From 2fc602af79b0b18fef1fab4a34134741ff35e10f Mon Sep 17 00:00:00 2001
From: Fabien COMBERNOUS <fabien.combernous@adullact.org>
Date: Fri, 6 Sep 2019 14:57:21 +0200
Subject: enable acceptance

---
 spec/acceptance/ferm_spec.rb   | 60 ++++++++++++++++++++++++++++++++++++++++++
 spec/spec_helper_acceptance.rb | 22 ++++++++++++++++
 2 files changed, 82 insertions(+)
 create mode 100644 spec/acceptance/ferm_spec.rb
 create mode 100644 spec/spec_helper_acceptance.rb

diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb
new file mode 100644
index 0000000..1b0f794
--- /dev/null
+++ b/spec/acceptance/ferm_spec.rb
@@ -0,0 +1,60 @@
+require 'spec_helper_acceptance'
+
+os_name = fact('os.name')
+os_release = fact('os.release.major')
+
+sut_os = "#{os_name}-#{os_release}"
+
+manage_initfile = case sut_os
+                  when 'CentOS-6'
+                    true
+                  else
+                    false
+                  end
+
+describe 'ferm' do
+  context 'with basics settings' do
+    pp = %(
+      class { 'ferm':
+        manage_service    => true,
+        manage_configfile => true,
+        manage_initfile   => #{manage_initfile}, # CentOS-6 does not provide init script
+        forward_policy    => 'DROP',
+        output_policy     => 'DROP',
+        input_policy      => 'DROP',
+        rules             => {
+          'allow acceptance_tests' => {
+            chain  => 'INPUT',
+            policy => 'ACCEPT',
+            proto  => tcp,
+            dport  => 22,
+          },
+        },
+        ip_versions      => ['ip'], #only ipv4 available with CI
+      }
+    )
+
+    it 'works with no error' do
+      apply_manifest(pp, catch_failures: true)
+    end
+    it 'works idempotently' do
+      apply_manifest(pp, catch_changes: true)
+    end
+
+    describe package('ferm') do
+      it { is_expected.to be_installed }
+    end
+
+    describe service('ferm') do
+      it { is_expected.to be_running }
+    end
+
+    describe command('iptables-save') do
+      its(:stdout) { is_expected.to match %r{.*filter.*:INPUT DROP.*:FORWARD DROP.*:OUTPUT DROP.*}m }
+    end
+
+    describe iptables do
+      it { is_expected.to have_rule('-A INPUT -p tcp -m comment --comment "allow acceptance_tests" -m tcp --dport 22 -j ACCEPT').with_table('filter').with_chain('INPUT') }
+    end
+  end
+end
diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb
new file mode 100644
index 0000000..50dadbe
--- /dev/null
+++ b/spec/spec_helper_acceptance.rb
@@ -0,0 +1,22 @@
+require 'beaker-rspec'
+require 'beaker-puppet'
+require 'beaker/puppet_install_helper'
+require 'beaker/module_install_helper'
+
+run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no'
+install_module
+install_module_dependencies
+
+RSpec.configure do |c|
+  # Configure all nodes in nodeset
+  c.before :suite do
+    # ferm is into epel with RedHat like OSes
+    install_module_from_forge('stahnma-epel', '>= 1.3.1 < 2.0.0') if fact('os.family') == 'RedHat'
+
+    pp = %(
+      include epel
+    )
+
+    apply_manifest(pp, catch_failures: true) if fact('os.family') == 'RedHat'
+  end
+end
-- 
cgit v1.2.3