From: Mike Bryant Date: Mon, 3 Feb 2014 16:26:43 +0000 (+0000) Subject: Add unit and acceptance tests for the recent iptables module X-Git-Tag: 0.5.0~8^2~1 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=acb5a0e1c0aff9f7864bcb95c13a2d0350090aef;p=puppet-modules%2Fpuppetlabs-firewall.git Add unit and acceptance tests for the recent iptables module --- diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb index 864fe01..c8c3ccd 100644 --- a/spec/acceptance/firewall_spec.rb +++ b/spec/acceptance/firewall_spec.rb @@ -1466,6 +1466,111 @@ describe 'firewall type' do end end + describe 'recent' do + context 'set' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '597 - test': + ensure => 'present', + chain => 'INPUT', + destination => '30.0.0.0/8', + proto => 'all', + table => 'filter', + recent => 'set', + rdest => true, + rname => 'list1', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables -S') do |r| + expect(r.stdout).to match(/-A INPUT -d 30.0.0.0\/8 -m comment --comment "597 - test" -m recent --set --name list1 --rdest/) + end + end + end + + context 'rcheck' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '598 - test': + ensure => 'present', + chain => 'INPUT', + destination => '30.0.0.0/8', + proto => 'all', + table => 'filter', + recent => 'rcheck', + rsource => true, + rname => 'list1', + rseconds => 60, + rhitcount => 5, + rttl => true, + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables -S') do |r| + expect(r.stdout).to match(/-A INPUT -d 30.0.0.0\/8 -m comment --comment "598 - test" -m recent --rcheck --seconds 60 --hitcount 5 --rttl --name list1 --rsource/) + end + end + end + + context 'update' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '599 - test': + ensure => 'present', + chain => 'INPUT', + destination => '30.0.0.0/8', + proto => 'all', + table => 'filter', + recent => 'update', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables -S') do |r| + expect(r.stdout).to match(/-A INPUT -d 30.0.0.0\/8 -m comment --comment "599 - test" -m recent --update/) + end + end + end + + context 'remove' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '600 - test': + ensure => 'present', + chain => 'INPUT', + destination => '30.0.0.0/8', + proto => 'all', + table => 'filter', + recent => 'remove', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables -S') do |r| + expect(r.stdout).to match(/-A INPUT -d 30.0.0.0\/8 -m comment --comment "600 - test" -m recent --remove/) + end + end + end + end + describe 'reset' do it 'deletes all rules' do shell('ip6tables --flush') diff --git a/spec/unit/puppet/type/firewall_spec.rb b/spec/unit/puppet/type/firewall_spec.rb index e9b6f46..afb6166 100755 --- a/spec/unit/puppet/type/firewall_spec.rb +++ b/spec/unit/puppet/type/firewall_spec.rb @@ -348,6 +348,15 @@ describe firewall do end end + describe ':recent' do + ['set', 'update', 'rcheck', 'remove'].each do |recent| + it "should accept recent value #{recent}" do + @resource[:recent] = recent + @resource[:recent].should == "--#{recent}" + end + end + end + describe ':action and :jump' do it 'should allow only 1 to be set at a time' do expect {