import os

import testinfra.utils.ansible_runner

import warnings

warnings.filterwarnings("ignore", category=DeprecationWarning)

testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
    os.environ['MOLECULE_INVENTORY_FILE']
).get_hosts('all')


def test_iptables_is_installed(host):
    iptables = host.package("iptables")
    assert iptables.is_installed


def test_iptables_running_and_enabled(host):
    iptables = host.service("iptables")
    assert iptables.is_running
    assert iptables.is_enabled


def test_iptables_default_rules(host):
    defaults = [
        '-P INPUT ACCEPT',
        '-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
        '-A INPUT -i lo -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
        '-A INPUT -p icmp -m icmp --icmp-type 8 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
        '-A INPUT -p tcp -m tcp --dport 22 -m comment --comment "ansible[iptables_default_head]" -j ACCEPT',
        '-A INPUT -m comment --comment "ansible[iptables_default_tail]" -j REJECT --reject-with icmp-port-unreachable'
    ]

    rules = host.iptables.rules("filter", "INPUT")
    assert defaults == rules