/spec/classes/rules/icmp_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / rules / icmp_spec.rb @ 0f34454b

Historique | Voir | Annoter | Télécharger (2,72 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	79e9a23f	Nacho Barrientos	require 'spec_helper'
4
5			describe 'nftables::rules::icmp' do
6			on_supported_os.each do \|os, os_facts\|
7			context "on #{os}" do
8			let(:facts) { os_facts }
9
10			context 'default options' do
11	8cdd24a5	Tim Meusel	it { is_expected.to compile.with_all_deps }
12	c82b960a	Steve Traylen
13	8cdd24a5	Tim Meusel	it { is_expected.to contain_nftables__rule('default_in-accept_icmp').with_content('meta l4proto { icmp, icmpv6} accept').with_order('10') }
14			it { is_expected.not_to contain_nftables__rule('default_in-accept_icmpv4') }
15			it { is_expected.not_to contain_nftables__rule('default_in-accept_icmpv6') }
16	79e9a23f	Nacho Barrientos	end
17
18			context 'with custom ICMP types (v4 only)' do
19			let(:params) do
20			{
21			v4_types: ['echo-request limit rate 4/second', 'echo-reply'],
22			}
23			end
24
25			it { is_expected.to compile }
26	c82b960a	Steve Traylen
27	79e9a23f	Nacho Barrientos	it {
28	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(
29	79e9a23f	Nacho Barrientos	content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept',
30	fa92e118	Romain Tartière	order: '10'
31	79e9a23f	Nacho Barrientos	)
32			}
33	c82b960a	Steve Traylen
34	79e9a23f	Nacho Barrientos	it {
35	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(
36	79e9a23f	Nacho Barrientos	content: 'ip protocol icmp icmp type echo-reply accept',
37	fa92e118	Romain Tartière	order: '10'
38	79e9a23f	Nacho Barrientos	)
39			}
40	c82b960a	Steve Traylen
41	79e9a23f	Nacho Barrientos	it {
42	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv6').with(
43	8cdd24a5	Tim Meusel	content: 'meta l4proto icmpv6 accept',
44	fa92e118	Romain Tartière	order: '10'
45	79e9a23f	Nacho Barrientos	)
46			}
47			end
48
49			context 'with custom ICMP types (both v4 and v6)' do
50			let(:params) do
51			{
52			v4_types: ['echo-request limit rate 4/second', 'echo-reply'],
53	c82b960a	Steve Traylen	v6_types: %w[echo-reply nd-router-advert],
54	79e9a23f	Nacho Barrientos	}
55			end
56
57			it { is_expected.to compile }
58	c82b960a	Steve Traylen
59	79e9a23f	Nacho Barrientos	it {
60	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_request').with(
61	79e9a23f	Nacho Barrientos	content: 'ip protocol icmp icmp type echo-request limit rate 4/second accept',
62	fa92e118	Romain Tartière	order: '10'
63	79e9a23f	Nacho Barrientos	)
64			}
65	c82b960a	Steve Traylen
66	79e9a23f	Nacho Barrientos	it {
67	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv4_echo_reply').with(
68	79e9a23f	Nacho Barrientos	content: 'ip protocol icmp icmp type echo-reply accept',
69	fa92e118	Romain Tartière	order: '10'
70	79e9a23f	Nacho Barrientos	)
71			}
72	c82b960a	Steve Traylen
73	79e9a23f	Nacho Barrientos	it {
74	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv6_echo_reply').with(
75	79e9a23f	Nacho Barrientos	content: 'ip6 nexthdr ipv6-icmp icmpv6 type echo-reply accept',
76	fa92e118	Romain Tartière	order: '10'
77	79e9a23f	Nacho Barrientos	)
78			}
79	c82b960a	Steve Traylen
80	79e9a23f	Nacho Barrientos	it {
81	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-accept_icmpv6_nd_router_advert').with(
82	79e9a23f	Nacho Barrientos	content: 'ip6 nexthdr ipv6-icmp icmpv6 type nd-router-advert accept',
83	fa92e118	Romain Tartière	order: '10'
84	79e9a23f	Nacho Barrientos	)
85			}
86			end
87			end
88			end
89			end

Projet

Général

Profil

puppet nftables

root / spec / classes / rules / icmp_spec.rb @ 0f34454b