/spec/defines/chain_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / defines / chain_spec.rb @ 0b7bcb5d

Historique | Voir | Annoter | Télécharger (4,16 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	30462da1	Steve Traylen	require 'spec_helper'
4
5			describe 'nftables::chain' do
6			let(:title) { 'MYCHAIN' }
7			let(:pre_condition) { 'include nftables' }
8
9			on_supported_os.each do \|os, facts\|
10			context "on #{os}" do
11			let(:facts) do
12			facts
13			end
14
15	0b7bcb5d	mh	nft_mode = case facts[:os]['family']
16			when 'RedHat'
17			'0600'
18			else
19			'0640'
20			end
21
22	30462da1	Steve Traylen	it { is_expected.to compile }
23
24			it { is_expected.to contain_concat('nftables-inet-filter-chain-MYCHAIN').that_notifies('Exec[nft validate]') }
25			it { is_expected.to contain_exec('nft validate').that_comes_before('File[/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft]') }
26			it { is_expected.to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').that_comes_before('Service[nftables]') }
27
28			it {
29	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-inet-filter-chain-MYCHAIN').with(
30	30462da1	Steve Traylen	path: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft',
31			owner: 'root',
32			group: 'root',
33	0b7bcb5d	mh	mode: nft_mode,
34	fa92e118	Romain Tartière	ensure_newline: true
35	30462da1	Steve Traylen	)
36			}
37	c82b960a	Steve Traylen
38	30462da1	Steve Traylen	it {
39	c82b960a	Steve Traylen	expect(subject).to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').with(
40	30462da1	Steve Traylen	ensure: 'file',
41			source: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft',
42	0b7bcb5d	mh	mode: nft_mode,
43	30462da1	Steve Traylen	owner: 'root',
44	fa92e118	Romain Tartière	group: 'root'
45	30462da1	Steve Traylen	)
46			}
47	c82b960a	Steve Traylen
48	30462da1	Steve Traylen	it {
49	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-MYCHAIN-header').with(
50	30462da1	Steve Traylen	order: '00',
51			content: "# Start of fragment order:00 MYCHAIN header\nchain MYCHAIN {",
52	fa92e118	Romain Tartière	target: 'nftables-inet-filter-chain-MYCHAIN'
53	30462da1	Steve Traylen	)
54			}
55	c82b960a	Steve Traylen
56	30462da1	Steve Traylen	it {
57	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-MYCHAIN-footer').with(
58	30462da1	Steve Traylen	order: '99',
59			content: "# Start of fragment order:99 MYCHAIN footer\n}",
60	fa92e118	Romain Tartière	target: 'nftables-inet-filter-chain-MYCHAIN'
61	30462da1	Steve Traylen	)
62			}
63
64			context('with table set to ip6-foo') do
65			let(:params) do
66			{
67			table: 'ip6-foo',
68			}
69			end
70
71			it {
72	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip6-foo-chain-MYCHAIN').with(
73	30462da1	Steve Traylen	path: '/etc/nftables/puppet-preflight/ip6-foo-chain-MYCHAIN.nft',
74			owner: 'root',
75			group: 'root',
76	0b7bcb5d	mh	mode: nft_mode,
77	fa92e118	Romain Tartière	ensure_newline: true
78	30462da1	Steve Traylen	)
79			}
80	c82b960a	Steve Traylen
81	30462da1	Steve Traylen	it {
82	c82b960a	Steve Traylen	expect(subject).to contain_file('/etc/nftables/puppet/ip6-foo-chain-MYCHAIN.nft').with(
83	30462da1	Steve Traylen	ensure: 'file',
84			source: '/etc/nftables/puppet-preflight/ip6-foo-chain-MYCHAIN.nft',
85	0b7bcb5d	mh	mode: nft_mode,
86	30462da1	Steve Traylen	owner: 'root',
87	fa92e118	Romain Tartière	group: 'root'
88	30462da1	Steve Traylen	)
89			}
90	c82b960a	Steve Traylen
91	30462da1	Steve Traylen	it {
92	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip6-foo-chain-MYCHAIN-header').with(
93	30462da1	Steve Traylen	order: '00',
94			content: "# Start of fragment order:00 MYCHAIN header\nchain MYCHAIN {",
95	fa92e118	Romain Tartière	target: 'nftables-ip6-foo-chain-MYCHAIN'
96	30462da1	Steve Traylen	)
97			}
98	c82b960a	Steve Traylen
99	30462da1	Steve Traylen	it {
100	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip6-foo-chain-MYCHAIN-footer').with(
101	30462da1	Steve Traylen	order: '99',
102			content: "# Start of fragment order:99 MYCHAIN footer\n}",
103	fa92e118	Romain Tartière	target: 'nftables-ip6-foo-chain-MYCHAIN'
104	30462da1	Steve Traylen	)
105			}
106			end
107	c82b960a	Steve Traylen
108	30462da1	Steve Traylen	context 'with inject set to 22-foobar' do
109			let(:params) do
110			{
111			inject: '22-foobar',
112			}
113			end
114
115			it { is_expected.to contain_nftables__rule('foobar-jump_MYCHAIN') }
116	c82b960a	Steve Traylen
117	30462da1	Steve Traylen	it {
118	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('foobar-jump_MYCHAIN').with(
119	30462da1	Steve Traylen	order: '22',
120	fa92e118	Romain Tartière	content: 'jump MYCHAIN'
121	30462da1	Steve Traylen	)
122			}
123	c82b960a	Steve Traylen
124	30462da1	Steve Traylen	context 'with inject_oif set to alpha and inject_oif set to beta' do
125			let(:params) do
126			super().merge(inject_iif: 'alpha', inject_oif: 'beta')
127			end
128
129			it {
130	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('foobar-jump_MYCHAIN').with(
131	30462da1	Steve Traylen	order: '22',
132	fa92e118	Romain Tartière	content: 'iifname alpha oifname beta jump MYCHAIN'
133	30462da1	Steve Traylen	)
134			}
135			end
136			end
137			end
138			end
139			end

Projet

Général

Profil

puppet nftables

root / spec / defines / chain_spec.rb @ 0b7bcb5d