From d713ea345e413604661bc21978ecdac14bebc2b0 Mon Sep 17 00:00:00 2001
From: Ashley Penney <ashley.penney@puppetlabs.com>
Date: Wed, 15 Jan 2014 13:50:10 -0500
Subject: [PATCH] Add additional firewallchain{} tests.

---
 spec/acceptance/firewallchain_spec.rb | 72 +++++++++++++++++++++++----
 1 file changed, 62 insertions(+), 10 deletions(-)

diff --git a/spec/acceptance/firewallchain_spec.rb b/spec/acceptance/firewallchain_spec.rb
index 679c0bf..cd6d6b8 100644
--- a/spec/acceptance/firewallchain_spec.rb
+++ b/spec/acceptance/firewallchain_spec.rb
@@ -4,22 +4,52 @@ describe 'puppet resource firewallchain command:' do
   before :all do
     iptables_flush_all_tables
   end
-  context 'creating firewall chains:' do
-    it 'applies cleanly' do
-      pp = <<-EOS
-        firewallchain { 'MY_CHAIN:filter:IPv4':
-          ensure  => present,
-        }
-      EOS
-      # Run it twice and test for idempotency
-      apply_manifest(pp, :catch_failures => true)
-      expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+  describe 'ensure' do
+    context 'present' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'MY_CHAIN:filter:IPv4':
+            ensure  => present,
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'finds the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to match(/-N MY_CHAIN/)
+        end
+      end
+    end
+
+    context 'absent' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'MY_CHAIN:filter:IPv4':
+            ensure  => absent,
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'fails to find the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to_not match(/-N MY_CHAIN/)
+        end
+      end
     end
   end
 
   context 'adding a firewall rule to a chain:' do
     it 'applies cleanly' do
       pp = <<-EOS
+        firewallchain { 'MY_CHAIN:filter:IPv4':
+          ensure  => present,
+        }
         firewall { '100 my rule':
           chain   => 'MY_CHAIN',
           action  => 'accept',
@@ -71,4 +101,26 @@ describe 'puppet resource firewallchain command:' do
       expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
     end
   end
+
+  describe 'policy' do
+    context 'DROP' do
+      it 'applies cleanly' do
+        pp = <<-EOS
+          firewallchain { 'FORWARD:filter:IPv4':
+            policy  => 'drop',
+          }
+        EOS
+        # Run it twice and test for idempotency
+        apply_manifest(pp, :catch_failures => true)
+        expect(apply_manifest(pp, :catch_failures => true).exit_code).to be_zero
+      end
+
+      it 'finds the chain' do
+        shell('iptables -S') do |r|
+          expect(r.stdout).to match(/-P FORWARD DROP/)
+        end
+      end
+    end
+  end
+
 end
-- 
2.45.2