1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
|
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for tripleo
#
require 'spec_helper'
describe 'tripleo::firewall' do
let :params do
{ }
end
shared_examples_for 'tripleo node' do
context 'with firewall enabled' do
before :each do
params.merge!(
:manage_firewall => true,
)
end
it 'configure basic pre firewall rules' do
is_expected.to contain_firewall('000 accept related established rules').with(
:proto => 'all',
:state => ['RELATED', 'ESTABLISHED'],
:action => 'accept',
)
is_expected.to contain_firewall('001 accept all icmp').with(
:proto => 'icmp',
:action => 'accept',
:state => ['NEW'],
)
is_expected.to contain_firewall('002 accept all to lo interface').with(
:proto => 'all',
:iniface => 'lo',
:action => 'accept',
:state => ['NEW'],
)
is_expected.to contain_firewall('003 accept ssh').with(
:port => '22',
:proto => 'tcp',
:action => 'accept',
:state => ['NEW'],
)
end
it 'configure basic post firewall rules' do
is_expected.to contain_firewall('999 drop all').with(
:proto => 'all',
:action => 'drop',
:source => '0.0.0.0/0',
)
end
end
context 'with custom firewall rules' do
before :each do
params.merge!(
:manage_firewall => true,
:firewall_rules => {
'300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
'301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
'302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}
}
)
end
it 'configure custom firewall rules' do
is_expected.to contain_firewall('300 add custom application 1').with(
:port => '999',
:proto => 'udp',
:action => 'accept',
:state => ['NEW'],
)
is_expected.to contain_firewall('301 add custom application 2').with(
:port => '8081',
:proto => 'tcp',
:action => 'accept',
:state => ['NEW'],
)
is_expected.to contain_firewall('302 fwd custom cidr 1').with(
:chain => 'FORWARD',
:destination => '192.0.2.0/24',
)
end
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian' }
end
it_configures 'tripleo node'
end
context 'on RedHat platforms' do
let :facts do
{
:osfamily => 'RedHat',
:operatingsystemrelease => '7.1',
}
end
it_configures 'tripleo node'
end
end
|
