group :development, :test do
gem 'puppetlabs_spec_helper', :require => false
- gem 'rspec-system-puppet', '~>1.1', '>=1.1.0'
+ gem 'rspec-system-puppet', '~>1.2', '>=1.2.0'
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
# end
def iptables_flush_all_tables
['filter', 'nat', 'mangle', 'raw'].each do |t|
- system_run("/sbin/iptables -t #{t} -F") do |r|
- r[:exit_code].should == 0
- r[:stderr].should == ''
+ shell "/sbin/iptables -t #{t} -F" do |r|
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
end
end
+include RSpecSystemPuppet::Helpers
+
RSpec.configure do |c|
# Project root for the firewall code
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
# Import in our local helpers
c.include ::LocalHelpers
+ c.include RSpecSystemPuppet::Helpers
# This is where we 'setup' the nodes before running our tests
- c.system_setup_block = proc do
- # TODO: find a better way of importing this into this namespace
- include RSpecSystemPuppet::Helpers
-
+ c.before :suite do
# Install puppet
puppet_install
describe "basic tests:" do
it 'make sure we have copied the module across' do
# No point diagnosing any more if the module wasn't copied properly
- system_run("ls /etc/puppet/modules/firewall") do |r|
- r[:exit_code].should == 0
- r[:stdout].should =~ /Modulefile/
- r[:stderr].should == ''
+ shell 'ls /etc/puppet/modules/firewall' do |r|
+ r.stdout.should =~ /Modulefile/
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
end
require 'spec_helper_system'
describe "firewall class:" do
- context 'no params:' do
- let(:pp) do
- pp = <<-EOS.gsub(/^\s{8}/,'')
- class { 'firewall': }
- EOS
- end
+ it 'should run successfully' do
+ pp = "class { 'firewall': }"
- it "should run without event" do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should_not eq(1)
- end
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should_not == 1
end
- it "should be idempotent" do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 0
- end
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
- context 'ensure => stopped:' do
- let(:pp) do
- pp = <<-EOS.gsub(/^\s{8}/,'')
- class { 'firewall':
- ensure => stopped,
- }
- EOS
- end
+ it 'ensure => stopped:' do
+ pp = <<-EOS
+ class { 'firewall':
+ ensure => stopped,
+ }
+ EOS
- it "should run without event" do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should_not eq(1)
- end
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should_not == 1
end
- it "should be idempotent" do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 0
- end
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
- context 'ensure => running:' do
- let(:pp) do
- pp = <<-EOS.gsub(/^\s{8}/,'')
- class { 'firewall':
- ensure => running,
- }
- EOS
- end
+ it 'ensure => running:' do
+ pp = <<-EOS
+ class { 'firewall':
+ ensure => running,
+ }
+ EOS
- it "should run without event" do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should_not eq(1)
- end
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should_not == 1
end
- it "should be idempotent" do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 0
- end
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
end
require 'spec_helper_system'
describe "param based tests:" do
+ # Takes a hash and converts it into a firewall resource
def pp(params)
name = params.delete('name') || '100 test'
pm = <<-EOS
end
it 'test various params' do
- facts = system_node.facts
+ facts = node.facts
unless (facts['operatingsystem'] == 'CentOS') && \
facts['operatingsystemrelease'] =~ /^5\./ then
'log_level' => 'debug',
})
puppet_apply(ppm) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 2
+ r.stderr.should be_empty
+ r.exit_code.should == 2
end
# check idempotency
puppet_apply(ppm) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 0
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
end
'log_level' => 'debug',
})
puppet_apply(ppm) do |r|
- r.stderr.should == ''
+ r.stderr.should be_empty
r.exit_code.should == 2
end
# check idempotency
puppet_apply(ppm) do |r|
- r.stderr.should == ''
- r.exit_code.should == 0
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
end
end
puppet_apply(ppm1) do |r|
r.stderr.should be_empty
- r.exit_code.should == 0
+ r.exit_code.should be_zero
end
end
end
it 'make sure duplicate existing rules get purged' do
iptables_flush_all_tables
- system_run('/sbin/iptables -A INPUT -s 1.2.1.2')
- system_run('/sbin/iptables -A INPUT -s 1.2.1.2')
+ shell('/sbin/iptables -A INPUT -s 1.2.1.2')
+ shell('/sbin/iptables -A INPUT -s 1.2.1.2')
pp = <<-EOS
class { 'firewall': }
resources { 'firewall':
}
EOS
puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 2
+ r.stderr.should be_empty
+ r.exit_code.should == 2
end
system_run('/sbin/iptables-save') do |r|
- r[:stdout].should_not =~ /1\.2\.1\.2/
- r[:stderr].should == ''
+ r.stdout.should_not =~ /1\.2\.1\.2/
+ r.stderr.should be_empty
end
end
end
describe 'puppet resource firewall command:' do
it 'make sure it returns no errors when executed on a clean machine' do
puppet_resource('firewall') do |r|
- r[:exit_code].should == 0
+ r.exit_code.should be_zero
# don't check stdout, some boxes come with rules, that is normal
- r[:stderr].should == ''
+ r.stderr.should be_empty
end
end
# No rules, means no output thanks. And no errors as well.
puppet_resource('firewall') do |r|
- r[:exit_code].should == 0
- r[:stderr].should == ''
- r[:stdout].should == "\n"
+ r.exit_code.should be_zero
+ r.stderr.should be_empty
+ r.stdout.should == "\n"
end
end
-
+
it 'accepts rules without comments' do
iptables_flush_all_tables
- system_run('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80')
+ shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80')
puppet_resource('firewall') do |r|
- r[:exit_code].should == 0
+ r.exit_code.should be_zero
# don't check stdout, testing preexisting rules, output is normal
- r[:stderr].should == ''
+ r.stderr.should be_empty
end
end
it 'accepts rules with invalid comments' do
iptables_flush_all_tables
- system_run('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http"')
+ shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http"')
puppet_resource('firewall') do |r|
- r[:exit_code].should == 0
+ r.exit_code.should be_zero
# don't check stdout, testing preexisting rules, output is normal
- r[:stderr].should == ''
+ r.stderr.should be_empty
end
end
end
+++ /dev/null
-require 'spec_helper_system'
-
-# Some tests for the standard recommended usage
-describe "standard usage:" do
- let(:pp) do
- pp = <<-EOS
-class my_fw::pre {
- Firewall {
- require => undef,
- }
-
- # Default firewall rules
- firewall { '000 accept all icmp':
- proto => 'icmp',
- action => 'accept',
- }->
- firewall { '001 accept all to lo interface':
- proto => 'all',
- iniface => 'lo',
- action => 'accept',
- }->
- firewall { '002 accept related established rules':
- proto => 'all',
- state => ['RELATED', 'ESTABLISHED'],
- action => 'accept',
- }
-}
-class my_fw::post {
- firewall { '999 drop all':
- proto => 'all',
- action => 'drop',
- before => undef,
- }
-}
-resources { "firewall":
- purge => true
-}
-Firewall {
- before => Class['my_fw::post'],
- require => Class['my_fw::pre'],
-}
-class { ['my_fw::pre', 'my_fw::post']: }
-class { 'firewall': }
-firewall { '500 open up port 22':
- action => 'accept',
- proto => 'tcp',
- dport => 22,
-}
- EOS
- end
-
- it 'make sure it runs without error' do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should_not eq(1)
- end
- end
-
- it 'should be idempotent' do
- puppet_apply(pp) do |r|
- r[:stderr].should == ''
- r[:exit_code].should == 0
- end
- end
-end
--- /dev/null
+require 'spec_helper_system'
+
+# Some tests for the standard recommended usage
+describe 'standard usage tests:' do
+ it 'standard 1' do
+ pp = <<-EOS
+ class my_fw::pre {
+ Firewall {
+ require => undef,
+ }
+
+ # Default firewall rules
+ firewall { '000 accept all icmp':
+ proto => 'icmp',
+ action => 'accept',
+ }->
+ firewall { '001 accept all to lo interface':
+ proto => 'all',
+ iniface => 'lo',
+ action => 'accept',
+ }->
+ firewall { '002 accept related established rules':
+ proto => 'all',
+ state => ['RELATED', 'ESTABLISHED'],
+ action => 'accept',
+ }
+ }
+ class my_fw::post {
+ firewall { '999 drop all':
+ proto => 'all',
+ action => 'drop',
+ before => undef,
+ }
+ }
+ resources { "firewall":
+ purge => true
+ }
+ Firewall {
+ before => Class['my_fw::post'],
+ require => Class['my_fw::pre'],
+ }
+ class { ['my_fw::pre', 'my_fw::post']: }
+ class { 'firewall': }
+ firewall { '500 open up port 22':
+ action => 'accept',
+ proto => 'tcp',
+ dport => 22,
+ }
+ EOS
+
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should_not == 1
+ end
+
+ puppet_apply(pp) do |r|
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
+ end
+ end
+end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff