Révision fa92e118
Pet rubocop
| spec/classes/nftables_spec.rb | ||
|---|---|---|
| 17 | 17 |
owner: 'root', |
| 18 | 18 |
group: 'root', |
| 19 | 19 |
mode: '0640', |
| 20 |
content: %r{flush ruleset},
|
|
| 20 |
content: %r{flush ruleset}
|
|
| 21 | 21 |
) |
| 22 | 22 |
} |
| 23 | 23 |
|
| ... | ... | |
| 29 | 29 |
mode: '0750', |
| 30 | 30 |
purge: true, |
| 31 | 31 |
force: true, |
| 32 |
recurse: true,
|
|
| 32 |
recurse: true |
|
| 33 | 33 |
) |
| 34 | 34 |
} |
| 35 | 35 |
|
| ... | ... | |
| 39 | 39 |
owner: 'root', |
| 40 | 40 |
group: 'root', |
| 41 | 41 |
mode: '0640', |
| 42 |
content: %r{flush ruleset},
|
|
| 42 |
content: %r{flush ruleset}
|
|
| 43 | 43 |
) |
| 44 | 44 |
} |
| 45 | 45 |
|
| ... | ... | |
| 51 | 51 |
mode: '0750', |
| 52 | 52 |
purge: true, |
| 53 | 53 |
force: true, |
| 54 |
recurse: true,
|
|
| 54 |
recurse: true |
|
| 55 | 55 |
) |
| 56 | 56 |
} |
| 57 | 57 |
|
| 58 | 58 |
it {
|
| 59 | 59 |
is_expected.to contain_exec('nft validate').with(
|
| 60 | 60 |
refreshonly: true, |
| 61 |
command: %r{^/usr/sbin/nft -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft.*},
|
|
| 61 |
command: %r{^/usr/sbin/nft -I /etc/nftables/puppet-preflight -c -f /etc/nftables/puppet-preflight.nft.*}
|
|
| 62 | 62 |
) |
| 63 | 63 |
} |
| 64 | 64 |
|
| ... | ... | |
| 67 | 67 |
ensure: 'running', |
| 68 | 68 |
enable: true, |
| 69 | 69 |
hasrestart: true, |
| 70 |
restart: %r{/usr/bin/systemctl reload nft.*},
|
|
| 70 |
restart: %r{/usr/bin/systemctl reload nft.*}
|
|
| 71 | 71 |
) |
| 72 | 72 |
} |
| 73 | 73 |
|
| 74 | 74 |
it {
|
| 75 | 75 |
is_expected.to contain_systemd__dropin_file('puppet_nft.conf').with(
|
| 76 |
content: %r{^ExecReload=/sbin/nft -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf$},
|
|
| 76 |
content: %r{^ExecReload=/sbin/nft -I /etc/nftables/puppet -f /etc/sysconfig/nftables.conf$}
|
|
| 77 | 77 |
) |
| 78 | 78 |
} |
| 79 | 79 |
|
| 80 | 80 |
it {
|
| 81 | 81 |
is_expected.to contain_service('firewalld').with(
|
| 82 | 82 |
ensure: 'stopped', |
| 83 |
enable: 'mask',
|
|
| 83 |
enable: 'mask' |
|
| 84 | 84 |
) |
| 85 | 85 |
} |
| 86 | 86 |
it { is_expected.to contain_class('nftables::inet_filter') }
|
| ... | ... | |
| 124 | 124 |
is_expected.to contain_concat__fragment('nftables-inet-filter-chain-INPUT-rule-web_accept').with(
|
| 125 | 125 |
target: 'nftables-inet-filter-chain-INPUT', |
| 126 | 126 |
content: %r{^ iifname eth0 tcp dport \{ 80, 443 \} accept$},
|
| 127 |
order: '50-nftables-inet-filter-chain-INPUT-rule-web_accept-b',
|
|
| 127 |
order: '50-nftables-inet-filter-chain-INPUT-rule-web_accept-b' |
|
| 128 | 128 |
) |
| 129 | 129 |
} |
| 130 | 130 |
end |
| ... | ... | |
| 149 | 149 |
is_expected.to contain_nftables__set('testset1').with(
|
| 150 | 150 |
type: 'ipv4_addr', |
| 151 | 151 |
gc_interval: 2, |
| 152 |
table: 'inet-filter',
|
|
| 152 |
table: 'inet-filter' |
|
| 153 | 153 |
) |
| 154 | 154 |
} |
| 155 | 155 |
it {
|
| 156 | 156 |
is_expected.to contain_nftables__set('testset2').with(
|
| 157 | 157 |
type: 'ipv6_addr', |
| 158 | 158 |
elements: ['2a02:62:c601::dead:beef'], |
| 159 |
table: 'inet-filter',
|
|
| 159 |
table: 'inet-filter' |
|
| 160 | 160 |
) |
| 161 | 161 |
} |
| 162 | 162 |
end |
| ... | ... | |
| 171 | 171 |
it {
|
| 172 | 172 |
is_expected.to contain_service('firewalld').with(
|
| 173 | 173 |
ensure: 'stopped', |
| 174 |
enable: false,
|
|
| 174 |
enable: false |
|
| 175 | 175 |
) |
| 176 | 176 |
} |
| 177 | 177 |
end |
Formats disponibles : Unified diff