/spec/defines/simplerule_spec.rb - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / spec / defines / simplerule_spec.rb @ fa92e118

Historique | Voir | Annoter | Télécharger (7,38 ko)

-bb5
+require 'spec_helper'
 describe 'nftables::simplerule' do
   let(:pre_condition) { 'include nftables' }
   let(:title) { 'my_default_rule_name' }
   on_supported_os.each do |os, os_facts|
     context "on #{os}" do
       let(:facts) { os_facts }
       describe 'minimum instantiation' do
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
             content: 'accept',
-            fa92e118
+            order: '50'
-bb5
+            Nacho Barrientos
+        }
       end
-abc10b
+      describe 'dport without protocol' do
-            d38aab5b
+        let(:params) do
+          {
             dport: 333,
+          }
         end
         it { is_expected.not_to compile }
       end
-abc10b
+      describe 'sport without protocol' do
         let(:params) do
+          {
             sport: 333,
+          }
         end
         it { is_expected.not_to compile }
       end
-bb5
+      describe 'all parameters provided' do
         let(:title) { 'my_big_rule' }
         let(:params) do
+          {
             action: 'accept',
             comment: 'this is my rule',
-            d43ced4d
+            counter: true,
-bb5
+            dport: 333,
-abc10b
+            sport: 444,
-bb5
+            proto: 'udp',
             chain: 'default_out',
-            aaa37172
+            daddr: '2001:1458::/32',
-a469f2b
+            saddr: '2001:145c::/32',
-bb5
+            Nacho Barrientos
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_out-my_big_rule').with(
-a469f2b
+            content: 'udp sport {444} udp dport {333} ip6 saddr 2001:145c::/32 ip6 daddr 2001:1458::/32 counter accept comment "this is my rule"',
-            fa92e118
+            order: '50'
-a52fb41
+            Nacho Barrientos
+        }
       end
       describe 'port range' do
         let(:params) do
+          {
             dport: '333-334',
-abc10b
+            sport: '1-2',
-a52fb41
+            proto: 'tcp',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'tcp sport {1-2} tcp dport {333-334} accept'
-a52fb41
+            Nacho Barrientos
+        }
       end
       describe 'port array' do
         let(:params) do
+          {
             dport: [333, 335],
-abc10b
+            sport: [433, 435],
             proto: 'tcp',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'tcp sport {433, 435} tcp dport {333, 335} accept'
-abc10b
+            Nacho Barrientos
+        }
       end
       describe 'only sport TCP traffic' do
         let(:params) do
+          {
             sport: 555,
-a52fb41
+            proto: 'tcp',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'tcp sport {555} accept'
-bb5
+            Nacho Barrientos
+        }
       end
-bc3f8
+            Nacho Barrientos
       describe 'only IPv4 TCP traffic' do
         let(:params) do
+          {
             dport: 333,
             proto: 'tcp4',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip version 4 tcp dport {333} accept'
-bc3f8
+            Nacho Barrientos
+        }
       end
       describe 'only IPv6 UDP traffic' do
         let(:params) do
+          {
             dport: 33,
             proto: 'udp6',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip6 version 6 udp dport {33} accept'
-bc3f8
+            Nacho Barrientos
+        }
       end
-            aaa37172
+            Nacho Barrientos
-fb6
+      describe 'only IPv6 TCP traffic' do
         let(:params) do
+          {
             dport: 35,
             proto: 'tcp6',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip6 version 6 tcp dport {35} accept'
-fb6
+            Nacho Barrientos
+        }
       end
-            aaa37172
+      describe 'with an IPv4 CIDR as daddr' do
         let(:params) do
+          {
             daddr: '192.168.0.1/24',
             dport: 33,
             proto: 'tcp',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'tcp dport {33} ip daddr 192.168.0.1/24 accept'
-            aaa37172
+            Nacho Barrientos
+        }
       end
       describe 'with an IPv6 address as daddr' do
         let(:params) do
+          {
             daddr: '2001:1458::1',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip6 daddr 2001:1458::1 accept'
-            aaa37172
+            Nacho Barrientos
+        }
       end
-a469f2b
+      describe 'with an IPv6 address as saddr' do
         let(:params) do
+          {
             saddr: '2001:1458:0000:0000:0000:0000:0000:0003',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip6 saddr 2001:1458:0000:0000:0000:0000:0000:0003 accept'
-a469f2b
+            Nacho Barrientos
+        }
       end
-            bd8baa0f
+      describe 'with an IPv4 address as saddr' do
         let(:params) do
+          {
             saddr: '172.16.1.5',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip saddr 172.16.1.5 accept'
-            bd8baa0f
+            Nacho Barrientos
+        }
       end
-            aaa37172
+      describe 'with an IPv6 set as daddr, default set_type' do
         let(:params) do
+          {
             daddr: '@my6_set',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip6 daddr @my6_set accept'
-            aaa37172
+            Nacho Barrientos
+        }
       end
       describe 'with a IPv4 set as daddr' do
         let(:params) do
+          {
             daddr: '@my4_set',
             set_type: 'ip',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip daddr @my4_set accept'
-            aaa37172
+            Nacho Barrientos
+        }
       end
-a469f2b
+      describe 'with a IPv6 set as saddr' do
         let(:params) do
+          {
             saddr: '@my6_set',
             set_type: 'ip6',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'ip6 saddr @my6_set accept'
-a469f2b
+            Nacho Barrientos
+        }
       end
-            d43ced4d
+      describe 'with counter enabled' do
         let(:params) do
+          {
             counter: true,
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'counter accept'
-            d43ced4d
+            Nacho Barrientos
+        }
       end
-b9cb
+            Nacho Barrientos
       describe 'counter and continue sport' do
         let(:params) do
+          {
             proto: 'tcp',
             sport: 80,
             counter: true,
             action: 'continue',
+          }
         end
         it { is_expected.to compile }
         it {
           is_expected.to contain_nftables__rule('default_in-my_default_rule_name').with(
-            fa92e118
+            content: 'tcp sport {80} counter continue'
-b9cb
+            Nacho Barrientos
+        }
       end
-bb5
+    end
   end
 end

Projet

Général

Profil

puppet nftables

root / spec / defines / simplerule_spec.rb @ fa92e118