freighthop 0.3.3 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (259) hide show
  1. checksums.yaml +7 -0
  2. data/Puppetfile +1 -1
  3. data/Puppetfile.lock +4 -5
  4. data/README.md +18 -7
  5. data/Vagrantfile +4 -0
  6. data/lib/freighthop/cli/help.rb +1 -0
  7. data/lib/freighthop/cli/init.rb +10 -10
  8. data/lib/freighthop/cli/version.rb +17 -0
  9. data/lib/freighthop/cli.rb +3 -1
  10. data/lib/freighthop/version.rb +1 -1
  11. data/lib/freighthop.rb +4 -0
  12. data/modules/apt/CHANGELOG +2 -36
  13. data/modules/apt/Gemfile +5 -6
  14. data/modules/apt/Gemfile.lock +7 -40
  15. data/modules/apt/Modulefile +1 -1
  16. data/modules/apt/README.md +1 -2
  17. data/modules/apt/Rakefile +0 -1
  18. data/modules/apt/manifests/init.pp +2 -5
  19. data/modules/apt/manifests/params.pp +1 -4
  20. data/modules/apt/manifests/pin.pp +1 -1
  21. data/modules/apt/manifests/ppa.pp +10 -24
  22. data/modules/apt/manifests/update.pp +0 -1
  23. data/modules/apt/metadata.json +19 -32
  24. data/modules/apt/spec/defines/ppa_spec.rb +2 -53
  25. data/modules/apt/spec/defines/source_spec.rb +2 -2
  26. data/modules/apt/templates/source.list.erb +2 -2
  27. data/modules/apt/tests/key.pp +3 -3
  28. data/modules/concat/CHANGELOG +73 -0
  29. data/modules/concat/Gemfile +20 -0
  30. data/modules/concat/Gemfile.lock +104 -0
  31. data/modules/concat/Modulefile +7 -6
  32. data/modules/concat/README.md +440 -0
  33. data/modules/concat/Rakefile +5 -1
  34. data/modules/concat/files/concatfragments.rb +137 -0
  35. data/modules/concat/files/concatfragments.sh +15 -4
  36. data/modules/concat/lib/facter/concat_basedir.rb +9 -3
  37. data/modules/concat/manifests/fragment.pp +108 -48
  38. data/modules/concat/manifests/init.pp +191 -210
  39. data/modules/concat/manifests/setup.pp +31 -31
  40. data/modules/concat/metadata.json +40 -21
  41. data/modules/{apt → concat}/spec/spec_helper_system.rb +11 -6
  42. data/modules/{firewall → concat}/spec/system/basic_spec.rb +1 -1
  43. data/modules/concat/spec/system/concat_spec.rb +154 -0
  44. data/modules/concat/spec/system/deprecation_warnings_spec.rb +247 -0
  45. data/modules/concat/spec/system/empty_spec.rb +27 -0
  46. data/modules/concat/spec/system/fragment_source_spec.rb +142 -0
  47. data/modules/concat/spec/system/replace_spec.rb +257 -0
  48. data/modules/concat/spec/system/symbolic_name_spec.rb +35 -0
  49. data/modules/concat/spec/system/warn_spec.rb +106 -0
  50. data/modules/concat/spec/unit/classes/concat_setup_spec.rb +42 -0
  51. data/modules/concat/spec/unit/defines/concat_fragment_spec.rb +267 -0
  52. data/modules/concat/spec/unit/defines/concat_spec.rb +380 -0
  53. data/modules/concat/spec/unit/facts/concat_basedir_spec.rb +18 -0
  54. data/modules/concat/tests/fragment.pp +19 -0
  55. data/modules/concat/tests/init.pp +7 -0
  56. data/modules/firewall/Changelog +38 -0
  57. data/modules/firewall/Gemfile +5 -2
  58. data/modules/firewall/Gemfile.lock +76 -26
  59. data/modules/firewall/Modulefile +1 -1
  60. data/modules/firewall/README.markdown +47 -15
  61. data/modules/firewall/Rakefile +0 -7
  62. data/modules/firewall/lib/puppet/provider/firewall/ip6tables.rb +50 -7
  63. data/modules/firewall/lib/puppet/provider/firewall/iptables.rb +147 -31
  64. data/modules/firewall/lib/puppet/provider/firewallchain/iptables_chain.rb +19 -8
  65. data/modules/firewall/lib/puppet/type/firewall.rb +207 -3
  66. data/modules/firewall/lib/puppet/type/firewallchain.rb +73 -2
  67. data/modules/firewall/lib/puppet/util/firewall.rb +14 -0
  68. data/modules/firewall/metadata.json +181 -76
  69. data/modules/firewall/spec/acceptance/basic_spec.rb +8 -0
  70. data/modules/firewall/spec/acceptance/change_source_spec.rb +77 -0
  71. data/modules/firewall/spec/acceptance/class_spec.rb +27 -0
  72. data/modules/firewall/spec/acceptance/firewall_spec.rb +1608 -0
  73. data/modules/firewall/spec/acceptance/firewallchain_spec.rb +125 -0
  74. data/modules/firewall/spec/acceptance/ip6_fragment_spec.rb +94 -0
  75. data/modules/firewall/spec/acceptance/isfragment_spec.rb +92 -0
  76. data/modules/firewall/spec/acceptance/nodesets/centos-59-x64.yml +10 -0
  77. data/modules/firewall/spec/acceptance/nodesets/centos-64-x64-fusion.yml +10 -0
  78. data/modules/firewall/spec/acceptance/nodesets/centos-64-x64-pe.yml +12 -0
  79. data/modules/firewall/spec/acceptance/nodesets/centos-64-x64.yml +10 -0
  80. data/modules/firewall/spec/acceptance/nodesets/debian-607-x64.yml +10 -0
  81. data/modules/firewall/spec/acceptance/nodesets/debian-70rc1-x64.yml +10 -0
  82. data/modules/firewall/spec/acceptance/nodesets/default.yml +10 -0
  83. data/modules/firewall/spec/acceptance/nodesets/fedora-18-x64.yml +10 -0
  84. data/modules/firewall/spec/acceptance/nodesets/sles-11sp1-x64.yml +10 -0
  85. data/modules/firewall/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +10 -0
  86. data/modules/firewall/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +10 -0
  87. data/modules/firewall/spec/{system → acceptance}/params_spec.rb +44 -52
  88. data/modules/firewall/spec/acceptance/purge_spec.rb +124 -0
  89. data/modules/firewall/spec/acceptance/resource_cmd_spec.rb +93 -0
  90. data/modules/firewall/spec/acceptance/rules_spec.rb +248 -0
  91. data/modules/firewall/spec/acceptance/socket_spec.rb +96 -0
  92. data/modules/firewall/spec/{system → acceptance}/standard_usage_spec.rb +6 -10
  93. data/modules/firewall/spec/fixtures/ip6tables/conversion_hash.rb +107 -0
  94. data/modules/firewall/spec/fixtures/iptables/conversion_hash.rb +56 -2
  95. data/modules/firewall/spec/spec_helper_acceptance.rb +38 -0
  96. data/modules/firewall/spec/unit/classes/firewall_spec.rb +2 -2
  97. data/modules/firewall/spec/unit/facter/iptables_persistent_version_spec.rb +8 -5
  98. data/modules/firewall/spec/unit/facter/iptables_spec.rb +6 -4
  99. data/modules/firewall/spec/unit/puppet/provider/iptables_chain_spec.rb +14 -4
  100. data/modules/firewall/spec/unit/puppet/provider/iptables_spec.rb +246 -5
  101. data/modules/firewall/spec/unit/puppet/type/firewall_spec.rb +99 -8
  102. data/modules/firewall/spec/unit/puppet/type/firewallchain_spec.rb +50 -6
  103. data/modules/firewall/spec/unit/puppet/util/firewall_spec.rb +21 -0
  104. data/modules/mysql/CHANGELOG +0 -30
  105. data/modules/mysql/Gemfile +0 -1
  106. data/modules/mysql/Gemfile.lock +30 -31
  107. data/modules/mysql/Modulefile +1 -1
  108. data/modules/mysql/README.md +2 -49
  109. data/modules/mysql/files/mysqltuner.pl +1 -1
  110. data/modules/mysql/lib/puppet/provider/database/mysql.rb +1 -1
  111. data/modules/mysql/lib/puppet/provider/database_grant/mysql.rb +1 -1
  112. data/modules/mysql/lib/puppet/provider/database_user/mysql.rb +1 -1
  113. data/modules/mysql/lib/puppet/provider/mysql.rb +1 -2
  114. data/modules/mysql/lib/puppet/provider/mysql_database/mysql.rb +13 -2
  115. data/modules/mysql/lib/puppet/provider/mysql_user/mysql.rb +12 -0
  116. data/modules/mysql/lib/puppet/type/database_user.rb +1 -1
  117. data/modules/mysql/lib/puppet/type/mysql_grant.rb +3 -5
  118. data/modules/mysql/manifests/client.pp +0 -7
  119. data/modules/mysql/manifests/server/root_password.pp +0 -2
  120. data/modules/mysql/manifests/server.pp +0 -6
  121. data/modules/mysql/metadata.json +79 -81
  122. data/modules/mysql/spec/classes/mysql_server_spec.rb +0 -74
  123. data/modules/mysql/spec/system/mysql_server_root_password_spec.rb +1 -7
  124. data/modules/mysql/spec/system/mysql_server_spec.rb +3 -6
  125. data/modules/mysql/spec/system/types/mysql_grant_spec.rb +0 -27
  126. data/modules/mysql/spec/unit/puppet/functions/mysql_deepmerge_spec.rb +1 -1
  127. data/modules/mysql/spec/unit/puppet/provider/database/mysql_spec.rb +4 -4
  128. data/modules/mysql/spec/unit/puppet/provider/database_grant/mysql_spec.rb +15 -15
  129. data/modules/mysql/spec/unit/puppet/provider/database_user/mysql_spec.rb +4 -4
  130. data/modules/mysql/spec/unit/puppet/provider/mysql_database/mysql_spec.rb +3 -3
  131. data/modules/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb +3 -3
  132. data/modules/mysql/templates/my.cnf.erb +2 -4
  133. data/modules/mysql/tests/mysql_grant.pp +1 -1
  134. data/modules/postgresql/Changelog +31 -0
  135. data/modules/postgresql/Gemfile +4 -2
  136. data/modules/postgresql/Modulefile +1 -1
  137. data/modules/postgresql/README.md +10 -4
  138. data/modules/postgresql/Rakefile +0 -1
  139. data/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb +25 -3
  140. data/modules/postgresql/manifests/globals.pp +2 -0
  141. data/modules/postgresql/manifests/params.pp +21 -0
  142. data/modules/postgresql/manifests/server/config.pp +0 -5
  143. data/modules/postgresql/manifests/server/config_entry.pp +1 -1
  144. data/modules/postgresql/manifests/server/database.pp +2 -1
  145. data/modules/postgresql/manifests/server/db.pp +2 -0
  146. data/modules/postgresql/manifests/server/grant.pp +20 -16
  147. data/modules/postgresql/manifests/server/initdb.pp +27 -3
  148. data/modules/postgresql/manifests/server/pg_hba_rule.pp +2 -4
  149. data/modules/postgresql/manifests/server/role.pp +8 -2
  150. data/modules/postgresql/manifests/server/service.pp +5 -0
  151. data/modules/postgresql/manifests/server.pp +2 -0
  152. data/modules/postgresql/metadata.json +88 -65
  153. data/modules/postgresql/spec/acceptance/client_spec.rb +18 -0
  154. data/modules/postgresql/spec/{system → acceptance}/common_patterns_spec.rb +8 -14
  155. data/modules/postgresql/spec/{system → acceptance}/contrib_spec.rb +4 -9
  156. data/modules/postgresql/spec/acceptance/lib/devel_spec.rb +17 -0
  157. data/modules/postgresql/spec/acceptance/lib/java_spec.rb +20 -0
  158. data/modules/postgresql/spec/acceptance/lib/python_spec.rb +19 -0
  159. data/modules/postgresql/spec/acceptance/nodesets/centos-510-x64.yml +10 -0
  160. data/modules/postgresql/spec/acceptance/nodesets/centos-59-x64.yml +10 -0
  161. data/modules/postgresql/spec/acceptance/nodesets/centos-64-x64-pe.yml +12 -0
  162. data/modules/postgresql/spec/acceptance/nodesets/centos-64-x64.yml +10 -0
  163. data/modules/postgresql/spec/acceptance/nodesets/debian-607-x64.yml +10 -0
  164. data/modules/postgresql/spec/acceptance/nodesets/debian-73-x64.yml +10 -0
  165. data/modules/postgresql/spec/acceptance/nodesets/default.yml +10 -0
  166. data/modules/postgresql/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +10 -0
  167. data/modules/postgresql/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +10 -0
  168. data/modules/postgresql/spec/{system → acceptance}/postgresql_psql_spec.rb +6 -14
  169. data/modules/postgresql/spec/{system → acceptance}/server/config_entry_spec.rb +6 -12
  170. data/modules/postgresql/spec/{system → acceptance}/server/database_grant_spec.rb +6 -12
  171. data/modules/postgresql/spec/{system → acceptance}/server/database_spec.rb +6 -12
  172. data/modules/postgresql/spec/{system → acceptance}/server/db_spec.rb +47 -42
  173. data/modules/postgresql/spec/{system → acceptance}/server/grant_spec.rb +6 -12
  174. data/modules/postgresql/spec/{system → acceptance}/server/pg_hba_rule_spec.rb +10 -23
  175. data/modules/postgresql/spec/{system → acceptance}/server/plperl_spec.rb +6 -10
  176. data/modules/postgresql/spec/{system → acceptance}/server/role_spec.rb +13 -28
  177. data/modules/postgresql/spec/acceptance/server/table_grant_spec.rb +124 -0
  178. data/modules/postgresql/spec/{system → acceptance}/server/tablespace_spec.rb +8 -22
  179. data/modules/postgresql/spec/{system → acceptance}/server_spec.rb +38 -61
  180. data/modules/postgresql/spec/{system → acceptance}/validate_db_connection_spec.rb +8 -20
  181. data/modules/postgresql/spec/spec_helper_acceptance.rb +70 -0
  182. data/modules/postgresql/spec/unit/classes/globals_spec.rb +2 -2
  183. data/modules/postgresql/spec/unit/classes/lib/devel_spec.rb +1 -1
  184. data/modules/postgresql/spec/unit/classes/params_spec.rb +1 -1
  185. data/modules/postgresql/spec/unit/classes/repo_spec.rb +1 -1
  186. data/modules/postgresql/spec/unit/classes/server/initdb_spec.rb +2 -1
  187. data/modules/postgresql/spec/unit/classes/server/plperl_spec.rb +2 -2
  188. data/modules/postgresql/spec/unit/classes/server_spec.rb +9 -2
  189. data/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb +15 -17
  190. data/modules/rbenv/bin/autospec +0 -0
  191. data/modules/rbenv/bin/facter +0 -0
  192. data/modules/rbenv/bin/filebucket +0 -0
  193. data/modules/rbenv/bin/hiera +0 -0
  194. data/modules/rbenv/bin/htmldiff +0 -0
  195. data/modules/rbenv/bin/ldiff +0 -0
  196. data/modules/rbenv/bin/pi +0 -0
  197. data/modules/rbenv/bin/puppet +0 -0
  198. data/modules/rbenv/bin/puppet-lint +0 -0
  199. data/modules/rbenv/bin/puppet-module +0 -0
  200. data/modules/rbenv/bin/puppetca +0 -0
  201. data/modules/rbenv/bin/puppetd +0 -0
  202. data/modules/rbenv/bin/puppetdoc +0 -0
  203. data/modules/rbenv/bin/puppetmasterd +0 -0
  204. data/modules/rbenv/bin/puppetqd +0 -0
  205. data/modules/rbenv/bin/puppetrun +0 -0
  206. data/modules/rbenv/bin/rake +0 -0
  207. data/modules/rbenv/bin/ralsh +0 -0
  208. data/modules/rbenv/bin/rspec +0 -0
  209. data/modules/rbenv/bin/rspec-puppet-init +0 -0
  210. data/modules/stdlib/spec/monkey_patches/alias_should_to_must.rb +0 -0
  211. data/modules/stdlib/spec/monkey_patches/publicize_methods.rb +0 -0
  212. data/modules/stdlib/spec/unit/puppet/parser/functions/abs_spec.rb +0 -0
  213. data/modules/stdlib/spec/unit/puppet/parser/functions/bool2num_spec.rb +0 -0
  214. data/modules/stdlib/spec/unit/puppet/parser/functions/capitalize_spec.rb +0 -0
  215. data/modules/stdlib/spec/unit/puppet/parser/functions/chomp_spec.rb +0 -0
  216. data/modules/stdlib/spec/unit/puppet/parser/functions/chop_spec.rb +0 -0
  217. data/modules/stdlib/spec/unit/puppet/parser/functions/delete_at_spec.rb +0 -0
  218. data/modules/stdlib/spec/unit/puppet/parser/functions/delete_spec.rb +0 -0
  219. data/modules/stdlib/spec/unit/puppet/parser/functions/dirname_spec.rb +0 -0
  220. data/modules/stdlib/spec/unit/puppet/parser/functions/downcase_spec.rb +0 -0
  221. data/modules/stdlib/spec/unit/puppet/parser/functions/empty_spec.rb +0 -0
  222. data/modules/stdlib/spec/unit/puppet/parser/functions/flatten_spec.rb +0 -0
  223. data/modules/stdlib/spec/unit/puppet/parser/functions/grep_spec.rb +0 -0
  224. data/modules/stdlib/spec/unit/puppet/parser/functions/has_interface_with_spec.rb +0 -0
  225. data/modules/stdlib/spec/unit/puppet/parser/functions/has_ip_address_spec.rb +0 -0
  226. data/modules/stdlib/spec/unit/puppet/parser/functions/has_ip_network_spec.rb +0 -0
  227. data/modules/stdlib/spec/unit/puppet/parser/functions/max_spec.rb +0 -0
  228. data/modules/stdlib/spec/unit/puppet/parser/functions/min_spec.rb +0 -0
  229. data/modules/stdlib/spec/unit/puppet/parser/functions/reject_spec.rb +0 -0
  230. data/modules/stdlib/spec/unit/puppet/parser/functions/to_bytes_spec.rb +0 -0
  231. data/modules/stdlib/spec/unit/puppet/parser/functions/validate_slength_spec.rb +0 -0
  232. metadata +92 -77
  233. data/modules/apt/manifests/unattended_upgrades.pp +0 -68
  234. data/modules/apt/spec/classes/unattended_upgrades_spec.rb +0 -204
  235. data/modules/apt/spec/system/apt_builddep_spec.rb +0 -38
  236. data/modules/apt/spec/system/apt_key_spec.rb +0 -53
  237. data/modules/apt/spec/system/apt_ppa_spec.rb +0 -59
  238. data/modules/apt/spec/system/apt_source_spec.rb +0 -51
  239. data/modules/apt/spec/system/basic_spec.rb +0 -10
  240. data/modules/apt/spec/system/class_spec.rb +0 -20
  241. data/modules/apt/templates/10periodic.erb +0 -12
  242. data/modules/apt/templates/50unattended-upgrades.erb +0 -53
  243. data/modules/apt/tests/unattended-upgrades.pp +0 -1
  244. data/modules/concat/README.markdown +0 -150
  245. data/modules/concat/spec/defines/init_spec.rb +0 -115
  246. data/modules/concat/spec/fixtures/manifests/site.pp +0 -0
  247. data/modules/firewall/spec/spec_helper_system.rb +0 -49
  248. data/modules/firewall/spec/system/class_spec.rb +0 -39
  249. data/modules/firewall/spec/system/purge_spec.rb +0 -29
  250. data/modules/firewall/spec/system/resource_cmd_spec.rb +0 -53
  251. data/modules/mysql/manifests/server/providers.pp +0 -8
  252. data/modules/mysql/tests/bindings.pp +0 -3
  253. data/modules/postgresql/Gemfile.lock +0 -74
  254. data/modules/postgresql/spec/spec_helper_system.rb +0 -66
  255. data/modules/postgresql/spec/system/client_spec.rb +0 -22
  256. data/modules/postgresql/spec/system/lib/devel_spec.rb +0 -22
  257. data/modules/postgresql/spec/system/lib/java_spec.rb +0 -25
  258. data/modules/postgresql/spec/system/lib/python_spec.rb +0 -24
  259. data/modules/postgresql/spec/system/server/table_grant_spec.rb +0 -72
@@ -0,0 +1,125 @@
1
+ require 'spec_helper_acceptance'
2
+
3
+ describe 'puppet resource firewallchain command:' do
4
+ before :all do
5
+ iptables_flush_all_tables
6
+ end
7
+ describe 'ensure' do
8
+ context 'present' do
9
+ it 'applies cleanly' do
10
+ pp = <<-EOS
11
+ firewallchain { 'MY_CHAIN:filter:IPv4':
12
+ ensure => present,
13
+ }
14
+ EOS
15
+ # Run it twice and test for idempotency
16
+ apply_manifest(pp, :catch_failures => true)
17
+ apply_manifest(pp, :catch_changes => true)
18
+ end
19
+
20
+ it 'finds the chain' do
21
+ shell('iptables -S') do |r|
22
+ expect(r.stdout).to match(/-N MY_CHAIN/)
23
+ end
24
+ end
25
+ end
26
+
27
+ context 'absent' do
28
+ it 'applies cleanly' do
29
+ pp = <<-EOS
30
+ firewallchain { 'MY_CHAIN:filter:IPv4':
31
+ ensure => absent,
32
+ }
33
+ EOS
34
+ # Run it twice and test for idempotency
35
+ apply_manifest(pp, :catch_failures => true)
36
+ apply_manifest(pp, :catch_changes => true)
37
+ end
38
+
39
+ it 'fails to find the chain' do
40
+ shell('iptables -S') do |r|
41
+ expect(r.stdout).to_not match(/-N MY_CHAIN/)
42
+ end
43
+ end
44
+ end
45
+ end
46
+
47
+ # XXX purge => false is not yet implemented
48
+ #context 'adding a firewall rule to a chain:' do
49
+ # it 'applies cleanly' do
50
+ # pp = <<-EOS
51
+ # firewallchain { 'MY_CHAIN:filter:IPv4':
52
+ # ensure => present,
53
+ # }
54
+ # firewall { '100 my rule':
55
+ # chain => 'MY_CHAIN',
56
+ # action => 'accept',
57
+ # proto => 'tcp',
58
+ # dport => 5000,
59
+ # }
60
+ # EOS
61
+ # # Run it twice and test for idempotency
62
+ # apply_manifest(pp, :catch_failures => true)
63
+ # apply_manifest(pp, :catch_changes => true)
64
+ # end
65
+ #end
66
+
67
+ #context 'not purge firewallchain chains:' do
68
+ # it 'does not purge the rule' do
69
+ # pp = <<-EOS
70
+ # firewallchain { 'MY_CHAIN:filter:IPv4':
71
+ # ensure => present,
72
+ # purge => false,
73
+ # before => Resources['firewall'],
74
+ # }
75
+ # resources { 'firewall':
76
+ # purge => true,
77
+ # }
78
+ # EOS
79
+ # # Run it twice and test for idempotency
80
+ # apply_manifest(pp, :catch_failures => true) do |r|
81
+ # expect(r.stdout).to_not match(/removed/)
82
+ # expect(r.stderr).to eq('')
83
+ # end
84
+ # apply_manifest(pp, :catch_changes => true)
85
+ # end
86
+
87
+ # it 'still has the rule' do
88
+ # pp = <<-EOS
89
+ # firewall { '100 my rule':
90
+ # chain => 'MY_CHAIN',
91
+ # action => 'accept',
92
+ # proto => 'tcp',
93
+ # dport => 5000,
94
+ # }
95
+ # EOS
96
+ # # Run it twice and test for idempotency
97
+ # apply_manifest(pp, :catch_changes => true)
98
+ # end
99
+ #end
100
+
101
+ describe 'policy' do
102
+ after :all do
103
+ shell('iptables -t filter -P FORWARD ACCEPT')
104
+ end
105
+
106
+ context 'DROP' do
107
+ it 'applies cleanly' do
108
+ pp = <<-EOS
109
+ firewallchain { 'FORWARD:filter:IPv4':
110
+ policy => 'drop',
111
+ }
112
+ EOS
113
+ # Run it twice and test for idempotency
114
+ apply_manifest(pp, :catch_failures => true)
115
+ apply_manifest(pp, :catch_changes => true)
116
+ end
117
+
118
+ it 'finds the chain' do
119
+ shell('iptables -S') do |r|
120
+ expect(r.stdout).to match(/-P FORWARD DROP/)
121
+ end
122
+ end
123
+ end
124
+ end
125
+ end
@@ -0,0 +1,94 @@
1
+ require 'spec_helper_acceptance'
2
+
3
+ describe 'firewall ishasmorefrags/islastfrag/isfirstfrag properties' do
4
+ before :all do
5
+ ip6tables_flush_all_tables
6
+ end
7
+
8
+ shared_examples "is idempotent" do |values, line_match|
9
+ it "changes the values to #{values}" do
10
+ pp = <<-EOS
11
+ class { '::firewall': }
12
+ firewall { '599 - test':
13
+ ensure => present,
14
+ proto => 'tcp',
15
+ provider => 'ip6tables',
16
+ #{values}
17
+ }
18
+ EOS
19
+
20
+ apply_manifest(pp, :catch_failures => true)
21
+ apply_manifest(pp, :catch_changes => true)
22
+
23
+ shell('ip6tables -S') do |r|
24
+ expect(r.stdout).to match(/#{line_match}/)
25
+ end
26
+ end
27
+ end
28
+ shared_examples "doesn't change" do |values, line_match|
29
+ it "doesn't change the values to #{values}" do
30
+ pp = <<-EOS
31
+ class { '::firewall': }
32
+ firewall { '599 - test':
33
+ ensure => present,
34
+ proto => 'tcp',
35
+ provider => 'ip6tables',
36
+ #{values}
37
+ }
38
+ EOS
39
+
40
+ apply_manifest(pp, :catch_changes => true)
41
+
42
+ shell('ip6tables -S') do |r|
43
+ expect(r.stdout).to match(/#{line_match}/)
44
+ end
45
+ end
46
+ end
47
+
48
+ describe 'adding a rule' do
49
+ context 'when unset' do
50
+ before :all do
51
+ ip6tables_flush_all_tables
52
+ end
53
+ it_behaves_like 'is idempotent', '', /-A INPUT -p tcp -m comment --comment "599 - test"/
54
+ end
55
+ context 'when set to true' do
56
+ before :all do
57
+ ip6tables_flush_all_tables
58
+ end
59
+ it_behaves_like "is idempotent", 'ishasmorefrags => true, islastfrag => true, isfirstfrag => true', /-A INPUT -p tcp -m frag --fragid 0 --fragmore -m frag --fragid 0 --fraglast -m frag --fragid 0 --fragfirst -m comment --comment "599 - test"/
60
+ end
61
+ context 'when set to false' do
62
+ before :all do
63
+ ip6tables_flush_all_tables
64
+ end
65
+ it_behaves_like "is idempotent", 'ishasmorefrags => false, islastfrag => false, isfirstfrag => false', /-A INPUT -p tcp -m comment --comment "599 - test"/
66
+ end
67
+ end
68
+ describe 'editing a rule' do
69
+ context 'when unset or false' do
70
+ before :each do
71
+ ip6tables_flush_all_tables
72
+ shell('/sbin/ip6tables -A INPUT -p tcp -m comment --comment "599 - test"')
73
+ end
74
+ context 'and current value is false' do
75
+ it_behaves_like "doesn't change", 'ishasmorefrags => false, islastfrag => false, isfirstfrag => false', /-A INPUT -p tcp -m comment --comment "599 - test"/
76
+ end
77
+ context 'and current value is true' do
78
+ it_behaves_like "is idempotent", 'ishasmorefrags => true, islastfrag => true, isfirstfrag => true', /-A INPUT -p tcp -m frag --fragid 0 --fragmore -m frag --fragid 0 --fraglast -m frag --fragid 0 --fragfirst -m comment --comment "599 - test"/
79
+ end
80
+ end
81
+ context 'when set to true' do
82
+ before :each do
83
+ ip6tables_flush_all_tables
84
+ shell('/sbin/ip6tables -A INPUT -p tcp -m frag --fragid 0 --fragmore -m frag --fragid 0 --fraglast -m frag --fragid 0 --fragfirst -m comment --comment "599 - test"')
85
+ end
86
+ context 'and current value is false' do
87
+ it_behaves_like "is idempotent", 'ishasmorefrags => false, islastfrag => false, isfirstfrag => false', /-A INPUT -p tcp -m comment --comment "599 - test"/
88
+ end
89
+ context 'and current value is true' do
90
+ it_behaves_like "doesn't change", 'ishasmorefrags => true, islastfrag => true, isfirstfrag => true', /-A INPUT -p tcp -m frag --fragid 0 --fragmore -m frag --fragid 0 --fraglast -m frag --fragid 0 --fragfirst -m comment --comment "599 - test"/
91
+ end
92
+ end
93
+ end
94
+ end
@@ -0,0 +1,92 @@
1
+ require 'spec_helper_acceptance'
2
+
3
+ describe 'firewall isfragment property' do
4
+ before :all do
5
+ iptables_flush_all_tables
6
+ end
7
+
8
+ shared_examples "is idempotent" do |value, line_match|
9
+ it "changes the value to #{value}" do
10
+ pp = <<-EOS
11
+ class { '::firewall': }
12
+ firewall { '597 - test':
13
+ ensure => present,
14
+ proto => 'tcp',
15
+ #{value}
16
+ }
17
+ EOS
18
+
19
+ apply_manifest(pp, :catch_failures => true)
20
+ apply_manifest(pp, :catch_changes => true)
21
+
22
+ shell('iptables -S') do |r|
23
+ expect(r.stdout).to match(/#{line_match}/)
24
+ end
25
+ end
26
+ end
27
+ shared_examples "doesn't change" do |value, line_match|
28
+ it "doesn't change the value to #{value}" do
29
+ pp = <<-EOS
30
+ class { '::firewall': }
31
+ firewall { '597 - test':
32
+ ensure => present,
33
+ proto => 'tcp',
34
+ #{value}
35
+ }
36
+ EOS
37
+
38
+ apply_manifest(pp, :catch_changes => true)
39
+
40
+ shell('iptables -S') do |r|
41
+ expect(r.stdout).to match(/#{line_match}/)
42
+ end
43
+ end
44
+ end
45
+
46
+ describe 'adding a rule' do
47
+ context 'when unset' do
48
+ before :all do
49
+ iptables_flush_all_tables
50
+ end
51
+ it_behaves_like 'is idempotent', '', /-A INPUT -p tcp -m comment --comment "597 - test"/
52
+ end
53
+ context 'when set to true' do
54
+ before :all do
55
+ iptables_flush_all_tables
56
+ end
57
+ it_behaves_like 'is idempotent', 'isfragment => true,', /-A INPUT -p tcp -f -m comment --comment "597 - test"/
58
+ end
59
+ context 'when set to false' do
60
+ before :all do
61
+ iptables_flush_all_tables
62
+ end
63
+ it_behaves_like "is idempotent", 'isfragment => false,', /-A INPUT -p tcp -m comment --comment "597 - test"/
64
+ end
65
+ end
66
+ describe 'editing a rule' do
67
+ context 'when unset or false' do
68
+ before :each do
69
+ iptables_flush_all_tables
70
+ shell('/sbin/iptables -A INPUT -p tcp -m comment --comment "597 - test"')
71
+ end
72
+ context 'and current value is false' do
73
+ it_behaves_like "doesn't change", 'isfragment => false,', /-A INPUT -p tcp -m comment --comment "597 - test"/
74
+ end
75
+ context 'and current value is true' do
76
+ it_behaves_like "is idempotent", 'isfragment => true,', /-A INPUT -p tcp -f -m comment --comment "597 - test"/
77
+ end
78
+ end
79
+ context 'when set to true' do
80
+ before :each do
81
+ iptables_flush_all_tables
82
+ shell('/sbin/iptables -A INPUT -p tcp -f -m comment --comment "597 - test"')
83
+ end
84
+ context 'and current value is false' do
85
+ it_behaves_like "is idempotent", 'isfragment => false,', /-A INPUT -p tcp -m comment --comment "597 - test"/
86
+ end
87
+ context 'and current value is true' do
88
+ it_behaves_like "doesn't change", 'isfragment => true,', /-A INPUT -p tcp -f -m comment --comment "597 - test"/
89
+ end
90
+ end
91
+ end
92
+ end
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ centos-59-x64:
3
+ roles:
4
+ - master
5
+ platform: el-5-x86_64
6
+ box : centos-59-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: foss
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ centos-64-x64:
3
+ roles:
4
+ - master
5
+ platform: el-6-x86_64
6
+ box : centos-64-x64-fusion503-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-fusion503-nocm.box
8
+ hypervisor : fusion
9
+ CONFIG:
10
+ type: foss
@@ -0,0 +1,12 @@
1
+ HOSTS:
2
+ centos-64-x64:
3
+ roles:
4
+ - master
5
+ - database
6
+ - dashboard
7
+ platform: el-6-x86_64
8
+ box : centos-64-x64-vbox4210-nocm
9
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
10
+ hypervisor : vagrant
11
+ CONFIG:
12
+ type: pe
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ centos-64-x64:
3
+ roles:
4
+ - master
5
+ platform: el-6-x86_64
6
+ box : centos-64-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: foss
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ debian-607-x64:
3
+ roles:
4
+ - master
5
+ platform: debian-6-amd64
6
+ box : debian-607-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-607-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: git
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ debian-70rc1-x64:
3
+ roles:
4
+ - master
5
+ platform: debian-7-amd64
6
+ box : debian-70rc1-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/debian-70rc1-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: git
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ centos-64-x64:
3
+ roles:
4
+ - master
5
+ platform: el-6-x86_64
6
+ box : centos-64-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-64-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: foss
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ fedora-18-x64:
3
+ roles:
4
+ - master
5
+ platform: fedora-18-x86_64
6
+ box : fedora-18-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/fedora-18-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: git
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ sles-11sp1-x64:
3
+ roles:
4
+ - master
5
+ platform: sles-11-x86_64
6
+ box : sles-11sp1-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/sles-11sp1-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: git
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ ubuntu-server-10044-x64:
3
+ roles:
4
+ - master
5
+ platform: ubuntu-10.04-amd64
6
+ box : ubuntu-server-10044-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-10044-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: git
@@ -0,0 +1,10 @@
1
+ HOSTS:
2
+ ubuntu-server-12042-x64:
3
+ roles:
4
+ - master
5
+ platform: ubuntu-12.04-amd64
6
+ box : ubuntu-server-12042-x64-vbox4210-nocm
7
+ box_url : http://puppet-vagrant-boxes.puppetlabs.com/ubuntu-server-12042-x64-vbox4210-nocm.box
8
+ hypervisor : vagrant
9
+ CONFIG:
10
+ type: foss
@@ -1,4 +1,4 @@
1
- require 'spec_helper_system'
1
+ require 'spec_helper_acceptance'
2
2
 
3
3
  describe "param based tests:" do
4
4
  # Takes a hash and converts it into a firewall resource
@@ -8,7 +8,7 @@ describe "param based tests:" do
8
8
  firewall { '#{name}':
9
9
  EOS
10
10
 
11
- params.each do |k,v|
11
+ params.each do |k,v|
12
12
  pm += <<-EOS
13
13
  #{k} => #{v},
14
14
  EOS
@@ -23,10 +23,8 @@ firewall { '#{name}':
23
23
  it 'test various params' do
24
24
  iptables_flush_all_tables
25
25
 
26
- facts = node.facts
27
-
28
- unless (facts['operatingsystem'] == 'CentOS') && \
29
- facts['operatingsystemrelease'] =~ /^5\./ then
26
+ unless (fact('operatingsystem') == 'CentOS') && \
27
+ fact('operatingsystemrelease') =~ /^5\./ then
30
28
 
31
29
  ppm = pp({
32
30
  'table' => "'raw'",
@@ -36,13 +34,8 @@ firewall { '#{name}':
36
34
  'log_level' => 'debug',
37
35
  })
38
36
 
39
- puppet_apply(ppm) do |r|
40
- r.exit_code.should == 2
41
- r.stderr.should be_empty
42
- r.refresh
43
- r.stderr.should be_empty
44
- r.exit_code.should be_zero
45
- end
37
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
38
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
46
39
  end
47
40
  end
48
41
 
@@ -55,13 +48,8 @@ firewall { '#{name}':
55
48
  'jump' => 'LOG',
56
49
  'log_level' => 'debug',
57
50
  })
58
- puppet_apply(ppm) do |r|
59
- r.exit_code.should == 2
60
- r.stderr.should be_empty
61
- r.refresh
62
- r.stderr.should be_empty
63
- r.exit_code.should be_zero
64
- end
51
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
52
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
65
53
  end
66
54
 
67
55
  it 'test log rule - changing names' do
@@ -71,7 +59,7 @@ firewall { '#{name}':
71
59
  'name' => '004 log all INVALID packets',
72
60
  'chain' => 'INPUT',
73
61
  'proto' => 'all',
74
- 'state' => 'INVALID',
62
+ 'ctstate' => 'INVALID',
75
63
  'jump' => 'LOG',
76
64
  'log_level' => '3',
77
65
  'log_prefix' => '"IPTABLES dropped invalid: "',
@@ -81,26 +69,45 @@ firewall { '#{name}':
81
69
  'name' => '003 log all INVALID packets',
82
70
  'chain' => 'INPUT',
83
71
  'proto' => 'all',
84
- 'state' => 'INVALID',
72
+ 'ctstate' => 'INVALID',
85
73
  'jump' => 'LOG',
86
74
  'log_level' => '3',
87
75
  'log_prefix' => '"IPTABLES dropped invalid: "',
88
76
  })
89
77
 
90
- puppet_apply(ppm1) do |r|
91
- r.stderr.should be_empty
92
- r.exit_code.should == 2
93
- end
78
+ expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to eq(2)
94
79
 
95
80
  ppm = <<-EOS + "\n" + ppm2
96
81
  resources { 'firewall':
97
82
  purge => true,
98
83
  }
99
84
  EOS
100
- puppet_apply(ppm) do |r|
101
- r.stderr.should be_empty
102
- r.exit_code.should == 2
103
- end
85
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
86
+ end
87
+
88
+ it 'test chain - changing names' do
89
+ iptables_flush_all_tables
90
+
91
+ ppm1 = pp({
92
+ 'name' => '004 with a chain',
93
+ 'chain' => 'INPUT',
94
+ 'proto' => 'all',
95
+ })
96
+
97
+ ppm2 = pp({
98
+ 'name' => '004 with a chain',
99
+ 'chain' => 'OUTPUT',
100
+ 'proto' => 'all',
101
+ })
102
+
103
+ apply_manifest(ppm1, :expect_changes => true)
104
+
105
+ ppm = <<-EOS + "\n" + ppm2
106
+ resources { 'firewall':
107
+ purge => true,
108
+ }
109
+ EOS
110
+ expect(apply_manifest(ppm2, :expect_failures => true).stderr).to match(/is not supported/)
104
111
  end
105
112
 
106
113
  it 'test log rule - idempotent' do
@@ -110,19 +117,14 @@ firewall { '#{name}':
110
117
  'name' => '004 log all INVALID packets',
111
118
  'chain' => 'INPUT',
112
119
  'proto' => 'all',
113
- 'state' => 'INVALID',
120
+ 'ctstate' => 'INVALID',
114
121
  'jump' => 'LOG',
115
122
  'log_level' => '3',
116
123
  'log_prefix' => '"IPTABLES dropped invalid: "',
117
124
  })
118
125
 
119
- puppet_apply(ppm1) do |r|
120
- r.exit_code.should == 2
121
- r.stderr.should be_empty
122
- r.refresh
123
- r.stderr.should be_empty
124
- r.exit_code.should be_zero
125
- end
126
+ expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to eq(2)
127
+ expect(apply_manifest(ppm1, :catch_failures => true).exit_code).to be_zero
126
128
  end
127
129
 
128
130
  it 'test src_range rule' do
@@ -135,13 +137,8 @@ firewall { '#{name}':
135
137
  'action' => 'drop',
136
138
  'src_range' => '"10.0.0.1-10.0.0.10"',
137
139
  })
138
- puppet_apply(ppm) do |r|
139
- r.exit_code.should == 2
140
- r.stderr.should be_empty
141
- r.refresh
142
- r.stderr.should be_empty
143
- r.exit_code.should be_zero
144
- end
140
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
141
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
145
142
  end
146
143
 
147
144
  it 'test dst_range rule' do
@@ -154,13 +151,8 @@ firewall { '#{name}':
154
151
  'action' => 'drop',
155
152
  'dst_range' => '"10.0.0.2-10.0.0.20"',
156
153
  })
157
- puppet_apply(ppm) do |r|
158
- r.exit_code.should == 2
159
- r.stderr.should be_empty
160
- r.refresh
161
- r.stderr.should be_empty
162
- r.exit_code.should be_zero
163
- end
154
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to eq(2)
155
+ expect(apply_manifest(ppm, :catch_failures => true).exit_code).to be_zero
164
156
  end
165
157
 
166
158
  end