require 'spec_helper_acceptance'
describe "param based tests:", :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
- # Takes a hash and converts it into a firewall resource
- def pp(params)
- name = params.delete('name') || '100 test'
- pm = <<-EOS
-firewall { '#{name}':
- EOS
-
- params.each do |k,v|
- pm += <<-EOS
- #{k} => #{v},
- EOS
- end
-
- pm += <<-EOS
-}
- EOS
- pm
- end
-
it 'test various params', :unless => (default['platform'].match(/el-5/) || fact('operatingsystem') == 'SLES') do
iptables_flush_all_tables
- ppm = pp({
- 'table' => "'raw'",
- 'socket' => 'true',
- 'chain' => "'PREROUTING'",
- 'jump' => 'LOG',
- 'log_level' => 'debug',
- })
+ ppm = <<-EOS
+ firewall { '100 test':
+ table => 'raw',
+ socket => 'true',
+ chain => 'PREROUTING',
+ jump => 'LOG',
+ log_level => 'debug',
+ }
+ EOS
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
it 'test log rule' do
iptables_flush_all_tables
- ppm = pp({
- 'name' => '998 log all',
- 'proto' => 'all',
- 'jump' => 'LOG',
- 'log_level' => 'debug',
- })
+ ppm = <<-EOS
+ firewall { '998 log all':
+ proto => 'all',
+ jump => 'LOG',
+ log_level => 'debug',
+ }
+ EOS
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
it 'test log rule - changing names' do
iptables_flush_all_tables
- ppm1 = pp({
- 'name' => '004 log all INVALID packets',
- 'chain' => 'INPUT',
- 'proto' => 'all',
- 'ctstate' => 'INVALID',
- 'jump' => 'LOG',
- 'log_level' => '3',
- 'log_prefix' => '"IPTABLES dropped invalid: "',
- })
-
- ppm2 = pp({
- 'name' => '003 log all INVALID packets',
- 'chain' => 'INPUT',
- 'proto' => 'all',
- 'ctstate' => 'INVALID',
- 'jump' => 'LOG',
- 'log_level' => '3',
- 'log_prefix' => '"IPTABLES dropped invalid: "',
- })
+ ppm1 = <<-EOS
+ firewall { '004 log all INVALID packets':
+ chain => 'INPUT',
+ proto => 'all',
+ ctstate => 'INVALID',
+ jump => 'LOG',
+ log_level => '3',
+ log_prefix => 'IPTABLES dropped invalid: ',
+ }
+ EOS
+
+ ppm2 = <<-EOS
+ firewall { '003 log all INVALID packets':
+ chain => 'INPUT',
+ proto => 'all',
+ ctstate => 'INVALID',
+ jump => 'LOG',
+ log_level => '3',
+ log_prefix => 'IPTABLES dropped invalid: ',
+ }
+ EOS
expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to eq(2)
it 'test chain - changing names' do
iptables_flush_all_tables
- ppm1 = pp({
- 'name' => '004 with a chain',
- 'chain' => 'INPUT',
- 'proto' => 'all',
- })
+ ppm1 = <<-EOS
+ firewall { '004 with a chain':
+ chain => 'INPUT',
+ proto => 'all',
+ }
+ EOS
- ppm2 = pp({
- 'name' => '004 with a chain',
- 'chain' => 'OUTPUT',
- 'proto' => 'all',
- })
+ ppm2 = <<-EOS
+ firewall { '004 with a chain':
+ chain => 'OUTPUT',
+ proto => 'all',
+ }
+ EOS
apply_manifest(ppm1, :expect_changes => true)
it 'test log rule - idempotent' do
iptables_flush_all_tables
- ppm1 = pp({
- 'name' => '004 log all INVALID packets',
- 'chain' => 'INPUT',
- 'proto' => 'all',
- 'ctstate' => 'INVALID',
- 'jump' => 'LOG',
- 'log_level' => '3',
- 'log_prefix' => '"IPTABLES dropped invalid: "',
- })
+ ppm1 = <<-EOS
+ firewall { '004 log all INVALID packets':
+ chain => 'INPUT',
+ proto => 'all',
+ ctstate => 'INVALID',
+ jump => 'LOG',
+ log_level => '3',
+ log_prefix => 'IPTABLES dropped invalid: ',
+ }
+ EOS
expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to eq(2)
expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to be_zero
it 'test src_range rule' do
iptables_flush_all_tables
- ppm = pp({
- 'name' => '997 block src ip range',
- 'chain' => 'INPUT',
- 'proto' => 'all',
- 'action' => 'drop',
- 'src_range' => '"10.0.0.1-10.0.0.10"',
- })
+ ppm = <<-EOS
+ firewall { '997 block src ip range':
+ chain => 'INPUT',
+ proto => 'all',
+ action => 'drop',
+ src_range => '10.0.0.1-10.0.0.10',
+ }
+ EOS
+
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
it 'test dst_range rule' do
iptables_flush_all_tables
- ppm = pp({
- 'name' => '998 block dst ip range',
- 'chain' => 'INPUT',
- 'proto' => 'all',
- 'action' => 'drop',
- 'dst_range' => '"10.0.0.2-10.0.0.20"',
- })
+ ppm = <<-EOS
+ firewall { '998 block dst ip range':
+ chain => 'INPUT',
+ proto => 'all',
+ action => 'drop',
+ dst_range => '10.0.0.2-10.0.0.20',
+ }
+ EOS
+
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff