diff --git a/tests/multi-node-firewall-persistence.yaml b/tests/multi-node-firewall-persistence.yaml index cbbd4860..f3828666 100644 --- a/tests/multi-node-firewall-persistence.yaml +++ b/tests/multi-node-firewall-persistence.yaml @@ -41,11 +41,25 @@ failed_when: false register: iptables_rules - - name: Validate ipv4 firewall configuration + - name: Validate ipv4 private firewall configuration assert: that: - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + with_items: "{{ groups['all'] }}" + when: + - hostvars[item]['nodepool']['private_ipv4'] + + - name: Validate ipv4 public firewall configuration + assert: + that: - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + with_items: "{{ groups['all'] }}" + when: + - hostvars[item]['nodepool']['public_ipv4'] + + - name: Validate ipv4 bridge firewall configuration + assert: + that: - "'-A INPUT -s {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -d {{ bridge_address_prefix }}.0/{{ bridge_address_subnet }} -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" diff --git a/tests/multi-node-firewall.yaml b/tests/multi-node-firewall.yaml index 6a19c060..fcb9c0d1 100644 --- a/tests/multi-node-firewall.yaml +++ b/tests/multi-node-firewall.yaml @@ -10,12 +10,21 @@ failed_when: false register: iptables_rules - - name: Validate ipv4 firewall configuration + - name: Validate ipv4 private firewall configuration assert: that: - "'-A INPUT -s {{ hostvars[item]['nodepool']['private_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" + with_items: "{{ groups['all'] }}" + when: + - hostvars[item]['nodepool']['private_ipv4'] + + - name: Validate ipv4 public firewall configuration + assert: + that: - "'-A INPUT -s {{ hostvars[item]['nodepool']['public_ipv4'] }}/32 -j ACCEPT' in iptables_rules.stdout" with_items: "{{ groups['all'] }}" + when: + - hostvars[item]['nodepool']['public_ipv4'] # ipv6_addresses is set by the multi-node-firewall role - when: ipv6_addresses | length > 0 diff --git a/tests/multi-node-known-hosts.yaml b/tests/multi-node-known-hosts.yaml index f965329b..17cde4f8 100644 --- a/tests/multi-node-known-hosts.yaml +++ b/tests/multi-node-known-hosts.yaml @@ -12,8 +12,12 @@ host_addresses: > {% set hosts = [] -%} {% for host, vars in hostvars.items() -%} - {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%} - {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%} + {% if vars['nodepool']['private_ipv4'] != '' -%} + {% set _ = hosts.append(vars['nodepool']['private_ipv4']) -%} + {% endif -%} + {% if vars['nodepool']['public_ipv4'] != '' -%} + {% set _ = hosts.append(vars['nodepool']['public_ipv4']) -%} + {% endif -%} {% if vars['nodepool']['public_ipv6'] != '' -%} {% set _ = hosts.append(vars['nodepool']['public_ipv6']) -%} {% endif -%}