--- /dev/null
+require 'spec_helper_acceptance'
+
+os_name = fact('os.name')
+os_release = fact('os.release.major')
+
+sut_os = "#{os_name}-#{os_release}"
+
+manage_initfile = case sut_os
+ when 'CentOS-6'
+ true
+ else
+ false
+ end
+
+describe 'ferm' do
+ context 'with basics settings' do
+ pp = %(
+ class { 'ferm':
+ manage_service => true,
+ manage_configfile => true,
+ manage_initfile => #{manage_initfile}, # CentOS-6 does not provide init script
+ forward_policy => 'DROP',
+ output_policy => 'DROP',
+ input_policy => 'DROP',
+ rules => {
+ 'allow acceptance_tests' => {
+ chain => 'INPUT',
+ policy => 'ACCEPT',
+ proto => tcp,
+ dport => 22,
+ },
+ },
+ ip_versions => ['ip'], #only ipv4 available with CI
+ }
+ )
+
+ it 'works with no error' do
+ apply_manifest(pp, catch_failures: true)
+ end
+ it 'works idempotently' do
+ apply_manifest(pp, catch_changes: true)
+ end
+
+ describe package('ferm') do
+ it { is_expected.to be_installed }
+ end
+
+ describe service('ferm') do
+ it { is_expected.to be_running }
+ end
+
+ describe command('iptables-save') do
+ its(:stdout) { is_expected.to match %r{.*filter.*:INPUT DROP.*:FORWARD DROP.*:OUTPUT DROP.*}m }
+ end
+
+ describe iptables do
+ it { is_expected.to have_rule('-A INPUT -p tcp -m comment --comment "allow acceptance_tests" -m tcp --dport 22 -j ACCEPT').with_table('filter').with_chain('INPUT') }
+ end
+ end
+end
--- /dev/null
+require 'beaker-rspec'
+require 'beaker-puppet'
+require 'beaker/puppet_install_helper'
+require 'beaker/module_install_helper'
+
+run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no'
+install_module
+install_module_dependencies
+
+RSpec.configure do |c|
+ # Configure all nodes in nodeset
+ c.before :suite do
+ # ferm is into epel with RedHat like OSes
+ install_module_from_forge('stahnma-epel', '>= 1.3.1 < 2.0.0') if fact('os.family') == 'RedHat'
+
+ pp = %(
+ include epel
+ )
+
+ apply_manifest(pp, catch_failures: true) if fact('os.family') == 'RedHat'
+ end
+end
projects / puppet-ferm.git / commitdiff