From 7cf19b2b37d4e194644936cf5c55910da12f5c59 Mon Sep 17 00:00:00 2001 From: Samuli Silvius Date: Sun, 24 Mar 2019 13:36:08 +0200 Subject: Molecule tests for firewall role Issue-ID: OOM-1757 Change-Id: I48639bd0fb67383a58f736aa1c12c38e3ddc9ab0 Signed-off-by: Samuli Silvius --- ansible/roles/firewall/.yamllint | 11 ++++++++ .../roles/firewall/molecule/default/Dockerfile.j2 | 14 +++++++++ .../roles/firewall/molecule/default/molecule.yml | 33 ++++++++++++++++++++++ .../roles/firewall/molecule/default/playbook.yml | 5 ++++ .../roles/firewall/molecule/default/prepare.yml | 5 ++++ .../molecule/default/tests/test_default.py | 18 ++++++++++++ 6 files changed, 86 insertions(+) create mode 100644 ansible/roles/firewall/.yamllint create mode 100644 ansible/roles/firewall/molecule/default/Dockerfile.j2 create mode 100644 ansible/roles/firewall/molecule/default/molecule.yml create mode 100644 ansible/roles/firewall/molecule/default/playbook.yml create mode 100644 ansible/roles/firewall/molecule/default/prepare.yml create mode 100644 ansible/roles/firewall/molecule/default/tests/test_default.py (limited to 'ansible/roles') diff --git a/ansible/roles/firewall/.yamllint b/ansible/roles/firewall/.yamllint new file mode 100644 index 00000000..ad0be760 --- /dev/null +++ b/ansible/roles/firewall/.yamllint @@ -0,0 +1,11 @@ +extends: default + +rules: + braces: + max-spaces-inside: 1 + level: error + brackets: + max-spaces-inside: 1 + level: error + line-length: disable + truthy: disable diff --git a/ansible/roles/firewall/molecule/default/Dockerfile.j2 b/ansible/roles/firewall/molecule/default/Dockerfile.j2 new file mode 100644 index 00000000..e6aa95d3 --- /dev/null +++ b/ansible/roles/firewall/molecule/default/Dockerfile.j2 @@ -0,0 +1,14 @@ +# Molecule managed + +{% if item.registry is defined %} +FROM {{ item.registry.url }}/{{ item.image }} +{% else %} +FROM {{ item.image }} +{% endif %} + +RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \ + elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \ + elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \ + elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \ + elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \ + elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi diff --git a/ansible/roles/firewall/molecule/default/molecule.yml b/ansible/roles/firewall/molecule/default/molecule.yml new file mode 100644 index 00000000..81ace9ce --- /dev/null +++ b/ansible/roles/firewall/molecule/default/molecule.yml @@ -0,0 +1,33 @@ +--- +dependency: + name: galaxy +driver: + name: docker +lint: + name: yamllint +platforms: + - name: centos7 + image: couchbase/centos7-systemd + privileged: true + command: "" + volumes: + - /sys/fs/cgroup:/sys/fs/cgroup:ro + + - name: ubuntu18 + image: solita/ubuntu-systemd:18.04 + command: /sbin/init + privileged: true + volumes: + - /lib/modules:/lib/modules:ro +provisioner: + name: ansible + env: + ANSIBLE_ROLES_PATH: ../../../../test/roles + lint: + name: ansible-lint +verifier: + name: testinfra + options: + verbose: true + lint: + name: flake8 diff --git a/ansible/roles/firewall/molecule/default/playbook.yml b/ansible/roles/firewall/molecule/default/playbook.yml new file mode 100644 index 00000000..73b20eac --- /dev/null +++ b/ansible/roles/firewall/molecule/default/playbook.yml @@ -0,0 +1,5 @@ +--- +- name: Converge + hosts: all + roles: + - role: firewall diff --git a/ansible/roles/firewall/molecule/default/prepare.yml b/ansible/roles/firewall/molecule/default/prepare.yml new file mode 100644 index 00000000..5e0e9a33 --- /dev/null +++ b/ansible/roles/firewall/molecule/default/prepare.yml @@ -0,0 +1,5 @@ +--- +- name: Prepare + hosts: all + roles: + - prepare-firewall diff --git a/ansible/roles/firewall/molecule/default/tests/test_default.py b/ansible/roles/firewall/molecule/default/tests/test_default.py new file mode 100644 index 00000000..a346cb57 --- /dev/null +++ b/ansible/roles/firewall/molecule/default/tests/test_default.py @@ -0,0 +1,18 @@ +import os + +import testinfra.utils.ansible_runner + +testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner( + os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all') + + +def test_firewall_service_disabled(host): + distribution = host.system_info.distribution + if distribution == "centos": + svc = "firewalld" + elif distribution == "ubuntu": + svc = "ufw" + service = host.service(svc) + + assert not service.is_running + assert not service.is_enabled -- cgit 1.2.3-korg