From fc5f400d931c7beafeade383210e92d852a645ff Mon Sep 17 00:00:00 2001 From: Tim Meusel Date: Sat, 31 Aug 2019 20:28:27 +0200 Subject: Add Debian 10 support & make configdirectory configureable --- spec/classes/ferm_spec.rb | 27 ++++++++++++++++++++------- spec/defines/chain_spec.rb | 30 +++++++++++++++++++----------- spec/defines/rule_spec.rb | 4 ++++ 3 files changed, 43 insertions(+), 18 deletions(-) (limited to 'spec') diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb index aebcaae..55e6739 100644 --- a/spec/classes/ferm_spec.rb +++ b/spec/classes/ferm_spec.rb @@ -17,9 +17,16 @@ describe 'ferm' do it { is_expected.to contain_class('ferm::service') } it { is_expected.to contain_class('ferm::install') } it { is_expected.to contain_package('ferm') } - it { is_expected.to contain_file('/etc/ferm.d') } - it { is_expected.to contain_file('/etc/ferm.d/definitions') } - it { is_expected.to contain_file('/etc/ferm.d/chains') } + if facts[:os]['release']['major'].to_i == 10 + it { is_expected.to contain_file('/etc/ferm/ferm.d') } + it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') } + it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') } + else + it { is_expected.to contain_file('/etc/ferm.d') } + it { is_expected.to contain_file('/etc/ferm.d/definitions') } + it { is_expected.to contain_file('/etc/ferm.d/chains') } + end + it { is_expected.not_to contain_service('ferm') } it { is_expected.not_to contain_file('/etc/ferm.conf') } if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6 @@ -44,7 +51,7 @@ describe 'ferm' do { manage_configfile: true } end - if facts[:os]['name'] == 'Ubuntu' + if facts[:os]['name'] == 'Ubuntu' || facts[:os]['release']['major'].to_i == 10 it { is_expected.to contain_concat('/etc/ferm/ferm.conf') } else it { is_expected.to contain_concat('/etc/ferm.conf') } @@ -68,9 +75,15 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('FORWARD-policy') } it { is_expected.to contain_concat__fragment('INPUT-policy') } it { is_expected.to contain_concat__fragment('OUTPUT-policy') } - it { is_expected.to contain_concat('/etc/ferm.d/chains/FORWARD.conf') } - it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT.conf') } - it { is_expected.to contain_concat('/etc/ferm.d/chains/OUTPUT.conf') } + if facts[:os]['release']['major'].to_i == 10 + it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/FORWARD.conf') } + it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/INPUT.conf') } + it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/OUTPUT.conf') } + else + it { is_expected.to contain_concat('/etc/ferm.d/chains/FORWARD.conf') } + it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT.conf') } + it { is_expected.to contain_concat('/etc/ferm.d/chains/OUTPUT.conf') } + end it { is_expected.to contain_ferm__chain('FORWARD') } it { is_expected.to contain_ferm__chain('OUTPUT') } it { is_expected.to contain_ferm__chain('INPUT') } diff --git a/spec/defines/chain_spec.rb b/spec/defines/chain_spec.rb index d3ab857..9425821 100644 --- a/spec/defines/chain_spec.rb +++ b/spec/defines/chain_spec.rb @@ -6,9 +6,13 @@ describe 'ferm::chain', type: :define do let :facts do facts end - let(:title) { 'INPUT' } + let(:title) { 'INPUT2' } - context 'default params creates INPUT chain' do + let :pre_condition do + 'include ferm' + end + + context 'default params creates INPUT2 chain' do let :params do { policy: 'DROP', @@ -19,15 +23,19 @@ describe 'ferm::chain', type: :define do it { is_expected.to compile.with_all_deps } it do - is_expected.to contain_concat__fragment('INPUT-policy'). \ + is_expected.to contain_concat__fragment('INPUT2-policy'). \ with_content(%r{ESTABLISHED RELATED}) end it do - is_expected.to contain_concat__fragment('INPUT-footer'). \ - with_content(%r{LOG log-prefix 'INPUT: ';}) + is_expected.to contain_concat__fragment('INPUT2-footer'). \ + with_content(%r{LOG log-prefix 'INPUT2: ';}) + end + if facts[:os]['release']['major'].to_i == 10 + it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/INPUT2.conf') } + else + it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT2.conf') } end - it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT.conf') } - it { is_expected.to contain_ferm__chain('INPUT') } + it { is_expected.to contain_ferm__chain('INPUT2') } end context 'without conntrack' do @@ -41,13 +49,13 @@ describe 'ferm::chain', type: :define do it { is_expected.to compile.with_all_deps } it do - is_expected.to contain_concat__fragment('INPUT-policy') - is_expected.not_to contain_concat__fragment('INPUT-policy'). \ + is_expected.to contain_concat__fragment('INPUT2-policy') + is_expected.not_to contain_concat__fragment('INPUT2-policy'). \ with_content(%r{ESTABLISHED RELATED}) end it do - is_expected.not_to contain_concat__fragment('INPUT-footer'). \ - with_content(%r{LOG log-prefix 'INPUT: ';}) + is_expected.not_to contain_concat__fragment('INPUT2-footer'). \ + with_content(%r{LOG log-prefix 'INPUT2: ';}) end end end diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb index 3ee5576..1bec758 100644 --- a/spec/defines/rule_spec.rb +++ b/spec/defines/rule_spec.rb @@ -7,6 +7,10 @@ describe 'ferm::rule', type: :define do facts end + let :pre_condition do + 'include ferm' + end + context 'without a specific interface' do let(:title) { 'filter-ssh' } let :params do -- cgit v1.2.3