root / spec / defines / simplerule_spec.rb @ aaa37172
Historique | Voir | Annoter | Télécharger (4,32 ko)
| 1 | 83382bb5 | Nacho Barrientos | require 'spec_helper'
|
|---|---|---|---|
| 2 | |||
| 3 | describe 'nftables::simplerule' do |
||
| 4 | let(:pre_condition) { 'include nftables' } |
||
| 5 | |||
| 6 | let(:title) { 'my_default_rule_name' } |
||
| 7 | |||
| 8 | on_supported_os.each do |os, os_facts|
|
||
| 9 | context "on #{os}" do |
||
| 10 | let(:facts) { os_facts }
|
||
| 11 | |||
| 12 | describe 'minimum instantiation' do |
||
| 13 | it { is_expected.to compile }
|
||
| 14 | it {
|
||
| 15 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 16 | content: 'accept', |
||
| 17 | 3a52fb41 | Nacho Barrientos | order: '50', |
| 18 | 83382bb5 | Nacho Barrientos | ) |
| 19 | } |
||
| 20 | end
|
||
| 21 | |||
| 22 | d38aab5b | Nacho Barrientos | describe 'port without protocol' do |
| 23 | let(:params) do |
||
| 24 | {
|
||
| 25 | dport: 333, |
||
| 26 | } |
||
| 27 | end
|
||
| 28 | |||
| 29 | it { is_expected.not_to compile }
|
||
| 30 | end
|
||
| 31 | |||
| 32 | 83382bb5 | Nacho Barrientos | describe 'all parameters provided' do |
| 33 | let(:title) { 'my_big_rule' } |
||
| 34 | let(:params) do |
||
| 35 | {
|
||
| 36 | action: 'accept', |
||
| 37 | comment: 'this is my rule', |
||
| 38 | dport: 333, |
||
| 39 | proto: 'udp', |
||
| 40 | chain: 'default_out', |
||
| 41 | aaa37172 | Nacho Barrientos | daddr: '2001:1458::/32', |
| 42 | 83382bb5 | Nacho Barrientos | } |
| 43 | end
|
||
| 44 | |||
| 45 | it { is_expected.to compile }
|
||
| 46 | it {
|
||
| 47 | is_expected.to contain_nftables__rule('default_out-my_big_rule').with(
|
||
| 48 | aaa37172 | Nacho Barrientos | content: 'udp dport 333 ip6 daddr 2001:1458::/32 accept comment "this is my rule"', |
| 49 | 3a52fb41 | Nacho Barrientos | order: '50', |
| 50 | ) |
||
| 51 | } |
||
| 52 | end
|
||
| 53 | |||
| 54 | describe 'port range' do |
||
| 55 | let(:params) do |
||
| 56 | {
|
||
| 57 | dport: '333-334', |
||
| 58 | proto: 'tcp', |
||
| 59 | } |
||
| 60 | end
|
||
| 61 | |||
| 62 | it { is_expected.to compile }
|
||
| 63 | it {
|
||
| 64 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 65 | content: 'tcp dport 333-334 accept', |
||
| 66 | ) |
||
| 67 | } |
||
| 68 | end
|
||
| 69 | |||
| 70 | describe 'port array' do |
||
| 71 | let(:params) do |
||
| 72 | {
|
||
| 73 | dport: [333, 335], |
||
| 74 | proto: 'tcp', |
||
| 75 | } |
||
| 76 | end
|
||
| 77 | |||
| 78 | it { is_expected.to compile }
|
||
| 79 | it {
|
||
| 80 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 81 | content: 'tcp dport {333, 335} accept', |
||
| 82 | 83382bb5 | Nacho Barrientos | ) |
| 83 | } |
||
| 84 | end
|
||
| 85 | 316bc3f8 | Nacho Barrientos | |
| 86 | describe 'only IPv4 TCP traffic' do |
||
| 87 | let(:params) do |
||
| 88 | {
|
||
| 89 | dport: 333, |
||
| 90 | proto: 'tcp4', |
||
| 91 | } |
||
| 92 | end
|
||
| 93 | |||
| 94 | it { is_expected.to compile }
|
||
| 95 | it {
|
||
| 96 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 97 | content: 'ip version 4 tcp dport 333 accept', |
||
| 98 | ) |
||
| 99 | } |
||
| 100 | end
|
||
| 101 | |||
| 102 | describe 'only IPv6 UDP traffic' do |
||
| 103 | let(:params) do |
||
| 104 | {
|
||
| 105 | dport: 33, |
||
| 106 | proto: 'udp6', |
||
| 107 | } |
||
| 108 | end
|
||
| 109 | |||
| 110 | it { is_expected.to compile }
|
||
| 111 | it {
|
||
| 112 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 113 | content: 'ip version 6 udp dport 33 accept', |
||
| 114 | ) |
||
| 115 | } |
||
| 116 | end
|
||
| 117 | aaa37172 | Nacho Barrientos | |
| 118 | describe 'with an IPv4 CIDR as daddr' do |
||
| 119 | let(:params) do |
||
| 120 | {
|
||
| 121 | daddr: '192.168.0.1/24', |
||
| 122 | dport: 33, |
||
| 123 | proto: 'tcp', |
||
| 124 | } |
||
| 125 | end
|
||
| 126 | |||
| 127 | it { is_expected.to compile }
|
||
| 128 | it {
|
||
| 129 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 130 | content: 'tcp dport 33 ip daddr 192.168.0.1/24 accept', |
||
| 131 | ) |
||
| 132 | } |
||
| 133 | end
|
||
| 134 | |||
| 135 | describe 'with an IPv6 address as daddr' do |
||
| 136 | let(:params) do |
||
| 137 | {
|
||
| 138 | daddr: '2001:1458::1', |
||
| 139 | } |
||
| 140 | end
|
||
| 141 | |||
| 142 | it { is_expected.to compile }
|
||
| 143 | it {
|
||
| 144 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 145 | content: 'ip6 daddr 2001:1458::1 accept', |
||
| 146 | ) |
||
| 147 | } |
||
| 148 | end
|
||
| 149 | |||
| 150 | describe 'with an IPv6 set as daddr, default set_type' do |
||
| 151 | let(:params) do |
||
| 152 | {
|
||
| 153 | daddr: '@my6_set', |
||
| 154 | } |
||
| 155 | end
|
||
| 156 | |||
| 157 | it { is_expected.to compile }
|
||
| 158 | it {
|
||
| 159 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 160 | content: 'ip6 daddr @my6_set accept', |
||
| 161 | ) |
||
| 162 | } |
||
| 163 | end
|
||
| 164 | |||
| 165 | describe 'with a IPv4 set as daddr' do |
||
| 166 | let(:params) do |
||
| 167 | {
|
||
| 168 | daddr: '@my4_set', |
||
| 169 | set_type: 'ip', |
||
| 170 | } |
||
| 171 | end
|
||
| 172 | |||
| 173 | it { is_expected.to compile }
|
||
| 174 | it {
|
||
| 175 | is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
|
||
| 176 | content: 'ip daddr @my4_set accept', |
||
| 177 | ) |
||
| 178 | } |
||
| 179 | end
|
||
| 180 | |||
| 181 | 83382bb5 | Nacho Barrientos | end
|
| 182 | end
|
||
| 183 | end |