diff options
| author | Éloi Rivard <eloi.rivard@aquilenet.fr> | 2022-01-24 18:31:20 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-24 12:31:20 -0500 |
| commit | 3889ddeb4b780ab4bac9ca2e75f8c1991bcabe83 (patch) | |
| tree | 6a8cb277c9e333865024d5bc690c4afcecddbff8 /test/units/modules | |
| parent | d5a740ddca57ed344d1d023383d4aff563657424 (diff) | |
| download | ansible-3889ddeb4b780ab4bac9ca2e75f8c1991bcabe83.tar.gz | |
iptables - added a ``chain_management`` parameter to control chain (#76378)
creation and deletion
fixes #25099
closes #32158
Diffstat (limited to 'test/units/modules')
| -rw-r--r-- | test/units/modules/test_iptables.py | 210 |
1 files changed, 197 insertions, 13 deletions
diff --git a/test/units/modules/test_iptables.py b/test/units/modules/test_iptables.py index 5a55434ff2..265e770ac2 100644 --- a/test/units/modules/test_iptables.py +++ b/test/units/modules/test_iptables.py @@ -171,8 +171,8 @@ class TestIptables(ModuleTestCase): }) commands_results = [ - (1, '', ''), - (0, '', '') + (1, '', ''), # check_rule_present + (0, '', ''), # check_chain_present ] with patch.object(basic.AnsibleModule, 'run_command') as run_command: @@ -181,7 +181,7 @@ class TestIptables(ModuleTestCase): iptables.main() self.assertTrue(result.exception.args[0]['changed']) - self.assertEqual(run_command.call_count, 1) + self.assertEqual(run_command.call_count, 2) self.assertEqual(run_command.call_args_list[0][0][0], [ '/sbin/iptables', '-t', @@ -207,8 +207,9 @@ class TestIptables(ModuleTestCase): }) commands_results = [ - (1, '', ''), - (0, '', '') + (1, '', ''), # check_rule_present + (0, '', ''), # check_chain_present + (0, '', ''), ] with patch.object(basic.AnsibleModule, 'run_command') as run_command: @@ -217,7 +218,7 @@ class TestIptables(ModuleTestCase): iptables.main() self.assertTrue(result.exception.args[0]['changed']) - self.assertEqual(run_command.call_count, 2) + self.assertEqual(run_command.call_count, 3) self.assertEqual(run_command.call_args_list[0][0][0], [ '/sbin/iptables', '-t', @@ -231,7 +232,7 @@ class TestIptables(ModuleTestCase): '-j', 'ACCEPT' ]) - self.assertEqual(run_command.call_args_list[1][0][0], [ + self.assertEqual(run_command.call_args_list[2][0][0], [ '/sbin/iptables', '-t', 'filter', @@ -261,7 +262,8 @@ class TestIptables(ModuleTestCase): }) commands_results = [ - (1, '', ''), + (1, '', ''), # check_rule_present + (0, '', ''), # check_chain_present ] with patch.object(basic.AnsibleModule, 'run_command') as run_command: @@ -270,7 +272,7 @@ class TestIptables(ModuleTestCase): iptables.main() self.assertTrue(result.exception.args[0]['changed']) - self.assertEqual(run_command.call_count, 1) + self.assertEqual(run_command.call_count, 2) self.assertEqual(run_command.call_args_list[0][0][0], [ '/sbin/iptables', '-t', @@ -308,8 +310,9 @@ class TestIptables(ModuleTestCase): }) commands_results = [ - (1, '', ''), - (0, '', '') + (1, '', ''), # check_rule_present + (0, '', ''), # check_chain_present + (0, '', ''), ] with patch.object(basic.AnsibleModule, 'run_command') as run_command: @@ -318,7 +321,7 @@ class TestIptables(ModuleTestCase): iptables.main() self.assertTrue(result.exception.args[0]['changed']) - self.assertEqual(run_command.call_count, 2) + self.assertEqual(run_command.call_count, 3) self.assertEqual(run_command.call_args_list[0][0][0], [ '/sbin/iptables', '-t', @@ -340,7 +343,7 @@ class TestIptables(ModuleTestCase): '--to-ports', '8600' ]) - self.assertEqual(run_command.call_args_list[1][0][0], [ + self.assertEqual(run_command.call_args_list[2][0][0], [ '/sbin/iptables', '-t', 'nat', @@ -1006,3 +1009,184 @@ class TestIptables(ModuleTestCase): '-m', 'set', '--match-set', 'banned_hosts', 'src,dst' ]) + + def test_chain_creation(self): + """Test chain creation when absent""" + set_module_args({ + 'chain': 'FOOBAR', + 'state': 'present', + 'chain_management': True, + }) + + commands_results = [ + (1, '', ''), # check_rule_present + (1, '', ''), # check_chain_present + (0, '', ''), # create_chain + (0, '', ''), # append_rule + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertTrue(result.exception.args[0]['changed']) + + self.assertEqual(run_command.call_count, 4) + + self.assertEqual(run_command.call_args_list[0][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-C', 'FOOBAR', + ]) + + self.assertEqual(run_command.call_args_list[1][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-L', 'FOOBAR', + ]) + + self.assertEqual(run_command.call_args_list[2][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-N', 'FOOBAR', + ]) + + self.assertEqual(run_command.call_args_list[3][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-A', 'FOOBAR', + ]) + + commands_results = [ + (0, '', ''), # check_rule_present + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertFalse(result.exception.args[0]['changed']) + + def test_chain_creation_check_mode(self): + """Test chain creation when absent""" + set_module_args({ + 'chain': 'FOOBAR', + 'state': 'present', + 'chain_management': True, + '_ansible_check_mode': True, + }) + + commands_results = [ + (1, '', ''), # check_rule_present + (1, '', ''), # check_chain_present + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertTrue(result.exception.args[0]['changed']) + + self.assertEqual(run_command.call_count, 2) + + self.assertEqual(run_command.call_args_list[0][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-C', 'FOOBAR', + ]) + + self.assertEqual(run_command.call_args_list[1][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-L', 'FOOBAR', + ]) + + commands_results = [ + (0, '', ''), # check_rule_present + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertFalse(result.exception.args[0]['changed']) + + def test_chain_deletion(self): + """Test chain deletion when present""" + set_module_args({ + 'chain': 'FOOBAR', + 'state': 'absent', + 'chain_management': True, + }) + + commands_results = [ + (0, '', ''), # check_chain_present + (0, '', ''), # delete_chain + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertTrue(result.exception.args[0]['changed']) + + self.assertEqual(run_command.call_count, 2) + + self.assertEqual(run_command.call_args_list[0][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-L', 'FOOBAR', + ]) + + self.assertEqual(run_command.call_args_list[1][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-X', 'FOOBAR', + ]) + + commands_results = [ + (1, '', ''), # check_rule_present + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertFalse(result.exception.args[0]['changed']) + + def test_chain_deletion_check_mode(self): + """Test chain deletion when present""" + set_module_args({ + 'chain': 'FOOBAR', + 'state': 'absent', + 'chain_management': True, + '_ansible_check_mode': True, + }) + + commands_results = [ + (0, '', ''), # check_chain_present + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertTrue(result.exception.args[0]['changed']) + + self.assertEqual(run_command.call_count, 1) + + self.assertEqual(run_command.call_args_list[0][0][0], [ + '/sbin/iptables', + '-t', 'filter', + '-L', 'FOOBAR', + ]) + + commands_results = [ + (1, '', ''), # check_rule_present + ] + + with patch.object(basic.AnsibleModule, 'run_command') as run_command: + run_command.side_effect = commands_results + with self.assertRaises(AnsibleExitJson) as result: + iptables.main() + self.assertFalse(result.exception.args[0]['changed']) |