Add some actual verification tasks

2021-08-08 19:09:08 +01:00 · 2021-08-08 19:09:08 +01:00 · a5aa2c6e4a
parent a6f7fde29a
commit a5aa2c6e4a
1 changed files with 28 additions and 2 deletions
--- a/molecule/default/verify.yml
+++ b/molecule/default/verify.yml
@ -5,6 +5,32 @@
  hosts: all
  gather_facts: false
  tasks:
-  - name: Example assertion
+  
+  - name: list rules
+    command: nft list ruleset
+    register: nft
+
+  - name: check rules
    assert:
-      that: true
+      that:
+        - '"type filter hook input priority 0; policy drop;" in nft.stdout'
+        - '"type filter hook output priority 0; policy drop;" in nft.stdout'
+
+  - name: service status - active
+    command: systemctl is-active nftables.service
+    register: status
+
+  - name: check service status
+    assert:
+      that:
+        - 'status.stdout == "active"'
+
+  - name: service status - enabled
+    command: systemctl is-enabled nftables.service
+    register: status
+
+  - name: check service status
+    assert:
+      that:
+        - 'status.stdout == "enabled"'
+