This work migrates the existing tests to beaker-rspec.
--- /dev/null
+require 'spec_helper_acceptance'
+
+# Here we put the more basic fundamental tests, ultra obvious stuff.
+describe "basic tests:" do
+ it 'make sure we have copied the module across' do
+ shell('ls /etc/puppet/modules/firewall/Modulefile', {:acceptable_exit_codes => 0})
+ end
+end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe "firewall class:" do
+ it 'should run successfully' do
+ pp = "class { 'firewall': }"
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+
+ it 'ensure => stopped:' do
+ pp = "class { 'firewall': ensure => stopped }"
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+
+ it 'ensure => running:' do
+ pp = "class { 'firewall': ensure => running }"
+
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+ end
+end
--- /dev/null
+HOSTS:
+ centos-59-x64:
+ roles:
+ - master
+ platform: centos-59-x64
+ box : centos-59-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
+ hypervisor : vagrant
--- /dev/null
+HOSTS:
+ centos-64-x64:
+ roles:
+ - master
+ platform: el-6-i386
+ box : centos-64-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
+ hypervisor : vagrant
--- /dev/null
+centos-64-x64.yml
\ No newline at end of file
--- /dev/null
+HOSTS:
+ ubuntu-server-12042-x64:
+ roles:
+ - master
+ platform: ubuntu-server-12.04-amd64
+ box : ubuntu-server-12042-x64-vbox4210-nocm
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
+ hypervisor : vagrant
-require 'spec_helper_system'
+require 'spec_helper_acceptance'
describe "param based tests:" do
# Takes a hash and converts it into a firewall resource
firewall { '#{name}':
EOS
- params.each do |k,v|
+ params.each do |k,v|
pm += <<-EOS
#{k} => #{v},
EOS
it 'test various params' do
iptables_flush_all_tables
- facts = node.facts
-
- unless (facts['operatingsystem'] == 'CentOS') && \
- facts['operatingsystemrelease'] =~ /^5\./ then
+ unless (fact('operatingsystem') == 'CentOS') && \
+ fact('operatingsystemrelease') =~ /^5\./ then
ppm = pp({
'table' => "'raw'",
'log_level' => 'debug',
})
- puppet_apply(ppm) do |r|
- r.exit_code.should == 2
- r.stderr.should be_empty
- r.refresh
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
end
'jump' => 'LOG',
'log_level' => 'debug',
})
- puppet_apply(ppm) do |r|
- r.exit_code.should == 2
- r.stderr.should be_empty
- r.refresh
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
it 'test log rule - changing names' do
'log_prefix' => '"IPTABLES dropped invalid: "',
})
- puppet_apply(ppm1) do |r|
- r.stderr.should be_empty
- r.exit_code.should == 2
- end
+ expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to eq(2)
ppm = <<-EOS + "\n" + ppm2
resources { 'firewall':
purge => true,
}
EOS
- puppet_apply(ppm) do |r|
- r.stderr.should be_empty
- r.exit_code.should == 2
- end
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
end
it 'test log rule - idempotent' do
'log_prefix' => '"IPTABLES dropped invalid: "',
})
- puppet_apply(ppm1) do |r|
- r.exit_code.should == 2
- r.stderr.should be_empty
- r.refresh
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
+ expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to eq(2)
+ expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to be_zero
end
it 'test src_range rule' do
'action' => 'drop',
'src_range' => '"10.0.0.1-10.0.0.10"',
})
- puppet_apply(ppm) do |r|
- r.exit_code.should == 2
- r.stderr.should be_empty
- r.refresh
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
it 'test dst_range rule' do
'action' => 'drop',
'dst_range' => '"10.0.0.2-10.0.0.20"',
})
- puppet_apply(ppm) do |r|
- r.exit_code.should == 2
- r.stderr.should be_empty
- r.refresh
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
end
end
--- /dev/null
+require 'spec_helper_acceptance'
+
+describe "purge tests:" do
+ before(:all) do
+ iptables_flush_all_tables
+
+ shell('/sbin/iptables -A INPUT -s 1.2.1.2')
+ shell('/sbin/iptables -A INPUT -s 1.2.1.2')
+ end
+
+ it 'make sure duplicate existing rules get purged' do
+
+ pp = <<-EOS
+ class { 'firewall': }
+ resources { 'firewall':
+ purge => true,
+ }
+ EOS
+
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to eq(2)
+ end
+
+ it 'saves' do
+ shell('/sbin/iptables-save') do |r|
+ r.stdout.should_not =~ /1\.2\.1\.2/
+ r.stderr.should be_empty
+ end
+ end
+
+end
-require 'spec_helper_system'
+require 'spec_helper_acceptance'
# Here we want to test the the resource commands ability to work with different
# existing ruleset scenarios. This will give the parsing capabilities of the
# code a good work out.
describe 'puppet resource firewall command:' do
context 'make sure it returns no errors when executed on a clean machine' do
- context puppet_resource('firewall') do
- its(:exit_code) { should be_zero }
- # don't check stdout, some boxes come with rules, that is normal
- its(:stderr) { should be_empty }
+ it do
+ shell('puppet resource firewall') do |r|
+ r.exit_code.should be_zero
+ # don't check stdout, some boxes come with rules, that is normal
+ r.stderr.should be_empty
+ end
end
end
context 'flush iptables and make sure it returns nothing afterwards' do
- before :all do
+ before(:all) do
iptables_flush_all_tables
end
# No rules, means no output thanks. And no errors as well.
- context puppet_resource('firewall') do
- its(:exit_code) { should be_zero }
- its(:stderr) { should be_empty }
- its(:stdout) { should == "\n" }
+ it do
+ shell('puppet resource firewall') do |r|
+ r.exit_code.should be_zero
+ r.stderr.should be_empty
+ r.stdout.should == "\n"
+ end
end
end
context 'accepts rules without comments' do
- before :all do
+ before(:all) do
iptables_flush_all_tables
shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80')
end
- context puppet_resource('firewall') do |r|
- its(:exit_code) { should be_zero }
- # don't check stdout, testing preexisting rules, output is normal
- its(:stderr) { should be_empty }
+ it do
+ shell('puppet resource firewall') do |r|
+ r.exit_code.should be_zero
+ # don't check stdout, testing preexisting rules, output is normal
+ r.stderr.should be_empty
+ end
end
end
context 'accepts rules with invalid comments' do
- before :all do
+ before(:all) do
iptables_flush_all_tables
shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http"')
end
- context puppet_resource('firewall') do
- its(:exit_code) { should be_zero }
- # don't check stdout, testing preexisting rules, output is normal
- its(:stderr) { should be_empty }
+ it do
+ shell('puppet resource firewall') do |r|
+ r.exit_code.should be_zero
+ # don't check stdout, testing preexisting rules, output is normal
+ r.stderr.should be_empty
+ end
end
end
end
-require 'spec_helper_system'
+require 'spec_helper_acceptance'
# Some tests for the standard recommended usage
describe 'standard usage tests:' do
- context 'standard 1' do
+ it 'applies twice' do
pp = <<-EOS
class my_fw::pre {
Firewall {
}
EOS
- context puppet_apply(pp) do
- its(:stderr) { should be_empty }
- its(:exit_code) { should_not == 1 }
- its(:refresh) { should be_nil }
- its(:stderr) { should be_empty }
- its(:exit_code) { should be_zero }
- end
+ # Run it twice and test for idempotency
+ apply_manifest(pp, :catch_failures => true)
+ expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
end
end
--- /dev/null
+require 'beaker-rspec'
+
+def iptables_flush_all_tables
+ ['filter', 'nat', 'mangle', 'raw'].each do |t|
+ shell "/sbin/iptables -t #{t} -F" do |r|
+ r.stderr.should be_empty
+ r.exit_code.should be_zero
+ end
+ end
+end
+
+hosts.each do |host|
+ # Install Puppet
+ install_package host, 'rubygems'
+ on host, 'gem install puppet --no-ri --no-rdoc'
+ on host, "mkdir -p #{host['distmoduledir']}"
+end
+
+RSpec.configure do |c|
+ # Project root
+ proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
+
+ # Readable test descriptions
+ c.formatter = :documentation
+
+ # Configure all nodes in nodeset
+ c.before :suite do
+ # Install module and dependencies
+ puppet_module_install(:source => proj_root, :module_name => 'firewall')
+ hosts.each do |host|
+ shell('/bin/touch /etc/puppet/hiera.yaml')
+ shell('puppet module install puppetlabs-stdlib --version 3.2.0', { :acceptable_exit_codes => [0,1] })
+ end
+ end
+end
+++ /dev/null
-# This helper file is specific to the system tests for puppetlabs-firewall
-# and should be included by all tests under spec/system
-require 'rspec-system/spec_helper'
-require 'rspec-system-puppet/helpers'
-
-# Just some helpers specific to this module
-module LocalHelpers
- # This helper flushes all tables on the default machine.
- #
- # It checks that the flush command returns with no errors.
- #
- # @return [void]
- # @todo Need to optionally do the newer tables
- # @example
- # it 'should flush tables' do
- # iptables_flush_all_tables
- # end
- def iptables_flush_all_tables
- ['filter', 'nat', 'mangle', 'raw'].each do |t|
- shell "/sbin/iptables -t #{t} -F" do |r|
- r.stderr.should be_empty
- r.exit_code.should be_zero
- end
- end
- end
-end
-
-include RSpecSystemPuppet::Helpers
-
-RSpec.configure do |c|
- # Project root for the firewall code
- proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
-
- # Enable colour in Jenkins
- c.tty = true
-
- # Import in our local helpers
- c.include ::LocalHelpers
-
- # This is where we 'setup' the nodes before running our tests
- c.before :suite do
- # Install puppet
- puppet_install
-
- # Copy this module into the module path of the test node
- puppet_module_install(:source => proj_root, :module_name => 'firewall')
- end
-end
+++ /dev/null
-require 'spec_helper_system'
-
-# Here we put the more basic fundamental tests, ultra obvious stuff.
-describe "basic tests:" do
- context 'make sure we have copied the module across' do
- # No point diagnosing any more if the module wasn't copied properly
- context shell 'ls /etc/puppet/modules/firewall' do
- its(:stdout) { should =~ /Modulefile/ }
- its(:stderr) { should be_empty }
- its(:exit_code) { should be_zero }
- end
- end
-end
+++ /dev/null
-require 'spec_helper_system'
-
-describe "firewall class:" do
- context 'should run successfully' do
- pp = "class { 'firewall': }"
-
- context puppet_apply(pp) do
- its(:stderr) { should be_empty }
- its(:exit_code) { should_not == 1 }
- its(:refresh) { should be_nil }
- its(:stderr) { should be_empty }
- its(:exit_code) { should be_zero }
- end
- end
-
- context 'ensure => stopped:' do
- pp = "class { 'firewall': ensure => stopped }"
-
- context puppet_apply(pp) do
- its(:stderr) { should be_empty }
- its(:exit_code) { should_not == 1 }
- its(:refresh) { should be_nil }
- its(:stderr) { should be_empty }
- its(:exit_code) { should be_zero }
- end
- end
-
- context 'ensure => running:' do
- pp = "class { 'firewall': ensure => running }"
-
- context puppet_apply(pp) do |r|
- its(:stderr) { should be_empty }
- its(:exit_code) { should_not == 1 }
- its(:refresh) { should be_nil }
- its(:stderr) { should be_empty }
- its(:exit_code) { should be_zero }
- end
- end
-end
+++ /dev/null
-require 'spec_helper_system'
-
-describe "purge tests:" do
- context 'make sure duplicate existing rules get purged' do
- before :all do
- iptables_flush_all_tables
-
- shell('/sbin/iptables -A INPUT -s 1.2.1.2')
- shell('/sbin/iptables -A INPUT -s 1.2.1.2')
- end
-
- pp = <<-EOS
-class { 'firewall': }
-resources { 'firewall':
- purge => true,
-}
- EOS
-
- context puppet_apply(pp) do
- its(:stderr) { should be_empty }
- its(:exit_code) { should == 2 }
- end
-
- context shell('/sbin/iptables-save') do
- its(:stdout) { should_not =~ /1\.2\.1\.2/ }
- its(:stderr) { should be_empty }
- end
- end
-end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff