From 7eda7d80c21d993c1e7b2657a77ec23f4e059975 Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Fri, 28 Dec 2018 18:12:45 +0100
Subject: [PATCH 1/2] Add basic integration tests for ufw.

---
 test/integration/targets/ufw/aliases          |   7 +
 test/integration/targets/ufw/tasks/main.yml   |  23 +++
 .../targets/ufw/tasks/run-test.yml            |   3 +
 .../targets/ufw/tasks/tests/basic.yml         | 189 ++++++++++++++++++
 4 files changed, 222 insertions(+)
 create mode 100644 test/integration/targets/ufw/aliases
 create mode 100644 test/integration/targets/ufw/tasks/main.yml
 create mode 100644 test/integration/targets/ufw/tasks/run-test.yml
 create mode 100644 test/integration/targets/ufw/tasks/tests/basic.yml

diff --git a/test/integration/targets/ufw/aliases b/test/integration/targets/ufw/aliases
new file mode 100644
index 00000000000000..94a2f6394a3505
--- /dev/null
+++ b/test/integration/targets/ufw/aliases
@@ -0,0 +1,7 @@
+shippable/posix/group2
+skip/osx
+skip/freebsd
+skip/rhel8.0
+needs/root
+needs/privileged
+destructive
diff --git a/test/integration/targets/ufw/tasks/main.yml b/test/integration/targets/ufw/tasks/main.yml
new file mode 100644
index 00000000000000..357e3a70e5f5b7
--- /dev/null
+++ b/test/integration/targets/ufw/tasks/main.yml
@@ -0,0 +1,23 @@
+---
+# Make sure ufw is installed
+- name: Install EPEL repository (RHEL only)
+  yum:
+    name: https://dl.fedoraproject.org/pub/epel/epel-release-latest-{{ ansible_distribution_major_version }}.noarch.rpm
+    state: present
+  when: ansible_distribution == 'RedHat'
+- name: Install iptables (SuSE only)
+  package:
+    name: iptables
+  when: ansible_os_family == 'Suse'
+- name: Install ufw
+  package:
+    name: ufw
+# Make sure ufw is not enabled
+- name: Disable ufw in case it is running
+  ufw:
+    state: disabled
+# Run the tests
+- block:
+  - include_tasks: run-test.yml
+    with_fileglob:
+    - "tests/*.yml"
diff --git a/test/integration/targets/ufw/tasks/run-test.yml b/test/integration/targets/ufw/tasks/run-test.yml
new file mode 100644
index 00000000000000..a2999370142ff5
--- /dev/null
+++ b/test/integration/targets/ufw/tasks/run-test.yml
@@ -0,0 +1,3 @@
+---
+- name: "Loading tasks from {{ item }}"
+  include_tasks: "{{ item }}"
diff --git a/test/integration/targets/ufw/tasks/tests/basic.yml b/test/integration/targets/ufw/tasks/tests/basic.yml
new file mode 100644
index 00000000000000..91b99889ce848d
--- /dev/null
+++ b/test/integration/targets/ufw/tasks/tests/basic.yml
@@ -0,0 +1,189 @@
+---
+# ############################################
+- name: Enable
+  ufw:
+    state: enabled
+  register: enable
+- name: Enable (idempotency)
+  ufw:
+    state: enabled
+  register: enable_idem
+- assert:
+    that:
+    - enable is changed
+    - enable_idem is not changed
+
+# ############################################
+- name: ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  register: ipv4_allow
+- name: ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  become: yes
+  register: ipv4_allow_idem
+- assert:
+    that:
+    - ipv4_allow is changed
+    - ipv4_allow_idem is not changed
+
+# ############################################
+- name: delete ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  register: delete_ipv4_allow
+- name: delete ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  become: yes
+  register: delete_ipv4_allow_idem
+- assert:
+    that:
+    - delete_ipv4_allow is changed
+    - delete_ipv4_allow_idem is not changed
+
+# ############################################
+- name: ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  register: ipv6_allow
+- name: ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  become: yes
+  register: ipv6_allow_idem
+- assert:
+    that:
+    - ipv6_allow is changed
+    - ipv6_allow_idem is not changed
+
+# ############################################
+- name: delete ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  register: delete_ipv6_allow
+- name: delete ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  become: yes
+  register: delete_ipv6_allow_idem
+- assert:
+    that:
+    - delete_ipv6_allow is changed
+    - delete_ipv6_allow_idem is not changed
+
+
+# ############################################
+- name: ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  register: ipv4_allow
+- name: ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+  become: yes
+  register: ipv4_allow_idem
+- assert:
+    that:
+    - ipv4_allow is changed
+    - ipv4_allow_idem is not changed
+
+# ############################################
+- name: delete ipv4 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  register: delete_ipv4_allow
+- name: delete ipv4 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: 0.0.0.0
+    delete: yes
+  become: yes
+  register: delete_ipv4_allow_idem
+- assert:
+    that:
+    - delete_ipv4_allow is changed
+    - delete_ipv4_allow_idem is not changed
+
+# ############################################
+- name: ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  register: ipv6_allow
+- name: ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+  become: yes
+  register: ipv6_allow_idem
+- assert:
+    that:
+    - ipv6_allow is changed
+    - ipv6_allow_idem is not changed
+
+# ############################################
+- name: delete ipv6 allow
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  register: delete_ipv6_allow
+- name: delete ipv6 allow (idempotency)
+  ufw:
+    rule: allow
+    port: 23
+    to_ip: "::"
+    delete: yes
+  become: yes
+  register: delete_ipv6_allow_idem
+- assert:
+    that:
+    - delete_ipv6_allow is changed
+    - delete_ipv6_allow_idem is not changed
+
+# ############################################
+- name: Disable
+  ufw:
+    state: disabled
+  register: disable
+- name: Disable (idempotency)
+  ufw:
+    state: disabled
+  register: disable_idem
+- assert:
+    that:
+    - disable is changed
+    - disable_idem is not changed

From 05d99b7fd15ea160776528d9e6134f5fd7e0e40b Mon Sep 17 00:00:00 2001
From: Felix Fontein <felix@fontein.de>
Date: Fri, 28 Dec 2018 21:21:08 +0100
Subject: [PATCH 2/2] Being more honest.

---
 test/integration/targets/ufw/aliases | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/integration/targets/ufw/aliases b/test/integration/targets/ufw/aliases
index 94a2f6394a3505..03c559ec519143 100644
--- a/test/integration/targets/ufw/aliases
+++ b/test/integration/targets/ufw/aliases
@@ -2,6 +2,6 @@ shippable/posix/group2
 skip/osx
 skip/freebsd
 skip/rhel8.0
+skip/docker
 needs/root
-needs/privileged
 destructive