From: Ashley Penney <ashley.penney@puppetlabs.com>
Date: Wed, 15 Jan 2014 18:50:10 +0000 (-0500)
Subject: Add additional firewallchain{} tests.
X-Git-Tag: 0.5.0~15^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=d713ea345e413604661bc21978ecdac14bebc2b0;p=puppet-modules%2Fpuppetlabs-firewall.git

Add additional firewallchain{} tests.
---

diff --git a/spec/acceptance/firewallchain_spec.rb b/spec/acceptance/firewallchain_spec.rb
index 679c0bf..cd6d6b8 100644
--- a/spec/acceptance/firewallchain_spec.rb
+++ b/spec/acceptance/firewallchain_spec.rb
@@ -4,22 +4,52 @@ describe 'puppet resource firewallchain command:' do
   before :all do
     iptables_flush_all_tables
   end
-  context 'creating firewall chains:' do
-    it 'applies cleanly' do
-      pp = <<-EOS
-        firewallchain { 'MY_CHAIN:filter:IPv4':
-          ensure  => present,
-        }
-      EOS
-      # Run it twice and test for idempotency
-      apply_manifest(pp, :catch_failures => true)
-      expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+  describe 'ensure' do
+    context 'present' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'MY_CHAIN:filter:IPv4':
+            ensure  => present,
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'finds the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to match(/-N MY_CHAIN/)
+        end
+      end
+    end
+
+    context 'absent' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'MY_CHAIN:filter:IPv4':
+            ensure  => absent,
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'fails to find the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to_not match(/-N MY_CHAIN/)
+        end
+      end
     end
   end
 
   context 'adding a firewall rule to a chain:' do
     it 'applies cleanly' do
       pp = <<-EOS
+        firewallchain { 'MY_CHAIN:filter:IPv4':
+          ensure  => present,
+        }
         firewall { '100 my rule':
           chain   => 'MY_CHAIN',
           action  => 'accept',
@@ -71,4 +101,26 @@ describe 'puppet resource firewallchain command:' do
       expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
     end
   end
+
+  describe 'policy' do
+    context 'DROP' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'FORWARD:filter:IPv4':
+            policy  => 'drop',
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'finds the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to match(/-P FORWARD DROP/)
+        end
+      end
+    end
+  end
+
 end