/spec/classes/rules/qemu_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / rules / qemu_spec.rb @ a528bf59

Historique | Voir | Annoter | Télécharger (5,68 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	cd2a3cbf	Nacho Barrientos	require 'spec_helper'
4
5			describe 'nftables::rules::qemu' do
6			on_supported_os.each do \|os, os_facts\|
7			context "on #{os}" do
8			let(:facts) { os_facts }
9	fcb79d73	Ben Morrice	let(:pre_condition) { 'include nftables' }
10	cd2a3cbf	Nacho Barrientos
11			context 'default options' do
12			it { is_expected.to compile }
13	c82b960a	Steve Traylen
14	cd2a3cbf	Nacho Barrientos	it {
15	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-qemu_udp_dns').
16	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" udp dport 53 accept')
17			}
18	c82b960a	Steve Traylen
19	cd2a3cbf	Nacho Barrientos	it {
20	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-qemu_tcp_dns').
21	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" tcp dport 53 accept')
22			}
23	c82b960a	Steve Traylen
24	cd2a3cbf	Nacho Barrientos	it {
25	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_in-qemu_dhcpv4').
26	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" meta l4proto udp udp dport 67 accept')
27			}
28	c82b960a	Steve Traylen
29	cd2a3cbf	Nacho Barrientos	it {
30	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_oip_v4').
31	cd2a3cbf	Nacho Barrientos	with_content('oifname "virbr0" ip daddr 192.168.122.0/24 ct state related,established accept')
32			}
33	c82b960a	Steve Traylen
34	cd2a3cbf	Nacho Barrientos	it {
35	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_iip_v4').
36	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" ip saddr 192.168.122.0/24 accept')
37			}
38	c82b960a	Steve Traylen
39	cd2a3cbf	Nacho Barrientos	it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_oip_v6') }
40			it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_iip_v6') }
41	c82b960a	Steve Traylen
42	cd2a3cbf	Nacho Barrientos	it {
43	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_io_internal').
44	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" oifname "virbr0" accept')
45			}
46	c82b960a	Steve Traylen
47	cd2a3cbf	Nacho Barrientos	it {
48	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('POSTROUTING-qemu_ignore_multicast').with(
49	cd2a3cbf	Nacho Barrientos	content: 'ip saddr 192.168.122.0/24 ip daddr 224.0.0.0/24 return',
50			table: 'ip-nat'
51			)
52			}
53	c82b960a	Steve Traylen
54	cd2a3cbf	Nacho Barrientos	it {
55	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('POSTROUTING-qemu_ignore_broadcast').with(
56	cd2a3cbf	Nacho Barrientos	content: 'ip saddr 192.168.122.0/24 ip daddr 255.255.255.255 return',
57			table: 'ip-nat'
58			)
59			}
60	c82b960a	Steve Traylen
61	cd2a3cbf	Nacho Barrientos	it {
62	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('POSTROUTING-qemu_masq_tcp').with(
63	cd2a3cbf	Nacho Barrientos	content: 'meta l4proto tcp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 masquerade to :1024-65535',
64			table: 'ip-nat'
65			)
66			}
67	c82b960a	Steve Traylen
68	cd2a3cbf	Nacho Barrientos	it {
69	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('POSTROUTING-qemu_masq_udp').with(
70	cd2a3cbf	Nacho Barrientos	content: 'meta l4proto udp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 masquerade to :1024-65535',
71			table: 'ip-nat'
72			)
73			}
74	c82b960a	Steve Traylen
75	cd2a3cbf	Nacho Barrientos	it {
76	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('POSTROUTING-qemu_masq_ip').with(
77	cd2a3cbf	Nacho Barrientos	content: 'ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 masquerade',
78			table: 'ip-nat'
79			)
80			}
81			end
82
83			context 'with all off' do
84			let(:params) do
85			{
86			dns: false,
87			dhcpv4: false,
88			forward_traffic: false,
89			internal_traffic: false,
90			masquerade: false,
91			}
92			end
93
94			it { is_expected.to compile }
95	fcb79d73	Ben Morrice	it { is_expected.not_to contain_nftables__rule('default_in-qemu_udp_dns') }
96			it { is_expected.not_to contain_nftables__rule('default_in-qemu_tcp_dns') }
97			it { is_expected.not_to contain_nftables__rule('default_in-qemu_dhcpv4') }
98			it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_oip_v4') }
99			it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_iip_v4') }
100			it { is_expected.not_to contain_nftables__rule('default_fwd-qemu_io_internal') }
101			it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_ignore_multicast') }
102			it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_ignore_broadcast') }
103			it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_masq_tcp') }
104			it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_masq_udp') }
105			it { is_expected.not_to contain_nftables__rule('POSTROUTING-qemu_masq_ip') }
106	cd2a3cbf	Nacho Barrientos	end
107
108			context 'ipv6 prefix' do
109			let(:params) do
110			{
111			network_v6: '20ac:cafe:1:1::/64',
112			}
113			end
114
115			it { is_expected.to compile }
116	c82b960a	Steve Traylen
117	cd2a3cbf	Nacho Barrientos	it {
118	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_oip_v4').
119	cd2a3cbf	Nacho Barrientos	with_content('oifname "virbr0" ip daddr 192.168.122.0/24 ct state related,established accept')
120			}
121	c82b960a	Steve Traylen
122	cd2a3cbf	Nacho Barrientos	it {
123	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_iip_v4').
124	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" ip saddr 192.168.122.0/24 accept')
125			}
126	c82b960a	Steve Traylen
127	cd2a3cbf	Nacho Barrientos	it {
128	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_oip_v6').
129	cd2a3cbf	Nacho Barrientos	with_content('oifname "virbr0" ip6 daddr 20ac:cafe:1:1::/64 ct state related,established accept')
130			}
131	c82b960a	Steve Traylen
132	cd2a3cbf	Nacho Barrientos	it {
133	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_iip_v6').
134	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" ip6 saddr 20ac:cafe:1:1::/64 accept')
135			}
136			end
137
138			context 'change interface' do
139			let(:params) do
140			{
141			interface: 'vfoo0'
142			}
143			end
144
145			it { is_expected.to compile }
146	c82b960a	Steve Traylen
147	cd2a3cbf	Nacho Barrientos	it {
148	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_iip_v4').
149	cd2a3cbf	Nacho Barrientos	with_content('iifname "vfoo0" ip saddr 192.168.122.0/24 accept')
150			}
151			end
152
153			context 'change ipv4 prefix' do
154			let(:params) do
155			{
156			network_v4: '172.16.0.0/12'
157			}
158			end
159
160			it { is_expected.to compile }
161	c82b960a	Steve Traylen
162	cd2a3cbf	Nacho Barrientos	it {
163	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('default_fwd-qemu_iip_v4').
164	cd2a3cbf	Nacho Barrientos	with_content('iifname "virbr0" ip saddr 172.16.0.0/12 accept')
165			}
166			end
167			end
168			end
169			end

Projet

Général

Profil

puppet nftables

root / spec / classes / rules / qemu_spec.rb @ a528bf59