/spec/classes/snat4_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / snat4_spec.rb @ 08b9f1d0

Historique | Voir | Annoter | Télécharger (4,05 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	3d29a6eb	tr	require 'spec_helper'
4
5			describe 'nftables' do
6			let(:pre_condition) { 'Exec{path => "/bin"}' }
7
8			on_supported_os.each do \|os, os_facts\|
9			context "on #{os}" do
10			let(:facts) { os_facts }
11
12	0b7bcb5d	mh	nft_mode = case os_facts[:os]['family']
13			when 'RedHat'
14			'0600'
15			else
16			'0640'
17			end
18
19	3d29a6eb	tr	context 'with snat4' do
20			let(:pre_condition) do
21	01d8a819	tr	'
22	3d29a6eb	tr	nftables::rules::snat4{
23	01d8a819	tr	\'static\':
24			order => \'60\',
25			snat => \'198.51.100.1\',
26			oif => \'eth0\';
27			\'1_1\':
28			order => \'61\',
29			saddr => \'192.0.2.2\',
30			snat => \'198.51.100.3\',
31			oif => \'eth0\';
32			\'1_1_smtp\':
33			saddr => \'192.0.2.2\',
34			snat => \'198.51.100.2\',
35			dport => \'25\';
36			\'1_1_wireguard\':
37			saddr => \'192.0.2.2\',
38			snat => \'198.51.100.2\',
39			proto => \'udp\',
40			dport => \'51820\';
41	3d29a6eb	tr	}
42	01d8a819	tr	'
43	3d29a6eb	tr	end
44
45			it { is_expected.to compile }
46
47	01d8a819	tr	it {
48	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
49			path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft',
50			owner: 'root',
51			group: 'root',
52	0b7bcb5d	mh	mode: nft_mode,
53	fa92e118	Romain Tartière	ensure_newline: true
54	01d8a819	tr	)
55			}
56	c82b960a	Steve Traylen
57	01d8a819	tr	it {
58	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-header').with(
59			target: 'nftables-ip-nat-chain-POSTROUTING',
60	01d8a819	tr	content: %r{^chain POSTROUTING \{$},
61	c82b960a	Steve Traylen	order: '00'
62	01d8a819	tr	)
63			}
64	c82b960a	Steve Traylen
65	01d8a819	tr	it {
66	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
67			target: 'nftables-ip-nat-chain-POSTROUTING',
68	01d8a819	tr	content: %r{^ type nat hook postrouting priority 100$},
69	c82b960a	Steve Traylen	order: '01-nftables-ip-nat-chain-POSTROUTING-rule-type-b'
70	01d8a819	tr	)
71			}
72	c82b960a	Steve Traylen
73	01d8a819	tr	it {
74	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
75			target: 'nftables-ip-nat-chain-POSTROUTING',
76	01d8a819	tr	content: %r{^ policy accept$},
77	c82b960a	Steve Traylen	order: '02-nftables-ip-nat-chain-POSTROUTING-rule-policy-b'
78	01d8a819	tr	)
79			}
80	c82b960a	Steve Traylen
81	01d8a819	tr	it {
82	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-static').with(
83			target: 'nftables-ip-nat-chain-POSTROUTING',
84	01d8a819	tr	content: %r{^ oifname eth0 snat 198\.51\.100\.1$},
85	c82b960a	Steve Traylen	order: '60-nftables-ip-nat-chain-POSTROUTING-rule-static-b'
86	01d8a819	tr	)
87			}
88	c82b960a	Steve Traylen
89	01d8a819	tr	it {
90	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-1_1').with(
91			target: 'nftables-ip-nat-chain-POSTROUTING',
92	01d8a819	tr	content: %r{^ oifname eth0 ip saddr 192\.0\.2\.2 snat 198\.51\.100\.3$},
93	c82b960a	Steve Traylen	order: '61-nftables-ip-nat-chain-POSTROUTING-rule-1_1-b'
94	01d8a819	tr	)
95			}
96	c82b960a	Steve Traylen
97	01d8a819	tr	it {
98	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-1_1_smtp').with(
99			target: 'nftables-ip-nat-chain-POSTROUTING',
100	01d8a819	tr	content: %r{^ ip saddr 192\.0\.2\.2 tcp dport 25 snat 198\.51\.100\.2$},
101	c82b960a	Steve Traylen	order: '70-nftables-ip-nat-chain-POSTROUTING-rule-1_1_smtp-b'
102	01d8a819	tr	)
103			}
104	c82b960a	Steve Traylen
105	01d8a819	tr	it {
106	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-1_1_wireguard').with(
107			target: 'nftables-ip-nat-chain-POSTROUTING',
108	01d8a819	tr	content: %r{^ ip saddr 192\.0\.2\.2 udp dport 51820 snat 198\.51\.100\.2$},
109	c82b960a	Steve Traylen	order: '70-nftables-ip-nat-chain-POSTROUTING-rule-1_1_wireguard-b'
110	01d8a819	tr	)
111			}
112	c82b960a	Steve Traylen
113	01d8a819	tr	it {
114	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-footer').with(
115			target: 'nftables-ip-nat-chain-POSTROUTING',
116	01d8a819	tr	content: %r{^\}$},
117	c82b960a	Steve Traylen	order: '99'
118	01d8a819	tr	)
119			}
120	3d29a6eb	tr	end
121			end
122			end
123			end

Projet

Général

Profil

puppet nftables

root / spec / classes / snat4_spec.rb @ 08b9f1d0