/spec/classes/masquerade_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / classes / masquerade_spec.rb @ e499cece

Historique | Voir | Annoter | Télécharger (4,5 ko)

1	c82b960a	Steve Traylen	# frozen_string_literal: true
2
3	2a3b45ec	tr	require 'spec_helper'
4
5			describe 'nftables' do
6			let(:pre_condition) { 'Exec{path => "/bin"}' }
7
8			on_supported_os.each do \|os, os_facts\|
9			context "on #{os}" do
10			let(:facts) { os_facts }
11
12	0b7bcb5d	mh	nft_mode = case os_facts[:os]['family']
13			when 'RedHat'
14			'0600'
15			else
16			'0640'
17			end
18
19	2a3b45ec	tr	context 'with masquerade' do
20			let(:pre_condition) do
21	01d8a819	tr	'
22	2a3b45ec	tr	nftables::rules::masquerade{
23	01d8a819	tr	\'masquerade_eth0\':
24			oif => \'eth0\';
25			\'masquerade_eth1_vpn\':
26			oif => \'eth1\',
27			saddr => \'192.0.2.0/24\';
28			\'masquerade_ssh\':
29			saddr => \'192.0.2.0/24\',
30			daddr => \'198.51.100.2\',
31			proto => \'tcp\',
32			dport => \'22\';
33			\'masquerade_ssh_gitlab\':
34			saddr => \'192.0.2.0/24\',
35			daddr => \'198.51.100.2\',
36			dport => \'22\';
37			\'masquerade_wireguard\':
38			proto => \'udp\',
39			dport => \'51820\';
40	2a3b45ec	tr	}
41	01d8a819	tr	'
42	2a3b45ec	tr	end
43
44			it { is_expected.to compile }
45
46	01d8a819	tr	it {
47	c82b960a	Steve Traylen	expect(subject).to contain_concat('nftables-ip-nat-chain-POSTROUTING').with(
48			path: '/etc/nftables/puppet-preflight/ip-nat-chain-POSTROUTING.nft',
49			owner: 'root',
50			group: 'root',
51	0b7bcb5d	mh	mode: nft_mode,
52	fa92e118	Romain Tartière	ensure_newline: true
53	01d8a819	tr	)
54			}
55	c82b960a	Steve Traylen
56	01d8a819	tr	it {
57	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-header').with(
58			target: 'nftables-ip-nat-chain-POSTROUTING',
59	01d8a819	tr	content: %r{^chain POSTROUTING \{$},
60	c82b960a	Steve Traylen	order: '00'
61	01d8a819	tr	)
62			}
63	c82b960a	Steve Traylen
64	01d8a819	tr	it {
65	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
66			target: 'nftables-ip-nat-chain-POSTROUTING',
67	01d8a819	tr	content: %r{^ type nat hook postrouting priority 100$},
68	c82b960a	Steve Traylen	order: '01-nftables-ip-nat-chain-POSTROUTING-rule-type-b'
69	01d8a819	tr	)
70			}
71	c82b960a	Steve Traylen
72	01d8a819	tr	it {
73	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
74			target: 'nftables-ip-nat-chain-POSTROUTING',
75	01d8a819	tr	content: %r{^ policy accept$},
76	c82b960a	Steve Traylen	order: '02-nftables-ip-nat-chain-POSTROUTING-rule-policy-b'
77	01d8a819	tr	)
78			}
79	c82b960a	Steve Traylen
80	01d8a819	tr	it {
81	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade_eth0').with(
82			target: 'nftables-ip-nat-chain-POSTROUTING',
83	01d8a819	tr	content: %r{^ oifname eth0 masquerade$},
84	c82b960a	Steve Traylen	order: '70-nftables-ip-nat-chain-POSTROUTING-rule-masquerade_eth0-b'
85	01d8a819	tr	)
86			}
87	c82b960a	Steve Traylen
88	01d8a819	tr	it {
89	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade_eth1_vpn').with(
90			target: 'nftables-ip-nat-chain-POSTROUTING',
91			content: %r{^ oifname eth1 ip saddr 192\.0\.2\.0/24 masquerade$},
92			order: '70-nftables-ip-nat-chain-POSTROUTING-rule-masquerade_eth1_vpn-b'
93	01d8a819	tr	)
94			}
95	c82b960a	Steve Traylen
96	01d8a819	tr	it {
97	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade_ssh').with(
98			target: 'nftables-ip-nat-chain-POSTROUTING',
99			content: %r{^ ip saddr 192\.0\.2\.0/24 ip daddr 198.51.100.2 tcp dport 22 masquerade$},
100			order: '70-nftables-ip-nat-chain-POSTROUTING-rule-masquerade_ssh-b'
101	01d8a819	tr	)
102			}
103	c82b960a	Steve Traylen
104	01d8a819	tr	it {
105	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade_ssh_gitlab').with(
106			target: 'nftables-ip-nat-chain-POSTROUTING',
107			content: %r{^ ip saddr 192\.0\.2\.0/24 ip daddr 198.51.100.2 tcp dport 22 masquerade$},
108			order: '70-nftables-ip-nat-chain-POSTROUTING-rule-masquerade_ssh_gitlab-b'
109	01d8a819	tr	)
110			}
111	c82b960a	Steve Traylen
112	01d8a819	tr	it {
113	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-masquerade_wireguard').with(
114			target: 'nftables-ip-nat-chain-POSTROUTING',
115	01d8a819	tr	content: %r{^ udp dport 51820 masquerade$},
116	c82b960a	Steve Traylen	order: '70-nftables-ip-nat-chain-POSTROUTING-rule-masquerade_wireguard-b'
117	01d8a819	tr	)
118			}
119	c82b960a	Steve Traylen
120	01d8a819	tr	it {
121	c82b960a	Steve Traylen	expect(subject).to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-footer').with(
122			target: 'nftables-ip-nat-chain-POSTROUTING',
123	01d8a819	tr	content: %r{^\}$},
124	c82b960a	Steve Traylen	order: '99'
125	01d8a819	tr	)
126			}
127	2a3b45ec	tr	end
128			end
129			end
130			end

Projet

Général

Profil

puppet nftables

root / spec / classes / masquerade_spec.rb @ e499cece