spec/classes/ferm_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

require 'spec_helper'

describe 'ferm' do
  let :node do
    'example.com'
  end

  on_supported_os.each do |os, facts|
    context "on #{os} " do
      let :facts do
        facts
      end

      context 'with all defaults' do
        it { is_expected.to compile.with_all_deps }
        it { is_expected.to contain_class('ferm::config') }
        it { is_expected.to contain_class('ferm::service') }
        it { is_expected.to contain_class('ferm::install') }
        it { is_expected.to contain_package('ferm') }
        if facts[:os]['release']['major'].to_i == 10
          it { is_expected.to contain_file('/etc/ferm/ferm.d') }
          it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') }
          it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') }
        else
          it { is_expected.to contain_file('/etc/ferm.d') }
          it { is_expected.to contain_file('/etc/ferm.d/definitions') }
          it { is_expected.to contain_file('/etc/ferm.d/chains') }
        end

        it { is_expected.not_to contain_service('ferm') }
        it { is_expected.not_to contain_file('/etc/ferm.conf') }
        if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
          it { is_expected.not_to contain_file('/etc/init.d/ferm') }
        end
      end

      context 'with managed service' do
        let :params do
          { manage_service: true }
        end

        it { is_expected.to compile.with_all_deps }
        it { is_expected.to contain_service('ferm') }
        if facts[:os]['name'] == 'Ubuntu'
          it { is_expected.to contain_file_line('enable_ferm') }
          it { is_expected.to contain_file_line('disable_ferm_cache') }
        end
      end
      context 'with managed configfile' do
        let :params do
          { manage_configfile: true }
        end

        if facts[:os]['name'] == 'Ubuntu' || facts[:os]['release']['major'].to_i == 10
          it { is_expected.to contain_concat('/etc/ferm/ferm.conf') }
        else
          it { is_expected.to contain_concat('/etc/ferm.conf') }
        end
        it { is_expected.to compile.with_all_deps }
        it { is_expected.to contain_concat__fragment('ferm_header.conf') }
        it { is_expected.to contain_concat__fragment('ferm.conf') }
        # the following string exists only if we preserve chains
        it do
          is_expected.to contain_concat__fragment('ferm.conf'). \
            without_content(%r{@preserve;})
        end
      end
      context 'with managed initfile' do
        let :params do
          { manage_initfile: true }
        end

        if facts[:os]['family'] == 'RedHat' && facts[:os]['release']['major'].to_i <= 6
          it { is_expected.to contain_file('/etc/init.d/ferm') }
        else
          it { is_expected.not_to contain_file('/etc/init.d/ferm') }
        end
      end
      context 'it creates chains' do
        it { is_expected.to contain_concat__fragment('FORWARD-policy') }
        it { is_expected.to contain_concat__fragment('INPUT-policy') }
        it { is_expected.to contain_concat__fragment('OUTPUT-policy') }
        if facts[:os]['release']['major'].to_i == 10
          it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/FORWARD.conf') }
          it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/INPUT.conf') }
          it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/OUTPUT.conf') }
        else
          it { is_expected.to contain_concat('/etc/ferm.d/chains/FORWARD.conf') }
          it { is_expected.to contain_concat('/etc/ferm.d/chains/INPUT.conf') }
          it { is_expected.to contain_concat('/etc/ferm.d/chains/OUTPUT.conf') }
        end
        it { is_expected.to contain_ferm__chain('FORWARD') }
        it { is_expected.to contain_ferm__chain('OUTPUT') }
        it { is_expected.to contain_ferm__chain('INPUT') }
      end

      context 'it preserves chains' do
        let :params do
          {
            manage_configfile: true,
            preserve_chains_in_tables: { 'nat' => %w[PREROUTING POSTROUTING] }
          }
        end

        it { is_expected.to compile.with_all_deps }
        it do
          is_expected.to contain_concat__fragment('ferm.conf'). \
            with_content(%r{domain \(ip ip6\) table nat \{})
        end
        it do
          is_expected.to contain_concat__fragment('ferm.conf'). \
            with_content(%r{chain PREROUTING @preserve;})
        end
        it do
          is_expected.to contain_concat__fragment('ferm.conf'). \
            with_content(%r{chain POSTROUTING @preserve;})
        end
      end
    end
  end
end