require 'spec_helper' describe 'ferm' do let :node do 'example.com' end on_supported_os.each do |os, facts| context "on #{os} " do let :facts do facts end context 'with all defaults' do it { is_expected.to compile.with_all_deps } it { is_expected.to contain_class('ferm::config') } it { is_expected.to contain_class('ferm::service') } it { is_expected.to contain_class('ferm::install') } it { is_expected.to contain_package('ferm') } if facts[:os]['name'] == 'Debian' it { is_expected.to contain_file('/etc/ferm/ferm.d') } it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') } it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') } else it { is_expected.to contain_file('/etc/ferm.d') } it { is_expected.to contain_file('/etc/ferm.d/definitions') } it { is_expected.to contain_file('/etc/ferm.d/chains') } end it { is_expected.not_to contain_service('ferm') } it { is_expected.not_to contain_file('/etc/ferm.conf') } if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6 it { is_expected.not_to contain_file('/etc/init.d/ferm') } end end context 'with managed service' do let :params do { manage_service: true } end it { is_expected.to compile.with_all_deps } it { is_expected.to contain_service('ferm') } if facts[:os]['name'] == 'Ubuntu' it { is_expected.to contain_file_line('enable_ferm') } it { is_expected.to contain_file_line('disable_ferm_cache') } end end context 'with managed configfile' do let :params do { manage_configfile: true } end if facts[:os]['family'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.conf') } else it { is_expected.to contain_concat('/etc/ferm.conf') } end it { is_expected.to compile.with_all_deps } it { is_expected.to contain_concat__fragment('ferm_header.conf') } it { is_expected.to contain_concat__fragment('ferm.conf') } # the following string exists only if we preserve chains it do is_expected.to contain_concat__fragment('ferm.conf'). \ without_content(%r{@preserve;}) end it { is_expected.to contain_concat__fragment('raw-PREROUTING-config-include') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('nat-PREROUTING-config-include') } if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat__fragment('nat-INPUT-config-include') } else it { is_expected.not_to contain_concat__fragment('nat-INPUT-config-include') } end it { is_expected.to contain_concat__fragment('nat-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('nat-POSTROUTING-config-include') } it { is_expected.to contain_concat__fragment('mangle-PREROUTING-config-include') } it { is_expected.to contain_concat__fragment('mangle-INPUT-config-include') } it { is_expected.to contain_concat__fragment('mangle-FORWARD-config-include') } it { is_expected.to contain_concat__fragment('mangle-OUTPUT-config-include') } it { is_expected.to contain_concat__fragment('mangle-POSTROUTING-config-include') } end context 'with managed initfile' do let :params do { manage_initfile: true } end if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6 it { is_expected.to contain_file('/etc/init.d/ferm') } else it { is_expected.not_to contain_file('/etc/init.d/ferm') } end end context 'it creates chains' do it { is_expected.to contain_concat__fragment('raw-PREROUTING-policy') } it { is_expected.to contain_concat__fragment('raw-OUTPUT-policy') } it { is_expected.to contain_concat__fragment('nat-PREROUTING-policy') } if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat__fragment('nat-INPUT-policy') } else it { is_expected.not_to contain_concat__fragment('nat-INPUT-policy') } end it { is_expected.to contain_concat__fragment('nat-OUTPUT-policy') } it { is_expected.to contain_concat__fragment('nat-POSTROUTING-policy') } it { is_expected.to contain_concat__fragment('mangle-PREROUTING-policy') } it { is_expected.to contain_concat__fragment('mangle-INPUT-policy') } it { is_expected.to contain_concat__fragment('mangle-FORWARD-policy') } it { is_expected.to contain_concat__fragment('mangle-OUTPUT-policy') } it { is_expected.to contain_concat__fragment('mangle-POSTROUTING-policy') } it { is_expected.to contain_concat__fragment('filter-INPUT-policy') } it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') } it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') } if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') } if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') } else it { is_expected.not_to contain_concat('/etc/ferm/ferm.d/chains/nat-INPUT.conf') } end it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-POSTROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/mangle-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/mangle-INPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/mangle-FORWARD.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/mangle-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/mangle-POSTROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/FORWARD.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/INPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/OUTPUT.conf') } else it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-PREROUTING.conf') } if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') } else it { is_expected.not_to contain_concat('/etc/ferm.d/chains/nat-INPUT.conf') } end it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/nat-POSTROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/mangle-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/mangle-INPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/mangle-FORWARD.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/mangle-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/mangle-POSTROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/FORWARD.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT.conf') } it { is_expected.to contain_concat('/etc/ferm.d/chains/OUTPUT.conf') } end it { is_expected.to contain_ferm__chain('raw-PREROUTING') } it { is_expected.to contain_ferm__chain('raw-OUTPUT') } it { is_expected.to contain_ferm__chain('nat-PREROUTING') } if Gem::Version.new(facts[:kernelversion]) >= Gem::Version.new('2.6.36') it { is_expected.to contain_ferm__chain('nat-INPUT') } else it { is_expected.not_to contain_ferm__chain('nat-INPUT') } end it { is_expected.to contain_ferm__chain('nat-OUTPUT') } it { is_expected.to contain_ferm__chain('nat-POSTROUTING') } it { is_expected.to contain_ferm__chain('mangle-PREROUTING') } it { is_expected.to contain_ferm__chain('mangle-INPUT') } it { is_expected.to contain_ferm__chain('mangle-FORWARD') } it { is_expected.to contain_ferm__chain('mangle-OUTPUT') } it { is_expected.to contain_ferm__chain('mangle-POSTROUTING') } it { is_expected.to contain_ferm__chain('FORWARD') } it { is_expected.to contain_ferm__chain('OUTPUT') } it { is_expected.to contain_ferm__chain('INPUT') } end context 'it preserves chains' do let :params do { manage_configfile: true, preserve_chains_in_tables: { 'nat' => %w[PREROUTING POSTROUTING] } } end it { is_expected.to compile.with_all_deps } it do is_expected.to contain_concat__fragment('ferm.conf'). \ with_content(%r{domain \(ip ip6\) table nat \{}) end it do is_expected.to contain_concat__fragment('ferm.conf'). \ with_content(%r{chain PREROUTING @preserve;}) end it do is_expected.to contain_concat__fragment('ferm.conf'). \ with_content(%r{chain POSTROUTING @preserve;}) end end end end end