aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Meusel <tim@bastelfreak.de>2021-10-31 19:00:59 +0100
committerGitHub <noreply@github.com>2021-10-31 19:00:59 +0100
commitcb55a971350d32c52cdc49b947f08a815d90ac2a (patch)
treee69eae8647045ab14a59cfaaf99195770b5f7fd3
parent4f2879e76556a7bc3f43fdd329fae05a46143e21 (diff)
parentdb73699faa6804744edc06924c43873ebb6f2932 (diff)
downloadpuppet-ferm-cb55a971350d32c52cdc49b947f08a815d90ac2a.tar.gz
puppet-ferm-cb55a971350d32c52cdc49b947f08a815d90ac2a.tar.bz2
Merge pull request #142 from voxpupuli/modulesync
modulesync 5.0.0
-rw-r--r--.msync.yml2
-rw-r--r--Gemfile4
-rw-r--r--spec/acceptance/ferm_spec.rb19
-rw-r--r--spec/classes/ferm_spec.rb34
-rw-r--r--spec/defines/chain_spec.rb29
-rw-r--r--spec/defines/ipset_spec.rb4
-rw-r--r--spec/defines/rule_spec.rb9
-rw-r--r--spec/spec_helper.rb10
-rw-r--r--spec/spec_helper_acceptance.rb2
-rw-r--r--spec/type_aliases/actions_spec.rb31
-rw-r--r--spec/type_aliases/policies_spec.rb11
-rw-r--r--spec/type_aliases/port_spec.rb5
-rw-r--r--spec/type_aliases/protocols_spec.rb7
-rw-r--r--spec/type_aliases/tables_spec.rb15
14 files changed, 117 insertions, 65 deletions
diff --git a/.msync.yml b/.msync.yml
index 43966c2..e1cd81c 100644
--- a/.msync.yml
+++ b/.msync.yml
@@ -2,4 +2,4 @@
# Managed by modulesync - DO NOT EDIT
# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
-modulesync_config_version: '4.2.0'
+modulesync_config_version: '5.0.0'
diff --git a/Gemfile b/Gemfile
index e43173e..2b731b9 100644
--- a/Gemfile
+++ b/Gemfile
@@ -4,7 +4,7 @@
source ENV['GEM_SOURCE'] || "https://rubygems.org"
group :test do
- gem 'voxpupuli-test', '~> 2.5', :require => false
+ gem 'voxpupuli-test', '~> 4.0', :require => false
gem 'coveralls', :require => false
gem 'simplecov-console', :require => false
gem 'puppet_metadata', '~> 1.0', :require => false
@@ -22,7 +22,7 @@ end
group :release do
gem 'github_changelog_generator', '>= 1.16.1', :require => false if RUBY_VERSION >= '2.5'
- gem 'voxpupuli-release', '>= 1.0.2', :require => false
+ gem 'voxpupuli-release', '>= 1.2.0', :require => false
gem 'puppet-strings', '>= 2.2', :require => false
end
diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb
index 326ed9f..1a6e39e 100644
--- a/spec/acceptance/ferm_spec.rb
+++ b/spec/acceptance/ferm_spec.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
require 'spec_helper_acceptance'
os_name = fact('os.name')
@@ -57,6 +59,7 @@ describe 'ferm' do
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
@@ -82,6 +85,7 @@ describe 'ferm' do
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
@@ -101,7 +105,7 @@ describe 'ferm' do
describe iptables do
it do
- is_expected.to have_rule(iptables_output[0]). \
+ expect(subject).to have_rule(iptables_output[0]). \
with_table('filter'). \
with_chain('INPUT')
end
@@ -135,18 +139,20 @@ describe 'ferm' do
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
describe iptables do
it do
- is_expected.to have_rule(iptables_output[1]). \
+ expect(subject).to have_rule(iptables_output[1]). \
with_table('filter'). \
with_chain('INPUT')
end
+
it do
- is_expected.to have_rule(iptables_output[2]). \
+ expect(subject).to have_rule(iptables_output[2]). \
with_table('filter'). \
with_chain('HTTP')
end
@@ -177,6 +183,7 @@ describe 'ferm' do
it 'works with no error' do
apply_manifest(pp2, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp2, catch_changes: true)
end
@@ -223,18 +230,20 @@ describe 'ferm' do
it 'works with no error' do
apply_manifest(pp, catch_failures: true)
end
+
it 'works idempotently' do
apply_manifest(pp, catch_changes: true)
end
describe iptables do
it do
- is_expected.to have_rule(iptables_output_custom[0]). \
+ expect(subject).to have_rule(iptables_output_custom[0]). \
with_table('filter'). \
with_chain('FORWARD')
end
+
it do
- is_expected.to have_rule(iptables_output_custom[1]). \
+ expect(subject).to have_rule(iptables_output_custom[1]). \
with_table('filter'). \
with_chain('OPENVPN_FORWORD_RULES')
end
diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb
index 0f8c078..55eb3b1 100644
--- a/spec/classes/ferm_spec.rb
+++ b/spec/classes/ferm_spec.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm' do
@@ -6,7 +8,7 @@ describe 'ferm' do
end
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
@@ -16,6 +18,7 @@ describe 'ferm' do
it { is_expected.to contain_class('ferm::config') }
it { is_expected.to contain_class('ferm::service') }
it { is_expected.to contain_class('ferm::install') }
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_file('/etc/ferm/ferm.d') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') }
@@ -35,9 +38,8 @@ describe 'ferm' do
it { is_expected.not_to contain_service('ferm') }
it { is_expected.not_to contain_file('/etc/ferm.conf') }
- if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
- it { is_expected.not_to contain_file('/etc/init.d/ferm') }
- end
+
+ it { is_expected.not_to contain_file('/etc/init.d/ferm') } if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
end
context 'with managed service' do
@@ -47,11 +49,13 @@ describe 'ferm' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_service('ferm') }
+
if facts[:os]['name'] == 'Ubuntu'
it { is_expected.to contain_file_line('enable_ferm') }
it { is_expected.to contain_file_line('disable_ferm_cache') }
end
end
+
context 'with managed configfile' do
let :params do
{ manage_configfile: true }
@@ -66,13 +70,16 @@ describe 'ferm' do
it { is_expected.to contain_concat__fragment('ferm_header.conf') }
it { is_expected.to contain_concat__fragment('ferm.conf') }
# the following string exists only if we preserve chains
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
without_content(%r{@preserve;})
end
+
it { is_expected.to contain_concat__fragment('raw-PREROUTING-config-include') }
it { is_expected.to contain_concat__fragment('raw-OUTPUT-config-include') }
it { is_expected.to contain_concat__fragment('nat-PREROUTING-config-include') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat__fragment('nat-INPUT-config-include') }
else
@@ -91,6 +98,7 @@ describe 'ferm' do
it { is_expected.to contain_concat__fragment('raw-PREROUTING-policy') }
it { is_expected.to contain_concat__fragment('raw-OUTPUT-policy') }
it { is_expected.to contain_concat__fragment('nat-PREROUTING-policy') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat__fragment('nat-INPUT-policy') }
else
@@ -106,10 +114,12 @@ describe 'ferm' do
it { is_expected.to contain_concat__fragment('filter-INPUT-policy') }
it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') }
it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') }
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') }
else
@@ -129,6 +139,7 @@ describe 'ferm' do
it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-PREROUTING.conf') }
it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-OUTPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-PREROUTING.conf') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') }
else
@@ -148,6 +159,7 @@ describe 'ferm' do
it { is_expected.to contain_ferm__chain('raw-PREROUTING') }
it { is_expected.to contain_ferm__chain('raw-OUTPUT') }
it { is_expected.to contain_ferm__chain('nat-PREROUTING') }
+
if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36')
it { is_expected.to contain_ferm__chain('nat-INPUT') }
else
@@ -164,6 +176,7 @@ describe 'ferm' do
it { is_expected.to contain_ferm__chain('OUTPUT') }
it { is_expected.to contain_ferm__chain('INPUT') }
end
+
context 'it preserves chains' do
let :params do
{
@@ -173,19 +186,23 @@ describe 'ferm' do
end
it { is_expected.to compile.with_all_deps }
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
with_content(%r{domain \(ip ip6\) table nat \{})
end
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
with_content(%r{chain PREROUTING @preserve;})
end
+
it do
- is_expected.to contain_concat__fragment('ferm.conf'). \
+ expect(subject).to contain_concat__fragment('ferm.conf'). \
with_content(%r{chain POSTROUTING @preserve;})
end
end
+
context 'it works with git clone' do
let :params do
{
@@ -203,6 +220,7 @@ describe 'ferm' do
it { is_expected.to contain_file('/etc/ferm') }
it { is_expected.to contain_vcsrepo('/opt/ferm') }
end
+
context 'it works with ensure latest' do
let :params do
{
diff --git a/spec/defines/chain_spec.rb b/spec/defines/chain_spec.rb
index 52cc88c..5e84ea5 100644
--- a/spec/defines/chain_spec.rb
+++ b/spec/defines/chain_spec.rb
@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm::chain', type: :define do
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
@@ -22,14 +24,17 @@ describe 'ferm::chain', type: :define do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('filter-INPUT2-config-include') }
+
it do
- is_expected.to contain_concat__fragment('filter-INPUT2-policy'). \
+ expect(subject).to contain_concat__fragment('filter-INPUT2-policy'). \
with_content(%r{ESTABLISHED RELATED})
end
+
it do
- is_expected.to contain_concat__fragment('filter-INPUT2-footer'). \
+ expect(subject).to contain_concat__fragment('filter-INPUT2-footer'). \
with_content(%r{LOG log-prefix 'INPUT2: ';})
end
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-INPUT2.conf') }
else
@@ -47,13 +52,15 @@ describe 'ferm::chain', type: :define do
end
it { is_expected.to compile.with_all_deps }
+
it do
- is_expected.to contain_concat__fragment('filter-INPUT2-policy')
- is_expected.not_to contain_concat__fragment('filter-INPUT2-policy'). \
+ expect(subject).to contain_concat__fragment('filter-INPUT2-policy')
+ expect(subject).not_to contain_concat__fragment('filter-INPUT2-policy'). \
with_content(%r{ESTABLISHED RELATED})
end
+
it do
- is_expected.not_to contain_concat__fragment('filter-INPUT2-footer'). \
+ expect(subject).not_to contain_concat__fragment('filter-INPUT2-footer'). \
with_content(%r{LOG log-prefix 'INPUT2: ';})
end
end
@@ -81,16 +88,20 @@ describe 'ferm::chain', type: :define do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('filter-FERM-DSL-config-include') }
+
it do
- is_expected.to contain_concat__fragment('filter-FERM-DSL-custom-content'). \
+ expect(subject).to contain_concat__fragment('filter-FERM-DSL-custom-content'). \
with_content(%r{mod rpfilter invert DROP;})
end
+
it do
- is_expected.not_to contain_concat__fragment('filter-FERM-DSL-policy')
+ expect(subject).not_to contain_concat__fragment('filter-FERM-DSL-policy')
end
+
it do
- is_expected.not_to contain_concat__fragment('filter-FERM-DSL-footer')
+ expect(subject).not_to contain_concat__fragment('filter-FERM-DSL-footer')
end
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-FERM-DSL.conf') }
else
diff --git a/spec/defines/ipset_spec.rb b/spec/defines/ipset_spec.rb
index 050e5ef..88ef5c3 100644
--- a/spec/defines/ipset_spec.rb
+++ b/spec/defines/ipset_spec.rb
@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm::ipset', type: :define do
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb
index 7529fce..4b7b1d4 100644
--- a/spec/defines/rule_spec.rb
+++ b/spec/defines/rule_spec.rb
@@ -1,8 +1,10 @@
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'ferm::rule', type: :define do
on_supported_os.each do |os, facts|
- context "on #{os} " do
+ context "on #{os}" do
let :facts do
facts
end
@@ -202,12 +204,15 @@ describe 'ferm::rule', type: :define do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('filter-SSH-policy') }
+
it do
- is_expected.to contain_concat__fragment('INPUT-filter-ssh').\
+ expect(subject).to contain_concat__fragment('INPUT-filter-ssh').\
with_content("mod comment comment 'filter-ssh' proto tcp dport 22 jump SSH;\n"). \
that_requires('Ferm::Chain[check-ssh]')
end
+
it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') }
+
if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-SSH.conf') }
else
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index fb5f0cb..4d617f3 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -1,17 +1,17 @@
+# frozen_string_literal: true
+
# Managed by modulesync - DO NOT EDIT
# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
# puppetlabs_spec_helper will set up coverage if the env variable is set.
# We want to do this if lib exists and it hasn't been explicitly set.
-ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../../lib', __FILE__))
+ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__))
require 'voxpupuli/test/spec_helper'
if File.exist?(File.join(__dir__, 'default_module_facts.yml'))
facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml')))
- if facts
- facts.each do |name, value|
- add_custom_fact name.to_sym, value
- end
+ facts&.each do |name, value|
+ add_custom_fact name.to_sym, value
end
end
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
index 7db1a99..7acf630 100644
--- a/spec/spec_helper_acceptance.rb
+++ b/spec/spec_helper_acceptance.rb
@@ -1,3 +1,5 @@
+# frozen_string_literal: true
+
require 'voxpupuli/acceptance/spec_helper_acceptance'
configure_beaker do |host|
diff --git a/spec/type_aliases/actions_spec.rb b/spec/type_aliases/actions_spec.rb
index 5f6efb0..c5cc502 100644
--- a/spec/type_aliases/actions_spec.rb
+++ b/spec/type_aliases/actions_spec.rb
@@ -1,21 +1,22 @@
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Actions' do
describe 'valid values' do
- [
- 'RETURN',
- 'ACCEPT',
- 'DROP',
- 'REJECT',
- 'NOTRACK',
- 'LOG',
- 'MARK',
- 'DNAT',
- 'SNAT',
- 'MASQUERADE',
- 'REDIRECT',
- 'MYFANCYCUSTOMCHAINNAMEISALSOVALID',
+ %w[
+ RETURN
+ ACCEPT
+ DROP
+ REJECT
+ NOTRACK
+ LOG
+ MARK
+ DNAT
+ SNAT
+ MASQUERADE
+ REDIRECT
+ MYFANCYCUSTOMCHAINNAMEISALSOVALID
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
@@ -31,7 +32,7 @@ describe 'Ferm::Actions' do
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
diff --git a/spec/type_aliases/policies_spec.rb b/spec/type_aliases/policies_spec.rb
index 6cb6a2f..6708aa4 100644
--- a/spec/type_aliases/policies_spec.rb
+++ b/spec/type_aliases/policies_spec.rb
@@ -1,11 +1,12 @@
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Policies' do
describe 'valid values' do
- [
- 'ACCEPT',
- 'DROP',
+ %w[
+ ACCEPT
+ DROP
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
@@ -24,7 +25,7 @@ describe 'Ferm::Policies' do
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
diff --git a/spec/type_aliases/port_spec.rb b/spec/type_aliases/port_spec.rb
index 2e6c1c8..671576e 100644
--- a/spec/type_aliases/port_spec.rb
+++ b/spec/type_aliases/port_spec.rb
@@ -1,4 +1,5 @@
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Port' do
@@ -23,7 +24,7 @@ describe 'Ferm::Port' do
true,
false,
:symbol,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
'12345',
diff --git a/spec/type_aliases/protocols_spec.rb b/spec/type_aliases/protocols_spec.rb
index cab521f..bd409c5 100644
--- a/spec/type_aliases/protocols_spec.rb
+++ b/spec/type_aliases/protocols_spec.rb
@@ -1,4 +1,5 @@
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Protocols' do
@@ -14,7 +15,7 @@ describe 'Ferm::Protocols' do
'sctp',
'mh',
'all',
- ['icmp', 'tcp', 'udp'],
+ %w[icmp tcp udp],
0,
[0, 4],
].each do |value|
@@ -33,7 +34,7 @@ describe 'Ferm::Protocols' do
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},
diff --git a/spec/type_aliases/tables_spec.rb b/spec/type_aliases/tables_spec.rb
index 29274c3..4df20a5 100644
--- a/spec/type_aliases/tables_spec.rb
+++ b/spec/type_aliases/tables_spec.rb
@@ -1,13 +1,14 @@
-# rubocop:disable Style/WordArray
+# frozen_string_literal: true
+
require 'spec_helper'
describe 'Ferm::Tables' do
describe 'valid values' do
- [
- 'raw',
- 'mangle',
- 'nat',
- 'filter',
+ %w[
+ raw
+ mangle
+ nat
+ filter
].each do |value|
describe value.inspect do
it { is_expected.to allow_value(value) }
@@ -24,7 +25,7 @@ describe 'Ferm::Tables' do
'',
true,
false,
- ['meep', 'meep'],
+ %w[meep meep],
65_538,
[95_000, 67_000],
{},