Gemfile.lock
# TODO: Ignore this for now until we decide what to do with it
spec/fixtures/manifests/
+.ruby-version
sets:
'centos-59-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'centos-59-x64'
'centos-64-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'centos-64-x64'
'fedora-18-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'fedora-18-x64'
'debian-607-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'debian-607-x64'
'debian-70rc1-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'debian-70rc1-x64'
'ubuntu-server-10044-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'ubuntu-server-10044-x64'
'ubuntu-server-12042-x64':
nodes:
- "main":
+ "main.foo.vm":
prefab: 'ubuntu-server-12042-x64'
group :development, :test do
gem 'puppetlabs_spec_helper', :require => false
- gem 'rspec-system-puppet', '~>0.3.0'
+ gem 'rspec-system-puppet', '~>0.3.1'
end
if puppetversion = ENV['PUPPET_GEM_VERSION']
require 'rspec-system/spec_helper'
require 'rspec-system-puppet/helpers'
+# Just some helpers specific to this module
+module LocalHelpers
+ # This helper flushes all tables on the default machine.
+ #
+ # It checks that the flush command returns with no errors.
+ #
+ # @return [void]
+ # @todo Need to optionally do the newer tables
+ # @example
+ # it 'should flush tables' do
+ # iptables_flush_all_tables
+ # end
+ def iptables_flush_all_tables
+ ['filter', 'nat', 'mangle', 'raw'].each do |t|
+ system_run("/sbin/iptables -t #{t} -F") do |r|
+ r[:exit_code].should == 0
+ r[:stderr].should == ''
+ end
+ end
+ end
+end
+
RSpec.configure do |c|
# Project root for the firewall code
proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+ # Import in our local helpers
+ c.include ::LocalHelpers
+
# This is where we 'setup' the nodes before running our tests
c.system_setup_block = proc do
# TODO: find a better way of importing this into this namespace
require 'spec_helper_system'
-# TODO: we probably wanna break this into pieces
+# Here we put the more basic fundamental tests, ultra obvious stuff.
describe "basic tests:" do
- # This helper flushes all tables on the default machine.
- #
- # It checks that the flush command returns with no errors.
- def iptables_flush_all_tables
- ['filter', 'nat', 'mangle', 'raw'].each do |t|
- system_run("/sbin/iptables -t #{t} -F") do |r|
- r[:exit_code].should == 0
- r[:stderr].should == ''
- end
- end
- end
-
- context 'prelim:' do
- it 'make sure we have copied the module across' do
- # No point diagnosing any more if the module wasn't copied properly
- system_run("ls /etc/puppet/modules/firewall") do |r|
- r[:exit_code].should == 0
- r[:stdout].should =~ /Modulefile/
- r[:stderr].should == ''
- end
- end
- end
-
- context 'puppet resource firewall command:' do
- it 'make sure it returns no errors when executed on a clean machine' do
- # Except for the absence of iptables, it should run perfectly usually
- # most hosts have iptables at least.
- puppet_resource('firewall') do |r|
- r[:exit_code].should == 0
- # don't check stdout, some boxes come with rules, that is normal
- r[:stderr].should == ''
- end
- end
-
- it 'flush iptables and make sure it returns nothing afterwards' do
- iptables_flush_all_tables
- # No rules, means no output thanks. And no errors as well.
- puppet_resource('firewall') do |r|
- r[:exit_code].should == 0
- r[:stderr].should == ''
- r[:stdout].should == "\n"
- end
+ it 'make sure we have copied the module across' do
+ # No point diagnosing any more if the module wasn't copied properly
+ system_run("ls /etc/puppet/modules/firewall") do |r|
+ r[:exit_code].should == 0
+ r[:stdout].should =~ /Modulefile/
+ r[:stderr].should == ''
end
end
end
--- /dev/null
+require 'spec_helper_system'
+
+describe "firewall class:" do
+ it "should run without event" do
+ pp = <<-EOS
+ class { 'firewall': }
+ EOS
+ puppet_apply(pp) do |r|
+ r[:stderr].should == ''
+ r[:exit_code].should_not eq(1)
+ end
+ end
+
+ it "should be idempotent" do
+ pp = <<-EOS
+ class { 'firewall': }
+ EOS
+ puppet_apply(pp) do |r|
+ r[:stderr].should == ''
+ r[:exit_code].should == 0
+ end
+ end
+end
--- /dev/null
+require 'spec_helper_system'
+
+# Here we want to test the the resource commands ability to work with different
+# existing ruleset scenarios. This will give the parsing capabilities of the
+# code a good work out.
+describe 'puppet resource firewall command:' do
+ it 'make sure it returns no errors when executed on a clean machine' do
+ puppet_resource('firewall') do |r|
+ r[:exit_code].should == 0
+ # don't check stdout, some boxes come with rules, that is normal
+ r[:stderr].should == ''
+ end
+ end
+
+ it 'flush iptables and make sure it returns nothing afterwards' do
+ iptables_flush_all_tables
+
+ # No rules, means no output thanks. And no errors as well.
+ puppet_resource('firewall') do |r|
+ r[:exit_code].should == 0
+ r[:stderr].should == ''
+ r[:stdout].should == "\n"
+ end
+ end
+end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff