+# frozen_string_literal: true
+
require 'spec_helper_acceptance'
os_name = fact('os.name')
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
describe iptables do
it do
- is_expected.to have_rule(iptables_output[0]). \
+ expect(subject).to have_rule(iptables_output[0]). \
with_table('filter'). \
with_chain('INPUT')
end
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
describe iptables do
it do
- is_expected.to have_rule(iptables_output[1]). \
+ expect(subject).to have_rule(iptables_output[1]). \
with_table('filter'). \
with_chain('INPUT')
end
+
it do
- is_expected.to have_rule(iptables_output[2]). \
+ expect(subject).to have_rule(iptables_output[2]). \
with_table('filter'). \
with_chain('HTTP')
end
it 'works with no error' do
apply_manifest(pp2, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp2, catch_changes: true)
end
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
describe iptables do
it do
- is_expected.to have_rule(iptables_output_custom[0]). \
+ expect(subject).to have_rule(iptables_output_custom[0]). \
with_table('filter'). \
with_chain('FORWARD')
end
+
it do
- is_expected.to have_rule(iptables_output_custom[1]). \
+ expect(subject).to have_rule(iptables_output_custom[1]). \
with_table('filter'). \
with_chain('OPENVPN_FORWORD_RULES')
end
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm' do
end
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
it { is_expected.to contain_class('ferm::config') }
it { is_expected.to contain_class('ferm::service') }
it { is_expected.to contain_class('ferm::install') }
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_file('/etc/ferm/ferm.d') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') }
it { is_expected.not_to contain_service('ferm') }
it { is_expected.not_to contain_file('/etc/ferm.conf') }
- if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
- it { is_expected.not_to contain_file('/etc/init.d/ferm') }
- end
+
+ it { is_expected.not_to contain_file('/etc/init.d/ferm') } if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
end
context 'with managed service' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_service('ferm') }
+
if facts[:os]['name'] == 'Ubuntu'
it { is_expected.to contain_file_line('enable_ferm') }
it { is_expected.to contain_file_line('disable_ferm_cache') }
end
end
+
context 'with managed configfile' do
let :params do
{ manage_configfile: true }
it { is_expected.to contain_concat__fragment('ferm_header.conf') }
it { is_expected.to contain_concat__fragment('ferm.conf') }
# the following string exists only if we preserve chains
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
without_content(%r{@preserve;})
end
+
it { is_expected.to contain_concat__fragment('raw-PREROUTING-config-include') }
it { is_expected.to contain_concat__fragment('raw-OUTPUT-config-include') }
it { is_expected.to contain_concat__fragment('nat-PREROUTING-config-include') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat__fragment('nat-INPUT-config-include') }
else
it { is_expected.to contain_concat__fragment('raw-PREROUTING-policy') }
it { is_expected.to contain_concat__fragment('raw-OUTPUT-policy') }
it { is_expected.to contain_concat__fragment('nat-PREROUTING-policy') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat__fragment('nat-INPUT-policy') }
else
it { is_expected.to contain_concat__fragment('filter-INPUT-policy') }
it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') }
it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') }
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-PREROUTING.conf') }
it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-OUTPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-PREROUTING.conf') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') }
else
it { is_expected.to contain_ferm__chain('raw-PREROUTING') }
it { is_expected.to contain_ferm__chain('raw-OUTPUT') }
it { is_expected.to contain_ferm__chain('nat-PREROUTING') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_ferm__chain('nat-INPUT') }
else
it { is_expected.to contain_ferm__chain('OUTPUT') }
it { is_expected.to contain_ferm__chain('INPUT') }
end
+
context 'it preserves chains' do
let :params do
{
end
it { is_expected.to compile.with_all_deps }
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
with_content(%r{domain \(ip ip6\) table nat \{})
end
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
with_content(%r{chain PREROUTING @preserve;})
end
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
with_content(%r{chain POSTROUTING @preserve;})
end
end
+
context 'it works with git clone' do
let :params do
{
it { is_expected.to contain_file('/etc/ferm') }
it { is_expected.to contain_vcsrepo('/opt/ferm') }
end
+
context 'it works with ensure latest' do
let :params do
{
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm::chain', type: :define do
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('filter-INPUT2-config-include') }
+
it do
- is_expected.to contain_concat__fragment('filter-INPUT2-policy'). \
+ expect(subject).to contain_concat__fragment('filter-INPUT2-policy'). \
with_content(%r{ESTABLISHED RELATED})
end
+
it do
- is_expected.to contain_concat__fragment('filter-INPUT2-footer'). \
+ expect(subject).to contain_concat__fragment('filter-INPUT2-footer'). \
with_content(%r{LOG log-prefix 'INPUT2: ';})
end
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-INPUT2.conf') }
else
end
it { is_expected.to compile.with_all_deps }
+
it do
- is_expected.to contain_concat__fragment('filter-INPUT2-policy')
- is_expected.not_to contain_concat__fragment('filter-INPUT2-policy'). \
+ expect(subject).to contain_concat__fragment('filter-INPUT2-policy')
+ expect(subject).not_to contain_concat__fragment('filter-INPUT2-policy'). \
with_content(%r{ESTABLISHED RELATED})
end
+
it do
- is_expected.not_to contain_concat__fragment('filter-INPUT2-footer'). \
+ expect(subject).not_to contain_concat__fragment('filter-INPUT2-footer'). \
with_content(%r{LOG log-prefix 'INPUT2: ';})
end
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('filter-FERM-DSL-config-include') }
+
it do
- is_expected.to contain_concat__fragment('filter-FERM-DSL-custom-content'). \
+ expect(subject).to contain_concat__fragment('filter-FERM-DSL-custom-content'). \
with_content(%r{mod rpfilter invert DROP;})
end
+
it do
- is_expected.not_to contain_concat__fragment('filter-FERM-DSL-policy')
+ expect(subject).not_to contain_concat__fragment('filter-FERM-DSL-policy')
end
+
it do
- is_expected.not_to contain_concat__fragment('filter-FERM-DSL-footer')
+ expect(subject).not_to contain_concat__fragment('filter-FERM-DSL-footer')
end
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-FERM-DSL.conf') }
else
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm::ipset', type: :define do
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm::rule', type: :define do
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('filter-SSH-policy') }
+
it do
- is_expected.to contain_concat__fragment('INPUT-filter-ssh').\
+ expect(subject).to contain_concat__fragment('INPUT-filter-ssh').\
with_content("mod comment comment 'filter-ssh' proto tcp dport 22 jump SSH;\n"). \
that_requires('Ferm::Chain[check-ssh]')
end
+
it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') }
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-SSH.conf') }
else
+# frozen_string_literal: true
+
# Managed by modulesync - DO NOT EDIT
# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
# puppetlabs_spec_helper will set up coverage if the env variable is set.
# We want to do this if lib exists and it hasn't been explicitly set.
-ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../../lib', __FILE__))
+ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__))
require 'voxpupuli/test/spec_helper'
if File.exist?(File.join(__dir__, 'default_module_facts.yml'))
facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml')))
- if facts
- facts.each do |name, value|
- add_custom_fact name.to_sym, value
- end
+ facts&.each do |name, value|
+ add_custom_fact name.to_sym, value
end
end
+# frozen_string_literal: true
+
require 'voxpupuli/acceptance/spec_helper_acceptance'
configure_beaker do |host|
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Actions' do
describe 'valid values' do
- [
- 'RETURN',
- 'ACCEPT',
- 'DROP',
- 'REJECT',
- 'NOTRACK',
- 'LOG',
- 'MARK',
- 'DNAT',
- 'SNAT',
- 'MASQUERADE',
- 'REDIRECT',
- 'MYFANCYCUSTOMCHAINNAMEISALSOVALID',
+ %w[
+ RETURN
+ ACCEPT
+ DROP
+ REJECT
+ NOTRACK
+ LOG
+ MARK
+ DNAT
+ SNAT
+ MASQUERADE
+ REDIRECT
+ MYFANCYCUSTOMCHAINNAMEISALSOVALID
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Policies' do
describe 'valid values' do
- [
- 'ACCEPT',
- 'DROP',
+ %w[
+ ACCEPT
+ DROP
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Port' do
true,
false,
:symbol,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
'12345',
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Protocols' do
'sctp',
'mh',
'all',
- ['icmp', 'tcp', 'udp'],
+ %w[icmp tcp udp],
0,
[0, 4],
].each do |value|
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Tables' do
describe 'valid values' do
- [
- 'raw',
- 'mangle',
- 'nat',
- 'filter',
+ %w[
+ raw
+ mangle
+ nat
+ filter
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
projects / puppet-ferm.git / commitdiff