From 6be13799d8a2ee49c3af88ffd7a474c39f1475e3 Mon Sep 17 00:00:00 2001
From: Rehan Mahmood <rehanone@gmail.com>
Date: Mon, 4 May 2020 14:11:05 -0400
Subject: Allow adding custom ferm dsl for subchains. This is important for
 using complex iptable rules that are currently not supported by this module
 or would be very hard to manage just using puppet.

---
 spec/defines/chain_spec.rb | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

(limited to 'spec/defines')

diff --git a/spec/defines/chain_spec.rb b/spec/defines/chain_spec.rb
index 1a6bb44..52cc88c 100644
--- a/spec/defines/chain_spec.rb
+++ b/spec/defines/chain_spec.rb
@@ -70,6 +70,34 @@ describe 'ferm::chain', type: :define do
 
         it { is_expected.to compile.and_raise_error(%r{Can only set a default policy for builtin chains}) }
       end
+
+      context 'with custom chain FERM-DSL using content parameter' do
+        let(:title) { 'FERM-DSL' }
+        let :params do
+          {
+            content: 'mod rpfilter invert DROP;'
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_concat__fragment('filter-FERM-DSL-config-include') }
+        it do
+          is_expected.to contain_concat__fragment('filter-FERM-DSL-custom-content'). \
+            with_content(%r{mod rpfilter invert DROP;})
+        end
+        it do
+          is_expected.not_to contain_concat__fragment('filter-FERM-DSL-policy')
+        end
+        it do
+          is_expected.not_to contain_concat__fragment('filter-FERM-DSL-footer')
+        end
+        if facts[:os]['name'] == 'Debian'
+          it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-FERM-DSL.conf') }
+        else
+          it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-FERM-DSL.conf') }
+        end
+        it { is_expected.to contain_ferm__chain('FERM-DSL') }
+      end
     end
   end
 end
-- 
cgit v1.2.3