blob: 69b2cde938e30839bccdd92400a6886eba884988 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
|
---
- name: Enable ufw
ufw:
state: enabled
# ############################################
- name: Make sure logging is off
ufw:
logging: no
- name: Logging (check mode)
ufw:
logging: yes
check_mode: yes
register: logging_check
- name: Logging
ufw:
logging: yes
register: logging
- name: Get logging
shell: |
ufw status verbose | grep "^Logging:"
register: ufw_logging
environment:
LC_ALL: C
- name: Logging (idempotency)
ufw:
logging: yes
register: logging_idem
- name: Logging (idempotency, check mode)
ufw:
logging: yes
check_mode: yes
register: logging_idem_check
- name: Logging (change, check mode)
ufw:
logging: full
check_mode: yes
register: logging_change_check
- name: Logging (change)
ufw:
logging: full
register: logging_change
- name: Get logging
shell: |
ufw status verbose | grep "^Logging:"
register: ufw_logging_change
environment:
LC_ALL: C
- assert:
that:
- logging_check is changed
- logging is changed
- "ufw_logging.stdout == 'Logging: on (low)'"
- logging_idem is not changed
- logging_idem_check is not changed
- "ufw_logging_change.stdout == 'Logging: on (full)'"
- logging_change is changed
- logging_change_check is changed
# ############################################
- name: Default (check mode)
ufw:
default: reject
direction: incoming
check_mode: yes
register: default_check
- name: Default
ufw:
default: reject
direction: incoming
register: default
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults
environment:
LC_ALL: C
- name: Default (idempotency)
ufw:
default: reject
direction: incoming
register: default_idem
- name: Default (idempotency, check mode)
ufw:
default: reject
direction: incoming
check_mode: yes
register: default_idem_check
- name: Default (change, check mode)
ufw:
default: allow
direction: incoming
check_mode: yes
register: default_change_check
- name: Default (change)
ufw:
default: allow
direction: incoming
register: default_change
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults_change
environment:
LC_ALL: C
- name: Default (change again)
ufw:
default: deny
direction: incoming
register: default_change_2
- name: Default (change incoming implicitly, check mode)
ufw:
default: allow
check_mode: yes
register: default_change_implicit_check
- name: Default (change incoming implicitly)
ufw:
default: allow
register: default_change_implicit
- name: Get defaults
shell: |
ufw status verbose | grep "^Default:"
register: ufw_defaults_change_implicit
environment:
LC_ALL: C
- name: Default (change incoming implicitly, idempotent, check mode)
ufw:
default: allow
check_mode: yes
register: default_change_implicit_idem_check
- name: Default (change incoming implicitly, idempotent)
ufw:
default: allow
register: default_change_implicit_idem
- assert:
that:
- default_check is changed
- default is changed
- "'reject (incoming)' in ufw_defaults.stdout"
- default_idem is not changed
- default_idem_check is not changed
- default_change_check is changed
- default_change is changed
- "'allow (incoming)' in ufw_defaults_change.stdout"
- default_change_2 is changed
- default_change_implicit_check is changed
- default_change_implicit is changed
- default_change_implicit_idem_check is not changed
- default_change_implicit_idem is not changed
- "'allow (incoming)' in ufw_defaults_change_implicit.stdout"
|
