
- directory_a
- directory_b
- name: setup - test for source with working dir with spaces in path
file:
state: directory
path: '{{output_dir}}/{{item}}'
delegate_to: '{{ inventory_hostname }}'
with_items:
- 'directory a'
- 'directory b'
- name: setup - create test new files
copy:
dest: '{{output_dir}}/directory a/{{item}}'
mode: '0644'
content: 'hello world'
- name: Synchronize files using with_items (issue#5965)
ansible.posix.synchronize:
src: "{{ output_dir }}/{{ item }}"
dest: "{{ output_dir }}/{{ item }}.result"
with_items:
- foo.txt
delegate_to: '{{ inventory_hostname }}'
- name: copy source with spaces in dir path
synchronize:
src: '{{output_dir}}/directory a/foo.txt'
dest: '{{output_dir}}/directory b/'
delegate_to: '{{ inventory_hostname }}'
- bar.txt
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Validate syncrhonize with_items
ansible.builtin.assert:
that:
- sync_result.changed
- sync_result.msg == 'All items completed'
- "'results' in sync_result"
- sync_result.results|length == 2
- "sync_result.results[0].msg.endswith('+ foo.txt\n')"
- "sync_result.results[1].msg.endswith('+ bar.txt\n')"
- name: Cleanup
ansible.builtin.file:
state: absent
path: "{{ output_dir }}/{{ item }}.result"
loop:
- foo.txt
- bar.txt
- name: Synchronize files using rsync_path (issue#7182)
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.rsync_path"
rsync_path: sudo rsync
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Validate syncrhonize using rsync_path (issue#7182)
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- "'cmd' in sync_result"
- "'rsync' in sync_result.cmd"
- "'rsync_path' in sync_result.cmd"
- "'msg' in sync_result"
- sync_result.msg.startswith('>f+')
- "sync_result.msg.endswith('+ foo.txt\n')"
- name: Cleanup
ansible.builtin.file:
state: absent
path: "{{ output_dir }}/{{ item }}"
loop:
- foo.rsync_path
- name: Add subdirectories for link-dest test
ansible.builtin.file:
path: "{{ output_dir }}/{{ item }}/"
state: directory
mode: "0755"
loop:
- directory_a
- directory_b
- name: Copy foo.txt into the first directory
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/{{ item }}/foo.txt"
loop:
- directory_a
delegate_to: "{{ inventory_hostname }}"
- name: Synchronize files using link_dest
ansible.posix.synchronize:
src: "{{ output_dir }}/directory_a/foo.txt"
dest: "{{ output_dir }}/directory_b/foo.txt"
link_dest:
- "{{ output_dir }}/directory_a"
register: sync_result
delegate_to: "{{ inventory_hostname }}"
- name: Get stat information for directory_a
ansible.builtin.stat:
path: "{{ output_dir }}/directory_a/foo.txt"
register: stat_result_a
- name: Get stat information for directory_b
ansible.builtin.stat:
path: "{{ output_dir }}/directory_b/foo.txt"
register: stat_result_b
- name: Ensure file exists and inode matches
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- stat_result_a.stat.inode == stat_result_b.stat.inode
- name: Synchronize files using link_dest that would be recursive
ansible.posix.synchronize:
src: "{{ output_dir }}/foo.txt"
dest: "{{ output_dir }}/foo.result"
link_dest:
- "{{ output_dir }}"
register: sync_result
ignore_errors: true
- name: get stat information for directory_b
stat:
path: '{{ output_dir }}/directory b/foo.txt'
register: stat_result_b
- assert:
delegate_to: "{{ inventory_hostname }}"
- name: Ensure no change occorred and failed
ansible.builtin.assert:
that:
- '''changed'' in sync_result'
- sync_result is not changed
- sync_result is failed
- name: Cleanup
ansible.builtin.file:
state: absent
path: "{{ output_dir }}/{{ item }}"
loop:
- directory_b/foo.txt
- directory_a/foo.txt
- directory_a
- directory_b
- name: Setup - test for source with working dir with spaces in path
ansible.builtin.file:
state: directory
path: "{{ output_dir }}/{{ item }}"
mode: "0755"
delegate_to: "{{ inventory_hostname }}"
loop:
- directory a
- directory b
- name: Setup - create test new files
ansible.builtin.copy:
dest: "{{ output_dir }}/directory a/{{ item }}"
mode: "0644"
content: hello world
loop:
- foo.txt
delegate_to: "{{ inventory_hostname }}"
- name: Copy source with spaces in dir path
ansible.posix.synchronize:
src: "{{ output_dir }}/directory a/foo.txt"
dest: "{{ output_dir }}/directory b/"
delegate_to: "{{ inventory_hostname }}"
register: sync_result
ignore_errors: true
- name: Get stat information for directory_b
ansible.builtin.stat:
path: "{{ output_dir }}/directory b/foo.txt"
register: stat_result_b
- name: Ensure file exists and checksum matches
ansible.builtin.assert:
that:
- "'changed' in sync_result"
- sync_result.changed == true
- stat_result_b.stat.exists == True
- stat_result_b.stat.checksum == '2aae6c35c94fcfb415dbe95f408b9ce91ee846ed'
- name: Cleanup
file:
ansible.builtin.file:
state: absent
path: '{{output_dir}}/{{item}}'
with_items:
- 'directory b/foo.txt'
- 'directory a/foo.txt'
- 'directory a'
- 'directory b'
path: "{{ output_dir }}/{{ item }}"
loop:
- directory b/foo.txt
- directory a/foo.txt
- directory a
- directory b

1
tests/integration/targets/sysctl/meta/main.yml
View file

@ -1,2 +1,3 @@
---
dependencies:
- prepare_tests

210
tests/integration/targets/sysctl/tasks/main.yml
View file

@ -1,3 +1,4 @@
---
# Test code for the sysctl module.
# (c) 2017, James Tanner <tanner.jc@gmail.com>
@ -24,79 +25,87 @@
when:
- ansible_facts.virtualization_type == 'docker' or ansible_facts.virtualization_type == 'container'
block:
- set_fact:
- name: Set output_dir_test fact
ansible.builtin.set_fact:
output_dir_test: "{{ output_dir }}/test_sysctl"
- name: make sure our testing sub-directory does not exist
file:
- name: Make sure our testing sub-directory does not exist
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: absent
- name: create our testing sub-directory
file:
- name: Create our testing sub-directory
ansible.builtin.file:
path: "{{ output_dir_test }}"
state: directory
mode: "0755"
##
## sysctl - file manipulation
##
- name: copy the example conf to the test dir
copy:
- name: Copy the example conf to the test dir
ansible.builtin.copy:
src: sysctl.conf
dest: "{{ output_dir_test }}"
mode: "0644"
- name: Set vm.swappiness to 5
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: 5
state: present
reload: no
reload: false
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test0
- debug:
- name: Debug sysctl_test0
ansible.builtin.debug:
var: sysctl_test0
verbosity: 1
- name: get file content
shell: "cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\\#"
- name: Get file content
ansible.builtin.shell: set -o pipefail && cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\#
changed_when: false
register: sysctl_content0
- debug:
- name: Debug sysctl_content0
ansible.builtin.debug:
var: sysctl_content0
verbosity: 1
- name: Set vm.swappiness to 5 again
sysctl:
name: vm.swappiness
value: 5
state: present
reload: no
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
ansible.posix.sysctl:
name: vm.swappiness
value: 5
state: present
reload: false
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test1
- name: validate results
assert:
that:
- sysctl_test0 is changed
- sysctl_test1 is not changed
- 'sysctl_content0.stdout_lines[sysctl_content0.stdout_lines.index("vm.swappiness=5")] == "vm.swappiness=5"'
- name: Validate results
ansible.builtin.assert:
that:
- sysctl_test0 is changed
- sysctl_test1 is not changed
- sysctl_content0.stdout_lines[sysctl_content0.stdout_lines.index("vm.swappiness=5")] == "vm.swappiness=5"
- name: Remove kernel.panic
sysctl:
ansible.posix.sysctl:
name: kernel.panic
value: 2
reload: no
reload: false
state: absent
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test2
- name: get file content
shell: "cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\\#"
- name: Get file content
ansible.builtin.shell: set -o pipefail && cat {{ output_dir_test }}/sysctl.conf | egrep -v ^\#
changed_when: false
register: sysctl_content2
- debug:
- name: Debug sysctl_test2 sysctl_content2
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
@ -104,38 +113,39 @@
- "{{ sysctl_content2 }}"
- name: Validate results for key removal
assert:
ansible.builtin.assert:
that:
- sysctl_test2 is changed
- "'kernel.panic' not in sysctl_content2.stdout_lines"
- name: Test remove kernel.panic again
sysctl:
ansible.posix.sysctl:
name: kernel.panic
value: 2
state: absent
reload: no
reload: false
sysctl_file: "{{ output_dir_test }}/sysctl.conf"
register: sysctl_test2_change_test
- name: Assert that no change was made
assert:
ansible.builtin.assert:
that:
- sysctl_test2_change_test is not changed
- name: Try sysctl with an invalid name
sysctl:
ansible.posix.sysctl:
name: test.invalid
value: 1
register: sysctl_test3
ignore_errors: yes
ignore_errors: true
- debug:
- name: Debug sysctl_test3
ansible.builtin.debug:
var: sysctl_test3
verbosity: 1
- name: validate results for test 3
assert:
- name: Validate results for test 3
ansible.builtin.assert:
that:
- sysctl_test3 is failed
@ -143,77 +153,79 @@
## sysctl - sysctl_set
##
- name: set net.ipv4.ip_forward
sysctl:
- name: Set net.ipv4.ip_forward
ansible.posix.sysctl:
name: net.ipv4.ip_forward
value: 1
sysctl_set: yes
reload: no
sysctl_set: true
reload: false
register: sysctl_test3
- name: check with sysctl command
shell: sysctl net.ipv4.ip_forward
- name: Check with sysctl command
ansible.builtin.command: sysctl net.ipv4.ip_forward
changed_when: false
register: sysctl_check3
- debug:
- name: Debug sysctl_test3 sysctl_check3
ansible.builtin.debug:
var: item
verbosity: 1
with_items:
- "{{ sysctl_test3 }}"
- "{{ sysctl_check3 }}"
- name: validate results for test 3
assert:
- name: Validate results for test 3
ansible.builtin.assert:
that:
- sysctl_test3 is changed
- 'sysctl_check3.stdout_lines == ["net.ipv4.ip_forward = 1"]'
- sysctl_check3.stdout_lines == ["net.ipv4.ip_forward = 1"]
- name: Try sysctl with no name
sysctl:
ansible.posix.sysctl:
name: ""
value: 1
sysctl_set: yes
ignore_errors: True
sysctl_set: true
ignore_errors: true
register: sysctl_no_name
- name: validate nameless results
assert:
- name: Validate nameless results
ansible.builtin.assert:
that:
- sysctl_no_name is failed
- "sysctl_no_name.msg == 'name cannot be blank'"
- sysctl_no_name.msg == 'name cannot be blank'
- name: Try sysctl with no value
sysctl:
ansible.posix.sysctl:
name: Foo
value:
sysctl_set: yes
ignore_errors: True
sysctl_set: true
ignore_errors: true
register: sysctl_no_value
- name: validate nameless results
assert:
- name: Validate nameless results
ansible.builtin.assert:
that:
- sysctl_no_value is failed
- "sysctl_no_value.msg == 'value cannot be None'"
- sysctl_no_value.msg == 'value cannot be None'
- name: Try sysctl with an invalid name
sysctl:
ansible.posix.sysctl:
name: test.invalid
value: 1
sysctl_set: yes
sysctl_set: true
register: sysctl_test4
ignore_errors: yes
ignore_errors: true
- debug:
- name: Debug sysctl_test4
ansible.builtin.debug:
var: sysctl_test4
verbosity: 1
- name: validate results for test 4
assert:
- name: Validate results for test 4
ansible.builtin.assert:
that:
- sysctl_test4 is failed
- name: Test on RHEL VMs
when:
- ansible_facts.virtualization_type != 'docker'
@ -221,34 +233,37 @@
block:
# Test reload: yes
- name: Set sysctl property using module
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '22'
value: "22"
state: present
reload: yes
reload: true
register: sysctl_set1
- name: Change sysctl property using command
command: sysctl vm.swappiness=33
ansible.builtin.command: sysctl vm.swappiness=33
changed_when: true
- name: Set sysctl property using module
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '22'
value: "22"
state: present
reload: yes
reload: true
register: sysctl_set2
- name: Read /etc/sysctl.conf
command: 'egrep -v ^# /etc/sysctl.conf'
ansible.builtin.command: egrep -v ^# /etc/sysctl.conf
changed_when: false
register: sysctl_conf_content
- name: Get current value of vm.swappiness
command: sysctl -n vm.swappiness
ansible.builtin.command: sysctl -n vm.swappiness
changed_when: false
register: sysctl_current_vm_swappiness
- name: Ensure changes were made appropriately
assert:
ansible.builtin.assert:
that:
- sysctl_set1 is changed
- sysctl_set2 is changed
@ -257,33 +272,35 @@
# Test reload: yes in check mode
- name: Set the same value using module in check mode
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '22'
value: "22"
state: present
reload: yes
check_mode: yes
reload: true
check_mode: true
register: sysctl_check_mode1
- name: Set a different value using module in check mode
sysctl:
ansible.posix.sysctl:
name: vm.swappiness
value: '44'
value: "44"
state: present
reload: yes
check_mode: yes
reload: true
check_mode: true
register: sysctl_check_mode2
- name: Read /etc/sysctl.conf
command: 'egrep -v ^# /etc/sysctl.conf'
ansible.builtin.command: egrep -v ^# /etc/sysctl.conf
changed_when: false
register: sysctl_check_mode_conf_content
- name: Get current value of vm.swappiness
command: sysctl -n vm.swappiness
ansible.builtin.command: sysctl -n vm.swappiness
changed_when: false
register: sysctl_check_mode_current_vm_swappiness
- name: Ensure no changes were made in check mode
assert:
ansible.builtin.assert:
that:
- sysctl_check_mode1 is success
- sysctl_check_mode2 is changed
@ -292,21 +309,22 @@
# Test sysctl: invalid value
- name: Set invalid sysctl property using module
sysctl:
ansible.posix.sysctl:
name: vm.mmap_rnd_bits
value: '1024'
value: "1024"
state: present
reload: yes
sysctl_set: True
ignore_errors: True
reload: true
sysctl_set: true
ignore_errors: true
register: sysctl_invalid_set1
- name: Read /etc/sysctl.conf
command: 'cat /etc/sysctl.conf'
ansible.builtin.command: cat /etc/sysctl.conf
changed_when: false
register: sysctl_invalid_conf_content
- name: Ensure changes were not made
assert:
ansible.builtin.assert:
that:
- sysctl_invalid_set1 is failed
- "'vm.mmap_rnd_bits' not in sysctl_invalid_conf_content.stdout"

6
tests/sanity/ignore-2.14.txt
View file

@ -1,8 +1,2 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/check_matrix.py replace-urlopen
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.15.txt
View file

@ -1,8 +1,2 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/check_matrix.py replace-urlopen
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.16.txt
View file

@ -1,7 +1 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.17.txt
View file

@ -1,7 +1 @@
plugins/modules/synchronize.py pylint:disallowed-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/timing.py shebang

6
tests/sanity/ignore-2.9.txt
View file

@ -1,8 +1,2 @@
plugins/modules/synchronize.py pylint:blacklisted-name
plugins/modules/synchronize.py use-argspec-type-path
plugins/modules/synchronize.py validate-modules:doc-default-does-not-match-spec
plugins/modules/synchronize.py validate-modules:nonexistent-parameter-documented
plugins/modules/synchronize.py validate-modules:parameter-type-not-in-doc
plugins/modules/synchronize.py validate-modules:undocumented-parameter
tests/utils/shippable/check_matrix.py replace-urlopen
tests/utils/shippable/timing.py shebang

27
tests/unit/plugins/action/fixtures/synchronize/basic/meta.yaml
View file

@ -1,17 +1,18 @@
---
fixtures:
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self._play_context.shell == 'sh'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self._play_context.shell == 'sh'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'

65
tests/unit/plugins/action/fixtures/synchronize/basic_become/meta.yaml
View file

@ -1,39 +1,40 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
#rsync_path: rsync
src: /tmp/deleteme
dest: /tmp/deleteme
# rsync_path: rsync
_task:
become: True
become_method: None
become: true
become_method: None
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
become: True
become_method: sudo
remote_addr: el6host
remote_user: root
become: true
become_method: sudo
remote_addr: el6host
remote_user: root
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- "self.final_module_args['rsync_path'] == 'sudo -u root rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.task.become == True"
- "self.task.become_user == None"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == 'el6host'"
- "self._play_context.remote_user == 'root'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- self.final_module_args['rsync_path'] == 'sudo -u root rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.task.become == True
- self.task.become_user == None
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == 'el6host'
- self._play_context.remote_user == 'root'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

65
tests/unit/plugins/action/fixtures/synchronize/basic_become_cli/meta.yaml
View file

@ -1,39 +1,40 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
#rsync_path: rsync
src: /tmp/deleteme
dest: /tmp/deleteme
# rsync_path: rsync
_task:
become: None
become_method: None
become: None
become_method: None
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
become: True
become_method: sudo
remote_addr: el6host
remote_user: root
become: true
become_method: sudo
remote_addr: el6host
remote_user: root
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- "self.final_module_args['rsync_path'] == 'sudo -u root rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.task.become == None"
- "self.task.become_user == None"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == 'el6host'"
- "self._play_context.remote_user == 'root'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
# this is a crucial aspect of this scenario ...
# note: become_user None -> root
- self.final_module_args['rsync_path'] == 'sudo -u root rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.task.become == None
- self.task.become_user == None
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == 'el6host'
- self._play_context.remote_user == 'root'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

47
tests/unit/plugins/action/fixtures/synchronize/basic_vagrant/meta.yaml
View file

@ -1,29 +1,30 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
remote_addr: '127.0.0.1'
remote_user: vagrant
remote_addr: 127.0.0.1
remote_user: vagrant
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['dest_port'] == 2202"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == '127.0.0.1'"
- "self._play_context.remote_user == 'vagrant'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['dest_port'] == 2202
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == '127.0.0.1'
- self._play_context.remote_user == 'vagrant'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

51
tests/unit/plugins/action/fixtures/synchronize/basic_vagrant_become_cli/meta.yaml
View file

@ -1,32 +1,33 @@
---
task:
#become: None
# become: None
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
become: True
remote_addr: '127.0.0.1'
remote_user: vagrant
become: true
remote_addr: 127.0.0.1
remote_user: vagrant
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['dest_port'] == 2202"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == '127.0.0.1'"
- "self._play_context.remote_user == 'vagrant'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['dest_port'] == 2202
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == '127.0.0.1'
- self._play_context.remote_user == 'vagrant'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

47
tests/unit/plugins/action/fixtures/synchronize/basic_vagrant_sudo/meta.yaml
View file

@ -1,29 +1,30 @@
---
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
connection:
transport: 'ssh'
transport: ssh
_play_context:
remote_addr: '127.0.0.1'
remote_user: vagrant
remote_addr: 127.0.0.1
remote_user: vagrant
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['dest_port'] == 2202"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'"
- "self._play_context.shell == 'sh'"
- "self._play_context.remote_addr == '127.0.0.1'"
- "self._play_context.remote_user == 'vagrant'"
- "self._play_context.become == False"
- "self._play_context.become_user == 'root'"
- "self._play_context.password == None"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['dest_port'] == 2202
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'vagrant@127.0.0.1:/tmp/deleteme'
- self._play_context.shell == 'sh'
- self._play_context.remote_addr == '127.0.0.1'
- self._play_context.remote_user == 'vagrant'
- self._play_context.become == False
- self._play_context.become_user == 'root'
- self._play_context.password == None

37
tests/unit/plugins/action/fixtures/synchronize/basic_with_private_key/meta.yaml
View file

@ -1,25 +1,26 @@
---
fixtures:
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
taskvars_in: taskvars_in.json
taskvars_out: taskvars_out.json
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
_play_context:
private_key_file: ~/test.pem
private_key_file: ~/test.pem
task_args:
private_key: ~/.ssh/id_rsa
dest: /tmp/deleteme
src: /tmp/deleteme
private_key: ~/.ssh/id_rsa
dest: /tmp/deleteme
src: /tmp/deleteme
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'local'"
- "self._play_context.shell == 'sh'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.final_module_args['private_key'] == '~/.ssh/id_rsa'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'local'
- self._play_context.shell == 'sh'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.final_module_args['private_key'] == '~/.ssh/id_rsa'

39
tests/unit/plugins/action/fixtures/synchronize/delegate_remote/meta.yaml
View file

@ -1,26 +1,27 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
shell: None
remote_addr: u1404
remote_user: root
shell: None
remote_addr: u1404
remote_user: root
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'

43
tests/unit/plugins/action/fixtures/synchronize/delegate_remote_play_context_private_key/meta.yaml
View file

@ -1,28 +1,29 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.final_module_args['private_key'] == '~/test.pem'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.final_module_args['private_key'] == '~/test.pem'

53
tests/unit/plugins/action/fixtures/synchronize/delegate_remote_su/meta.yaml
View file

@ -1,33 +1,34 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
src: /tmp/deleteme
dest: /tmp/deleteme
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
become: True
become_user: None #if ! None|root, different testcase
become_method: su
shell: None
remote_addr: u1404
remote_user: root
become: true
become_user: None # if ! None|root, different testcase
become_method: su
shell: None
remote_addr: u1404
remote_user: root
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self._play_context.remote_addr == 'u1404'"
- "self._play_context.remote_user == 'root'"
- "not self._play_context.become"
- "self._play_context.become_method == 'su'"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self._play_context.remote_addr == 'u1404'
- self._play_context.remote_user == 'root'
- not self._play_context.become
- self._play_context.become_method == 'su'
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'

45
tests/unit/plugins/action/fixtures/synchronize/delegate_remote_with_private_key/meta.yaml
View file

@ -1,29 +1,30 @@
---
fixtures:
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
taskvars_in: task_vars_in.json
taskvars_out: task_vars_out.json
task_args:
src: /tmp/deleteme
dest: /tmp/deleteme
private_key: ~/.ssh/id_rsa
src: /tmp/deleteme
dest: /tmp/deleteme
private_key: ~/.ssh/id_rsa
_task:
delegate_to: u1404
delegate_to: u1404
_play_context:
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
shell: None
remote_addr: u1404
remote_user: root
private_key_file: ~/test.pem
connection:
transport: 'ssh'
transport: ssh
hostvars:
'127.0.0.1': {}
'::1': {}
'localhost': {}
127.0.0.1: {}
::1: {}
localhost: {}
asserts:
- "hasattr(SAM._connection, 'ismock')"
- "SAM._connection.transport == 'ssh'"
- "self._play_context.shell == None"
- "self.execute_called"
- "self.final_module_args['_local_rsync_path'] == 'rsync'"
- "self.final_module_args['src'] == '/tmp/deleteme'"
- "self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'"
- "self.final_module_args['private_key'] == '~/.ssh/id_rsa'"
- hasattr(SAM._connection, 'ismock')
- SAM._connection.transport == 'ssh'
- self._play_context.shell == None
- self.execute_called
- self.final_module_args['_local_rsync_path'] == 'rsync'
- self.final_module_args['src'] == '/tmp/deleteme'
- self.final_module_args['dest'] == 'root@el6host:/tmp/deleteme'
- self.final_module_args['private_key'] == '~/.ssh/id_rsa'

2
tests/unit/requirements.yml
View file

@ -1,3 +1,3 @@
---
collections:
- community.general
- community.general