mirror of
https://github.com/ansible-collections/community.general.git
synced 2026-05-07 22:02:50 +00:00
Enable changed var with ufw check mode (#49948)
* Enable 'changed' var with ufw check mode * Fix from comment of the PR + Unit Test * Fix on ufw module after the second review - delete rules change works in check mode - simplify execute def & use it on every call process - improved regexp - rename vars defaults to current_default_values * Add ignore error to execute() and use it in get_current_rules() * Update after third code review (introduce change in changed status) * Adjust tests and fix some problems (#1) * 'active' also appears in 'inactive'. * 'reject' is also a valid option here. * For example for reloaded, changed will be set back to False here. * Improve and adjust tests. * Fix after merging integration test * handle "disabled" on default routed * Add /var/lib/ufw/.. rules files * add unit test * Fix pep8 formatting error * Separate ipv6 and ipv4 rules process from checkmode * fix non-ascii error on ci * Some change after review * Add unit test with sub network mask * rename is_match function by is_starting * add changelog fragment
This commit is contained in:
Jérôme BAROTIN
committed by
John R Barker
John R Barker
parent
708f0b07ba
commit
b99de25f32
@@ -1,5 +1,8 @@
|
||||
---
|
||||
# ############################################
|
||||
- name: Make sure it is off
|
||||
ufw:
|
||||
state: disabled
|
||||
- name: Enable (check mode)
|
||||
ufw:
|
||||
state: enabled
|
||||
@@ -20,7 +23,7 @@
|
||||
register: enable_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - enable_check is changed
|
||||
- enable_check is changed
|
||||
- enable is changed
|
||||
- enable_idem is not changed
|
||||
- enable_idem_check is not changed
|
||||
@@ -54,7 +57,7 @@
|
||||
register: ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - ipv4_allow_check is changed
|
||||
- ipv4_allow_check is changed
|
||||
- ipv4_allow is changed
|
||||
- ipv4_allow_idem is not changed
|
||||
- ipv4_allow_idem_check is not changed
|
||||
@@ -92,7 +95,7 @@
|
||||
register: delete_ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - delete_ipv4_allow_check is changed
|
||||
- delete_ipv4_allow_check is changed
|
||||
- delete_ipv4_allow is changed
|
||||
- delete_ipv4_allow_idem is not changed
|
||||
- delete_ipv4_allow_idem_check is not changed
|
||||
@@ -126,7 +129,7 @@
|
||||
register: ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - ipv6_allow_check is changed
|
||||
- ipv6_allow_check is changed
|
||||
- ipv6_allow is changed
|
||||
- ipv6_allow_idem is not changed
|
||||
- ipv6_allow_idem_check is not changed
|
||||
@@ -164,7 +167,7 @@
|
||||
register: delete_ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - delete_ipv6_allow_check is changed
|
||||
- delete_ipv6_allow_check is changed
|
||||
- delete_ipv6_allow is changed
|
||||
- delete_ipv6_allow_idem is not changed
|
||||
- delete_ipv6_allow_idem_check is not changed
|
||||
@@ -199,7 +202,7 @@
|
||||
register: ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - ipv4_allow_check is changed
|
||||
- ipv4_allow_check is changed
|
||||
- ipv4_allow is changed
|
||||
- ipv4_allow_idem is not changed
|
||||
- ipv4_allow_idem_check is not changed
|
||||
@@ -237,7 +240,7 @@
|
||||
register: delete_ipv4_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - delete_ipv4_allow_check is changed
|
||||
- delete_ipv4_allow_check is changed
|
||||
- delete_ipv4_allow is changed
|
||||
- delete_ipv4_allow_idem is not changed
|
||||
- delete_ipv4_allow_idem_check is not changed
|
||||
@@ -271,7 +274,7 @@
|
||||
register: ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - ipv6_allow is_check changed
|
||||
- ipv6_allow_check is changed
|
||||
- ipv6_allow is changed
|
||||
- ipv6_allow_idem is not changed
|
||||
- ipv6_allow_idem_check is not changed
|
||||
@@ -309,7 +312,7 @@
|
||||
register: delete_ipv6_allow_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - delete_ipv6_allow_check is changed
|
||||
- delete_ipv6_allow_check is changed
|
||||
- delete_ipv6_allow is changed
|
||||
- delete_ipv6_allow_idem is not changed
|
||||
- delete_ipv6_allow_idem_check is not changed
|
||||
@@ -326,8 +329,8 @@
|
||||
register: reload_check
|
||||
- assert:
|
||||
that:
|
||||
- reload is not changed # NOT as expected!
|
||||
- reload_check is not changed # NOT as expected!
|
||||
- reload is changed
|
||||
- reload_check is changed
|
||||
|
||||
# ############################################
|
||||
- name: Disable (check mode)
|
||||
@@ -350,7 +353,7 @@
|
||||
register: disable_idem_check
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - disable_check is changed
|
||||
- disable_check is changed
|
||||
- disable is changed
|
||||
- disable_idem is not changed
|
||||
- disable_idem_check is not changed
|
||||
@@ -393,7 +396,7 @@
|
||||
register: reset_idem_check
|
||||
- assert:
|
||||
that:
|
||||
- reset_check is not changed # NOT as expected!
|
||||
- reset is not changed # NOT as expected!
|
||||
- reset_idem is not changed
|
||||
- reset_idem_check is not changed
|
||||
- reset_check is changed
|
||||
- reset is changed
|
||||
- reset_idem is changed
|
||||
- reset_idem_check is changed
|
||||
|
||||
@@ -4,6 +4,9 @@
|
||||
state: enabled
|
||||
|
||||
# ############################################
|
||||
- name: Make sure logging is off
|
||||
ufw:
|
||||
logging: no
|
||||
- name: Logging (check mode)
|
||||
ufw:
|
||||
logging: yes
|
||||
@@ -17,6 +20,8 @@
|
||||
shell: |
|
||||
ufw status verbose | grep "^Logging:"
|
||||
register: ufw_logging
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- name: Logging (idempotency)
|
||||
ufw:
|
||||
logging: yes
|
||||
@@ -26,13 +31,31 @@
|
||||
logging: yes
|
||||
check_mode: yes
|
||||
register: logging_idem_check
|
||||
- name: Logging (change, check mode)
|
||||
ufw:
|
||||
logging: full
|
||||
check_mode: yes
|
||||
register: logging_change_check
|
||||
- name: Logging (change)
|
||||
ufw:
|
||||
logging: full
|
||||
register: logging_change
|
||||
- name: Get logging
|
||||
shell: |
|
||||
ufw status verbose | grep "^Logging:"
|
||||
register: ufw_logging_change
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- assert:
|
||||
that:
|
||||
- logging_check is not changed # NOT as expected!
|
||||
- logging is not changed # NOT as expected!
|
||||
- logging_check is changed
|
||||
- logging is changed
|
||||
- "ufw_logging.stdout == 'Logging: on (low)'"
|
||||
- logging_idem is not changed
|
||||
- logging_idem_check is not changed
|
||||
- "ufw_logging_change.stdout == 'Logging: on (full)'"
|
||||
- logging_change is changed
|
||||
- logging_change_check is changed
|
||||
|
||||
# ############################################
|
||||
- name: Default (check mode)
|
||||
@@ -50,6 +73,8 @@
|
||||
shell: |
|
||||
ufw status verbose | grep "^Default:"
|
||||
register: ufw_defaults
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- name: Default (idempotency)
|
||||
ufw:
|
||||
default: reject
|
||||
@@ -76,13 +101,15 @@
|
||||
shell: |
|
||||
ufw status verbose | grep "^Default:"
|
||||
register: ufw_defaults_change
|
||||
environment:
|
||||
LC_ALL: C
|
||||
- assert:
|
||||
that:
|
||||
# FIXME - default_check is changed
|
||||
- default_check is changed
|
||||
- default is changed
|
||||
- "'reject (incoming)' in ufw_defaults.stdout"
|
||||
- default_idem is not changed
|
||||
- default_idem_check is not changed
|
||||
# FIXME - default_change_check is changed
|
||||
- default_change_check is changed
|
||||
- default_change is changed
|
||||
- "'allow (incoming)' in ufw_defaults_change.stdout"
|
||||
|
||||
Reference in New Issue
Block a user