spec/defines/rule_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

require 'spec_helper'

describe 'ferm::rule', type: :define do
  on_supported_os.each do |os, facts|
    context "on #{os} " do
      let :facts do
        facts
      end

      let :pre_condition do
        'include ferm'
      end

      context 'without a specific interface' do
        let(:title) { 'filter-ssh' }
        let :params do
          {
            chain: 'INPUT',
            policy: 'ACCEPT',
            proto: 'tcp',
            dport: '22',
            saddr: '127.0.0.1'
          }
        end

        it { is_expected.to compile.with_all_deps }
        it { is_expected.to contain_concat__fragment('INPUT-filter-ssh').with_content("mod comment comment 'filter-ssh' proto tcp dport 22 saddr @ipfilter((127.0.0.1)) ACCEPT;\n") }
      end
      context 'with a specific interface' do
        let(:title) { 'filter-ssh' }
        let :params do
          {
            chain: 'INPUT',
            policy: 'ACCEPT',
            proto: 'tcp',
            dport: '22',
            saddr: '127.0.0.1',
            interface: 'eth0'
          }
        end

        it { is_expected.to compile.with_all_deps }
        it { is_expected.to contain_concat__fragment('INPUT-eth0-filter-ssh').with_content("  mod comment comment 'filter-ssh' proto tcp dport 22 saddr @ipfilter((127.0.0.1)) ACCEPT;\n") }
        it { is_expected.to contain_concat__fragment('INPUT-eth0-aaa').with_content("interface eth0 {\n") }
        it { is_expected.to contain_concat__fragment('INPUT-eth0-zzz').with_content("}\n") }
      end
      context 'with a specific interface using array for daddr' do
        let(:title) { 'filter-ssh' }
        let :params do
          {
            chain: 'INPUT',
            policy: 'ACCEPT',
            proto: 'tcp',
            dport: '22',
            daddr: ['127.0.0.1', '123.123.123.123', ['10.0.0.1', '10.0.0.2']],
            interface: 'eth0'
          }
        end

        it { is_expected.to compile.with_all_deps }
        it { is_expected.to contain_concat__fragment('INPUT-eth0-filter-ssh').with_content("  mod comment comment 'filter-ssh' proto tcp dport 22 daddr @ipfilter((127.0.0.1 123.123.123.123 10.0.0.1 10.0.0.2)) ACCEPT;\n") }
        it { is_expected.to contain_concat__fragment('INPUT-eth0-aaa').with_content("interface eth0 {\n") }
        it { is_expected.to contain_concat__fragment('INPUT-eth0-zzz').with_content("}\n") }
      end
    end
  end
end