/spec/classes/router_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / router_spec.rb @ 0c9bc308

Historique | Voir | Annoter | Télécharger (5,59 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	d78c1613	tr	require 'spec_helper'
4
5			describe 'nftables' do
6			let(:pre_condition) { 'Exec{path => "/bin"}' }
7
8			on_supported_os.each do \|os, os_facts\|
9			context "on #{os}" do
10			let(:facts) { os_facts }
11
12	8f5d09ec	tr	context 'as router' do
13			let(:pre_condition) do
14	01d8a819	tr	'
15	351a88fb	tr	# inet-filter-chain-default_fwd
16	d78c1613	tr	nftables::rule{
17	01d8a819	tr	\'default_fwd-out\':
18			order => \'20\',
19			content => \'iifname eth1 oifname eth0 accept\';
20			\'default_fwd-drop\':
21			order => \'90\',
22			content => \'iifname eth0 drop\';
23	2a3b45ec	tr	}
24	af544fea	tr
25	2a3b45ec	tr	nftables::rules::masquerade{
26	01d8a819	tr	\'masquerade\':
27			order => \'20\',
28			oif => \'eth0\';
29	d78c1613	tr	}
30	01d8a819	tr	'
31	8f5d09ec	tr	end
32	d78c1613	tr
33			it { is_expected.to compile }
34
35	01d8a819	tr	it {
36	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-inet-filter-chain-default_fwd').with(
37			path: '/etc/nftables/puppet-preflight/inet-filter-chain-default_fwd.nft',
38			owner: 'root',
39			group: 'root',
40			mode: '0640',
41	fa92e118	Romain Tartière	ensure_newline: true
42	01d8a819	tr	)
43			}
44	c82b960a	Steve Traylen
45	01d8a819	tr	it {
46	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-header').with(
47			target: 'nftables-inet-filter-chain-default_fwd',
48	01d8a819	tr	content: %r{^chain default_fwd \{$},
49	c82b960a	Steve Traylen	order: '00'
50	01d8a819	tr	)
51			}
52	c82b960a	Steve Traylen
53	01d8a819	tr	it {
54	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-out').with(
55			target: 'nftables-inet-filter-chain-default_fwd',
56	01d8a819	tr	content: %r{^ iifname eth1 oifname eth0 accept$},
57	c82b960a	Steve Traylen	order: '20-nftables-inet-filter-chain-default_fwd-rule-out-b'
58	01d8a819	tr	)
59			}
60	c82b960a	Steve Traylen
61	01d8a819	tr	it {
62	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-drop').with(
63			target: 'nftables-inet-filter-chain-default_fwd',
64	01d8a819	tr	content: %r{^ iifname eth0 drop$},
65	c82b960a	Steve Traylen	order: '90-nftables-inet-filter-chain-default_fwd-rule-drop-b'
66	01d8a819	tr	)
67			}
68	c82b960a	Steve Traylen
69	01d8a819	tr	it {
70	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-footer').with(
71			target: 'nftables-inet-filter-chain-default_fwd',
72	01d8a819	tr	content: %r{^\}$},
73	c82b960a	Steve Traylen	order: '99'
74	01d8a819	tr	)
75			}
76	d78c1613	tr
77	01d8a819	tr	it {
78	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip-nat-chain-PREROUTING').with(
79			path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft',
80			owner: 'root',
81			group: 'root',
82			mode: '0640',
83	fa92e118	Romain Tartière	ensure_newline: true
84	01d8a819	tr	)
85			}
86	c82b960a	Steve Traylen
87	01d8a819	tr	it {
88	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-header').with(
89			target: 'nftables-ip-nat-chain-PREROUTING',
90	01d8a819	tr	content: %r{^chain PREROUTING \{$},
91	c82b960a	Steve Traylen	order: '00'
92	01d8a819	tr	)
93			}
94	c82b960a	Steve Traylen
95	01d8a819	tr	it {
96	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-type').with(
97			target: 'nftables-ip-nat-chain-PREROUTING',
98	01d8a819	tr	content: %r{^ type nat hook prerouting priority -100$},
99	c82b960a	Steve Traylen	order: '01-nftables-ip-nat-chain-PREROUTING-rule-type-b'
100	01d8a819	tr	)
101			}
102	c82b960a	Steve Traylen
103	01d8a819	tr	it {
104	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-policy').with(
105			target: 'nftables-ip-nat-chain-PREROUTING',
106	01d8a819	tr	content: %r{^ policy accept$},
107	c82b960a	Steve Traylen	order: '02-nftables-ip-nat-chain-PREROUTING-rule-policy-b'
108	01d8a819	tr	)
109			}
110	c82b960a	Steve Traylen
111	01d8a819	tr	it {
112	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-footer').with(
113			target: 'nftables-ip-nat-chain-PREROUTING',
114	01d8a819	tr	content: %r{^\}$},
115	c82b960a	Steve Traylen	order: '99'
116	01d8a819	tr	)
117			}
118	95b1259b	tr
119	01d8a819	tr	it {
120	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
121			path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft',
122			owner: 'root',
123			group: 'root',
124			mode: '0640',
125	fa92e118	Romain Tartière	ensure_newline: true
126	01d8a819	tr	)
127			}
128	c82b960a	Steve Traylen
129	01d8a819	tr	it {
130	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-header').with(
131			target: 'nftables-ip-nat-chain-POSTROUTING',
132	01d8a819	tr	content: %r{^chain POSTROUTING \{$},
133	c82b960a	Steve Traylen	order: '00'
134	01d8a819	tr	)
135			}
136	c82b960a	Steve Traylen
137	01d8a819	tr	it {
138	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
139			target: 'nftables-ip-nat-chain-POSTROUTING',
140	01d8a819	tr	content: %r{^ type nat hook postrouting priority 100$},
141	c82b960a	Steve Traylen	order: '01-nftables-ip-nat-chain-POSTROUTING-rule-type-b'
142	01d8a819	tr	)
143			}
144	c82b960a	Steve Traylen
145	01d8a819	tr	it {
146	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
147			target: 'nftables-ip-nat-chain-POSTROUTING',
148	01d8a819	tr	content: %r{^ policy accept$},
149	c82b960a	Steve Traylen	order: '02-nftables-ip-nat-chain-POSTROUTING-rule-policy-b'
150	01d8a819	tr	)
151			}
152	c82b960a	Steve Traylen
153	01d8a819	tr	it {
154	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade').with(
155			target: 'nftables-ip-nat-chain-POSTROUTING',
156	01d8a819	tr	content: %r{^ oifname eth0 masquerade$},
157	c82b960a	Steve Traylen	order: '20-nftables-ip-nat-chain-POSTROUTING-rule-masquerade-b'
158	01d8a819	tr	)
159			}
160	c82b960a	Steve Traylen
161	01d8a819	tr	it {
162	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-footer').with(
163			target: 'nftables-ip-nat-chain-POSTROUTING',
164	01d8a819	tr	content: %r{^\}$},
165	c82b960a	Steve Traylen	order: '99'
166	01d8a819	tr	)
167			}
168	d78c1613	tr	end
169			end
170			end
171			end

Projet

Général

Profil

puppet nftables

root / spec / classes / router_spec.rb @ 0c9bc308