/spec/defines/chain_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / defines / chain_spec.rb @ c00bcf2d

Historique | Voir | Annoter | Télécharger (4,36 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	30462da1	Steve Traylen	require 'spec_helper'
4
5			describe 'nftables::chain' do
6			let(:title) { 'MYCHAIN' }
7			let(:pre_condition) { 'include nftables' }
8
9			on_supported_os.each do \|os, facts\|
10			context "on #{os}" do
11			let(:facts) do
12			facts
13			end
14
15	0b7bcb5d	mh	nft_mode = case facts[:os]['family']
16			when 'RedHat'
17			'0600'
18			else
19			'0640'
20			end
21
22	30462da1	Steve Traylen	it { is_expected.to compile }
23
24			it { is_expected.to contain_concat('nftables-inet-filter-chain-MYCHAIN').that_notifies('Exec[nft validate]') }
25			it { is_expected.to contain_exec('nft validate').that_comes_before('File[/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft]') }
26			it { is_expected.to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').that_comes_before('Service[nftables]') }
27
28			it {
29	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-inet-filter-chain-MYCHAIN').with(
30	30462da1	Steve Traylen	path: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft',
31			owner: 'root',
32			group: 'root',
33	0b7bcb5d	mh	mode: nft_mode,
34	fa92e118	Romain Tartière	ensure_newline: true
35	30462da1	Steve Traylen	)
36			}
37	c82b960a	Steve Traylen
38	30462da1	Steve Traylen	it {
39	c82b960a	Steve Traylen	expect(subject).to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').with(
40	30462da1	Steve Traylen	ensure: 'file',
41			source: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft',
42	0b7bcb5d	mh	mode: nft_mode,
43	30462da1	Steve Traylen	owner: 'root',
44	fa92e118	Romain Tartière	group: 'root'
45	30462da1	Steve Traylen	)
46			}
47	c82b960a	Steve Traylen
48	30462da1	Steve Traylen	it {
49	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-MYCHAIN-header').with(
50	30462da1	Steve Traylen	order: '00',
51			content: "# Start of fragment order:00 MYCHAIN header\nchain MYCHAIN {",
52	fa92e118	Romain Tartière	target: 'nftables-inet-filter-chain-MYCHAIN'
53	30462da1	Steve Traylen	)
54			}
55	c82b960a	Steve Traylen
56	30462da1	Steve Traylen	it {
57	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-inet-filter-chain-MYCHAIN-footer').with(
58	30462da1	Steve Traylen	order: '99',
59			content: "# Start of fragment order:99 MYCHAIN footer\n}",
60	fa92e118	Romain Tartière	target: 'nftables-inet-filter-chain-MYCHAIN'
61	30462da1	Steve Traylen	)
62			}
63
64	7030bde0	Luis Fernández Álvarez	%w[ip ip6 inet bridge netdev].each do \|family\|
65			context("with table set to #{family}-foo") do
66			let(:params) do
67			{
68			table: "#{family}-foo",
69			}
70			end
71	30462da1	Steve Traylen
72	7030bde0	Luis Fernández Álvarez	it {
73			expect(subject).to contain_concat("nftables-#{family}-foo-chain-MYCHAIN").with(
74			path: "/etc/nftables/puppet-preflight/#{family}-foo-chain-MYCHAIN.nft",
75			owner: 'root',
76			group: 'root',
77			mode: nft_mode,
78			ensure_newline: true
79			)
80			}
81	c82b960a	Steve Traylen
82	7030bde0	Luis Fernández Álvarez	it {
83			expect(subject).to contain_file("/etc/nftables/puppet/#{family}-foo-chain-MYCHAIN.nft").with(
84			ensure: 'file',
85			source: "/etc/nftables/puppet-preflight/#{family}-foo-chain-MYCHAIN.nft",
86			mode: nft_mode,
87			owner: 'root',
88			group: 'root'
89			)
90			}
91	c82b960a	Steve Traylen
92	7030bde0	Luis Fernández Álvarez	it {
93			expect(subject).to contain_concat__fragment("nftables-#{family}-foo-chain-MYCHAIN-header").with(
94			order: '00',
95			content: "# Start of fragment order:00 MYCHAIN header\nchain MYCHAIN {",
96			target: "nftables-#{family}-foo-chain-MYCHAIN"
97			)
98			}
99	c82b960a	Steve Traylen
100	7030bde0	Luis Fernández Álvarez	it {
101			expect(subject).to contain_concat__fragment("nftables-#{family}-foo-chain-MYCHAIN-footer").with(
102			order: '99',
103			content: "# Start of fragment order:99 MYCHAIN footer\n}",
104			target: "nftables-#{family}-foo-chain-MYCHAIN"
105			)
106			}
107			end
108	30462da1	Steve Traylen	end
109	c82b960a	Steve Traylen
110	30462da1	Steve Traylen	context 'with inject set to 22-foobar' do
111			let(:params) do
112			{
113			inject: '22-foobar',
114			}
115			end
116
117			it { is_expected.to contain_nftables__rule('foobar-jump_MYCHAIN') }
118	c82b960a	Steve Traylen
119	30462da1	Steve Traylen	it {
120	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('foobar-jump_MYCHAIN').with(
121	30462da1	Steve Traylen	order: '22',
122	fa92e118	Romain Tartière	content: 'jump MYCHAIN'
123	30462da1	Steve Traylen	)
124			}
125	c82b960a	Steve Traylen
126	30462da1	Steve Traylen	context 'with inject_oif set to alpha and inject_oif set to beta' do
127			let(:params) do
128			super().merge(inject_iif: 'alpha', inject_oif: 'beta')
129			end
130
131			it {
132	c82b960a	Steve Traylen	expect(subject).to contain_nftables__rule('foobar-jump_MYCHAIN').with(
133	30462da1	Steve Traylen	order: '22',
134	fa92e118	Romain Tartière	content: 'iifname alpha oifname beta jump MYCHAIN'
135	30462da1	Steve Traylen	)
136			}
137			end
138			end
139			end
140			end
141			end

Projet

Général

Profil

puppet nftables

root / spec / defines / chain_spec.rb @ c00bcf2d