From 5bae28628f141ff00e9e36d6c072fa34b2d9796d Mon Sep 17 00:00:00 2001 From: tphoney Date: Fri, 22 Feb 2019 11:43:10 +0000 Subject: [PATCH] remove all fact calls, use serverspec --- spec/acceptance/bytecode_spec.rb | 6 +-- .../firewall_attributes_exceptions_spec.rb | 49 ++++++++++++------- spec/acceptance/hashlimit_spec.rb | 2 +- spec/acceptance/resource_cmd_spec.rb | 4 +- spec/acceptance/socket_spec.rb | 2 +- 5 files changed, 39 insertions(+), 24 deletions(-) diff --git a/spec/acceptance/bytecode_spec.rb b/spec/acceptance/bytecode_spec.rb index 6a5df95..3593fc1 100644 --- a/spec/acceptance/bytecode_spec.rb +++ b/spec/acceptance/bytecode_spec.rb @@ -2,9 +2,9 @@ require 'spec_helper_acceptance' # --bytecode is only supported by operatingsystems using nftables (in general Linux kernel 3.13, RedHat 7 (and derivates) with 3.10) # Skipping those from which we know they would fail. -describe 'bytecode property', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') < '7') || - (fact('operatingsystem') == 'OracleLinux' && fact('operatingsystemmajrelease') <= '7') || - (fact('operatingsystem') == 'SLES' && fact('operatingsystemmajrelease') <= '11') do +describe 'bytecode property', unless: (os[:family] == 'redhat' && os[:release][0] <= '6') || + (os[:family] == 'sles' && os[:release][0..1] <= '11') || + (host_inventory['facter']['os']['name'].casecmp('oraclelinux').zero? && os[:release][0] <= '7') do describe 'bytecode' do context '4,48 0 0 9,21 0 1 6,6 0 0 1,6 0 0 0' do pp = <<-PUPPETCODE diff --git a/spec/acceptance/firewall_attributes_exceptions_spec.rb b/spec/acceptance/firewall_attributes_exceptions_spec.rb index c9834f2..2eff413 100644 --- a/spec/acceptance/firewall_attributes_exceptions_spec.rb +++ b/spec/acceptance/firewall_attributes_exceptions_spec.rb @@ -139,7 +139,7 @@ describe 'firewall basics', docker: true do ['dst_type', 'src_type'].each do |type| describe type.to_s do - context 'when LOCAL --limit-iface-in', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when LOCAL --limit-iface-in', unless: (os[:family] == 'redhat' && os[:release].start_with?('5')) do pp97 = <<-PUPPETCODE class { '::firewall': } firewall { '613 - test': @@ -159,7 +159,7 @@ describe 'firewall basics', docker: true do end end - context 'when LOCAL --limit-iface-in fail', if: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when LOCAL --limit-iface-in fail', if: (os[:family] == 'redhat' && os[:release].start_with?('5')) do pp98 = <<-PUPPETCODE class { '::firewall': } firewall { '614 - test': @@ -181,7 +181,7 @@ describe 'firewall basics', docker: true do end end - context 'when duplicated LOCAL', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when duplicated LOCAL', unless: (os[:family] == 'redhat' && os[:release].start_with?('5')) do pp99 = <<-PUPPETCODE class { '::firewall': } firewall { '615 - test': @@ -203,7 +203,7 @@ describe 'firewall basics', docker: true do end end - context 'when multiple addrtype', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when multiple addrtype', unless: (os[:family] == 'redhat' && os[:release].start_with?('5')) do pp100 = <<-PUPPETCODE class { '::firewall': } firewall { '616 - test': @@ -223,7 +223,7 @@ describe 'firewall basics', docker: true do end end - context 'when multiple addrtype fail', if: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when multiple addrtype fail', if: (os[:family] == 'redhat' && os[:release].start_with?('5')) do pp101 = <<-PUPPETCODE class { '::firewall': } firewall { '616 - test': @@ -823,7 +823,9 @@ describe 'firewall basics', docker: true do it 'contains the rule' do shell('ip6tables-save') do |r| - expect(r.stdout).to match(%r{-A OUTPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir out --pol ipsec -m comment --comment "607 - test" -j REJECT --reject-with icmp6-adm-prohibited}) # rubocop:disable Metrics/LineLength : Cannot reduce line to required length + expect(r.stdout).to match( + %r{-A OUTPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir out --pol ipsec -m comment --comment "607 - test" -j REJECT --reject-with icmp6-adm-prohibited}, # rubocop:disable Metrics/LineLength + ) end end end @@ -850,7 +852,9 @@ describe 'firewall basics', docker: true do it 'contains the rule' do shell('ip6tables-save') do |r| - expect(r.stdout).to match(%r{-A OUTPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir out --pol none -m comment --comment "608 - test" -j REJECT --reject-with icmp6-adm-prohibited}) # rubocop:disable Metrics/LineLength : Cannot reduce line to required length + expect(r.stdout).to match( + %r{-A OUTPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir out --pol none -m comment --comment "608 - test" -j REJECT --reject-with icmp6-adm-prohibited}, + ) end end end @@ -879,7 +883,9 @@ describe 'firewall basics', docker: true do it 'contains the rule' do shell('ip6tables-save') do |r| - expect(r.stdout).to match(%r{-A OUTPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir out --pol ipsec -m comment --comment "609 - test" -j REJECT --reject-with icmp6-adm-prohibited}) # rubocop:disable Metrics/LineLength : Cannot reduce line to required length + expect(r.stdout).to match( + %r{-A OUTPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir out --pol ipsec -m comment --comment "609 - test" -j REJECT --reject-with icmp6-adm-prohibited}, # rubocop:disable Metrics/LineLength + ) end end end @@ -906,7 +912,9 @@ describe 'firewall basics', docker: true do it 'contains the rule' do shell('ip6tables-save') do |r| - expect(r.stdout).to match(%r{-A INPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir in --pol none -m comment --comment "610 - test" -j REJECT --reject-with icmp6-adm-prohibited}) # rubocop:disable Metrics/LineLength : Cannot reduce line to required length + expect(r.stdout).to match( + %r{-A INPUT -d 2001:db8::1\/(128|ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff) -m policy --dir in --pol none -m comment --comment "610 - test" -j REJECT --reject-with icmp6-adm-prohibited}, + ) end end end @@ -1067,7 +1075,8 @@ describe 'firewall basics', docker: true do end end - context 'when LOCAL --limit-iface-in', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when LOCAL --limit-iface-in', unless: (os[:family] == 'redhat' && os[:release].start_with?('5') + ) do pp102 = <<-PUPPETCODE class { '::firewall': } firewall { '617 - test': @@ -1087,7 +1096,8 @@ describe 'firewall basics', docker: true do end end - context 'when LOCAL --limit-iface-in fail', if: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when LOCAL --limit-iface-in fail', if: (os[:family] == 'redhat' && os[:release].start_with?('5') + ) do pp103 = <<-PUPPETCODE class { '::firewall': } firewall { '618 - test': @@ -1109,7 +1119,8 @@ describe 'firewall basics', docker: true do end end - context 'when duplicated LOCAL', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when duplicated LOCAL', unless: (os[:family] == 'redhat' && os[:release].start_with?('5') + ) do pp104 = <<-PUPPETCODE class { '::firewall': } firewall { '619 - test': @@ -1132,7 +1143,8 @@ describe 'firewall basics', docker: true do end end - context 'when multiple addrtype', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when multiple addrtype', unless: (os[:family] == 'redhat' && os[:release].start_with?('5') + ) do pp105 = <<-PUPPETCODE class { '::firewall': } firewall { '620 - test': @@ -1153,7 +1165,8 @@ describe 'firewall basics', docker: true do end end - context 'when multiple addrtype fail', if: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when multiple addrtype fail', if: (os[:family] == 'redhat' && os[:release].start_with?('5') + ) do pp106 = <<-PUPPETCODE class { '::firewall': } firewall { '616 - test': @@ -1211,7 +1224,7 @@ describe 'firewall basics', docker: true do end # RHEL5/SLES does not support -m socket - describe 'socket', unless: (default['platform'] =~ %r{el-5} || fact('operatingsystem') == 'SLES') do + describe 'socket', unless: (default['platform'] =~ %r{el-5} || os[:family] == 'sles') do context 'when true' do pp78 = <<-PUPPETCODE class { '::firewall': } @@ -1311,7 +1324,9 @@ describe 'firewall basics', docker: true do it 'contains the rule' do shell('iptables-save') do |r| - expect(r.stdout).to match(%r{-A INPUT -d 30.0.0.0\/(8|255\.0\.0\.0) -m recent --rcheck --seconds 60 --hitcount 5 --rttl --name list1 (--mask 255.255.255.255 )?--rsource -m comment --comment "598 - test"}) # rubocop:disable Metrics/LineLength : Cannot reduce line to required length + expect(r.stdout).to match( + %r{-A INPUT -d 30.0.0.0\/(8|255\.0\.0\.0) -m recent --rcheck --seconds 60 --hitcount 5 --rttl --name list1 (--mask 255.255.255.255 )?--rsource -m comment --comment "598 - test"}, + ) end end end @@ -1379,7 +1394,7 @@ describe 'firewall basics', docker: true do end it 'contains the rule' do shell('iptables-save') do |r| - if (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') == '5') || (default['platform'] =~ %r{sles-10}) + if os[:family] == 'redhat' && os[:release].start_with?('5') || (default['platform'] =~ %r{sles-10}) expect(r.stdout).to match(%r{-A INPUT -s 10.1.5.28 -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"}) else expect(r.stdout).to match(%r{-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"}) diff --git a/spec/acceptance/hashlimit_spec.rb b/spec/acceptance/hashlimit_spec.rb index cd9eca0..f380bba 100644 --- a/spec/acceptance/hashlimit_spec.rb +++ b/spec/acceptance/hashlimit_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' -describe 'hashlimit property', if: fact('operatingsystemmajrelease') != '5' && (fact('operatingsystem') != 'Scientific' || fact('operatingsystem') != 'RedHat') do +describe 'hashlimit property', unless: ((os[:family] == 'redhat' && os[:release][0] <= '5')) do before :all do iptables_flush_all_tables ip6tables_flush_all_tables diff --git a/spec/acceptance/resource_cmd_spec.rb b/spec/acceptance/resource_cmd_spec.rb index 7dca994..2ee0469 100644 --- a/spec/acceptance/resource_cmd_spec.rb +++ b/spec/acceptance/resource_cmd_spec.rb @@ -64,7 +64,7 @@ describe 'puppet resource firewall command' do end end - context 'when accepts rules with multiple comments', unless: (fact('osfamily') == 'RedHat' && fact('operatingsystemmajrelease') <= '5') do + context 'when accepts rules with multiple comments', unless: (os[:family] == 'redhat' && os[:release].start_with?('5')) do before(:all) do iptables_flush_all_tables shell('iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http" -m comment --comment "http"') @@ -186,7 +186,7 @@ describe 'puppet resource firewall command' do if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles-10} context 'when dport/sport with ip6tables' do before :all do - if fact('osfamily') == 'Debian' + if os['family'] == 'debian' shell('echo "iptables-persistent iptables-persistent/autosave_v4 boolean false" | debconf-set-selections') shell('echo "iptables-persistent iptables-persistent/autosave_v6 boolean false" | debconf-set-selections') shell('apt-get install iptables-persistent -y') diff --git a/spec/acceptance/socket_spec.rb b/spec/acceptance/socket_spec.rb index 77ee252..08b9812 100644 --- a/spec/acceptance/socket_spec.rb +++ b/spec/acceptance/socket_spec.rb @@ -1,7 +1,7 @@ require 'spec_helper_acceptance' # RHEL5 does not support -m socket -describe 'firewall socket property', unless: default['platform'] =~ %r{el-5} || fact('operatingsystem') == 'SLES' do +describe 'firewall socket property', unless: default['platform'] =~ %r{el-5} || os[:family] == 'sles' do before :all do iptables_flush_all_tables ip6tables_flush_all_tables -- 2.45.2