diff options
| author | Fabien COMBERNOUS <fabien.combernous@adullact.org> | 2019-09-06 14:57:21 +0200 |
|---|---|---|
| committer | Fabien COMBERNOUS <fabien.combernous@adullact.org> | 2019-09-09 17:21:35 +0200 |
| commit | 2fc602af79b0b18fef1fab4a34134741ff35e10f (patch) | |
| tree | 8cc5198a4e729299607e3a05533bf504054446e5 | |
| parent | 9977d646447822942d7a31b8bd95e290a6fb1c43 (diff) | |
| download | puppet-ferm-2fc602af79b0b18fef1fab4a34134741ff35e10f.tar.gz puppet-ferm-2fc602af79b0b18fef1fab4a34134741ff35e10f.tar.bz2 | |
enable acceptance
| -rw-r--r-- | spec/acceptance/ferm_spec.rb | 60 | ||||
| -rw-r--r-- | spec/spec_helper_acceptance.rb | 22 |
2 files changed, 82 insertions, 0 deletions
diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb new file mode 100644 index 0000000..1b0f794 --- /dev/null +++ b/spec/acceptance/ferm_spec.rb @@ -0,0 +1,60 @@ +require 'spec_helper_acceptance' + +os_name = fact('os.name') +os_release = fact('os.release.major') + +sut_os = "#{os_name}-#{os_release}" + +manage_initfile = case sut_os + when 'CentOS-6' + true + else + false + end + +describe 'ferm' do + context 'with basics settings' do + pp = %( + class { 'ferm': + manage_service => true, + manage_configfile => true, + manage_initfile => #{manage_initfile}, # CentOS-6 does not provide init script + forward_policy => 'DROP', + output_policy => 'DROP', + input_policy => 'DROP', + rules => { + 'allow acceptance_tests' => { + chain => 'INPUT', + policy => 'ACCEPT', + proto => tcp, + dport => 22, + }, + }, + ip_versions => ['ip'], #only ipv4 available with CI + } + ) + + it 'works with no error' do + apply_manifest(pp, catch_failures: true) + end + it 'works idempotently' do + apply_manifest(pp, catch_changes: true) + end + + describe package('ferm') do + it { is_expected.to be_installed } + end + + describe service('ferm') do + it { is_expected.to be_running } + end + + describe command('iptables-save') do + its(:stdout) { is_expected.to match %r{.*filter.*:INPUT DROP.*:FORWARD DROP.*:OUTPUT DROP.*}m } + end + + describe iptables do + it { is_expected.to have_rule('-A INPUT -p tcp -m comment --comment "allow acceptance_tests" -m tcp --dport 22 -j ACCEPT').with_table('filter').with_chain('INPUT') } + end + end +end diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb new file mode 100644 index 0000000..50dadbe --- /dev/null +++ b/spec/spec_helper_acceptance.rb @@ -0,0 +1,22 @@ +require 'beaker-rspec' +require 'beaker-puppet' +require 'beaker/puppet_install_helper' +require 'beaker/module_install_helper' + +run_puppet_install_helper unless ENV['BEAKER_provision'] == 'no' +install_module +install_module_dependencies + +RSpec.configure do |c| + # Configure all nodes in nodeset + c.before :suite do + # ferm is into epel with RedHat like OSes + install_module_from_forge('stahnma-epel', '>= 1.3.1 < 2.0.0') if fact('os.family') == 'RedHat' + + pp = %( + include epel + ) + + apply_manifest(pp, catch_failures: true) if fact('os.family') == 'RedHat' + end +end |