blob: e5669b8b860efee0f7755d1d0ed6ccfce3839415 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
require 'spec_helper'
describe 'ferm' do
let :node do
'example.com'
end
on_supported_os.each do |os, facts|
context "on #{os} " do
let :facts do
facts
end
context 'with all defaults' do
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_class('ferm::config') }
it { is_expected.to contain_class('ferm::service') }
it { is_expected.to contain_class('ferm::install') }
it { is_expected.to contain_package('ferm') }
if facts[:os]['release']['major'].to_i == 10
it { is_expected.to contain_file('/etc/ferm/ferm.d') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') }
else
it { is_expected.to contain_file('/etc/ferm.d') }
it { is_expected.to contain_file('/etc/ferm.d/definitions') }
it { is_expected.to contain_file('/etc/ferm.d/chains') }
end
it { is_expected.not_to contain_service('ferm') }
it { is_expected.not_to contain_file('/etc/ferm.conf') }
if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
it { is_expected.not_to contain_file('/etc/init.d/ferm') }
end
end
context 'with managed service' do
let :params do
{ manage_service: true }
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_service('ferm') }
if facts[:os]['name'] == 'Ubuntu'
it { is_expected.to contain_file_line('enable_ferm') }
it { is_expected.to contain_file_line('disable_ferm_cache') }
end
end
context 'with managed configfile' do
let :params do
{ manage_configfile: true }
end
if facts[:os]['name'] == 'Ubuntu' || facts[:os]['release']['major'].to_i == 10
it { is_expected.to contain_concat('/etc/ferm/ferm.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.conf') }
end
it { is_expected.to compile.with_all_deps }
it { is_expected.to contain_concat__fragment('ferm_header.conf') }
it { is_expected.to contain_concat__fragment('ferm.conf') }
# the following string exists only if we preserve chains
it do
is_expected.to contain_concat__fragment('ferm.conf'). \
without_content(%r{@preserve;})
end
end
context 'with managed initfile' do
let :params do
{ manage_initfile: true }
end
if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
it { is_expected.to contain_file('/etc/init.d/ferm') }
else
it { is_expected.not_to contain_file('/etc/init.d/ferm') }
end
end
context 'it creates chains' do
it { is_expected.to contain_concat__fragment('FORWARD-policy') }
it { is_expected.to contain_concat__fragment('INPUT-policy') }
it { is_expected.to contain_concat__fragment('OUTPUT-policy') }
if facts[:os]['release']['major'].to_i == 10
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/FORWARD.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/INPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/OUTPUT.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.d/chains/FORWARD.conf') }
it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm.d/chains/OUTPUT.conf') }
end
it { is_expected.to contain_ferm__chain('FORWARD') }
it { is_expected.to contain_ferm__chain('OUTPUT') }
it { is_expected.to contain_ferm__chain('INPUT') }
end
context 'it preserves chains' do
let :params do
{
manage_configfile: true,
preserve_chains_in_tables: { 'nat' => %w[PREROUTING POSTROUTING] }
}
end
it { is_expected.to compile.with_all_deps }
it do
is_expected.to contain_concat__fragment('ferm.conf'). \
with_content(%r{domain \(ip ip6\) table nat \{})
end
it do
is_expected.to contain_concat__fragment('ferm.conf'). \
with_content(%r{chain PREROUTING @preserve;})
end
it do
is_expected.to contain_concat__fragment('ferm.conf'). \
with_content(%r{chain POSTROUTING @preserve;})
end
end
end
end
end
|