/spec/defines/simplerule_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / defines / simplerule_spec.rb @ 194e05d5

Historique | Voir | Annoter | Télécharger (7,49 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	83382bb5	Nacho Barrientos	require 'spec_helper'
4
5			describe 'nftables::simplerule' do
6			let(:pre_condition) { 'include nftables' }
7
8			let(:title) { 'my_default_rule_name' }
9
10			on_supported_os.each do \|os, os_facts\|
11			context "on #{os}" do
12			let(:facts) { os_facts }
13
14			describe 'minimum instantiation' do
15			it { is_expected.to compile }
16	c82b960a	Steve Traylen
17	83382bb5	Nacho Barrientos	it {
18	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
19	83382bb5	Nacho Barrientos	content: 'accept',
20	fa92e118	Romain Tartière	order: '50'
21	83382bb5	Nacho Barrientos	)
22			}
23			end
24
25	77abc10b	Nacho Barrientos	describe 'dport without protocol' do
26	d38aab5b	Nacho Barrientos	let(:params) do
27			{
28			dport: 333,
29			}
30			end
31
32			it { is_expected.not_to compile }
33			end
34
35	77abc10b	Nacho Barrientos	describe 'sport without protocol' do
36			let(:params) do
37			{
38			sport: 333,
39			}
40			end
41
42			it { is_expected.not_to compile }
43			end
44
45	83382bb5	Nacho Barrientos	describe 'all parameters provided' do
46			let(:title) { 'my_big_rule' }
47			let(:params) do
48			{
49			action: 'accept',
50			comment: 'this is my rule',
51	d43ced4d	Nacho Barrientos	counter: true,
52	83382bb5	Nacho Barrientos	dport: 333,
53	77abc10b	Nacho Barrientos	sport: 444,
54	83382bb5	Nacho Barrientos	proto: 'udp',
55			chain: 'default_out',
56	aaa37172	Nacho Barrientos	daddr: '2001:1458::/32',
57	3a469f2b	Nacho Barrientos	saddr: '2001:145c::/32',
58	83382bb5	Nacho Barrientos	}
59			end
60
61			it { is_expected.to compile }
62	c82b960a	Steve Traylen
63	83382bb5	Nacho Barrientos	it {
64	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_out-my_big_rule').with(
65	3a469f2b	Nacho Barrientos	content: 'udp sport {444} udp dport {333} ip6 saddr 2001:145c::/32 ip6 daddr 2001:1458::/32 counter accept comment "this is my rule"',
66	fa92e118	Romain Tartière	order: '50'
67	3a52fb41	Nacho Barrientos	)
68			}
69			end
70
71			describe 'port range' do
72			let(:params) do
73			{
74			dport: '333-334',
75	77abc10b	Nacho Barrientos	sport: '1-2',
76	3a52fb41	Nacho Barrientos	proto: 'tcp',
77			}
78			end
79
80			it { is_expected.to compile }
81	c82b960a	Steve Traylen
82	3a52fb41	Nacho Barrientos	it {
83	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
84	fa92e118	Romain Tartière	content: 'tcp sport {1-2} tcp dport {333-334} accept'
85	3a52fb41	Nacho Barrientos	)
86			}
87			end
88
89			describe 'port array' do
90			let(:params) do
91			{
92			dport: [333, 335],
93	77abc10b	Nacho Barrientos	sport: [433, 435],
94			proto: 'tcp',
95			}
96			end
97
98			it { is_expected.to compile }
99	c82b960a	Steve Traylen
100	77abc10b	Nacho Barrientos	it {
101	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
102	fa92e118	Romain Tartière	content: 'tcp sport {433, 435} tcp dport {333, 335} accept'
103	77abc10b	Nacho Barrientos	)
104			}
105			end
106
107			describe 'only sport TCP traffic' do
108			let(:params) do
109			{
110			sport: 555,
111	3a52fb41	Nacho Barrientos	proto: 'tcp',
112			}
113			end
114
115			it { is_expected.to compile }
116	c82b960a	Steve Traylen
117	3a52fb41	Nacho Barrientos	it {
118	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
119	fa92e118	Romain Tartière	content: 'tcp sport {555} accept'
120	83382bb5	Nacho Barrientos	)
121			}
122			end
123	316bc3f8	Nacho Barrientos
124			describe 'only IPv4 TCP traffic' do
125			let(:params) do
126			{
127			dport: 333,
128			proto: 'tcp4',
129			}
130			end
131
132			it { is_expected.to compile }
133	c82b960a	Steve Traylen
134	316bc3f8	Nacho Barrientos	it {
135	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
136	fa92e118	Romain Tartière	content: 'ip version 4 tcp dport {333} accept'
137	316bc3f8	Nacho Barrientos	)
138			}
139			end
140
141			describe 'only IPv6 UDP traffic' do
142			let(:params) do
143			{
144			dport: 33,
145			proto: 'udp6',
146			}
147			end
148
149			it { is_expected.to compile }
150	c82b960a	Steve Traylen
151	316bc3f8	Nacho Barrientos	it {
152	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
153	fa92e118	Romain Tartière	content: 'ip6 version 6 udp dport {33} accept'
154	316bc3f8	Nacho Barrientos	)
155			}
156			end
157	aaa37172	Nacho Barrientos
158	14156fb6	Nacho Barrientos	describe 'only IPv6 TCP traffic' do
159			let(:params) do
160			{
161			dport: 35,
162			proto: 'tcp6',
163			}
164			end
165
166			it { is_expected.to compile }
167	c82b960a	Steve Traylen
168	14156fb6	Nacho Barrientos	it {
169	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
170	fa92e118	Romain Tartière	content: 'ip6 version 6 tcp dport {35} accept'
171	14156fb6	Nacho Barrientos	)
172			}
173			end
174
175	aaa37172	Nacho Barrientos	describe 'with an IPv4 CIDR as daddr' do
176			let(:params) do
177			{
178			daddr: '192.168.0.1/24',
179			dport: 33,
180			proto: 'tcp',
181			}
182			end
183
184			it { is_expected.to compile }
185	c82b960a	Steve Traylen
186	aaa37172	Nacho Barrientos	it {
187	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
188	fa92e118	Romain Tartière	content: 'tcp dport {33} ip daddr 192.168.0.1/24 accept'
189	aaa37172	Nacho Barrientos	)
190			}
191			end
192
193			describe 'with an IPv6 address as daddr' do
194			let(:params) do
195			{
196			daddr: '2001:1458::1',
197			}
198			end
199
200			it { is_expected.to compile }
201	c82b960a	Steve Traylen
202	aaa37172	Nacho Barrientos	it {
203	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
204	fa92e118	Romain Tartière	content: 'ip6 daddr 2001:1458::1 accept'
205	aaa37172	Nacho Barrientos	)
206			}
207			end
208
209	3a469f2b	Nacho Barrientos	describe 'with an IPv6 address as saddr' do
210			let(:params) do
211			{
212			saddr: '2001:1458:0000:0000:0000:0000:0000:0003',
213			}
214			end
215
216			it { is_expected.to compile }
217	c82b960a	Steve Traylen
218	3a469f2b	Nacho Barrientos	it {
219	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
220	fa92e118	Romain Tartière	content: 'ip6 saddr 2001:1458:0000:0000:0000:0000:0000:0003 accept'
221	3a469f2b	Nacho Barrientos	)
222			}
223			end
224
225	bd8baa0f	Nacho Barrientos	describe 'with an IPv4 address as saddr' do
226			let(:params) do
227			{
228			saddr: '172.16.1.5',
229			}
230			end
231
232			it { is_expected.to compile }
233	c82b960a	Steve Traylen
234	bd8baa0f	Nacho Barrientos	it {
235	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
236	fa92e118	Romain Tartière	content: 'ip saddr 172.16.1.5 accept'
237	bd8baa0f	Nacho Barrientos	)
238			}
239			end
240
241	aaa37172	Nacho Barrientos	describe 'with an IPv6 set as daddr, default set_type' do
242			let(:params) do
243			{
244			daddr: '@my6_set',
245			}
246			end
247
248			it { is_expected.to compile }
249	c82b960a	Steve Traylen
250	aaa37172	Nacho Barrientos	it {
251	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
252	fa92e118	Romain Tartière	content: 'ip6 daddr @my6_set accept'
253	aaa37172	Nacho Barrientos	)
254			}
255			end
256
257			describe 'with a IPv4 set as daddr' do
258			let(:params) do
259			{
260			daddr: '@my4_set',
261			set_type: 'ip',
262			}
263			end
264
265			it { is_expected.to compile }
266	c82b960a	Steve Traylen
267	aaa37172	Nacho Barrientos	it {
268	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
269	fa92e118	Romain Tartière	content: 'ip daddr @my4_set accept'
270	aaa37172	Nacho Barrientos	)
271			}
272			end
273
274	3a469f2b	Nacho Barrientos	describe 'with a IPv6 set as saddr' do
275			let(:params) do
276			{
277			saddr: '@my6_set',
278			set_type: 'ip6',
279			}
280			end
281
282			it { is_expected.to compile }
283	c82b960a	Steve Traylen
284	3a469f2b	Nacho Barrientos	it {
285	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
286	fa92e118	Romain Tartière	content: 'ip6 saddr @my6_set accept'
287	3a469f2b	Nacho Barrientos	)
288			}
289			end
290
291	d43ced4d	Nacho Barrientos	describe 'with counter enabled' do
292			let(:params) do
293			{
294			counter: true,
295			}
296			end
297
298			it { is_expected.to compile }
299	c82b960a	Steve Traylen
300	d43ced4d	Nacho Barrientos	it {
301	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
302	fa92e118	Romain Tartière	content: 'counter accept'
303	d43ced4d	Nacho Barrientos	)
304			}
305			end
306	5944b9cb	Nacho Barrientos
307			describe 'counter and continue sport' do
308			let(:params) do
309			{
310			proto: 'tcp',
311			sport: 80,
312			counter: true,
313			action: 'continue',
314			}
315			end
316
317			it { is_expected.to compile }
318	c82b960a	Steve Traylen
319	5944b9cb	Nacho Barrientos	it {
320	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-my_default_rule_name').with(
321	fa92e118	Romain Tartière	content: 'tcp sport {80} counter continue'
322	5944b9cb	Nacho Barrientos	)
323			}
324			end
325	83382bb5	Nacho Barrientos	end
326			end
327			end

Projet

Général

Profil

puppet nftables

root / spec / defines / simplerule_spec.rb @ 194e05d5