Molecule tests for firewall role

Issue-ID: OOM-1757

Change-Id: I48639bd0fb67383a58f736aa1c12c38e3ddc9ab0
Signed-off-by: Samuli Silvius <s.silvius@partner.samsung.com>
diff --git a/ansible/roles/firewall/.yamllint b/ansible/roles/firewall/.yamllint
new file mode 100644
index 0000000..ad0be76
--- /dev/null
+++ b/ansible/roles/firewall/.yamllint
@@ -0,0 +1,11 @@
+extends: default
+
+rules:
+  braces:
+    max-spaces-inside: 1
+    level: error
+  brackets:
+    max-spaces-inside: 1
+    level: error
+  line-length: disable
+  truthy: disable
diff --git a/ansible/roles/firewall/molecule/default/Dockerfile.j2 b/ansible/roles/firewall/molecule/default/Dockerfile.j2
new file mode 100644
index 0000000..e6aa95d
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/Dockerfile.j2
@@ -0,0 +1,14 @@
+# Molecule managed
+
+{% if item.registry is defined %}
+FROM {{ item.registry.url }}/{{ item.image }}
+{% else %}
+FROM {{ item.image }}
+{% endif %}
+
+RUN if [ $(command -v apt-get) ]; then apt-get update && apt-get install -y python sudo bash ca-certificates && apt-get clean; \
+    elif [ $(command -v dnf) ]; then dnf makecache && dnf --assumeyes install python sudo python-devel python*-dnf bash && dnf clean all; \
+    elif [ $(command -v yum) ]; then yum makecache fast && yum install -y python sudo yum-plugin-ovl bash && sed -i 's/plugins=0/plugins=1/g' /etc/yum.conf && yum clean all; \
+    elif [ $(command -v zypper) ]; then zypper refresh && zypper install -y python sudo bash python-xml && zypper clean -a; \
+    elif [ $(command -v apk) ]; then apk update && apk add --no-cache python sudo bash ca-certificates; \
+    elif [ $(command -v xbps-install) ]; then xbps-install -Syu && xbps-install -y python sudo bash ca-certificates && xbps-remove -O; fi
diff --git a/ansible/roles/firewall/molecule/default/molecule.yml b/ansible/roles/firewall/molecule/default/molecule.yml
new file mode 100644
index 0000000..81ace9c
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/molecule.yml
@@ -0,0 +1,33 @@
+---
+dependency:
+  name: galaxy
+driver:
+  name: docker
+lint:
+  name: yamllint
+platforms:
+  - name: centos7
+    image: couchbase/centos7-systemd
+    privileged: true
+    command: ""
+    volumes:
+      - /sys/fs/cgroup:/sys/fs/cgroup:ro
+
+  - name: ubuntu18
+    image: solita/ubuntu-systemd:18.04
+    command: /sbin/init
+    privileged: true
+    volumes:
+      - /lib/modules:/lib/modules:ro
+provisioner:
+  name: ansible
+  env:
+    ANSIBLE_ROLES_PATH: ../../../../test/roles
+  lint:
+    name: ansible-lint
+verifier:
+  name: testinfra
+  options:
+    verbose: true
+  lint:
+    name: flake8
diff --git a/ansible/roles/firewall/molecule/default/playbook.yml b/ansible/roles/firewall/molecule/default/playbook.yml
new file mode 100644
index 0000000..73b20ea
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/playbook.yml
@@ -0,0 +1,5 @@
+---
+- name: Converge
+  hosts: all
+  roles:
+    - role: firewall
diff --git a/ansible/roles/firewall/molecule/default/prepare.yml b/ansible/roles/firewall/molecule/default/prepare.yml
new file mode 100644
index 0000000..5e0e9a3
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/prepare.yml
@@ -0,0 +1,5 @@
+---
+- name: Prepare
+  hosts: all
+  roles:
+    - prepare-firewall
diff --git a/ansible/roles/firewall/molecule/default/tests/test_default.py b/ansible/roles/firewall/molecule/default/tests/test_default.py
new file mode 100644
index 0000000..a346cb5
--- /dev/null
+++ b/ansible/roles/firewall/molecule/default/tests/test_default.py
@@ -0,0 +1,18 @@
+import os
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('all')
+
+
+def test_firewall_service_disabled(host):
+    distribution = host.system_info.distribution
+    if distribution == "centos":
+        svc = "firewalld"
+    elif distribution == "ubuntu":
+        svc = "ufw"
+    service = host.service(svc)
+
+    assert not service.is_running
+    assert not service.is_enabled
diff --git a/ansible/test/roles/prepare-firewall/defaults/main.yml b/ansible/test/roles/prepare-firewall/defaults/main.yml
new file mode 100644
index 0000000..b450099
--- /dev/null
+++ b/ansible/test/roles/prepare-firewall/defaults/main.yml
@@ -0,0 +1,5 @@
+---
+firewall:
+  package_name:
+    RedHat: 'firewalld'
+    Debian: 'ufw'
diff --git a/ansible/test/roles/prepare-firewall/tasks/main.yml b/ansible/test/roles/prepare-firewall/tasks/main.yml
new file mode 100644
index 0000000..a997d14
--- /dev/null
+++ b/ansible/test/roles/prepare-firewall/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Install firewall
+  package:
+    name: "{{ firewall.package_name[ansible_facts.os_family] }}"
+    state: present
+
+- name: Start and enable firewall
+  service:
+    name: "{{ firewall.package_name[ansible_facts.os_family] }}"
+    state: started
+    enabled: true