2019-09-18 11:29:48 +02:00
|
|
|
import os
|
|
|
|
|
|
|
|
|
|
import testinfra.utils.ansible_runner
|
|
|
|
|
|
2019-10-17 20:53:21 +02:00
|
|
|
import warnings
|
2021-06-07 22:14:29 +02:00
|
|
|
|
2019-10-17 20:53:21 +02:00
|
|
|
warnings.filterwarnings("ignore", category=DeprecationWarning)
|
|
|
|
|
|
2019-09-18 11:29:48 +02:00
|
|
|
testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
|
2021-06-07 22:14:29 +02:00
|
|
|
os.environ['MOLECULE_INVENTORY_FILE']
|
|
|
|
|
).get_hosts('all')
|
2019-09-18 11:29:48 +02:00
|
|
|
|
|
|
|
|
|
2019-10-17 20:53:21 +02:00
|
|
|
def test_iptables_is_installed(host):
|
|
|
|
|
iptables = host.package("iptables")
|
|
|
|
|
assert iptables.is_installed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_iptables_running_and_enabled(host):
|
|
|
|
|
iptables = host.service("iptables")
|
|
|
|
|
assert iptables.is_running
|
|
|
|
|
assert iptables.is_enabled
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_iptables_default_rules(host):
|
|
|
|
|
defaults = [
|
|
|
|
|
'-P INPUT ACCEPT',
|
|
|
|
|
'-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
|
|
|
'-A INPUT -i lo -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
|
|
|
'-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
|
|
|
'-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
|
|
|
|
|
'-A INPUT -m comment --comment "ansible[iptables_default_tail]" -j REJECT --reject-with icmp-port-unreachable'
|
|
|
|
|
]
|
2019-09-18 11:29:48 +02:00
|
|
|
|
2019-10-17 20:53:21 +02:00
|
|
|
rules = host.iptables.rules("filter", "INPUT")
|
|
|
|
|
assert defaults == rules
|
