]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: f930685)
Add additional firewallchain{} tests.
authorAshley Penney <ashley.penney@puppetlabs.com>
Wed, 15 Jan 2014 18:50:10 +0000 (13:50 -0500)
committerAshley Penney <ashley.penney@puppetlabs.com>
Wed, 15 Jan 2014 18:50:10 +0000 (13:50 -0500)
spec/acceptance/firewallchain_spec.rb patch | blob | history

diff --git a/spec/acceptance/firewallchain_spec.rb b/spec/acceptance/firewallchain_spec.rb
index 679c0bf398e4952b95fbc9593b4c542b02857145..cd6d6b8c8604c417b94dfea71d2fef590933e75e 100644 (file)
--- a/spec/acceptance/firewallchain_spec.rb
+++ b/spec/acceptance/firewallchain_spec.rb
@@ -4,22 +4,52 @@ describe 'puppet resource firewallchain command:' do
   before :all do
     iptables_flush_all_tables
   end
-  context 'creating firewall chains:' do
-    it 'applies cleanly' do
-      pp = <<-EOS
-        firewallchain { 'MY_CHAIN:filter:IPv4':
-          ensure  => present,
-        }
-      EOS
-      # Run it twice and test for idempotency
-      apply_manifest(pp, :catch_failures => true)
-      expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+  describe 'ensure' do
+    context 'present' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'MY_CHAIN:filter:IPv4':
+            ensure  => present,
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'finds the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to match(/-N MY_CHAIN/)
+        end
+      end
+    end
+
+    context 'absent' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'MY_CHAIN:filter:IPv4':
+            ensure  => absent,
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'fails to find the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to_not match(/-N MY_CHAIN/)
+        end
+      end
     end
   end
 
   context 'adding a firewall rule to a chain:' do
     it 'applies cleanly' do
       pp = <<-EOS
+        firewallchain { 'MY_CHAIN:filter:IPv4':
+          ensure  => present,
+        }
         firewall { '100 my rule':
           chain   => 'MY_CHAIN',
           action  => 'accept',
@@ -71,4 +101,26 @@ describe 'puppet resource firewallchain command:' do
       expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
     end
   end
+
+  describe 'policy' do
+    context 'DROP' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'FORWARD:filter:IPv4':
+            policy  => 'drop',
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'finds the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to match(/-P FORWARD DROP/)
+        end
+      end
+    end
+  end
+
 end