root / spec / classes / rules_out_dns_spec.rb @ 7b9d6ffc
Historique | Voir | Annoter | Télécharger (2,71 ko)
| 1 | 18ec6f48 | tr | require 'spec_helper'
|
|---|---|---|---|
| 2 | |||
| 3 | describe 'nftables' do |
||
| 4 | let(:pre_condition) { 'Exec{path => "/bin"}' } |
||
| 5 | |||
| 6 | on_supported_os.each do |os, os_facts|
|
||
| 7 | context "on #{os}" do |
||
| 8 | let(:facts) { os_facts }
|
||
| 9 | |||
| 10 | context 'with standard dns' do |
||
| 11 | let(:pre_condition) do |
||
| 12 | '
|
||
| 13 | include nftables::rules::out::dns
|
||
| 14 | '
|
||
| 15 | end
|
||
| 16 | |||
| 17 | it {
|
||
| 18 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp').with(
|
||
| 19 | target: 'nftables-inet-filter-chain-default_out', |
||
| 20 | content: %r{^ udp dport 53 accept$}, |
||
| 21 | 61f03b47 | Steve Traylen | order: '50-nftables-inet-filter-chain-default_out-rule-dnsudp-b', |
| 22 | 18ec6f48 | tr | ) |
| 23 | } |
||
| 24 | it {
|
||
| 25 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp').with(
|
||
| 26 | target: 'nftables-inet-filter-chain-default_out', |
||
| 27 | content: %r{^ tcp dport 53 accept$}, |
||
| 28 | 61f03b47 | Steve Traylen | order: '50-nftables-inet-filter-chain-default_out-rule-dnstcp-b', |
| 29 | 18ec6f48 | tr | ) |
| 30 | } |
||
| 31 | end
|
||
| 32 | |||
| 33 | context 'with custom dns servers' do |
||
| 34 | let(:pre_condition) do |
||
| 35 | "
|
||
| 36 | class{'nftables::rules::out::dns':
|
||
| 37 | dns_server => ['192.0.2.1', '2001:db8::1'],
|
||
| 38 | }
|
||
| 39 | "
|
||
| 40 | end
|
||
| 41 | |||
| 42 | it { is_expected.to compile }
|
||
| 43 | |||
| 44 | it {
|
||
| 45 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp-0').with(
|
||
| 46 | target: 'nftables-inet-filter-chain-default_out', |
||
| 47 | content: %r{^ ip daddr 192.0.2.1 udp dport 53 accept$}, |
||
| 48 | 61f03b47 | Steve Traylen | order: '50-nftables-inet-filter-chain-default_out-rule-dnsudp-0-b', |
| 49 | 18ec6f48 | tr | ) |
| 50 | } |
||
| 51 | it {
|
||
| 52 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp-0').with(
|
||
| 53 | target: 'nftables-inet-filter-chain-default_out', |
||
| 54 | content: %r{^ ip daddr 192.0.2.1 tcp dport 53 accept$}, |
||
| 55 | 61f03b47 | Steve Traylen | order: '50-nftables-inet-filter-chain-default_out-rule-dnstcp-0-b', |
| 56 | 18ec6f48 | tr | ) |
| 57 | } |
||
| 58 | |||
| 59 | it {
|
||
| 60 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp-1').with(
|
||
| 61 | target: 'nftables-inet-filter-chain-default_out', |
||
| 62 | content: %r{^ ip6 daddr 2001:db8::1 udp dport 53 accept$}, |
||
| 63 | 61f03b47 | Steve Traylen | order: '50-nftables-inet-filter-chain-default_out-rule-dnsudp-1-b', |
| 64 | 18ec6f48 | tr | ) |
| 65 | } |
||
| 66 | it {
|
||
| 67 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp-1').with(
|
||
| 68 | target: 'nftables-inet-filter-chain-default_out', |
||
| 69 | content: %r{^ ip6 daddr 2001:db8::1 tcp dport 53 accept$}, |
||
| 70 | 61f03b47 | Steve Traylen | order: '50-nftables-inet-filter-chain-default_out-rule-dnstcp-1-b', |
| 71 | 18ec6f48 | tr | ) |
| 72 | } |
||
| 73 | end
|
||
| 74 | end
|
||
| 75 | end
|
||
| 76 | end |