diff options
-rw-r--r-- | .msync.yml | 2 | ||||
-rw-r--r-- | Gemfile | 4 | ||||
-rw-r--r-- | spec/acceptance/ferm_spec.rb | 19 | ||||
-rw-r--r-- | spec/classes/ferm_spec.rb | 34 | ||||
-rw-r--r-- | spec/defines/chain_spec.rb | 29 | ||||
-rw-r--r-- | spec/defines/ipset_spec.rb | 4 | ||||
-rw-r--r-- | spec/defines/rule_spec.rb | 9 | ||||
-rw-r--r-- | spec/spec_helper.rb | 10 | ||||
-rw-r--r-- | spec/spec_helper_acceptance.rb | 2 | ||||
-rw-r--r-- | spec/type_aliases/actions_spec.rb | 31 | ||||
-rw-r--r-- | spec/type_aliases/policies_spec.rb | 11 | ||||
-rw-r--r-- | spec/type_aliases/port_spec.rb | 5 | ||||
-rw-r--r-- | spec/type_aliases/protocols_spec.rb | 7 | ||||
-rw-r--r-- | spec/type_aliases/tables_spec.rb | 15 |
14 files changed, 117 insertions, 65 deletions
@@ -2,4 +2,4 @@ # Managed by modulesync - DO NOT EDIT # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ -modulesync_config_version: '4.2.0' +modulesync_config_version: '5.0.0' @@ -4,7 +4,7 @@ source ENV['GEM_SOURCE'] || "https://rubygems.org" group :test do - gem 'voxpupuli-test', '~> 2.5', :require => false + gem 'voxpupuli-test', '~> 4.0', :require => false gem 'coveralls', :require => false gem 'simplecov-console', :require => false gem 'puppet_metadata', '~> 1.0', :require => false @@ -22,7 +22,7 @@ end group :release do gem 'github_changelog_generator', '>= 1.16.1', :require => false if RUBY_VERSION >= '2.5' - gem 'voxpupuli-release', '>= 1.0.2', :require => false + gem 'voxpupuli-release', '>= 1.2.0', :require => false gem 'puppet-strings', '>= 2.2', :require => false end diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb index 326ed9f..1a6e39e 100644 --- a/spec/acceptance/ferm_spec.rb +++ b/spec/acceptance/ferm_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper_acceptance' os_name = fact('os.name') @@ -57,6 +59,7 @@ describe 'ferm' do it 'works with no error' do apply_manifest(pp, catch_failures: true) end + it 'works idempotently' do apply_manifest(pp, catch_changes: true) end @@ -82,6 +85,7 @@ describe 'ferm' do it 'works with no error' do apply_manifest(pp, catch_failures: true) end + it 'works idempotently' do apply_manifest(pp, catch_changes: true) end @@ -101,7 +105,7 @@ describe 'ferm' do describe iptables do it do - is_expected.to have_rule(iptables_output[0]). \ + expect(subject).to have_rule(iptables_output[0]). \ with_table('filter'). \ with_chain('INPUT') end @@ -135,18 +139,20 @@ describe 'ferm' do it 'works with no error' do apply_manifest(pp, catch_failures: true) end + it 'works idempotently' do apply_manifest(pp, catch_changes: true) end describe iptables do it do - is_expected.to have_rule(iptables_output[1]). \ + expect(subject).to have_rule(iptables_output[1]). \ with_table('filter'). \ with_chain('INPUT') end + it do - is_expected.to have_rule(iptables_output[2]). \ + expect(subject).to have_rule(iptables_output[2]). \ with_table('filter'). \ with_chain('HTTP') end @@ -177,6 +183,7 @@ describe 'ferm' do it 'works with no error' do apply_manifest(pp2, catch_failures: true) end + it 'works idempotently' do apply_manifest(pp2, catch_changes: true) end @@ -223,18 +230,20 @@ describe 'ferm' do it 'works with no error' do apply_manifest(pp, catch_failures: true) end + it 'works idempotently' do apply_manifest(pp, catch_changes: true) end describe iptables do it do - is_expected.to have_rule(iptables_output_custom[0]). \ + expect(subject).to have_rule(iptables_output_custom[0]). \ with_table('filter'). \ with_chain('FORWARD') end + it do - is_expected.to have_rule(iptables_output_custom[1]). \ + expect(subject).to have_rule(iptables_output_custom[1]). \ with_table('filter'). \ with_chain('OPENVPN_FORWORD_RULES') end diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb index 0f8c078..55eb3b1 100644 --- a/spec/classes/ferm_spec.rb +++ b/spec/classes/ferm_spec.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'ferm' do @@ -6,7 +8,7 @@ describe 'ferm' do end on_supported_os.each do |os, facts| - context "on #{os} " do + context "on #{os}" do let :facts do facts end @@ -16,6 +18,7 @@ describe 'ferm' do it { is_expected.to contain_class('ferm::config') } it { is_expected.to contain_class('ferm::service') } it { is_expected.to contain_class('ferm::install') } + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_file('/etc/ferm/ferm.d') } it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') } @@ -35,9 +38,8 @@ describe 'ferm' do it { is_expected.not_to contain_service('ferm') } it { is_expected.not_to contain_file('/etc/ferm.conf') } - if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6 - it { is_expected.not_to contain_file('/etc/init.d/ferm') } - end + + it { is_expected.not_to contain_file('/etc/init.d/ferm') } if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6 end context 'with managed service' do @@ -47,11 +49,13 @@ describe 'ferm' do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_service('ferm') } + if facts[:os]['name'] == 'Ubuntu' it { is_expected.to contain_file_line('enable_ferm') } it { is_expected.to contain_file_line('disable_ferm_cache') } end end + context 'with managed configfile' do let :params do { manage_configfile: true } @@ -66,13 +70,16 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('ferm_header.conf') } it { is_expected.to contain_concat__fragment('ferm.conf') } # the following string exists only if we preserve chains + it do - is_expected.to contain_concat__fragment('ferm.conf'). \ + expect(subject).to contain_concat__fragment('ferm.conf'). \ without_content(%r{@preserve;}) end + it { is_expected.to contain_concat__fragment('raw-PREROUTING-config-include') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('nat-PREROUTING-config-include') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat__fragment('nat-INPUT-config-include') } else @@ -91,6 +98,7 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('raw-PREROUTING-policy') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-policy') } it { is_expected.to contain_concat__fragment('nat-PREROUTING-policy') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat__fragment('nat-INPUT-policy') } else @@ -106,10 +114,12 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('filter-INPUT-policy') } it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') } it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') } + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') } else @@ -129,6 +139,7 @@ describe 'ferm' do it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-PREROUTING.conf') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') } else @@ -148,6 +159,7 @@ describe 'ferm' do it { is_expected.to contain_ferm__chain('raw-PREROUTING') } it { is_expected.to contain_ferm__chain('raw-OUTPUT') } it { is_expected.to contain_ferm__chain('nat-PREROUTING') } + if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_ferm__chain('nat-INPUT') } else @@ -164,6 +176,7 @@ describe 'ferm' do it { is_expected.to contain_ferm__chain('OUTPUT') } it { is_expected.to contain_ferm__chain('INPUT') } end + context 'it preserves chains' do let :params do { @@ -173,19 +186,23 @@ describe 'ferm' do end it { is_expected.to compile.with_all_deps } + it do - is_expected.to contain_concat__fragment('ferm.conf'). \ + expect(subject).to contain_concat__fragment('ferm.conf'). \ with_content(%r{domain \(ip ip6\) table nat \{}) end + it do - is_expected.to contain_concat__fragment('ferm.conf'). \ + expect(subject).to contain_concat__fragment('ferm.conf'). \ with_content(%r{chain PREROUTING @preserve;}) end + it do - is_expected.to contain_concat__fragment('ferm.conf'). \ + expect(subject).to contain_concat__fragment('ferm.conf'). \ with_content(%r{chain POSTROUTING @preserve;}) end end + context 'it works with git clone' do let :params do { @@ -203,6 +220,7 @@ describe 'ferm' do it { is_expected.to contain_file('/etc/ferm') } it { is_expected.to contain_vcsrepo('/opt/ferm') } end + context 'it works with ensure latest' do let :params do { diff --git a/spec/defines/chain_spec.rb b/spec/defines/chain_spec.rb index 52cc88c..5e84ea5 100644 --- a/spec/defines/chain_spec.rb +++ b/spec/defines/chain_spec.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'ferm::chain', type: :define do on_supported_os.each do |os, facts| - context "on #{os} " do + context "on #{os}" do let :facts do facts end @@ -22,14 +24,17 @@ describe 'ferm::chain', type: :define do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('filter-INPUT2-config-include') } + it do - is_expected.to contain_concat__fragment('filter-INPUT2-policy'). \ + expect(subject).to contain_concat__fragment('filter-INPUT2-policy'). \ with_content(%r{ESTABLISHED RELATED}) end + it do - is_expected.to contain_concat__fragment('filter-INPUT2-footer'). \ + expect(subject).to contain_concat__fragment('filter-INPUT2-footer'). \ with_content(%r{LOG log-prefix 'INPUT2: ';}) end + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-INPUT2.conf') } else @@ -47,13 +52,15 @@ describe 'ferm::chain', type: :define do end it { is_expected.to compile.with_all_deps } + it do - is_expected.to contain_concat__fragment('filter-INPUT2-policy') - is_expected.not_to contain_concat__fragment('filter-INPUT2-policy'). \ + expect(subject).to contain_concat__fragment('filter-INPUT2-policy') + expect(subject).not_to contain_concat__fragment('filter-INPUT2-policy'). \ with_content(%r{ESTABLISHED RELATED}) end + it do - is_expected.not_to contain_concat__fragment('filter-INPUT2-footer'). \ + expect(subject).not_to contain_concat__fragment('filter-INPUT2-footer'). \ with_content(%r{LOG log-prefix 'INPUT2: ';}) end end @@ -81,16 +88,20 @@ describe 'ferm::chain', type: :define do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('filter-FERM-DSL-config-include') } + it do - is_expected.to contain_concat__fragment('filter-FERM-DSL-custom-content'). \ + expect(subject).to contain_concat__fragment('filter-FERM-DSL-custom-content'). \ with_content(%r{mod rpfilter invert DROP;}) end + it do - is_expected.not_to contain_concat__fragment('filter-FERM-DSL-policy') + expect(subject).not_to contain_concat__fragment('filter-FERM-DSL-policy') end + it do - is_expected.not_to contain_concat__fragment('filter-FERM-DSL-footer') + expect(subject).not_to contain_concat__fragment('filter-FERM-DSL-footer') end + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-FERM-DSL.conf') } else diff --git a/spec/defines/ipset_spec.rb b/spec/defines/ipset_spec.rb index 050e5ef..88ef5c3 100644 --- a/spec/defines/ipset_spec.rb +++ b/spec/defines/ipset_spec.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'ferm::ipset', type: :define do on_supported_os.each do |os, facts| - context "on #{os} " do + context "on #{os}" do let :facts do facts end diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb index 7529fce..4b7b1d4 100644 --- a/spec/defines/rule_spec.rb +++ b/spec/defines/rule_spec.rb @@ -1,8 +1,10 @@ +# frozen_string_literal: true + require 'spec_helper' describe 'ferm::rule', type: :define do on_supported_os.each do |os, facts| - context "on #{os} " do + context "on #{os}" do let :facts do facts end @@ -202,12 +204,15 @@ describe 'ferm::rule', type: :define do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('filter-SSH-policy') } + it do - is_expected.to contain_concat__fragment('INPUT-filter-ssh').\ + expect(subject).to contain_concat__fragment('INPUT-filter-ssh').\ with_content("mod comment comment 'filter-ssh' proto tcp dport 22 jump SSH;\n"). \ that_requires('Ferm::Chain[check-ssh]') end + it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') } + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-SSH.conf') } else diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index fb5f0cb..4d617f3 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,17 +1,17 @@ +# frozen_string_literal: true + # Managed by modulesync - DO NOT EDIT # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/ # puppetlabs_spec_helper will set up coverage if the env variable is set. # We want to do this if lib exists and it hasn't been explicitly set. -ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../../lib', __FILE__)) +ENV['COVERAGE'] ||= 'yes' if Dir.exist?(File.expand_path('../lib', __dir__)) require 'voxpupuli/test/spec_helper' if File.exist?(File.join(__dir__, 'default_module_facts.yml')) facts = YAML.safe_load(File.read(File.join(__dir__, 'default_module_facts.yml'))) - if facts - facts.each do |name, value| - add_custom_fact name.to_sym, value - end + facts&.each do |name, value| + add_custom_fact name.to_sym, value end end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 7db1a99..7acf630 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -1,3 +1,5 @@ +# frozen_string_literal: true + require 'voxpupuli/acceptance/spec_helper_acceptance' configure_beaker do |host| diff --git a/spec/type_aliases/actions_spec.rb b/spec/type_aliases/actions_spec.rb index 5f6efb0..c5cc502 100644 --- a/spec/type_aliases/actions_spec.rb +++ b/spec/type_aliases/actions_spec.rb @@ -1,21 +1,22 @@ -# rubocop:disable Style/WordArray +# frozen_string_literal: true + require 'spec_helper' describe 'Ferm::Actions' do describe 'valid values' do - [ - 'RETURN', - 'ACCEPT', - 'DROP', - 'REJECT', - 'NOTRACK', - 'LOG', - 'MARK', - 'DNAT', - 'SNAT', - 'MASQUERADE', - 'REDIRECT', - 'MYFANCYCUSTOMCHAINNAMEISALSOVALID', + %w[ + RETURN + ACCEPT + DROP + REJECT + NOTRACK + LOG + MARK + DNAT + SNAT + MASQUERADE + REDIRECT + MYFANCYCUSTOMCHAINNAMEISALSOVALID ].each do |value| describe value.inspect do it { is_expected.to allow_value(value) } @@ -31,7 +32,7 @@ describe 'Ferm::Actions' do '', true, false, - ['meep', 'meep'], + %w[meep meep], 65_538, [95_000, 67_000], {}, diff --git a/spec/type_aliases/policies_spec.rb b/spec/type_aliases/policies_spec.rb index 6cb6a2f..6708aa4 100644 --- a/spec/type_aliases/policies_spec.rb +++ b/spec/type_aliases/policies_spec.rb @@ -1,11 +1,12 @@ -# rubocop:disable Style/WordArray +# frozen_string_literal: true + require 'spec_helper' describe 'Ferm::Policies' do describe 'valid values' do - [ - 'ACCEPT', - 'DROP', + %w[ + ACCEPT + DROP ].each do |value| describe value.inspect do it { is_expected.to allow_value(value) } @@ -24,7 +25,7 @@ describe 'Ferm::Policies' do '', true, false, - ['meep', 'meep'], + %w[meep meep], 65_538, [95_000, 67_000], {}, diff --git a/spec/type_aliases/port_spec.rb b/spec/type_aliases/port_spec.rb index 2e6c1c8..671576e 100644 --- a/spec/type_aliases/port_spec.rb +++ b/spec/type_aliases/port_spec.rb @@ -1,4 +1,5 @@ -# rubocop:disable Style/WordArray +# frozen_string_literal: true + require 'spec_helper' describe 'Ferm::Port' do @@ -23,7 +24,7 @@ describe 'Ferm::Port' do true, false, :symbol, - ['meep', 'meep'], + %w[meep meep], 65_538, [95_000, 67_000], '12345', diff --git a/spec/type_aliases/protocols_spec.rb b/spec/type_aliases/protocols_spec.rb index cab521f..bd409c5 100644 --- a/spec/type_aliases/protocols_spec.rb +++ b/spec/type_aliases/protocols_spec.rb @@ -1,4 +1,5 @@ -# rubocop:disable Style/WordArray +# frozen_string_literal: true + require 'spec_helper' describe 'Ferm::Protocols' do @@ -14,7 +15,7 @@ describe 'Ferm::Protocols' do 'sctp', 'mh', 'all', - ['icmp', 'tcp', 'udp'], + %w[icmp tcp udp], 0, [0, 4], ].each do |value| @@ -33,7 +34,7 @@ describe 'Ferm::Protocols' do '', true, false, - ['meep', 'meep'], + %w[meep meep], 65_538, [95_000, 67_000], {}, diff --git a/spec/type_aliases/tables_spec.rb b/spec/type_aliases/tables_spec.rb index 29274c3..4df20a5 100644 --- a/spec/type_aliases/tables_spec.rb +++ b/spec/type_aliases/tables_spec.rb @@ -1,13 +1,14 @@ -# rubocop:disable Style/WordArray +# frozen_string_literal: true + require 'spec_helper' describe 'Ferm::Tables' do describe 'valid values' do - [ - 'raw', - 'mangle', - 'nat', - 'filter', + %w[ + raw + mangle + nat + filter ].each do |value| describe value.inspect do it { is_expected.to allow_value(value) } @@ -24,7 +25,7 @@ describe 'Ferm::Tables' do '', true, false, - ['meep', 'meep'], + %w[meep meep], 65_538, [95_000, 67_000], {}, |