root / spec / defines / chain_spec.rb @ fcb1d356
Historique | Voir | Annoter | Télécharger (3,92 ko)
| 1 | 30462da1 | Steve Traylen | require 'spec_helper'
|
|---|---|---|---|
| 2 | |||
| 3 | describe 'nftables::chain' do |
||
| 4 | let(:title) { 'MYCHAIN' } |
||
| 5 | let(:pre_condition) { 'include nftables' } |
||
| 6 | |||
| 7 | on_supported_os.each do |os, facts|
|
||
| 8 | context "on #{os}" do |
||
| 9 | let(:facts) do |
||
| 10 | facts |
||
| 11 | end
|
||
| 12 | |||
| 13 | it { is_expected.to compile }
|
||
| 14 | |||
| 15 | it { is_expected.to contain_concat('nftables-inet-filter-chain-MYCHAIN').that_notifies('Exec[nft validate]') }
|
||
| 16 | it { is_expected.to contain_exec('nft validate').that_comes_before('File[/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft]') }
|
||
| 17 | it { is_expected.to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').that_comes_before('Service[nftables]') }
|
||
| 18 | |||
| 19 | it {
|
||
| 20 | is_expected.to contain_concat('nftables-inet-filter-chain-MYCHAIN').with(
|
||
| 21 | path: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft', |
||
| 22 | owner: 'root', |
||
| 23 | group: 'root', |
||
| 24 | mode: '0640', |
||
| 25 | ensure_newline: true, |
||
| 26 | ) |
||
| 27 | } |
||
| 28 | it {
|
||
| 29 | is_expected.to contain_file('/etc/nftables/puppet/inet-filter-chain-MYCHAIN.nft').with(
|
||
| 30 | ensure: 'file', |
||
| 31 | source: '/etc/nftables/puppet-preflight/inet-filter-chain-MYCHAIN.nft', |
||
| 32 | mode: '0640', |
||
| 33 | owner: 'root', |
||
| 34 | group: 'root', |
||
| 35 | ) |
||
| 36 | } |
||
| 37 | it {
|
||
| 38 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-MYCHAIN-header').with(
|
||
| 39 | order: '00', |
||
| 40 | content: "# Start of fragment order:00 MYCHAIN header\nchain MYCHAIN {", |
||
| 41 | target: 'nftables-inet-filter-chain-MYCHAIN', |
||
| 42 | ) |
||
| 43 | } |
||
| 44 | it {
|
||
| 45 | is_expected.to contain_concat__fragment('nftables-inet-filter-chain-MYCHAIN-footer').with(
|
||
| 46 | order: '99', |
||
| 47 | content: "# Start of fragment order:99 MYCHAIN footer\n}", |
||
| 48 | target: 'nftables-inet-filter-chain-MYCHAIN', |
||
| 49 | ) |
||
| 50 | } |
||
| 51 | |||
| 52 | context('with table set to ip6-foo') do |
||
| 53 | let(:params) do |
||
| 54 | {
|
||
| 55 | table: 'ip6-foo', |
||
| 56 | } |
||
| 57 | end
|
||
| 58 | |||
| 59 | it {
|
||
| 60 | is_expected.to contain_concat('nftables-ip6-foo-chain-MYCHAIN').with(
|
||
| 61 | path: '/etc/nftables/puppet-preflight/ip6-foo-chain-MYCHAIN.nft', |
||
| 62 | owner: 'root', |
||
| 63 | group: 'root', |
||
| 64 | mode: '0640', |
||
| 65 | ensure_newline: true, |
||
| 66 | ) |
||
| 67 | } |
||
| 68 | it {
|
||
| 69 | is_expected.to contain_file('/etc/nftables/puppet/ip6-foo-chain-MYCHAIN.nft').with(
|
||
| 70 | ensure: 'file', |
||
| 71 | source: '/etc/nftables/puppet-preflight/ip6-foo-chain-MYCHAIN.nft', |
||
| 72 | mode: '0640', |
||
| 73 | owner: 'root', |
||
| 74 | group: 'root', |
||
| 75 | ) |
||
| 76 | } |
||
| 77 | it {
|
||
| 78 | is_expected.to contain_concat__fragment('nftables-ip6-foo-chain-MYCHAIN-header').with(
|
||
| 79 | order: '00', |
||
| 80 | content: "# Start of fragment order:00 MYCHAIN header\nchain MYCHAIN {", |
||
| 81 | target: 'nftables-ip6-foo-chain-MYCHAIN', |
||
| 82 | ) |
||
| 83 | } |
||
| 84 | it {
|
||
| 85 | is_expected.to contain_concat__fragment('nftables-ip6-foo-chain-MYCHAIN-footer').with(
|
||
| 86 | order: '99', |
||
| 87 | content: "# Start of fragment order:99 MYCHAIN footer\n}", |
||
| 88 | target: 'nftables-ip6-foo-chain-MYCHAIN', |
||
| 89 | ) |
||
| 90 | } |
||
| 91 | end
|
||
| 92 | context 'with inject set to 22-foobar' do |
||
| 93 | let(:params) do |
||
| 94 | {
|
||
| 95 | inject: '22-foobar', |
||
| 96 | } |
||
| 97 | end
|
||
| 98 | |||
| 99 | it { is_expected.to contain_nftables__rule('foobar-jump_MYCHAIN') }
|
||
| 100 | it {
|
||
| 101 | is_expected.to contain_nftables__rule('foobar-jump_MYCHAIN').with(
|
||
| 102 | order: '22', |
||
| 103 | content: 'jump MYCHAIN', |
||
| 104 | ) |
||
| 105 | } |
||
| 106 | context 'with inject_oif set to alpha and inject_oif set to beta' do |
||
| 107 | let(:params) do |
||
| 108 | super().merge(inject_iif: 'alpha', inject_oif: 'beta') |
||
| 109 | end
|
||
| 110 | |||
| 111 | it {
|
||
| 112 | is_expected.to contain_nftables__rule('foobar-jump_MYCHAIN').with(
|
||
| 113 | order: '22', |
||
| 114 | content: 'iifname alpha oifname beta jump MYCHAIN', |
||
| 115 | ) |
||
| 116 | } |
||
| 117 | end
|
||
| 118 | end
|
||
| 119 | end
|
||
| 120 | end
|
||
| 121 | end |