/spec/classes/ip_nat_spec.rb - Diff - puppet nftables - Koumbit's Redmine

Révision e53053ce

ID	e53053ce3df771f5fcc24f87dd86f5c49db91b46
Parent	9e5b8bf0
Enfant	61f03b47

Ajouté par Steve Traylen il y a plus de 4 ans

Add comments for all the nftable::rules entries

For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for the rule.

The motivation here is to make the mapping from resulting rules back
to puppet code more obvious. When adding a new rule it should be more
obvious to understand what order to choose.

An example resulting table ends up reading as:

```
HASH Start of fragment order:00 default_in header
chain default_in {
HASH Start of fragment order:50 rulename:default_in-dhcpv6_client
ip6 saddr fe80::/10 ip6 daddr fe80::/10 udp sport 547 udp dport 546 accept
HASH Start of fragment order:50 rulename:default_in-ssh
tcp dport {22} accept
HASH Start of fragment order:90 rulename:default_in-drop_broadcasts
meta pkttype broadcast counter drop
HASH Start of fragment order:99 default_in footer
}

```

In addition there is a new test `nftables::rule`. This includes
a pending test since I would assume setting source and content
on a rule should be an error however this currently not the case.

spec/classes/ip_nat_spec.rb
96	96	is_expected.to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-type').with(
97	97	target: 'nftables-ip-nat-chain-PREROUTING',
98	98	content: %r{^ type nat hook prerouting priority -100$},
99		order: '01',
	99	order: '01nftables-ip-nat-chain-PREROUTING-rule-typeb',
100	100	)
101	101	}
102	102	it {
103	103	is_expected.to contain_concat__fragment('nftables-ip-nat-chain-PREROUTING-rule-policy').with(
104	104	target: 'nftables-ip-nat-chain-PREROUTING',
105	105	content: %r{^ policy accept$},
106		order: '02',
	106	order: '02nftables-ip-nat-chain-PREROUTING-rule-policyb',
107	107	)
108	108	}
109	109	it {
...	...
136	136	is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-type').with(
137	137	target: 'nftables-ip-nat-chain-POSTROUTING',
138	138	content: %r{^ type nat hook postrouting priority 100$},
139		order: '01',
	139	order: '01nftables-ip-nat-chain-POSTROUTING-rule-typeb',
140	140	)
141	141	}
142	142	it {
143	143	is_expected.to contain_concat__fragment('nftables-ip-nat-chain-POSTROUTING-rule-policy').with(
144	144	target: 'nftables-ip-nat-chain-POSTROUTING',
145	145	content: %r{^ policy accept$},
146		order: '02',
	146	order: '02nftables-ip-nat-chain-POSTROUTING-rule-policyb',
147	147	)
148	148	}
149	149	it {
...	...
176	176	is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-rule-type').with(
177	177	target: 'nftables-ip6-nat-chain-PREROUTING6',
178	178	content: %r{^ type nat hook prerouting priority -100$},
179		order: '01',
	179	order: '01nftables-ip6-nat-chain-PREROUTING6-rule-typeb',
180	180	)
181	181	}
182	182	it {
183	183	is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-PREROUTING6-rule-policy').with(
184	184	target: 'nftables-ip6-nat-chain-PREROUTING6',
185	185	content: %r{^ policy accept$},
186		order: '02',
	186	order: '02nftables-ip6-nat-chain-PREROUTING6-rule-policyb',
187	187	)
188	188	}
189	189	it {
...	...
216	216	is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-rule-type').with(
217	217	target: 'nftables-ip6-nat-chain-POSTROUTING6',
218	218	content: %r{^ type nat hook postrouting priority 100$},
219		order: '01',
	219	order: '01nftables-ip6-nat-chain-POSTROUTING6-rule-typeb',
220	220	)
221	221	}
222	222	it {
223	223	is_expected.to contain_concat__fragment('nftables-ip6-nat-chain-POSTROUTING6-rule-policy').with(
224	224	target: 'nftables-ip6-nat-chain-POSTROUTING6',
225	225	content: %r{^ policy accept$},
226		order: '02',
	226	order: '02nftables-ip6-nat-chain-POSTROUTING6-rule-policyb',
227	227	)
228	228	}
229	229	it {

Formats disponibles : Unified diff

Projet

Général

Profil

puppet nftables

Révision e53053ce