/
iptables_prov_spec.rb
136 lines (113 loc) · 4.55 KB
/
iptables_prov_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
require 'spec_helper'
describe 'iptables provider detection' do
before :each do
require 'puppet/provider/confine/exists'
@exists = Puppet::Provider::Confine::Exists
# Reset the default provider
Puppet::Type.type(:firewall).defaultprovider = nil
end
it "should default to iptables provider if /sbin/iptables[-save] exists" do
# Stub lookup for /sbin/iptables & /sbin/iptables-save
@exists.any_instance.stubs(:which).with("/sbin/iptables").
returns "/sbin/iptables"
@exists.any_instance.stubs(:which).with("/sbin/iptables-save").
returns "/sbin/iptables-save"
# Every other command should return false so we don't pick up any
# other providers
@exists.any_instance.stubs(:which).with() { |value|
! ["/sbin/iptables","/sbin/iptables-save"].include?(value)
}.returns false
# Create a resource instance and make sure the provider is iptables
resource = Puppet::Type.type(:firewall).new({
:name => '000 test foo',
})
resource.provider.class.to_s.should == "Puppet::Type::Firewall::ProviderIptables"
end
it "should raise a default provider error when there are no commands" do
# Stub all commands lookups so they return nothing
@exists.any_instance.stubs(:which).returns false
# Instantiate a resource instance and make sure it raises an exception
lambda { resource = Puppet::Type.type(:firewall).new({
:name => '000 test foo' }) }.should raise_error(Puppet::DevError,
"Could not find a default provider for firewall")
end
end
describe 'iptables provider' do
before :each do
@provider = Puppet::Type.type(:firewall).provider(:iptables)
Puppet::Type::Firewall.stubs(:defaultprovider).returns @provider
@provider.stubs(:command).with(:iptables_save).returns "/sbin/iptables-save"
@resource = Puppet::Type.type(:firewall).new({
:name => '000 test foo',
:chain => 'INPUT',
:jump => 'ACCEPT'
})
end
it 'should be able to get a list of existing rules' do
# Pretend to return nil from iptables
@provider.expects(:execute).with(['/sbin/iptables-save']).returns("")
@provider.instances.each do |rule|
rule.should be_instance_of(@provider)
rule.properties[:provider].to_s.should == @provider.name.to_s
end
end
describe 'when converting rules to resources' do
before :each do
@resource = @provider.rule_to_hash('-A INPUT -s 1.1.1.1 -d 1.1.1.1 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061,7062 -m comment --comment "000 allow foo" -j ACCEPT', 'filter', 0)
end
[:name, :table, :chain, :proto, :jump, :source, :destination].each do |param|
it "#{param} should be a string" do
@resource[param].class.should == String
end
end
[:dport, :sport].each do |param|
it "#{param} should be an array" do
@resource[param].class.should == Array
end
end
end
describe 'when converting rules without comments to resources' do
before :each do
@rule = '-A INPUT -s 1.1.1.1 -d 1.1.1.1 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061, 7062 -j ACCEPT'
@resource = @provider.rule_to_hash(@rule, 'filter', 0)
@instance = @provider.new(@resource)
end
it 'rule name contains a MD5 sum of the line' do
@resource[:name].should == "9999 #{Digest::MD5.hexdigest(@resource[:line])}"
end
end
describe 'when creating resources' do
before :each do
@instance = @provider.new(@resource)
@provider.expects(:execute).with(['/sbin/iptables-save']).returns("")
end
it 'insert_args should be an array' do
@instance.insert_args.class.should == Array
end
end
describe 'when modifying resources' do
before :each do
@instance = @provider.new(@resource)
@provider.expects(:execute).with(['/sbin/iptables-save']).returns ""
end
it 'update_args should be an array' do
@instance.update_args.class.should == Array
end
end
describe 'when deleting resources' do
before :each do
@rule = '-A INPUT -s 1.1.1.1 -d 1.1.1.1 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061, 7062 -j ACCEPT'
@resource = @provider.rule_to_hash(@rule, 'filter', 0)
@instance = @provider.new(@resource)
end
it 'resource[:line] looks like the original rule' do
@resource[:line] == @rule
end
it 'delete_args is an array' do
@instance.delete_args.class.should == Array
end
it 'delete_args is the same as the rule string when joined' do
@instance.delete_args.join(' ').should == @rule.gsub(/\-A/, '-D')
end
end
end