From abf7edf91d27d9885dba76adfada998e24e634cf Mon Sep 17 00:00:00 2001 From: David Moreau-Simard Date: Sun, 17 Sep 2017 11:14:16 -0400 Subject: [PATCH] Add integration tests for multi-node-firewall Change-Id: I60243a3a6016483b56f49e80c6744915194e65c8 --- tests/multi-node-firewall.yaml | 34 ++++++++++++++++++++++++++++++++++ tests/multinode.yaml | 1 + 2 files changed, 35 insertions(+) create mode 100644 tests/multi-node-firewall.yaml diff --git a/tests/multi-node-firewall.yaml b/tests/multi-node-firewall.yaml new file mode 100644 index 00000000..6a19c060 --- /dev/null +++ b/tests/multi-node-firewall.yaml @@ -0,0 +1,34 @@ +- name: Test the multi-node-firewall role + hosts: all + roles: + - multi-node-firewall + post_tasks: + - name: switch and peer nodes should be in the ipv4 firewall + become: yes + command: iptables-save + changed_when: false + failed_when: false + register: iptables_rules + + - name: Validate ipv4 firewall configuration + assert: + that: + - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + with_items: "{{ groups['all'] }}" + + # ipv6_addresses is set by the multi-node-firewall role + - when: ipv6_addresses | length > 0 + block: + - name: switch and peer nodes should be in the ipv6 firewall + become: yes + command: ip6tables-save + changed_when: false + failed_when: false + register: ip6tables_rules + + - name: Validate ipv6 firewall configuration + assert: + that: + - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv6'] }}/128 -j ACCEPT' in ip6tables_rules.stdout" + with_items: "{{ groups['all'] }}" diff --git a/tests/multinode.yaml b/tests/multinode.yaml index 48ead35f..751d390a 100644 --- a/tests/multinode.yaml +++ b/tests/multinode.yaml @@ -4,3 +4,4 @@ # Roles that are part of the 'multinode' job - include: multi-node-known-hosts.yaml - include: multi-node-hosts-file.yaml +- include: multi-node-firewall.yaml