ansible.nftables/molecule/default/verify.yml

---
# This is an example playbook to execute Ansible tests.

- name: Verify
  hosts: all
  gather_facts: false
  tasks:

  - name: list rules
    command: nft list ruleset
    register: nft

  - name: check rules
    assert:
      that:
        - '"type filter hook input priority 0; policy drop;" in nft.stdout'
        - '"type filter hook output priority 0; policy drop;" in nft.stdout'

  - name: service status - active
    command: systemctl is-active nftables.service
    register: status

  - name: check service status
    assert:
      that:
        - 'status.stdout == "active"'

  - name: service status - enabled
    command: systemctl is-enabled nftables.service
    register: status

  - name: check service status
    assert:
      that:
        - 'status.stdout == "enabled"'
Add Molecule test scenario 2021-08-06 11:28:16 +02:00			`---`
			`# This is an example playbook to execute Ansible tests.`

			`- name: Verify`
			`hosts: all`
			`gather_facts: false`
			`tasks:`
Use jrei/systemd-ubuntu 2021-08-08 20:43:58 +02:00
Add some actual verification tasks 2021-08-08 20:09:08 +02:00			`- name: list rules`
			`command: nft list ruleset`
			`register: nft`

			`- name: check rules`
			`assert:`
			`that:`
			`- '"type filter hook input priority 0; policy drop;" in nft.stdout'`
			`- '"type filter hook output priority 0; policy drop;" in nft.stdout'`

			`- name: service status - active`
			`command: systemctl is-active nftables.service`
			`register: status`

			`- name: check service status`
			`assert:`
			`that:`
			`- 'status.stdout == "active"'`

			`- name: service status - enabled`
			`command: systemctl is-enabled nftables.service`
			`register: status`

			`- name: check service status`
Add Molecule test scenario 2021-08-06 11:28:16 +02:00			`assert:`
Add some actual verification tasks 2021-08-08 20:09:08 +02:00			`that:`
			`- 'status.stdout == "enabled"'`