Role firewall: add molecule tests

parent 510c5372
......@@ -53,3 +53,17 @@ molecule-role-redis:
only:
changes:
- roles/redis/**/*
molecule-role-firewall:
stage: tests
tags:
- docker
variables:
DOCKER_HOST: "tcp://docker:2375"
PY_COLORS: 1
script:
- cd roles/firewall/
- molecule test
only:
changes:
- roles/firewall/**/*
extends: default
rules:
braces:
max-spaces-inside: 1
level: error
brackets:
max-spaces-inside: 1
level: error
line-length: disable
# NOTE(retr0h): Templates no longer fail this lint rule.
# Uncomment if running old Molecule templates.
# truthy: disable
# Molecule managed
{% if item.registry is defined %}
FROM {{ item.registry.url }}/{{ item.image }}
{% else %}
FROM {{ item.image }}
{% endif %}
RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python2-dnf bash && dnf clean all; \
elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
*******
Docker driver installation guide
*******
Requirements
============
* General molecule dependencies (see https://molecule.readthedocs.io/en/latest/installation.html)
* Docker Engine
* docker-py
* docker
Install
=======
$ sudo pip install docker-py
---
dependency:
name: galaxy
driver:
name: docker
lint:
name: yamllint
platforms:
- name: instance
image: geerlingguy/docker-debian9-ansible:latest
command: ${MOLECULE_DOCKER_COMMAND:-""}
volumes:
- /sys/fs/cgroup:/sys/fs/cgroup:ro
privileged: true
pre_build_image: true
provisioner:
name: ansible
lint:
name: ansible-lint
options:
skip-tags: molecule-converge-notest
log: true
scenario:
name: default
---
- name: Converge
hosts: all
roles:
- role: firewall
vars:
fw_allow_http: ['192.0.2.1', '192.0.2.42']
# Molecule managed
---
file:
/etc/hosts:
exists: true
owner: root
group: root
---
# This is an example playbook to execute goss tests.
# Tests need distributed to the appropriate ansible host/groups
# prior to execution by `goss validate`.
- name: Verify
hosts: all
become: true
vars:
goss_version: v0.3.6
goss_arch: amd64
goss_dst: /usr/local/bin/goss
goss_sha256sum: 2f6727375db2ea0f81bee36e2c5be78ab5ab8d5981f632f761b25e4003e190ec
goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}"
goss_test_directory: /tmp
goss_format: documentation
tasks:
- name: Download and install Goss
get_url:
url: "{{ goss_url }}"
dest: "{{ goss_dst }}"
sha256sum: "{{ goss_sha256sum }}"
mode: 0755
register: download_goss
until: download_goss is succeeded
retries: 3
- name: Copy Goss tests to remote
copy:
src: "{{ item }}"
dest: "{{ goss_test_directory }}/{{ item | basename }}"
with_fileglob:
- "{{ lookup('env', 'MOLECULE_VERIFIER_TEST_DIRECTORY') }}/test_*.yml"
- name: Register test files
shell: "ls {{ goss_test_directory }}/test_*.yml"
register: test_files
- name: Execute Goss tests
command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}"
register: test_results
with_items: "{{ test_files.stdout_lines }}"
- name: Display details about the Goss results
debug:
msg: "{{ item.stdout_lines }}"
with_items: "{{ test_results.results }}"
- name: Fail when tests fail
fail:
msg: "Goss failed to validate"
when: item.rc != 0
with_items: "{{ test_results.results }}"
......@@ -23,9 +23,9 @@
ufw:
name: OpenSSH
rule: limit
when: ansible_virtualization_type != 'docker'
tags:
- firewall
- molecule-converge-notest
- name: Set default input policy
ufw:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment