/spec/classes/router_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / router_spec.rb @ 2ad7193b

Historique | Voir | Annoter | Télécharger (5,76 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	d78c1613	tr	require 'spec_helper'
4
5			describe 'nftables' do
6			let(:pre_condition) { 'Exec{path => "/bin"}' }
7
8			on_supported_os.each do \|os, os_facts\|
9			context "on #{os}" do
10			let(:facts) { os_facts }
11
12	0b7bcb5d	mh	nft_mode = case os_facts[:os]['family']
13			when 'RedHat'
14			'0600'
15			else
16			'0640'
17			end
18
19	8f5d09ec	tr	context 'as router' do
20			let(:pre_condition) do
21	01d8a819	tr	'
22	351a88fb	tr	# inet-filter-chain-default_fwd
23	d78c1613	tr	nftables::rule{
24	01d8a819	tr	\'default_fwd-out\':
25			order => \'20\',
26			content => \'iifname eth1 oifname eth0 accept\';
27			\'default_fwd-drop\':
28			order => \'90\',
29			content => \'iifname eth0 drop\';
30	2a3b45ec	tr	}
31	af544fea	tr
32	2a3b45ec	tr	nftables::rules::masquerade{
33	01d8a819	tr	\'masquerade\':
34			order => \'20\',
35			oif => \'eth0\';
36	d78c1613	tr	}
37	01d8a819	tr	'
38	8f5d09ec	tr	end
39	d78c1613	tr
40			it { is_expected.to compile }
41
42	01d8a819	tr	it {
43	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-inet-filter-chain-default_fwd').with(
44			path: '/etc/nftables/puppet-preflight/inet-filter-chain-default_fwd.nft',
45			owner: 'root',
46			group: 'root',
47	0b7bcb5d	mh	mode: nft_mode,
48	fa92e118	Romain Tartière	ensure_newline: true
49	01d8a819	tr	)
50			}
51	c82b960a	Steve Traylen
52	01d8a819	tr	it {
53	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-header').with(
54			target: 'nftables-inet-filter-chain-default_fwd',
55	01d8a819	tr	content: %r{^chain default_fwd \{$},
56	c82b960a	Steve Traylen	order: '00'
57	01d8a819	tr	)
58			}
59	c82b960a	Steve Traylen
60	01d8a819	tr	it {
61	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-out').with(
62			target: 'nftables-inet-filter-chain-default_fwd',
63	01d8a819	tr	content: %r{^ iifname eth1 oifname eth0 accept$},
64	c82b960a	Steve Traylen	order: '20-nftables-inet-filter-chain-default_fwd-rule-out-b'
65	01d8a819	tr	)
66			}
67	c82b960a	Steve Traylen
68	01d8a819	tr	it {
69	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-drop').with(
70			target: 'nftables-inet-filter-chain-default_fwd',
71	01d8a819	tr	content: %r{^ iifname eth0 drop$},
72	c82b960a	Steve Traylen	order: '90-nftables-inet-filter-chain-default_fwd-rule-drop-b'
73	01d8a819	tr	)
74			}
75	c82b960a	Steve Traylen
76	01d8a819	tr	it {
77	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-footer').with(
78			target: 'nftables-inet-filter-chain-default_fwd',
79	01d8a819	tr	content: %r{^\}$},
80	c82b960a	Steve Traylen	order: '99'
81	01d8a819	tr	)
82			}
83	d78c1613	tr
84	01d8a819	tr	it {
85	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip-nat-chain-PREROUTING').with(
86			path: '/etc/nftables/puppet-preflight/ip-nat-chain-PREROUTING.nft',
87			owner: 'root',
88			group: 'root',
89	0b7bcb5d	mh	mode: nft_mode,
90	fa92e118	Romain Tartière	ensure_newline: true
91	01d8a819	tr	)
92			}
93	c82b960a	Steve Traylen
94	01d8a819	tr	it {
95	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-header').with(
96			target: 'nftables-ip-nat-chain-PREROUTING',
97	01d8a819	tr	content: %r{^chain PREROUTING \{$},
98	c82b960a	Steve Traylen	order: '00'
99	01d8a819	tr	)
100			}
101	c82b960a	Steve Traylen
102	01d8a819	tr	it {
103	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-type').with(
104			target: 'nftables-ip-nat-chain-PREROUTING',
105	01d8a819	tr	content: %r{^ type nat hook prerouting priority -100$},
106	c82b960a	Steve Traylen	order: '01-nftables-ip-nat-chain-PREROUTING-rule-type-b'
107	01d8a819	tr	)
108			}
109	c82b960a	Steve Traylen
110	01d8a819	tr	it {
111	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-policy').with(
112			target: 'nftables-ip-nat-chain-PREROUTING',
113	01d8a819	tr	content: %r{^ policy accept$},
114	c82b960a	Steve Traylen	order: '02-nftables-ip-nat-chain-PREROUTING-rule-policy-b'
115	01d8a819	tr	)
116			}
117	c82b960a	Steve Traylen
118	01d8a819	tr	it {
119	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-footer').with(
120			target: 'nftables-ip-nat-chain-PREROUTING',
121	01d8a819	tr	content: %r{^\}$},
122	c82b960a	Steve Traylen	order: '99'
123	01d8a819	tr	)
124			}
125	95b1259b	tr
126	01d8a819	tr	it {
127	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
128			path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft',
129			owner: 'root',
130			group: 'root',
131	0b7bcb5d	mh	mode: nft_mode,
132	fa92e118	Romain Tartière	ensure_newline: true
133	01d8a819	tr	)
134			}
135	c82b960a	Steve Traylen
136	01d8a819	tr	it {
137	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-header').with(
138			target: 'nftables-ip-nat-chain-POSTROUTING',
139	01d8a819	tr	content: %r{^chain POSTROUTING \{$},
140	c82b960a	Steve Traylen	order: '00'
141	01d8a819	tr	)
142			}
143	c82b960a	Steve Traylen
144	01d8a819	tr	it {
145	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
146			target: 'nftables-ip-nat-chain-POSTROUTING',
147	01d8a819	tr	content: %r{^ type nat hook postrouting priority 100$},
148	c82b960a	Steve Traylen	order: '01-nftables-ip-nat-chain-POSTROUTING-rule-type-b'
149	01d8a819	tr	)
150			}
151	c82b960a	Steve Traylen
152	01d8a819	tr	it {
153	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
154			target: 'nftables-ip-nat-chain-POSTROUTING',
155	01d8a819	tr	content: %r{^ policy accept$},
156	c82b960a	Steve Traylen	order: '02-nftables-ip-nat-chain-POSTROUTING-rule-policy-b'
157	01d8a819	tr	)
158			}
159	c82b960a	Steve Traylen
160	01d8a819	tr	it {
161	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade').with(
162			target: 'nftables-ip-nat-chain-POSTROUTING',
163	01d8a819	tr	content: %r{^ oifname eth0 masquerade$},
164	c82b960a	Steve Traylen	order: '20-nftables-ip-nat-chain-POSTROUTING-rule-masquerade-b'
165	01d8a819	tr	)
166			}
167	c82b960a	Steve Traylen
168	01d8a819	tr	it {
169	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-footer').with(
170			target: 'nftables-ip-nat-chain-POSTROUTING',
171	01d8a819	tr	content: %r{^\}$},
172	c82b960a	Steve Traylen	order: '99'
173	01d8a819	tr	)
174			}
175	d78c1613	tr	end
176			end
177			end
178			end

Projet

Général

Profil

puppet nftables

root / spec / classes / router_spec.rb @ 2ad7193b