Révision c82b960a
rubocop:auto_correct results
| spec/classes/rules/docker_ce_spec.rb | ||
|---|---|---|
| 1 |
# frozen_string_literal: true |
|
| 2 |
|
|
| 1 | 3 |
require 'spec_helper' |
| 2 | 4 |
|
| 3 | 5 |
describe 'nftables::rules::docker_ce' do |
| ... | ... | |
| 14 | 16 |
it { is_expected.to contain_nftables__chain('DOCKER_ISOLATION_STAGE_1') }
|
| 15 | 17 |
it { is_expected.to contain_nftables__chain('DOCKER_ISOLATION_STAGE_2') }
|
| 16 | 18 |
it { is_expected.to contain_nftables__chain('DOCKER_USER') }
|
| 19 |
|
|
| 17 | 20 |
it {
|
| 18 |
is_expected.to contain_nftables__chain('DOCKER-nat').with(
|
|
| 21 |
expect(subject).to contain_nftables__chain('DOCKER-nat').with(
|
|
| 19 | 22 |
chain: 'DOCKER', |
| 20 | 23 |
table: 'ip-nat' |
| 21 | 24 |
) |
| 22 | 25 |
} |
| 26 |
|
|
| 23 | 27 |
it {
|
| 24 |
is_expected.to contain_nftables__chain('OUTPUT-nat').with(
|
|
| 28 |
expect(subject).to contain_nftables__chain('OUTPUT-nat').with(
|
|
| 25 | 29 |
chain: 'OUTPUT', |
| 26 | 30 |
table: 'ip-nat' |
| 27 | 31 |
) |
| 28 | 32 |
} |
| 33 |
|
|
| 29 | 34 |
it {
|
| 30 |
is_expected.to contain_nftables__chain('INPUT-nat').with(
|
|
| 35 |
expect(subject).to contain_nftables__chain('INPUT-nat').with(
|
|
| 31 | 36 |
chain: 'INPUT', |
| 32 | 37 |
table: 'ip-nat' |
| 33 | 38 |
) |
| 34 | 39 |
} |
| 40 |
|
|
| 35 | 41 |
it { is_expected.to contain_nftables__rule('DOCKER_ISOLATION_STAGE_1-iifname').with_content('iifname "docker0" oifname != "docker0" counter jump DOCKER_ISOLATION_STAGE_2') }
|
| 36 | 42 |
it { is_expected.to contain_nftables__rule('DOCKER_ISOLATION_STAGE_1-counter').with_content('counter return') }
|
| 37 | 43 |
it { is_expected.to contain_nftables__rule('DOCKER_ISOLATION_STAGE_2-drop').with_content('oifname "docker0" counter drop') }
|
| ... | ... | |
| 45 | 51 |
it { is_expected.to contain_nftables__rule('default_fwd-idocker_odocker_accept').with_content('iifname "docker0" oifname "docker0" counter accept') }
|
| 46 | 52 |
|
| 47 | 53 |
it {
|
| 48 |
is_expected.to contain_nftables__rule('POSTROUTING-docker').with(
|
|
| 54 |
expect(subject).to contain_nftables__rule('POSTROUTING-docker').with(
|
|
| 49 | 55 |
content: 'oifname != "docker0" ip saddr 172.17.0.0/16 counter masquerade', |
| 50 | 56 |
table: 'ip-nat' |
| 51 | 57 |
) |
| 52 | 58 |
} |
| 59 |
|
|
| 53 | 60 |
it {
|
| 54 |
is_expected.to contain_nftables__rule('PREROUTING-docker').with(
|
|
| 61 |
expect(subject).to contain_nftables__rule('PREROUTING-docker').with(
|
|
| 55 | 62 |
content: 'fib daddr type local counter jump DOCKER', |
| 56 | 63 |
table: 'ip-nat' |
| 57 | 64 |
) |
| 58 | 65 |
} |
| 66 |
|
|
| 59 | 67 |
it {
|
| 60 |
is_expected.to contain_nftables__rule('OUTPUT-jump_docker@ip-nat').with(
|
|
| 68 |
expect(subject).to contain_nftables__rule('OUTPUT-jump_docker@ip-nat').with(
|
|
| 61 | 69 |
rulename: 'OUTPUT-jump_docker', |
| 62 | 70 |
content: 'ip daddr != 127.0.0.0/8 fib daddr type local counter jump DOCKER', |
| 63 | 71 |
table: 'ip-nat' |
| 64 | 72 |
) |
| 65 | 73 |
} |
| 74 |
|
|
| 66 | 75 |
it {
|
| 67 |
is_expected.to contain_nftables__rule('DOCKER-counter').with(
|
|
| 76 |
expect(subject).to contain_nftables__rule('DOCKER-counter').with(
|
|
| 68 | 77 |
content: 'iifname "docker0" counter return', |
| 69 | 78 |
table: 'ip-nat' |
| 70 | 79 |
) |
| 71 | 80 |
} |
| 81 |
|
|
| 72 | 82 |
it {
|
| 73 |
is_expected.to contain_nftables__rule('INPUT-type@ip-nat').with(
|
|
| 83 |
expect(subject).to contain_nftables__rule('INPUT-type@ip-nat').with(
|
|
| 74 | 84 |
rulename: 'INPUT-type', |
| 75 | 85 |
content: 'type nat hook input priority 100', |
| 76 | 86 |
table: 'ip-nat' |
| 77 | 87 |
) |
| 78 | 88 |
} |
| 89 |
|
|
| 79 | 90 |
it {
|
| 80 |
is_expected.to contain_nftables__rule('INPUT-policy@ip-nat').with(
|
|
| 91 |
expect(subject).to contain_nftables__rule('INPUT-policy@ip-nat').with(
|
|
| 81 | 92 |
rulename: 'INPUT-policy', |
| 82 | 93 |
content: 'policy accept', |
| 83 | 94 |
table: 'ip-nat' |
| ... | ... | |
| 140 | 151 |
it { is_expected.to contain_nftables__rule('default_fwd-idocker_odocker_accept').with_content('iifname "ifdo0" oifname "ifdo0" counter accept') }
|
| 141 | 152 |
|
| 142 | 153 |
it {
|
| 143 |
is_expected.to contain_nftables__rule('POSTROUTING-docker').with(
|
|
| 154 |
expect(subject).to contain_nftables__rule('POSTROUTING-docker').with(
|
|
| 144 | 155 |
content: 'oifname != "ifdo0" ip saddr 192.168.4.0/24 counter masquerade', |
| 145 | 156 |
table: 'ip-nat' |
| 146 | 157 |
) |
| 147 | 158 |
} |
| 159 |
|
|
| 148 | 160 |
it {
|
| 149 |
is_expected.to contain_nftables__rule('DOCKER-counter').with(
|
|
| 161 |
expect(subject).to contain_nftables__rule('DOCKER-counter').with(
|
|
| 150 | 162 |
content: 'iifname "ifdo0" counter return', |
| 151 | 163 |
table: 'ip-nat' |
| 152 | 164 |
) |
Formats disponibles : Unified diff