root / spec / classes / ip_nat_spec.rb @ 194e05d5
Historique | Voir | Annoter | Télécharger (9,29 ko)
| 1 | c82b960a | Steve Traylen | # frozen_string_literal: true
|
|---|---|---|---|
| 2 | |||
| 3 | 422b6851 | tr | require 'spec_helper'
|
| 4 | |||
| 5 | describe 'nftables' do |
||
| 6 | let(:pre_condition) { 'Exec{path => "/bin"}' } |
||
| 7 | |||
| 8 | on_supported_os.each do |os, os_facts|
|
||
| 9 | context "on #{os}" do |
||
| 10 | let(:facts) { os_facts }
|
||
| 11 | |||
| 12 | it { is_expected.to compile }
|
||
| 13 | |||
| 14 | 01d8a819 | tr | it {
|
| 15 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip-nat').with(
|
| 16 | path: '/etc/nftables/puppet-preflight/ip-nat.nft', |
||
| 17 | e4c32222 | Nacho Barrientos | ensure: 'present', |
| 18 | c82b960a | Steve Traylen | owner: 'root', |
| 19 | group: 'root', |
||
| 20 | mode: '0640' |
||
| 21 | 01d8a819 | tr | ) |
| 22 | } |
||
| 23 | 422b6851 | tr | |
| 24 | 248ef9d5 | tr | it {
|
| 25 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-header').with(
|
| 26 | target: 'nftables-ip-nat', |
||
| 27 | e4c32222 | Nacho Barrientos | content: %r{^table ip nat \{$}, |
| 28 | c82b960a | Steve Traylen | order: '00' |
| 29 | e4c32222 | Nacho Barrientos | ) |
| 30 | } |
||
| 31 | |||
| 32 | it {
|
||
| 33 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-body').with(
|
| 34 | target: 'nftables-ip-nat', |
||
| 35 | fcb1d356 | Nacho Barrientos | content: %r{^\s+include "ip-nat-chain-\*\.nft"$}, |
| 36 | c82b960a | Steve Traylen | order: '98' |
| 37 | e4c32222 | Nacho Barrientos | ) |
| 38 | } |
||
| 39 | |||
| 40 | it {
|
||
| 41 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-footer').with(
|
| 42 | target: 'nftables-ip-nat', |
||
| 43 | e4c32222 | Nacho Barrientos | content: %r{^\}$}, |
| 44 | c82b960a | Steve Traylen | order: '99' |
| 45 | e4c32222 | Nacho Barrientos | ) |
| 46 | } |
||
| 47 | |||
| 48 | it {
|
||
| 49 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip6-nat').with(
|
| 50 | path: '/etc/nftables/puppet-preflight/ip6-nat.nft', |
||
| 51 | e4c32222 | Nacho Barrientos | ensure: 'present', |
| 52 | c82b960a | Steve Traylen | owner: 'root', |
| 53 | group: 'root', |
||
| 54 | mode: '0640' |
||
| 55 | 248ef9d5 | tr | ) |
| 56 | } |
||
| 57 | |||
| 58 | e4c32222 | Nacho Barrientos | it {
|
| 59 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-header').with(
|
| 60 | target: 'nftables-ip6-nat', |
||
| 61 | e4c32222 | Nacho Barrientos | content: %r{^table ip6 nat \{$}, |
| 62 | c82b960a | Steve Traylen | order: '00' |
| 63 | e4c32222 | Nacho Barrientos | ) |
| 64 | } |
||
| 65 | |||
| 66 | it {
|
||
| 67 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-body').with(
|
| 68 | target: 'nftables-ip6-nat', |
||
| 69 | fcb1d356 | Nacho Barrientos | content: %r{^\s+include "ip6-nat-chain-\*\.nft"$}, |
| 70 | c82b960a | Steve Traylen | order: '98' |
| 71 | e4c32222 | Nacho Barrientos | ) |
| 72 | } |
||
| 73 | |||
| 74 | it {
|
||
| 75 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-footer').with(
|
| 76 | target: 'nftables-ip6-nat', |
||
| 77 | e4c32222 | Nacho Barrientos | content: %r{^\}$}, |
| 78 | c82b960a | Steve Traylen | order: '99' |
| 79 | e4c32222 | Nacho Barrientos | ) |
| 80 | } |
||
| 81 | |||
| 82 | 248ef9d5 | tr | context 'table ip nat chain prerouting' do |
| 83 | 01d8a819 | tr | it {
|
| 84 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip-nat-chain-PREROUTING').with(
|
| 85 | path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft', |
||
| 86 | owner: 'root', |
||
| 87 | group: 'root', |
||
| 88 | mode: '0640', |
||
| 89 | fa92e118 | Romain Tartière | ensure_newline: true |
| 90 | 01d8a819 | tr | ) |
| 91 | } |
||
| 92 | c82b960a | Steve Traylen | |
| 93 | 01d8a819 | tr | it {
|
| 94 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-header').with(
|
| 95 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 96 | 01d8a819 | tr | content: %r{^chain PREROUTING \{$}, |
| 97 | c82b960a | Steve Traylen | order: '00' |
| 98 | 01d8a819 | tr | ) |
| 99 | } |
||
| 100 | c82b960a | Steve Traylen | |
| 101 | 01d8a819 | tr | it {
|
| 102 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-type').with(
|
| 103 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 104 | 01d8a819 | tr | content: %r{^ type nat hook prerouting priority -100$}, |
| 105 | c82b960a | Steve Traylen | order: '01-nftables-ip-nat-chain-PREROUTING-rule-type-b' |
| 106 | 01d8a819 | tr | ) |
| 107 | } |
||
| 108 | c82b960a | Steve Traylen | |
| 109 | 01d8a819 | tr | it {
|
| 110 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-policy').with(
|
| 111 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 112 | 01d8a819 | tr | content: %r{^ policy accept$}, |
| 113 | c82b960a | Steve Traylen | order: '02-nftables-ip-nat-chain-PREROUTING-rule-policy-b' |
| 114 | 01d8a819 | tr | ) |
| 115 | } |
||
| 116 | c82b960a | Steve Traylen | |
| 117 | 01d8a819 | tr | it {
|
| 118 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-footer').with(
|
| 119 | target: 'nftables-ip-nat-chain-PREROUTING', |
||
| 120 | 01d8a819 | tr | content: %r{^\}$}, |
| 121 | c82b960a | Steve Traylen | order: '99' |
| 122 | 01d8a819 | tr | ) |
| 123 | } |
||
| 124 | 422b6851 | tr | end
|
| 125 | |||
| 126 | 6c2f0f10 | Steve Traylen | context 'table ipv4 nat chain postrouting' do |
| 127 | 01d8a819 | tr | it {
|
| 128 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
|
| 129 | path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft', |
||
| 130 | owner: 'root', |
||
| 131 | group: 'root', |
||
| 132 | mode: '0640', |
||
| 133 | fa92e118 | Romain Tartière | ensure_newline: true |
| 134 | 01d8a819 | tr | ) |
| 135 | } |
||
| 136 | c82b960a | Steve Traylen | |
| 137 | 01d8a819 | tr | it {
|
| 138 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-header').with(
|
| 139 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 140 | 01d8a819 | tr | content: %r{^chain POSTROUTING \{$}, |
| 141 | c82b960a | Steve Traylen | order: '00' |
| 142 | 01d8a819 | tr | ) |
| 143 | } |
||
| 144 | c82b960a | Steve Traylen | |
| 145 | 01d8a819 | tr | it {
|
| 146 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
|
| 147 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 148 | 01d8a819 | tr | content: %r{^ type nat hook postrouting priority 100$}, |
| 149 | c82b960a | Steve Traylen | order: '01-nftables-ip-nat-chain-POSTROUTING-rule-type-b' |
| 150 | 01d8a819 | tr | ) |
| 151 | } |
||
| 152 | c82b960a | Steve Traylen | |
| 153 | 01d8a819 | tr | it {
|
| 154 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
|
| 155 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 156 | 01d8a819 | tr | content: %r{^ policy accept$}, |
| 157 | c82b960a | Steve Traylen | order: '02-nftables-ip-nat-chain-POSTROUTING-rule-policy-b' |
| 158 | 01d8a819 | tr | ) |
| 159 | } |
||
| 160 | c82b960a | Steve Traylen | |
| 161 | 01d8a819 | tr | it {
|
| 162 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-footer').with(
|
| 163 | target: 'nftables-ip-nat-chain-POSTROUTING', |
||
| 164 | 01d8a819 | tr | content: %r{^\}$}, |
| 165 | c82b960a | Steve Traylen | order: '99' |
| 166 | 01d8a819 | tr | ) |
| 167 | } |
||
| 168 | 422b6851 | tr | end
|
| 169 | 248ef9d5 | tr | |
| 170 | context 'table ip6 nat chain prerouting' do |
||
| 171 | it {
|
||
| 172 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip6-nat-chain-PREROUTING6').with(
|
| 173 | path: '/etc/nftables/puppet-preflight/ip6-nat-chain-PREROUTING6.nft', |
||
| 174 | owner: 'root', |
||
| 175 | group: 'root', |
||
| 176 | mode: '0640', |
||
| 177 | fa92e118 | Romain Tartière | ensure_newline: true |
| 178 | 248ef9d5 | tr | ) |
| 179 | } |
||
| 180 | c82b960a | Steve Traylen | |
| 181 | 248ef9d5 | tr | it {
|
| 182 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-header').with(
|
| 183 | target: 'nftables-ip6-nat-chain-PREROUTING6', |
||
| 184 | 248ef9d5 | tr | content: %r{^chain PREROUTING6 \{$}, |
| 185 | c82b960a | Steve Traylen | order: '00' |
| 186 | 248ef9d5 | tr | ) |
| 187 | } |
||
| 188 | c82b960a | Steve Traylen | |
| 189 | 248ef9d5 | tr | it {
|
| 190 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-rule-type').with(
|
| 191 | target: 'nftables-ip6-nat-chain-PREROUTING6', |
||
| 192 | 248ef9d5 | tr | content: %r{^ type nat hook prerouting priority -100$}, |
| 193 | c82b960a | Steve Traylen | order: '01-nftables-ip6-nat-chain-PREROUTING6-rule-type-b' |
| 194 | 248ef9d5 | tr | ) |
| 195 | } |
||
| 196 | c82b960a | Steve Traylen | |
| 197 | 248ef9d5 | tr | it {
|
| 198 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-rule-policy').with(
|
| 199 | target: 'nftables-ip6-nat-chain-PREROUTING6', |
||
| 200 | 248ef9d5 | tr | content: %r{^ policy accept$}, |
| 201 | c82b960a | Steve Traylen | order: '02-nftables-ip6-nat-chain-PREROUTING6-rule-policy-b' |
| 202 | 248ef9d5 | tr | ) |
| 203 | } |
||
| 204 | c82b960a | Steve Traylen | |
| 205 | 248ef9d5 | tr | it {
|
| 206 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-footer').with(
|
| 207 | target: 'nftables-ip6-nat-chain-PREROUTING6', |
||
| 208 | 248ef9d5 | tr | content: %r{^\}$}, |
| 209 | c82b960a | Steve Traylen | order: '99' |
| 210 | 248ef9d5 | tr | ) |
| 211 | } |
||
| 212 | end
|
||
| 213 | |||
| 214 | 6c2f0f10 | Steve Traylen | context 'table ipv6 nat chain postrouting' do |
| 215 | 248ef9d5 | tr | it {
|
| 216 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip6-nat-chain-POSTROUTING6').with(
|
| 217 | path: '/etc/nftables/puppet-preflight/ip6-nat-chain-POSTROUTING6.nft', |
||
| 218 | owner: 'root', |
||
| 219 | group: 'root', |
||
| 220 | mode: '0640', |
||
| 221 | fa92e118 | Romain Tartière | ensure_newline: true |
| 222 | 248ef9d5 | tr | ) |
| 223 | } |
||
| 224 | c82b960a | Steve Traylen | |
| 225 | 248ef9d5 | tr | it {
|
| 226 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-header').with(
|
| 227 | target: 'nftables-ip6-nat-chain-POSTROUTING6', |
||
| 228 | 248ef9d5 | tr | content: %r{^chain POSTROUTING6 \{$}, |
| 229 | c82b960a | Steve Traylen | order: '00' |
| 230 | 248ef9d5 | tr | ) |
| 231 | } |
||
| 232 | c82b960a | Steve Traylen | |
| 233 | 248ef9d5 | tr | it {
|
| 234 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-rule-type').with(
|
| 235 | target: 'nftables-ip6-nat-chain-POSTROUTING6', |
||
| 236 | 248ef9d5 | tr | content: %r{^ type nat hook postrouting priority 100$}, |
| 237 | c82b960a | Steve Traylen | order: '01-nftables-ip6-nat-chain-POSTROUTING6-rule-type-b' |
| 238 | 248ef9d5 | tr | ) |
| 239 | } |
||
| 240 | c82b960a | Steve Traylen | |
| 241 | 248ef9d5 | tr | it {
|
| 242 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-rule-policy').with(
|
| 243 | target: 'nftables-ip6-nat-chain-POSTROUTING6', |
||
| 244 | 248ef9d5 | tr | content: %r{^ policy accept$}, |
| 245 | c82b960a | Steve Traylen | order: '02-nftables-ip6-nat-chain-POSTROUTING6-rule-policy-b' |
| 246 | 248ef9d5 | tr | ) |
| 247 | } |
||
| 248 | c82b960a | Steve Traylen | |
| 249 | 248ef9d5 | tr | it {
|
| 250 | c82b960a | Steve Traylen | expect(subject).to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-footer').with(
|
| 251 | target: 'nftables-ip6-nat-chain-POSTROUTING6', |
||
| 252 | 248ef9d5 | tr | content: %r{^\}$}, |
| 253 | c82b960a | Steve Traylen | order: '99' |
| 254 | 248ef9d5 | tr | ) |
| 255 | } |
||
| 256 | end
|
||
| 257 | 82d10659 | Nacho Barrientos | |
| 258 | fcb79d73 | Ben Morrice | context 'custom ip nat table name' do |
| 259 | let(:params) do |
||
| 260 | {
|
||
| 261 | 'nat_table_name' => 'mycustomtablename', |
||
| 262 | } |
||
| 263 | end
|
||
| 264 | |||
| 265 | it { is_expected.to compile }
|
||
| 266 | c82b960a | Steve Traylen | |
| 267 | fcb79d73 | Ben Morrice | it {
|
| 268 | c82b960a | Steve Traylen | expect(subject).to contain_concat('nftables-ip-mycustomtablename').with(
|
| 269 | path: '/etc/nftables/puppet-preflight/ip-mycustomtablename.nft', |
||
| 270 | fcb79d73 | Ben Morrice | ensure: 'present', |
| 271 | c82b960a | Steve Traylen | owner: 'root', |
| 272 | group: 'root', |
||
| 273 | mode: '0640' |
||
| 274 | fcb79d73 | Ben Morrice | ) |
| 275 | } |
||
| 276 | end
|
||
| 277 | |||
| 278 | 82d10659 | Nacho Barrientos | context 'all nat tables disabled' do |
| 279 | let(:params) do |
||
| 280 | {
|
||
| 281 | 'nat' => false, |
||
| 282 | } |
||
| 283 | end
|
||
| 284 | |||
| 285 | it { is_expected.not_to contain_class('nftables::ip_nat') }
|
||
| 286 | it { is_expected.not_to contain_nftables__config('ip-nat') }
|
||
| 287 | it { is_expected.not_to contain_nftables__config('ip6-nat') }
|
||
| 288 | it { is_expected.not_to contain_nftables__chain('PREROUTING') }
|
||
| 289 | it { is_expected.not_to contain_nftables__chain('POSTROUTING') }
|
||
| 290 | it { is_expected.not_to contain_nftables__chain('PREROUTING6') }
|
||
| 291 | it { is_expected.not_to contain_nftables__chain('POSTROUTING6') }
|
||
| 292 | end
|
||
| 293 | 422b6851 | tr | end
|
| 294 | end
|
||
| 295 | end |