"Fossies" - the Fresh Open Source Software Archive 
Member "ansible-6.1.0/ansible_collections/community/general/tests/integration/targets/iptables_state/tasks/tests/01-tables.yml" (12 Jul 2022, 8132 Bytes) of package /linux/misc/ansible-6.1.0.tar.gz:
As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) Ansible YAML source code syntax highlighting (style:
standard) with prefixed line numbers.
Alternatively you can here
view or
download the uninterpreted source code file.
1 ---
2 - name: "ensure our next rule is not there (iptables)"
3 iptables:
4 table: nat
5 chain: INPUT
6 jump: ACCEPT
7 state: absent
8
9 - name: "get state (table filter)"
10 iptables_state:
11 table: filter
12 state: saved
13 path: "{{ iptables_saved }}"
14 register: iptables_state
15 changed_when: false
16 check_mode: yes
17
18 - name: "assert that results are as expected"
19 assert:
20 that:
21 - "'*filter' in iptables_state.initial_state"
22 - iptables_state.tables.filter is defined
23 - iptables_state.tables.nat is undefined
24 quiet: yes
25
26
27
28 - name: "get state (table nat)"
29 iptables_state:
30 table: nat
31 state: saved
32 path: "{{ iptables_saved }}"
33 register: iptables_state
34 changed_when: false
35 check_mode: yes
36
37 - name: "assert that results are as expected"
38 assert:
39 that:
40 - "'*nat' in iptables_state.initial_state"
41 - "'*filter' in iptables_state.initial_state"
42 - iptables_state.tables.nat is defined
43 - iptables_state.tables.filter is undefined
44 quiet: yes
45
46
47
48 - name: "save state (table filter)"
49 iptables_state:
50 path: "{{ iptables_saved }}"
51 state: saved
52 table: filter
53 register: iptables_state
54
55 - name: "assert that results are as expected"
56 assert:
57 that:
58 - "'*filter' in iptables_state.initial_state"
59 - "'*filter' in iptables_state.saved"
60 - "'*nat' in iptables_state.initial_state"
61 - "'*nat' not in iptables_state.saved"
62 - iptables_state.tables.filter is defined
63 - iptables_state.tables.nat is undefined
64 quiet: yes
65
66
67
68 - name: "save state (table nat)"
69 iptables_state:
70 path: "{{ iptables_saved }}"
71 state: saved
72 table: nat
73 register: iptables_state
74
75 - name: "assert that results are as expected"
76 assert:
77 that:
78 - iptables_state is changed
79 - "'*nat' in iptables_state.initial_state"
80 - "'*nat' in iptables_state.saved"
81 - "'*filter' in iptables_state.initial_state"
82 - "'*filter' not in iptables_state.saved"
83 - iptables_state.tables.nat is defined
84 - iptables_state.tables.filter is undefined
85 quiet: yes
86
87
88
89 - name: "save state (any table)"
90 iptables_state:
91 path: "{{ iptables_saved }}"
92 state: saved
93 register: iptables_state
94
95 - name: "assert that results are as expected"
96 assert:
97 that:
98 - iptables_state is changed
99 - "'*filter' in iptables_state.initial_state"
100 - "'*filter' in iptables_state.saved"
101 - "'*nat' in iptables_state.initial_state"
102 - "'*nat' in iptables_state.saved"
103 - iptables_state.tables.filter is defined
104 - iptables_state.tables.nat is defined
105 quiet: yes
106
107
108
109 - name: "restore state (table nat, must NOT report a change, no warning)"
110 iptables_state:
111 path: "{{ iptables_saved }}"
112 state: restored
113 table: nat
114 register: iptables_state
115 async: "{{ ansible_timeout }}"
116 poll: 0
117
118 - name: "assert that results are as expected"
119 assert:
120 that:
121 - "'*nat' in iptables_state.initial_state"
122 - "'*nat' in iptables_state.restored"
123 - "'*filter' in iptables_state.initial_state"
124 - "'*filter' not in iptables_state.restored"
125 - iptables_state.tables.nat is defined
126 - iptables_state.tables.filter is undefined
127 - iptables_state is not changed
128 quiet: yes
129
130
131
132 - name: "change NAT table (iptables)"
133 iptables:
134 table: nat
135 chain: INPUT
136 jump: ACCEPT
137 state: present
138
139
140
141 - name: "restore state (table nat, must report a change, no warning)"
142 iptables_state:
143 path: "{{ iptables_saved }}"
144 state: restored
145 table: nat
146 register: iptables_state
147 async: "{{ ansible_timeout }}"
148 poll: 0
149
150 - name: "assert that results are as expected"
151 assert:
152 that:
153 - "'*nat' in iptables_state.initial_state"
154 - "'*nat' in iptables_state.restored"
155 - "'*filter' in iptables_state.initial_state"
156 - "'*filter' not in iptables_state.restored"
157 - iptables_state.tables.nat is defined
158 - "'-A INPUT -j ACCEPT' in iptables_state.tables.nat"
159 - "'-A INPUT -j ACCEPT' not in iptables_state.restored"
160 - iptables_state.tables.filter is undefined
161 - iptables_state is changed
162 quiet: yes
163
164
165
166 - name: "get security, raw and mangle tables states"
167 iptables_state:
168 path: "{{ iptables_saved }}"
169 state: saved
170 table: "{{ item }}"
171 loop:
172 - security
173 - raw
174 - mangle
175 changed_when: false
176 check_mode: yes
177
178
179
180 - name: "save state (any table)"
181 iptables_state:
182 path: "{{ iptables_saved }}"
183 state: saved
184 register: iptables_state
185
186 - name: "assert that results are as expected"
187 assert:
188 that:
189 - "'filter' in iptables_state.tables"
190 - "'*filter' in iptables_state.saved"
191 - "'mangle' in iptables_state.tables"
192 - "'*mangle' in iptables_state.saved"
193 - "'nat' in iptables_state.tables"
194 - "'*nat' in iptables_state.saved"
195 - "'raw' in iptables_state.tables"
196 - "'*raw' in iptables_state.saved"
197 - "'security' in iptables_state.tables"
198 - "'*security' in iptables_state.saved"
199 quiet: yes
200
201
202
203 - name: "save filter table into a test file"
204 iptables_state:
205 path: "{{ iptables_tests }}"
206 table: filter
207 state: saved
208
209 - name: "add a table header in comments (# *mangle)"
210 lineinfile:
211 path: "{{ iptables_tests }}"
212 line: "# *mangle"
213
214
215
216 - name: "restore state (table filter, must NOT report a change, no warning)"
217 iptables_state:
218 path: "{{ iptables_tests }}"
219 table: filter
220 state: restored
221 register: iptables_state
222 async: "{{ ansible_timeout }}"
223 poll: 0
224
225 - name: "assert that results are as expected"
226 assert:
227 that:
228 - "'*filter' in iptables_state.initial_state"
229 - "'*mangle' in iptables_state.initial_state"
230 - "'*nat' in iptables_state.initial_state"
231 - "'*raw' in iptables_state.initial_state"
232 - "'*security' in iptables_state.initial_state"
233 - "'filter' in iptables_state.tables"
234 - "'mangle' not in iptables_state.tables"
235 - "'nat' not in iptables_state.tables"
236 - "'raw' not in iptables_state.tables"
237 - "'security' not in iptables_state.tables"
238 - "'*filter' in iptables_state.restored"
239 - "'*mangle' not in iptables_state.restored"
240 - "'*nat' not in iptables_state.restored"
241 - "'*raw' not in iptables_state.restored"
242 - "'*security' not in iptables_state.restored"
243 - iptables_state is not changed
244 quiet: yes
245
246
247
248 - name: "restore state (any table, must NOT report a change, no warning)"
249 iptables_state:
250 path: "{{ iptables_tests }}"
251 state: restored
252 register: iptables_state
253 async: "{{ ansible_timeout }}"
254 poll: 0
255
256 - name: "assert that results are as expected"
257 assert:
258 that:
259 - "'*filter' in iptables_state.initial_state"
260 - "'*mangle' in iptables_state.initial_state"
261 - "'*nat' in iptables_state.initial_state"
262 - "'*raw' in iptables_state.initial_state"
263 - "'*security' in iptables_state.initial_state"
264 - "'filter' in iptables_state.tables"
265 - "'mangle' in iptables_state.tables"
266 - "'nat' in iptables_state.tables"
267 - "'raw' in iptables_state.tables"
268 - "'security' in iptables_state.tables"
269 - "'*filter' in iptables_state.restored"
270 - "'*mangle' in iptables_state.restored"
271 - "'*nat' in iptables_state.restored"
272 - "'*raw' in iptables_state.restored"
273 - "'*security' in iptables_state.restored"
274 - iptables_state is not changed
275 quiet: yes
276
277
278
279 - name: "restore state (table mangle, must fail, no warning)"
280 iptables_state:
281 path: "{{ iptables_tests }}"
282 table: mangle
283 state: restored
284 register: iptables_state
285 async: "{{ ansible_timeout }}"
286 poll: 0
287 ignore_errors: yes
288
289 - name: "explain expected failure"
290 assert:
291 that:
292 - iptables_state is failed
293 - "iptables_state.msg == 'Table mangle to restore not defined in {{ iptables_tests }}'"
294 success_msg: >-
295 The previous error has been triggered by trying to restore a table
296 that is missing in the file provided to iptables-restore.
297 fail_msg: >-
298 The previous task should have failed due to a missing table (mangle)
299 in the file to restore iptables state from.