Révision 0b1e3353
Added purge_unmanaged_rules new variant of method
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 131 | 131 |
} |
| 132 | 132 |
|
| 133 | 133 |
it {
|
| 134 |
expect(subject).not_to contain_exec('nftables_running_state_check')
|
|
| 135 |
} |
|
| 136 |
|
|
| 137 |
it {
|
|
| 138 |
expect(subject).not_to contain_exec('generate_ntfables_hash')
|
|
| 139 |
} |
|
| 140 |
|
|
| 141 |
it {
|
|
| 142 |
expect(subject).not_to contain_file('/run/puppet-nft-memhash')
|
|
| 143 |
} |
|
| 144 |
|
|
| 145 |
it {
|
|
| 134 | 146 |
expect(subject).to contain_exec('nft validate').with(
|
| 135 | 147 |
refreshonly: true, |
| 136 | 148 |
command: %r{^#{nft_path} -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft.*}
|
| ... | ... | |
| 298 | 310 |
it { is_expected.to have_nftables__set_resource_count(0) }
|
| 299 | 311 |
end |
| 300 | 312 |
|
| 313 |
context 'when purging unmanaged rules' do |
|
| 314 |
let(:params) do |
|
| 315 |
{
|
|
| 316 |
'purge_unmanaged_rules' => true, |
|
| 317 |
'inmem_rules_hash_file' => '/foo/bar', |
|
| 318 |
} |
|
| 319 |
end |
|
| 320 |
|
|
| 321 |
it { is_expected.not_to contain_file('/foo/bar') }
|
|
| 322 |
it {
|
|
| 323 |
is_expected.to contain_exec('nftables_running_state_check').with(
|
|
| 324 |
command: %r{^echo "reloading nftables"$},
|
|
| 325 |
notify: 'Service[nftables]', |
|
| 326 |
unless: %r{^/usr/bin/test -s /var/tmp/nftables_hash -a "\$\(nft -s list ruleset \| sha1sum\)" = "\$\(cat /foo/bar\)"$}
|
|
| 327 |
) |
|
| 328 |
} |
|
| 329 |
it {
|
|
| 330 |
is_expected.to contain_exec('generate_nftables_hash').with(
|
|
| 331 |
command: %r{^nft -s list ruleset \| sha1sum > /foo/bar$},
|
|
| 332 |
subscribe: 'Service[nftables]', |
|
| 333 |
refreshonly: true, |
|
| 334 |
) |
|
| 335 |
} |
|
| 336 |
end |
|
| 337 |
|
|
| 301 | 338 |
%w[ip ip6 inet arp bridge netdev].each do |family| |
| 302 | 339 |
context "with noflush_tables parameter set to valid family #{family}" do
|
| 303 | 340 |
let(:params) do |
Formats disponibles : Unified diff