Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #62 from chef-cookbooks/lcg/fix-delayed-notification
fix so rebuild-iptables only runs once
- Loading branch information
Showing
7 changed files
with
115 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| include_recipe 'iptables::default' | ||
|
|
||
| iptables_rule 'sshd' do | ||
| lines '-A FWR -p tcp -m tcp --dport 22 -j ACCEPT' | ||
| end | ||
|
|
||
| nested 'httpd' do | ||
| lines '-A FWR -p tcp -m tcp --dport 80 -j ACCEPT' | ||
| end | ||
|
|
||
| doubly_nested 'https' do | ||
| lines '-A FWR -p tcp -m tcp --dport 443 -j ACCEPT' | ||
| end |
19 changes: 19 additions & 0 deletions
19
test/fixtures/cookbooks/iptables_test/resources/doubly_nested.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| provides :doubly_nested | ||
| resource_name :doubly_nested | ||
|
|
||
| property :name, kind_of: String, name_attribute: true | ||
| property :source, kind_of: String, default: nil | ||
| property :cookbook, kind_of: String, default: nil | ||
| property :variables, kind_of: Hash, default: {} | ||
| property :lines, kind_of: String, default: nil | ||
|
|
||
| default_action :doit | ||
|
|
||
| action :doit do | ||
| nested new_resource.name do | ||
| source new_resource.source | ||
| cookbook new_resource.cookbook | ||
| variables new_resource.variables | ||
| lines new_resource.lines | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| provides :nested | ||
| resource_name :nested | ||
|
|
||
| property :name, kind_of: String, name_attribute: true | ||
| property :source, kind_of: String, default: nil | ||
| property :cookbook, kind_of: String, default: nil | ||
| property :variables, kind_of: Hash, default: {} | ||
| property :lines, kind_of: String, default: nil | ||
|
|
||
| default_action :doit | ||
|
|
||
| action :doit do | ||
| iptables_rule new_resource.name do | ||
| source new_resource.source | ||
| cookbook new_resource.cookbook | ||
| variables new_resource.variables | ||
| lines new_resource.lines | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,28 @@ | ||
| require 'serverspec' | ||
|
|
||
| set :backend, :exec | ||
|
|
||
| # the disable recipe will delete this, but the install should add it back | ||
| describe file('/etc/iptables.d') do | ||
| it { should be_directory } | ||
| end | ||
|
|
||
| describe file('/usr/sbin/rebuild-iptables') do | ||
| it { should exist } | ||
| end | ||
|
|
||
| if %w(debian ubuntu).include?(os[:family]) | ||
| describe file('/etc/network/if-pre-up.d/iptables_load') do | ||
| it { should exist } | ||
| end | ||
| end | ||
|
|
||
| if %w(redhat fedora).include?(os[:family]) | ||
| describe file('/etc/sysconfig/iptables-config') do | ||
| its(:content) { should match(/IPTABLES_STATUS_VERBOSE="yes"/) } | ||
| end | ||
|
|
||
| describe file('/etc/sysconfig/ip6tables-config') do | ||
| its(:content) { should match(/IPTABLES_STATUS_VERBOSE="yes"/) } | ||
| end | ||
| end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| require 'serverspec' | ||
|
|
||
| set :backend, :exec | ||
|
|
||
| describe iptables do | ||
| it { should have_rule('-A FWR -p tcp -m tcp --dport 22 -j ACCEPT') } | ||
| it { should have_rule('-A FWR -p tcp -m tcp --dport 80 -j ACCEPT') } | ||
| it { should have_rule('-A FWR -p tcp -m tcp --dport 443 -j ACCEPT') } | ||
| end | ||
|
|
||
| %w(sshd httpd https).each do |file| | ||
| describe file("/etc/iptables.d/#{file}") do | ||
| it { should exist } | ||
| end | ||
| end |