From f5d1c5721436ce31ac7076cf75b346c6ea414d97 Mon Sep 17 00:00:00 2001
From: Paul Smith <paul.j.smith@ucl.ac.uk>
Date: Fri, 5 Jan 2024 17:00:09 +0000
Subject: [PATCH] Add molecule setup for firewalld role that uses base config

---
 roles/firewalld/molecule/centos7/molecule.yml | 27 +++++++++++++++++++
 .../firewalld/molecule/resources/converge.yml |  8 ++++++
 .../resources/inventory/group_vars/all.yml    | 17 ++++++++++++
 roles/firewalld/molecule/rocky9/molecule.yml  |  3 +++
 4 files changed, 55 insertions(+)
 create mode 100644 roles/firewalld/molecule/centos7/molecule.yml
 create mode 100644 roles/firewalld/molecule/resources/converge.yml
 create mode 100644 roles/firewalld/molecule/resources/inventory/group_vars/all.yml
 create mode 100644 roles/firewalld/molecule/rocky9/molecule.yml

diff --git a/roles/firewalld/molecule/centos7/molecule.yml b/roles/firewalld/molecule/centos7/molecule.yml
new file mode 100644
index 00000000..07243afe
--- /dev/null
+++ b/roles/firewalld/molecule/centos7/molecule.yml
@@ -0,0 +1,27 @@
+---
+# test this scenario from the roles/provision directory with the command
+# molecule --base-config ../../tests/centos7_base_config.yml test -s centos7
+platforms:
+  - name: instance_one
+    hostname: molecule.instance.local
+    image: ${MOLECULE_DOCKER_IMAGE:-geerlingguy/docker-centos7-ansible:latest}
+    required: true
+    command: ""
+    cgroupns_mode: host
+    privileged: true
+    pre_build_image: ${MOLECULE_PRE_BUILD_IMAGE:-true}
+    volumes:
+      - ./molecule-data:/storage/molecule
+    keep_volumes: false
+    groups:
+      - all
+      - molecule
+      - centos7
+    docker_networks:
+      - name: molecule
+        ipam_config:
+          - subnet: 192.168.56.0/24
+            gateway: 192.168.56.1
+    networks:
+      - name: molecule
+        ipv4_address: 192.168.56.2
diff --git a/roles/firewalld/molecule/resources/converge.yml b/roles/firewalld/molecule/resources/converge.yml
new file mode 100644
index 00000000..806d5414
--- /dev/null
+++ b/roles/firewalld/molecule/resources/converge.yml
@@ -0,0 +1,8 @@
+---
+- name: Provision infrastructure
+  hosts: all
+  become: true
+  gather_facts: true
+  roles:
+    - role: mirsg.infrastructure.provision
+      tags: provision
diff --git a/roles/firewalld/molecule/resources/inventory/group_vars/all.yml b/roles/firewalld/molecule/resources/inventory/group_vars/all.yml
new file mode 100644
index 00000000..dd7bf1eb
--- /dev/null
+++ b/roles/firewalld/molecule/resources/inventory/group_vars/all.yml
@@ -0,0 +1,17 @@
+---
+# mirsg.infrastructure.firewalld
+firewalld_allow_public_access: true
+firewalld_internal_zone_open_services:
+  - http
+  - https
+  - ssh
+firewalld_public_zone_open_services:
+  - http
+  - https
+firewalld_work_zone_open_services:
+  - http
+  - https
+firewalld_public_zone_ports:
+  - "8080"
+firewalld_internal_zone_ports:
+  - "5432"
diff --git a/roles/firewalld/molecule/rocky9/molecule.yml b/roles/firewalld/molecule/rocky9/molecule.yml
new file mode 100644
index 00000000..eb389be7
--- /dev/null
+++ b/roles/firewalld/molecule/rocky9/molecule.yml
@@ -0,0 +1,3 @@
+---
+# test this scenario from the roles/provision directory with the command
+# molecule --base-config ../../tests/rocky9_base_config.yml test -s rocky9