Skip to content

Latest commit

 

History

History

tests

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
README.md
README.md
 
 
_tmpl.yml
_tmpl.yml
 
 
alias.yml
alias.yml
 
 
alias_multi.yml
alias_multi.yml
 
 
alias_purge.yml
alias_purge.yml
 
 
bind_acl.yml
bind_acl.yml
 
 
bind_blocklist.yml
bind_blocklist.yml
 
 
bind_domain.yml
bind_domain.yml
 
 
bind_general.yml
bind_general.yml
 
 
bind_record.yml
bind_record.yml
 
 
bind_record_multi.yml
bind_record_multi.yml
 
 
cleanup.yml
cleanup.yml
 
 
cron.yml
cron.yml
 
 
dhcp_controlagent.yml
dhcp_controlagent.yml
 
 
dhcp_reservation.yml
dhcp_reservation.yml
 
 
dhcrelay_destination.yml
dhcrelay_destination.yml
 
 
dhcrelay_relay.yml
dhcrelay_relay.yml
 
 
frr_bfd_general.yml
frr_bfd_general.yml
 
 
frr_bfd_neighbor.yml
frr_bfd_neighbor.yml
 
 
frr_bgp_as_path.yml
frr_bgp_as_path.yml
 
 
frr_bgp_community_list.yml
frr_bgp_community_list.yml
 
 
frr_bgp_general.yml
frr_bgp_general.yml
 
 
frr_bgp_neighbor.yml
frr_bgp_neighbor.yml
 
 
frr_bgp_prefix_list.yml
frr_bgp_prefix_list.yml
 
 
frr_bgp_route_map.yml
frr_bgp_route_map.yml
 
 
frr_diagnostic.yml
frr_diagnostic.yml
 
 
frr_general.yml
frr_general.yml
 
 
frr_ospf3_general.yml
frr_ospf3_general.yml
 
 
frr_ospf3_interface.yml
frr_ospf3_interface.yml
 
 
frr_ospf_general.yml
frr_ospf_general.yml
 
 
frr_ospf_interface.yml
frr_ospf_interface.yml
 
 
frr_ospf_network.yml
frr_ospf_network.yml
 
 
frr_ospf_prefix_list.yml
frr_ospf_prefix_list.yml
 
 
frr_ospf_route_map.yml
frr_ospf_route_map.yml
 
 
frr_rip.yml
frr_rip.yml
 
 
gateway.yml
gateway.yml
 
 
ids_action.yml
ids_action.yml
 
 
ids_general.yml
ids_general.yml
 
 
ids_policy.yml
ids_policy.yml
 
 
ids_policy_rule.yml
ids_policy_rule.yml
 
 
ids_rule.yml
ids_rule.yml
 
 
ids_ruleset.yml
ids_ruleset.yml
 
 
ids_user_rule.yml
ids_user_rule.yml
 
 
interface_lagg.yml
interface_lagg.yml
 
 
interface_loopback.yml
interface_loopback.yml
 
 
interface_vip.yml
interface_vip.yml
 
 
interface_vlan.yml
interface_vlan.yml
 
 
interface_vxlan.yml
interface_vxlan.yml
 
 
ipsec_auth_local.yml
ipsec_auth_local.yml
 
 
ipsec_auth_remote.yml
ipsec_auth_remote.yml
 
 
ipsec_cert.yml
ipsec_cert.yml
 
 
ipsec_child.yml
ipsec_child.yml
 
 
ipsec_connection.yml
ipsec_connection.yml
 
 
ipsec_pool.yml
ipsec_pool.yml
 
 
ipsec_psk.yml
ipsec_psk.yml
 
 
ipsec_vti.yml
ipsec_vti.yml
 
 
list.yml
list.yml
 
 
monit_alert.yml
monit_alert.yml
 
 
monit_service.yml
monit_service.yml
 
 
monit_test.yml
monit_test.yml
 
 
nginx_general.yml
nginx_general.yml
 
 
nginx_upstream_server.yml
nginx_upstream_server.yml
 
 
openvpn_client.yml
openvpn_client.yml
 
 
openvpn_client_override.yml
openvpn_client_override.yml
 
 
openvpn_server.yml
openvpn_server.yml
 
 
openvpn_static_key.yml
openvpn_static_key.yml
 
 
openvpn_status.yml
openvpn_status.yml
 
 
package.yml
package.yml
 
 
reload.yml
reload.yml
 
 
route.yml
route.yml
 
 
rule.yml
rule.yml
 
 
rule_interface_group.yml
rule_interface_group.yml
 
 
rule_multi.yml
rule_multi.yml
 
 
rule_purge.yml
rule_purge.yml
 
 
savepoint.yml
savepoint.yml
 
 
service.yml
service.yml
 
 
shaper_pipe.yml
shaper_pipe.yml
 
 
shaper_queue.yml
shaper_queue.yml
 
 
shaper_rule.yml
shaper_rule.yml
 
 
source_nat.yml
source_nat.yml
 
 
syslog.yml
syslog.yml
 
 
system.yml
system.yml
 
 
unbound_acl.yml
unbound_acl.yml
 
 
unbound_dnsbl.yml
unbound_dnsbl.yml
 
 
unbound_dot.yml
unbound_dot.yml
 
 
unbound_forward.yml
unbound_forward.yml
 
 
unbound_general.yml
unbound_general.yml
 
 
unbound_host.yml
unbound_host.yml
 
 
unbound_host_alias.yml
unbound_host_alias.yml
 
 
webproxy_acl.yml
webproxy_acl.yml
 
 
webproxy_auth.yml
webproxy_auth.yml
 
 
webproxy_cache.yml
webproxy_cache.yml
 
 
webproxy_forward.yml
webproxy_forward.yml
 
 
webproxy_general.yml
webproxy_general.yml
 
 
webproxy_icap.yml
webproxy_icap.yml
 
 
webproxy_pac_match.yml
webproxy_pac_match.yml
 
 
webproxy_pac_proxy.yml
webproxy_pac_proxy.yml
 
 
webproxy_pac_rule.yml
webproxy_pac_rule.yml
 
 
webproxy_parent.yml
webproxy_parent.yml
 
 
webproxy_remote_acl.yml
webproxy_remote_acl.yml
 
 

README.md

Tests

Tester dependencies

python3 -m pip install -r requirements_test.txt

Firewall dependencies

The Firewall used for testing should be a dedicated VM for testing. You can use the official ova image.

THE TESTS WILL OVERRIDE THE EXISTING CONFIG!

Most tests fail if some other config is found.

Packages

Some tests need packages to be pre-installed:

  • webproxy_* - os-squid
  • frr_* - os-frr
  • bind_* - os-bind

Interfaces

Some tests benefit from having a second network-interface available.

You need to add a opt1 dummy-interface named TEST. The assigned IPs do not matter.

Add another interface and leave it unassigned (vtnet2).

Internet access

To perform some tests (system, ids) the test firewall needs to reach some public service:

  • system - pkg.opnsense.org
  • ids - rules.emergingthreats.net

Certificates

These internal certificates need to be created:

  • CA: OpenVPN
  • Client Certificate: OpenVPN Client
  • Server Certificate: OpenVPN Server - SAN DNS:openvpn.intern

Gateways

The gateway tests will not work correctly if the LAN network mismatches.

You can provide your GW IPs via env-vars: TEST_FIREWALL_GW1 and TEST_FIREWALL_GW2

The route module will expect the gateways LAN_GW and TEST-GW to exist.

Rule interface groups

The gateway tests will not work correctly if the LAN interface mismatches.

You can provide your GW lan-if via env-vars: TEST_FIREWALL_RULE_GRP_IF

DHCRelay

The DHCRelay tests will not work correctly if the LAN interface mismatches.

You can provide your lan-if via env-vars: TEST_DHCRELAY_IF

=======

LAGG Interfaces

The LAGG tests will not work correctly if the unassigned interface mismatches.

You can provide your if via env-vars: TEST_FIREWALL_LAGG_IF

And the count of existing LAGGs via TEST_FIREWALL_LAGG_CNT

Run

Single module

bash scripts/test_single.sh
> Arguments:
>   1: firewall
>   2: api key file
>   3: path to local collection - set to '0' to clone from github
>   4: name of test to run
>   5: if check-mode should be ran (optional; 0/1; default=1)
>   6: path to virtual environment (optional)

All modules

bash scripts/test.sh
> Arguments:
>   1: firewall
>   2: api key file
>   3: path to local collection - set to '0' to clone from github
>   4: path to virtual environment (optional)

Automatic tests

The tests are run automatically using the AnsibleGuy infrastructure!

It is based on some bash scripts and systemd timers.

Logs for those functional tests can be found here: Short, Full