Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / spec / classes / rules / docker_ce_spec.rb @ 6be2adf7

Historique | Voir | Annoter | Télécharger (2 ko)

1 
require 'spec_helper'
2 

    		
  

  

    
      3
    
    
      
describe 'nftables::rules::docker_ce' do


    		
  

  

    
      4
    
    
      
  let(:pre_condition) { 'include nftables' }


    		
  

  

    
      5
    
    
      

    		
  

  

    
      6
    
    
      
  on_supported_os.each do |os, os_facts|


    		
  

  

    
      7
    
    
      
    context "on #{os}" do


    		
  

  

    
      8
    
    
      
      let(:facts) { os_facts }


    		
  

  

    
      9
    
    
      

    		
  

  

    
      10
    
    
      
      context 'default options' do


    		
  

  

    
      11
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      12
    
    
      
        it { is_expected.to contain_nftables__chain('DOCKER') }


    		
  

  

    
      13
    
    
      
        it { is_expected.to contain_nftables__chain('DOCKER_ISOLATION_STAGE_1') }


    		
  

  

    
      14
    
    
      
        it { is_expected.to contain_nftables__chain('DOCKER_ISOLATION_STAGE_2') }


    		
  

  

    
      15
    
    
      
        it { is_expected.to contain_nftables__chain('DOCKER_USER') }


    		
  

  

    
      16
    
    
      
        it {


    		
  

  

    
      17
    
    
      
          is_expected.to contain_nftables__chain('DOCKER-nat').with(


    		
  

  

    
      18
    
    
      
            chain: 'DOCKER',


    		
  

  

    
      19
    
    
      
            table: 'ip-nat',


    		
  

  

    
      20
    
    
      
          )


    		
  

  

    
      21
    
    
      
        }


    		
  

  

    
      22
    
    
      
        it {


    		
  

  

    
      23
    
    
      
          is_expected.to contain_nftables__chain('OUTPUT-nat').with(


    		
  

  

    
      24
    
    
      
            chain: 'OUTPUT',


    		
  

  

    
      25
    
    
      
            table: 'ip-nat',


    		
  

  

    
      26
    
    
      
          )


    		
  

  

    
      27
    
    
      
        }


    		
  

  

    
      28
    
    
      
        it {


    		
  

  

    
      29
    
    
      
          is_expected.to contain_nftables__chain('INPUT-nat').with(


    		
  

  

    
      30
    
    
      
            chain: 'INPUT',


    		
  

  

    
      31
    
    
      
            table: 'ip-nat',


    		
  

  

    
      32
    
    
      
          )


    		
  

  

    
      33
    
    
      
        }


    		
  

  

    
      34
    
    
      
        it { is_expected.to contain_nftables__rule('DOCKER_ISOLATION_STAGE_2-drop').with_content('oifname "docker0" counter drop') }


    		
  

  

    
      35
    
    
      
        it {


    		
  

  

    
      36
    
    
      
          is_expected.to contain_nftables__rule('POSTROUTING-docker').with(


    		
  

  

    
      37
    
    
      
            content: 'oifname != "docker0" ip saddr 172.17.0.0/16 counter masquerade',


    		
  

  

    
      38
    
    
      
            table: 'ip-nat',


    		
  

  

    
      39
    
    
      
          )


    		
  

  

    
      40
    
    
      
        }


    		
  

  

    
      41
    
    
      
      end


    		
  

  

    
      42
    
    
      

    		
  

  

    
      43
    
    
      
      context 'with custom interface and subnet' do


    		
  

  

    
      44
    
    
      
        let(:params) do


    		
  

  

    
      45
    
    
      
          {


    		
  

  

    
      46
    
    
      
            docker_interface: 'ifdo0',


    		
  

  

    
      47
    
    
      
            docker_prefix: '192.168.4.0/24',


    		
  

  

    
      48
    
    
      
          }


    		
  

  

    
      49
    
    
      
        end


    		
  

  

    
      50
    
    
      

    		
  

  

    
      51
    
    
      
        it { is_expected.to compile }


    		
  

  

    
      52
    
    
      
        it { is_expected.to contain_nftables__rule('DOCKER_ISOLATION_STAGE_2-drop').with_content('oifname "ifdo0" counter drop') }


    		
  

  

    
      53
    
    
      
        it {


    		
  

  

    
      54
    
    
      
          is_expected.to contain_nftables__rule('POSTROUTING-docker').with(


    		
  

  

    
      55
    
    
      
            content: 'oifname != "ifdo0" ip saddr 192.168.4.0/24 counter masquerade',


    		
  

  

    
      56
    
    
      
            table: 'ip-nat',


    		
  

  

    
      57
    
    
      
          )


    		
  

  

    
      58
    
    
      
        }


    		
  

  

    
      59
    
    
      
      end


    		
  

  

    
      60
    
    
      
    end


    		
  

  

    
      61
    
    
      
  end


    		
  

  

    
      62
    
    
      
end