/spec/classes/rules_out_dns_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / rules_out_dns_spec.rb @ 194e05d5

Historique | Voir | Annoter | Télécharger (2,74 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	18ec6f48	tr	require 'spec_helper'
4
5			describe 'nftables' do
6			let(:pre_condition) { 'Exec{path => "/bin"}' }
7
8			on_supported_os.each do \|os, os_facts\|
9			context "on #{os}" do
10			let(:facts) { os_facts }
11
12			context 'with standard dns' do
13			let(:pre_condition) do
14			'
15			include nftables::rules::out::dns
16			'
17			end
18
19			it {
20	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp').with(
21			target: 'nftables-inet-filter-chain-default_out',
22	18ec6f48	tr	content: %r{^ udp dport 53 accept$},
23	c82b960a	Steve Traylen	order: '50-nftables-inet-filter-chain-default_out-rule-dnsudp-b'
24	18ec6f48	tr	)
25			}
26	c82b960a	Steve Traylen
27	18ec6f48	tr	it {
28	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp').with(
29			target: 'nftables-inet-filter-chain-default_out',
30	18ec6f48	tr	content: %r{^ tcp dport 53 accept$},
31	c82b960a	Steve Traylen	order: '50-nftables-inet-filter-chain-default_out-rule-dnstcp-b'
32	18ec6f48	tr	)
33			}
34			end
35
36			context 'with custom dns servers' do
37			let(:pre_condition) do
38			"
39			class{'nftables::rules::out::dns':
40			dns_server => ['192.0.2.1', '2001:db8::1'],
41			}
42			"
43			end
44
45			it { is_expected.to compile }
46
47			it {
48	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp-0').with(
49			target: 'nftables-inet-filter-chain-default_out',
50	18ec6f48	tr	content: %r{^ ip daddr 192.0.2.1 udp dport 53 accept$},
51	c82b960a	Steve Traylen	order: '50-nftables-inet-filter-chain-default_out-rule-dnsudp-0-b'
52	18ec6f48	tr	)
53			}
54	c82b960a	Steve Traylen
55	18ec6f48	tr	it {
56	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp-0').with(
57			target: 'nftables-inet-filter-chain-default_out',
58	18ec6f48	tr	content: %r{^ ip daddr 192.0.2.1 tcp dport 53 accept$},
59	c82b960a	Steve Traylen	order: '50-nftables-inet-filter-chain-default_out-rule-dnstcp-0-b'
60	18ec6f48	tr	)
61			}
62
63			it {
64	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp-1').with(
65			target: 'nftables-inet-filter-chain-default_out',
66	18ec6f48	tr	content: %r{^ ip6 daddr 2001:db8::1 udp dport 53 accept$},
67	c82b960a	Steve Traylen	order: '50-nftables-inet-filter-chain-default_out-rule-dnsudp-1-b'
68	18ec6f48	tr	)
69			}
70	c82b960a	Steve Traylen
71	18ec6f48	tr	it {
72	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp-1').with(
73			target: 'nftables-inet-filter-chain-default_out',
74	18ec6f48	tr	content: %r{^ ip6 daddr 2001:db8::1 tcp dport 53 accept$},
75	c82b960a	Steve Traylen	order: '50-nftables-inet-filter-chain-default_out-rule-dnstcp-1-b'
76	18ec6f48	tr	)
77			}
78			end
79			end
80			end
81			end

Projet

Général

Profil

puppet nftables

root / spec / classes / rules_out_dns_spec.rb @ 194e05d5