freighthop 0.3.3 → 0.4.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (259) hide show
  1. checksums.yaml +7 -0
  2. data/Puppetfile +1 -1
  3. data/Puppetfile.lock +4 -5
  4. data/README.md +18 -7
  5. data/Vagrantfile +4 -0
  6. data/lib/freighthop/cli/help.rb +1 -0
  7. data/lib/freighthop/cli/init.rb +10 -10
  8. data/lib/freighthop/cli/version.rb +17 -0
  9. data/lib/freighthop/cli.rb +3 -1
  10. data/lib/freighthop/version.rb +1 -1
  11. data/lib/freighthop.rb +4 -0
  12. data/modules/apt/CHANGELOG +2 -36
  13. data/modules/apt/Gemfile +5 -6
  14. data/modules/apt/Gemfile.lock +7 -40
  15. data/modules/apt/Modulefile +1 -1
  16. data/modules/apt/README.md +1 -2
  17. data/modules/apt/Rakefile +0 -1
  18. data/modules/apt/manifests/init.pp +2 -5
  19. data/modules/apt/manifests/params.pp +1 -4
  20. data/modules/apt/manifests/pin.pp +1 -1
  21. data/modules/apt/manifests/ppa.pp +10 -24
  22. data/modules/apt/manifests/update.pp +0 -1
  23. data/modules/apt/metadata.json +19 -32
  24. data/modules/apt/spec/defines/ppa_spec.rb +2 -53
  25. data/modules/apt/spec/defines/source_spec.rb +2 -2
  26. data/modules/apt/templates/source.list.erb +2 -2
  27. data/modules/apt/tests/key.pp +3 -3
  28. data/modules/concat/CHANGELOG +73 -0
  29. data/modules/concat/Gemfile +20 -0
  30. data/modules/concat/Gemfile.lock +104 -0
  31. data/modules/concat/Modulefile +7 -6
  32. data/modules/concat/README.md +440 -0
  33. data/modules/concat/Rakefile +5 -1
  34. data/modules/concat/files/concatfragments.rb +137 -0
  35. data/modules/concat/files/concatfragments.sh +15 -4
  36. data/modules/concat/lib/facter/concat_basedir.rb +9 -3
  37. data/modules/concat/manifests/fragment.pp +108 -48
  38. data/modules/concat/manifests/init.pp +191 -210
  39. data/modules/concat/manifests/setup.pp +31 -31
  40. data/modules/concat/metadata.json +40 -21
  41. data/modules/{apt → concat}/spec/spec_helper_system.rb +11 -6
  42. data/modules/{firewall → concat}/spec/system/basic_spec.rb +1 -1
  43. data/modules/concat/spec/system/concat_spec.rb +154 -0
  44. data/modules/concat/spec/system/deprecation_warnings_spec.rb +247 -0
  45. data/modules/concat/spec/system/empty_spec.rb +27 -0
  46. data/modules/concat/spec/system/fragment_source_spec.rb +142 -0
  47. data/modules/concat/spec/system/replace_spec.rb +257 -0
  48. data/modules/concat/spec/system/symbolic_name_spec.rb +35 -0
  49. data/modules/concat/spec/system/warn_spec.rb +106 -0
  50. data/modules/concat/spec/unit/classes/concat_setup_spec.rb +42 -0
  51. data/modules/concat/spec/unit/defines/concat_fragment_spec.rb +267 -0
  52. data/modules/concat/spec/unit/defines/concat_spec.rb +380 -0
  53. data/modules/concat/spec/unit/facts/concat_basedir_spec.rb +18 -0
  54. data/modules/concat/tests/fragment.pp +19 -0
  55. data/modules/concat/tests/init.pp +7 -0
  56. data/modules/firewall/Changelog +38 -0
  57. data/modules/firewall/Gemfile +5 -2
  58. data/modules/firewall/Gemfile.lock +76 -26
  59. data/modules/firewall/Modulefile +1 -1
  60. data/modules/firewall/README.markdown +47 -15
  61. data/modules/firewall/Rakefile +0 -7
  62. data/modules/firewall/lib/puppet/provider/firewall/ip6tables.rb +50 -7
  63. data/modules/firewall/lib/puppet/provider/firewall/iptables.rb +147 -31
  64. data/modules/firewall/lib/puppet/provider/firewallchain/iptables_chain.rb +19 -8
  65. data/modules/firewall/lib/puppet/type/firewall.rb +207 -3
  66. data/modules/firewall/lib/puppet/type/firewallchain.rb +73 -2
  67. data/modules/firewall/lib/puppet/util/firewall.rb +14 -0
  68. data/modules/firewall/metadata.json +181 -76
  69. data/modules/firewall/spec/acceptance/basic_spec.rb +8 -0
  70. data/modules/firewall/spec/acceptance/change_source_spec.rb +77 -0
  71. data/modules/firewall/spec/acceptance/class_spec.rb +27 -0
  72. data/modules/firewall/spec/acceptance/firewall_spec.rb +1608 -0
  73. data/modules/firewall/spec/acceptance/firewallchain_spec.rb +125 -0
  74. data/modules/firewall/spec/acceptance/ip6_fragment_spec.rb +94 -0
  75. data/modules/firewall/spec/acceptance/isfragment_spec.rb +92 -0
  76. data/modules/firewall/spec/acceptance/nodesets/centos-59-x64.yml +10 -0
  77. data/modules/firewall/spec/acceptance/nodesets/centos-64-x64-fusion.yml +10 -0
  78. data/modules/firewall/spec/acceptance/nodesets/centos-64-x64-pe.yml +12 -0
  79. data/modules/firewall/spec/acceptance/nodesets/centos-64-x64.yml +10 -0
  80. data/modules/firewall/spec/acceptance/nodesets/debian-607-x64.yml +10 -0
  81. data/modules/firewall/spec/acceptance/nodesets/debian-70rc1-x64.yml +10 -0
  82. data/modules/firewall/spec/acceptance/nodesets/default.yml +10 -0
  83. data/modules/firewall/spec/acceptance/nodesets/fedora-18-x64.yml +10 -0
  84. data/modules/firewall/spec/acceptance/nodesets/sles-11sp1-x64.yml +10 -0
  85. data/modules/firewall/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +10 -0
  86. data/modules/firewall/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +10 -0
  87. data/modules/firewall/spec/{system → acceptance}/params_spec.rb +44 -52
  88. data/modules/firewall/spec/acceptance/purge_spec.rb +124 -0
  89. data/modules/firewall/spec/acceptance/resource_cmd_spec.rb +93 -0
  90. data/modules/firewall/spec/acceptance/rules_spec.rb +248 -0
  91. data/modules/firewall/spec/acceptance/socket_spec.rb +96 -0
  92. data/modules/firewall/spec/{system → acceptance}/standard_usage_spec.rb +6 -10
  93. data/modules/firewall/spec/fixtures/ip6tables/conversion_hash.rb +107 -0
  94. data/modules/firewall/spec/fixtures/iptables/conversion_hash.rb +56 -2
  95. data/modules/firewall/spec/spec_helper_acceptance.rb +38 -0
  96. data/modules/firewall/spec/unit/classes/firewall_spec.rb +2 -2
  97. data/modules/firewall/spec/unit/facter/iptables_persistent_version_spec.rb +8 -5
  98. data/modules/firewall/spec/unit/facter/iptables_spec.rb +6 -4
  99. data/modules/firewall/spec/unit/puppet/provider/iptables_chain_spec.rb +14 -4
  100. data/modules/firewall/spec/unit/puppet/provider/iptables_spec.rb +246 -5
  101. data/modules/firewall/spec/unit/puppet/type/firewall_spec.rb +99 -8
  102. data/modules/firewall/spec/unit/puppet/type/firewallchain_spec.rb +50 -6
  103. data/modules/firewall/spec/unit/puppet/util/firewall_spec.rb +21 -0
  104. data/modules/mysql/CHANGELOG +0 -30
  105. data/modules/mysql/Gemfile +0 -1
  106. data/modules/mysql/Gemfile.lock +30 -31
  107. data/modules/mysql/Modulefile +1 -1
  108. data/modules/mysql/README.md +2 -49
  109. data/modules/mysql/files/mysqltuner.pl +1 -1
  110. data/modules/mysql/lib/puppet/provider/database/mysql.rb +1 -1
  111. data/modules/mysql/lib/puppet/provider/database_grant/mysql.rb +1 -1
  112. data/modules/mysql/lib/puppet/provider/database_user/mysql.rb +1 -1
  113. data/modules/mysql/lib/puppet/provider/mysql.rb +1 -2
  114. data/modules/mysql/lib/puppet/provider/mysql_database/mysql.rb +13 -2
  115. data/modules/mysql/lib/puppet/provider/mysql_user/mysql.rb +12 -0
  116. data/modules/mysql/lib/puppet/type/database_user.rb +1 -1
  117. data/modules/mysql/lib/puppet/type/mysql_grant.rb +3 -5
  118. data/modules/mysql/manifests/client.pp +0 -7
  119. data/modules/mysql/manifests/server/root_password.pp +0 -2
  120. data/modules/mysql/manifests/server.pp +0 -6
  121. data/modules/mysql/metadata.json +79 -81
  122. data/modules/mysql/spec/classes/mysql_server_spec.rb +0 -74
  123. data/modules/mysql/spec/system/mysql_server_root_password_spec.rb +1 -7
  124. data/modules/mysql/spec/system/mysql_server_spec.rb +3 -6
  125. data/modules/mysql/spec/system/types/mysql_grant_spec.rb +0 -27
  126. data/modules/mysql/spec/unit/puppet/functions/mysql_deepmerge_spec.rb +1 -1
  127. data/modules/mysql/spec/unit/puppet/provider/database/mysql_spec.rb +4 -4
  128. data/modules/mysql/spec/unit/puppet/provider/database_grant/mysql_spec.rb +15 -15
  129. data/modules/mysql/spec/unit/puppet/provider/database_user/mysql_spec.rb +4 -4
  130. data/modules/mysql/spec/unit/puppet/provider/mysql_database/mysql_spec.rb +3 -3
  131. data/modules/mysql/spec/unit/puppet/provider/mysql_user/mysql_spec.rb +3 -3
  132. data/modules/mysql/templates/my.cnf.erb +2 -4
  133. data/modules/mysql/tests/mysql_grant.pp +1 -1
  134. data/modules/postgresql/Changelog +31 -0
  135. data/modules/postgresql/Gemfile +4 -2
  136. data/modules/postgresql/Modulefile +1 -1
  137. data/modules/postgresql/README.md +10 -4
  138. data/modules/postgresql/Rakefile +0 -1
  139. data/modules/postgresql/lib/puppet/provider/postgresql_psql/ruby.rb +25 -3
  140. data/modules/postgresql/manifests/globals.pp +2 -0
  141. data/modules/postgresql/manifests/params.pp +21 -0
  142. data/modules/postgresql/manifests/server/config.pp +0 -5
  143. data/modules/postgresql/manifests/server/config_entry.pp +1 -1
  144. data/modules/postgresql/manifests/server/database.pp +2 -1
  145. data/modules/postgresql/manifests/server/db.pp +2 -0
  146. data/modules/postgresql/manifests/server/grant.pp +20 -16
  147. data/modules/postgresql/manifests/server/initdb.pp +27 -3
  148. data/modules/postgresql/manifests/server/pg_hba_rule.pp +2 -4
  149. data/modules/postgresql/manifests/server/role.pp +8 -2
  150. data/modules/postgresql/manifests/server/service.pp +5 -0
  151. data/modules/postgresql/manifests/server.pp +2 -0
  152. data/modules/postgresql/metadata.json +88 -65
  153. data/modules/postgresql/spec/acceptance/client_spec.rb +18 -0
  154. data/modules/postgresql/spec/{system → acceptance}/common_patterns_spec.rb +8 -14
  155. data/modules/postgresql/spec/{system → acceptance}/contrib_spec.rb +4 -9
  156. data/modules/postgresql/spec/acceptance/lib/devel_spec.rb +17 -0
  157. data/modules/postgresql/spec/acceptance/lib/java_spec.rb +20 -0
  158. data/modules/postgresql/spec/acceptance/lib/python_spec.rb +19 -0
  159. data/modules/postgresql/spec/acceptance/nodesets/centos-510-x64.yml +10 -0
  160. data/modules/postgresql/spec/acceptance/nodesets/centos-59-x64.yml +10 -0
  161. data/modules/postgresql/spec/acceptance/nodesets/centos-64-x64-pe.yml +12 -0
  162. data/modules/postgresql/spec/acceptance/nodesets/centos-64-x64.yml +10 -0
  163. data/modules/postgresql/spec/acceptance/nodesets/debian-607-x64.yml +10 -0
  164. data/modules/postgresql/spec/acceptance/nodesets/debian-73-x64.yml +10 -0
  165. data/modules/postgresql/spec/acceptance/nodesets/default.yml +10 -0
  166. data/modules/postgresql/spec/acceptance/nodesets/ubuntu-server-10044-x64.yml +10 -0
  167. data/modules/postgresql/spec/acceptance/nodesets/ubuntu-server-12042-x64.yml +10 -0
  168. data/modules/postgresql/spec/{system → acceptance}/postgresql_psql_spec.rb +6 -14
  169. data/modules/postgresql/spec/{system → acceptance}/server/config_entry_spec.rb +6 -12
  170. data/modules/postgresql/spec/{system → acceptance}/server/database_grant_spec.rb +6 -12
  171. data/modules/postgresql/spec/{system → acceptance}/server/database_spec.rb +6 -12
  172. data/modules/postgresql/spec/{system → acceptance}/server/db_spec.rb +47 -42
  173. data/modules/postgresql/spec/{system → acceptance}/server/grant_spec.rb +6 -12
  174. data/modules/postgresql/spec/{system → acceptance}/server/pg_hba_rule_spec.rb +10 -23
  175. data/modules/postgresql/spec/{system → acceptance}/server/plperl_spec.rb +6 -10
  176. data/modules/postgresql/spec/{system → acceptance}/server/role_spec.rb +13 -28
  177. data/modules/postgresql/spec/acceptance/server/table_grant_spec.rb +124 -0
  178. data/modules/postgresql/spec/{system → acceptance}/server/tablespace_spec.rb +8 -22
  179. data/modules/postgresql/spec/{system → acceptance}/server_spec.rb +38 -61
  180. data/modules/postgresql/spec/{system → acceptance}/validate_db_connection_spec.rb +8 -20
  181. data/modules/postgresql/spec/spec_helper_acceptance.rb +70 -0
  182. data/modules/postgresql/spec/unit/classes/globals_spec.rb +2 -2
  183. data/modules/postgresql/spec/unit/classes/lib/devel_spec.rb +1 -1
  184. data/modules/postgresql/spec/unit/classes/params_spec.rb +1 -1
  185. data/modules/postgresql/spec/unit/classes/repo_spec.rb +1 -1
  186. data/modules/postgresql/spec/unit/classes/server/initdb_spec.rb +2 -1
  187. data/modules/postgresql/spec/unit/classes/server/plperl_spec.rb +2 -2
  188. data/modules/postgresql/spec/unit/classes/server_spec.rb +9 -2
  189. data/modules/postgresql/spec/unit/puppet/provider/postgresql_psql/ruby_spec.rb +15 -17
  190. data/modules/rbenv/bin/autospec +0 -0
  191. data/modules/rbenv/bin/facter +0 -0
  192. data/modules/rbenv/bin/filebucket +0 -0
  193. data/modules/rbenv/bin/hiera +0 -0
  194. data/modules/rbenv/bin/htmldiff +0 -0
  195. data/modules/rbenv/bin/ldiff +0 -0
  196. data/modules/rbenv/bin/pi +0 -0
  197. data/modules/rbenv/bin/puppet +0 -0
  198. data/modules/rbenv/bin/puppet-lint +0 -0
  199. data/modules/rbenv/bin/puppet-module +0 -0
  200. data/modules/rbenv/bin/puppetca +0 -0
  201. data/modules/rbenv/bin/puppetd +0 -0
  202. data/modules/rbenv/bin/puppetdoc +0 -0
  203. data/modules/rbenv/bin/puppetmasterd +0 -0
  204. data/modules/rbenv/bin/puppetqd +0 -0
  205. data/modules/rbenv/bin/puppetrun +0 -0
  206. data/modules/rbenv/bin/rake +0 -0
  207. data/modules/rbenv/bin/ralsh +0 -0
  208. data/modules/rbenv/bin/rspec +0 -0
  209. data/modules/rbenv/bin/rspec-puppet-init +0 -0
  210. data/modules/stdlib/spec/monkey_patches/alias_should_to_must.rb +0 -0
  211. data/modules/stdlib/spec/monkey_patches/publicize_methods.rb +0 -0
  212. data/modules/stdlib/spec/unit/puppet/parser/functions/abs_spec.rb +0 -0
  213. data/modules/stdlib/spec/unit/puppet/parser/functions/bool2num_spec.rb +0 -0
  214. data/modules/stdlib/spec/unit/puppet/parser/functions/capitalize_spec.rb +0 -0
  215. data/modules/stdlib/spec/unit/puppet/parser/functions/chomp_spec.rb +0 -0
  216. data/modules/stdlib/spec/unit/puppet/parser/functions/chop_spec.rb +0 -0
  217. data/modules/stdlib/spec/unit/puppet/parser/functions/delete_at_spec.rb +0 -0
  218. data/modules/stdlib/spec/unit/puppet/parser/functions/delete_spec.rb +0 -0
  219. data/modules/stdlib/spec/unit/puppet/parser/functions/dirname_spec.rb +0 -0
  220. data/modules/stdlib/spec/unit/puppet/parser/functions/downcase_spec.rb +0 -0
  221. data/modules/stdlib/spec/unit/puppet/parser/functions/empty_spec.rb +0 -0
  222. data/modules/stdlib/spec/unit/puppet/parser/functions/flatten_spec.rb +0 -0
  223. data/modules/stdlib/spec/unit/puppet/parser/functions/grep_spec.rb +0 -0
  224. data/modules/stdlib/spec/unit/puppet/parser/functions/has_interface_with_spec.rb +0 -0
  225. data/modules/stdlib/spec/unit/puppet/parser/functions/has_ip_address_spec.rb +0 -0
  226. data/modules/stdlib/spec/unit/puppet/parser/functions/has_ip_network_spec.rb +0 -0
  227. data/modules/stdlib/spec/unit/puppet/parser/functions/max_spec.rb +0 -0
  228. data/modules/stdlib/spec/unit/puppet/parser/functions/min_spec.rb +0 -0
  229. data/modules/stdlib/spec/unit/puppet/parser/functions/reject_spec.rb +0 -0
  230. data/modules/stdlib/spec/unit/puppet/parser/functions/to_bytes_spec.rb +0 -0
  231. data/modules/stdlib/spec/unit/puppet/parser/functions/validate_slength_spec.rb +0 -0
  232. metadata +92 -77
  233. data/modules/apt/manifests/unattended_upgrades.pp +0 -68
  234. data/modules/apt/spec/classes/unattended_upgrades_spec.rb +0 -204
  235. data/modules/apt/spec/system/apt_builddep_spec.rb +0 -38
  236. data/modules/apt/spec/system/apt_key_spec.rb +0 -53
  237. data/modules/apt/spec/system/apt_ppa_spec.rb +0 -59
  238. data/modules/apt/spec/system/apt_source_spec.rb +0 -51
  239. data/modules/apt/spec/system/basic_spec.rb +0 -10
  240. data/modules/apt/spec/system/class_spec.rb +0 -20
  241. data/modules/apt/templates/10periodic.erb +0 -12
  242. data/modules/apt/templates/50unattended-upgrades.erb +0 -53
  243. data/modules/apt/tests/unattended-upgrades.pp +0 -1
  244. data/modules/concat/README.markdown +0 -150
  245. data/modules/concat/spec/defines/init_spec.rb +0 -115
  246. data/modules/concat/spec/fixtures/manifests/site.pp +0 -0
  247. data/modules/firewall/spec/spec_helper_system.rb +0 -49
  248. data/modules/firewall/spec/system/class_spec.rb +0 -39
  249. data/modules/firewall/spec/system/purge_spec.rb +0 -29
  250. data/modules/firewall/spec/system/resource_cmd_spec.rb +0 -53
  251. data/modules/mysql/manifests/server/providers.pp +0 -8
  252. data/modules/mysql/tests/bindings.pp +0 -3
  253. data/modules/postgresql/Gemfile.lock +0 -74
  254. data/modules/postgresql/spec/spec_helper_system.rb +0 -66
  255. data/modules/postgresql/spec/system/client_spec.rb +0 -22
  256. data/modules/postgresql/spec/system/lib/devel_spec.rb +0 -22
  257. data/modules/postgresql/spec/system/lib/java_spec.rb +0 -25
  258. data/modules/postgresql/spec/system/lib/python_spec.rb +0 -24
  259. data/modules/postgresql/spec/system/server/table_grant_spec.rb +0 -72
@@ -0,0 +1,107 @@
1
+ # These hashes allow us to iterate across a series of test data
2
+ # creating rspec examples for each parameter to ensure the input :line
3
+ # extrapolates to the desired value for the parameter in question. And
4
+ # vice-versa
5
+
6
+ # This hash is for testing a line conversion to a hash of parameters
7
+ # which will be used to create a resource.
8
+ ARGS_TO_HASH6 = {
9
+ 'source_destination_ipv6_no_cidr' => {
10
+ :line => '-A INPUT -s 2001:db8:85a3::8a2e:370:7334 -d 2001:db8:85a3::8a2e:370:7334 -m comment --comment "000 source destination ipv6 no cidr"',
11
+ :table => 'filter',
12
+ :provider => 'ip6tables',
13
+ :params => {
14
+ :source => '2001:db8:85a3::8a2e:370:7334/128',
15
+ :destination => '2001:db8:85a3::8a2e:370:7334/128',
16
+ },
17
+ },
18
+ 'source_destination_ipv6_netmask' => {
19
+ :line => '-A INPUT -s 2001:db8:1234::/ffff:ffff:ffff:0000:0000:0000:0000:0000 -d 2001:db8:4321::/ffff:ffff:ffff:0000:0000:0000:0000:0000 -m comment --comment "000 source destination ipv6 netmask"',
20
+ :table => 'filter',
21
+ :provider => 'ip6tables',
22
+ :params => {
23
+ :source => '2001:db8:1234::/48',
24
+ :destination => '2001:db8:4321::/48',
25
+ },
26
+ },
27
+ }
28
+
29
+ # This hash is for testing converting a hash to an argument line.
30
+ HASH_TO_ARGS6 = {
31
+ 'zero_prefixlen_ipv6' => {
32
+ :params => {
33
+ :name => '100 zero prefix length ipv6',
34
+ :table => 'filter',
35
+ :provider => 'ip6tables',
36
+ :source => '::/0',
37
+ :destination => '::/0',
38
+ },
39
+ :args => ['-t', :filter, '-p', :tcp, '-m', 'comment', '--comment', '100 zero prefix length ipv6'],
40
+ },
41
+ 'source_destination_ipv4_no_cidr' => {
42
+ :params => {
43
+ :name => '000 source destination ipv4 no cidr',
44
+ :table => 'filter',
45
+ :provider => 'ip6tables',
46
+ :source => '1.1.1.1',
47
+ :destination => '2.2.2.2',
48
+ },
49
+ :args => ['-t', :filter, '-s', '1.1.1.1/32', '-d', '2.2.2.2/32', '-p', :tcp, '-m', 'comment', '--comment', '000 source destination ipv4 no cidr'],
50
+ },
51
+ 'source_destination_ipv6_no_cidr' => {
52
+ :params => {
53
+ :name => '000 source destination ipv6 no cidr',
54
+ :table => 'filter',
55
+ :provider => 'ip6tables',
56
+ :source => '2001:db8:1234::',
57
+ :destination => '2001:db8:4321::',
58
+ },
59
+ :args => ['-t', :filter, '-s', '2001:db8:1234::/128', '-d', '2001:db8:4321::/128', '-p', :tcp, '-m', 'comment', '--comment', '000 source destination ipv6 no cidr'],
60
+ },
61
+ 'source_destination_ipv6_netmask' => {
62
+ :params => {
63
+ :name => '000 source destination ipv6 netmask',
64
+ :table => 'filter',
65
+ :provider => 'ip6tables',
66
+ :source => '2001:db8:1234::/ffff:ffff:ffff:0000:0000:0000:0000:0000',
67
+ :destination => '2001:db8:4321::/ffff:ffff:ffff:0000:0000:0000:0000:0000',
68
+ },
69
+ :args => ['-t', :filter, '-s', '2001:db8:1234::/48', '-d', '2001:db8:4321::/48', '-p', :tcp, '-m', 'comment', '--comment', '000 source destination ipv6 netmask'],
70
+ },
71
+ 'frag_ishasmorefrags' => {
72
+ :params => {
73
+ :name => "100 has more fragments",
74
+ :ishasmorefrags => true,
75
+ :provider => 'ip6tables',
76
+ :table => "filter",
77
+ },
78
+ :args => ["-t", :filter, "-p", :tcp, "-m", "frag", "--fragid", "0", "--fragmore", "-m", "comment", "--comment", "100 has more fragments"],
79
+ },
80
+ 'frag_islastfrag' => {
81
+ :params => {
82
+ :name => "100 last fragment",
83
+ :islastfrag => true,
84
+ :provider => 'ip6tables',
85
+ :table => "filter",
86
+ },
87
+ :args => ["-t", :filter, "-p", :tcp, "-m", "frag", "--fragid", "0", "--fraglast", "-m", "comment", "--comment", "100 last fragment"],
88
+ },
89
+ 'frag_isfirstfrags' => {
90
+ :params => {
91
+ :name => "100 first fragment",
92
+ :isfirstfrag => true,
93
+ :provider => 'ip6tables',
94
+ :table => "filter",
95
+ },
96
+ :args => ["-t", :filter, "-p", :tcp, "-m", "frag", "--fragid", "0", "--fragfirst", "-m", "comment", "--comment", "100 first fragment"],
97
+ },
98
+ 'hop_limit' => {
99
+ :params => {
100
+ :name => "100 hop limit",
101
+ :hop_limit => 255,
102
+ :provider => 'ip6tables',
103
+ :table => "filter",
104
+ },
105
+ :args => ["-t", :filter, "-p", :tcp, "-m", "comment", "--comment", "100 hop limit", "-m", "hl", "--hl-eq", 255],
106
+ },
107
+ }
@@ -6,6 +6,19 @@
6
6
  # This hash is for testing a line conversion to a hash of parameters
7
7
  # which will be used to create a resource.
8
8
  ARGS_TO_HASH = {
9
+ 'dport_and_sport' => {
10
+ :line => '-A nova-compute-FORWARD -s 0.0.0.0/32 -d 255.255.255.255/32 -p udp -m udp --sport 68 --dport 67 -j ACCEPT',
11
+ :table => 'filter',
12
+ :params => {
13
+ :action => 'accept',
14
+ :chain => 'nova-compute-FORWARD',
15
+ :source => '0.0.0.0/32',
16
+ :destination => '255.255.255.255/32',
17
+ :sport => ['68'],
18
+ :dport => ['67'],
19
+ :proto => 'udp',
20
+ },
21
+ },
9
22
  'long_rule_1' => {
10
23
  :line => '-A INPUT -s 1.1.1.1/32 -d 1.1.1.1/32 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061,7062 -m comment --comment "000 allow foo" -j ACCEPT',
11
24
  :table => 'filter',
@@ -89,6 +102,30 @@ ARGS_TO_HASH = {
89
102
  :destination => '2001:db8:4321::/48',
90
103
  },
91
104
  },
105
+ 'source_destination_negate_source' => {
106
+ :line => '-A INPUT ! -s 1.1.1.1 -d 2.2.2.2 -m comment --comment "000 negated source address"',
107
+ :table => 'filter',
108
+ :params => {
109
+ :source => '! 1.1.1.1/32',
110
+ :destination => '2.2.2.2/32',
111
+ },
112
+ },
113
+ 'source_destination_negate_destination' => {
114
+ :line => '-A INPUT -s 1.1.1.1 ! -d 2.2.2.2 -m comment --comment "000 negated destination address"',
115
+ :table => 'filter',
116
+ :params => {
117
+ :source => '1.1.1.1/32',
118
+ :destination => '! 2.2.2.2/32',
119
+ },
120
+ },
121
+ 'source_destination_negate_destination_alternative' => {
122
+ :line => '-A INPUT -s 1.1.1.1 -d ! 2.2.2.2 -m comment --comment "000 negated destination address alternative"',
123
+ :table => 'filter',
124
+ :params => {
125
+ :source => '1.1.1.1/32',
126
+ :destination => '! 2.2.2.2/32',
127
+ },
128
+ },
92
129
  'dport_range_1' => {
93
130
  :line => '-A INPUT -m multiport --dports 1:1024 -m comment --comment "000 allow foo"',
94
131
  :table => 'filter',
@@ -170,6 +207,14 @@ ARGS_TO_HASH = {
170
207
  :action => nil,
171
208
  },
172
209
  },
210
+ 'ctstate_returns_sorted_values' => {
211
+ :line => '-A INPUT -m conntrack --ctstate INVALID,RELATED,ESTABLISHED',
212
+ :table => 'filter',
213
+ :params => {
214
+ :ctstate => ['ESTABLISHED', 'INVALID', 'RELATED'],
215
+ :action => nil,
216
+ },
217
+ },
173
218
  'comment_string_character_validation' => {
174
219
  :line => '-A INPUT -s 192.168.0.1/32 -m comment --comment "000 allow from 192.168.0.1, please"',
175
220
  :table => 'filter',
@@ -539,7 +584,7 @@ HASH_TO_ARGS = {
539
584
  :table => 'filter',
540
585
  :dst_range => '10.0.0.1-10.0.0.10',
541
586
  },
542
- :args => ['-t', :filter, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-p', :tcp, '-m', 'comment', '--comment', '000 dst_range'],
587
+ :args => ['-t', :filter, '-p', :tcp, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-m', 'comment', '--comment', '000 dst_range'],
543
588
  },
544
589
  'src_range_1' => {
545
590
  :params => {
@@ -547,7 +592,7 @@ HASH_TO_ARGS = {
547
592
  :table => 'filter',
548
593
  :dst_range => '10.0.0.1-10.0.0.10',
549
594
  },
550
- :args => ['-t', :filter, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-p', :tcp, '-m', 'comment', '--comment', '000 src_range'],
595
+ :args => ['-t', :filter, '-p', :tcp, '-m', 'iprange', '--dst-range', '10.0.0.1-10.0.0.10', '-m', 'comment', '--comment', '000 src_range'],
551
596
  },
552
597
  'tcp_flags_1' => {
553
598
  :params => {
@@ -567,6 +612,15 @@ HASH_TO_ARGS = {
567
612
  :args => ["-t", :filter, "-p", :tcp, "-m", "comment", "--comment", "100 states_set_from_array",
568
613
  "-m", "state", "--state", "ESTABLISHED,INVALID"],
569
614
  },
615
+ 'ctstates_set_from_array' => {
616
+ :params => {
617
+ :name => "100 ctstates_set_from_array",
618
+ :table => "filter",
619
+ :ctstate => ['ESTABLISHED', 'INVALID']
620
+ },
621
+ :args => ["-t", :filter, "-p", :tcp, "-m", "comment", "--comment", "100 ctstates_set_from_array",
622
+ "-m", "conntrack", "--ctstate", "ESTABLISHED,INVALID"],
623
+ },
570
624
  'comment_string_character_validation' => {
571
625
  :params => {
572
626
  :name => "000 allow from 192.168.0.1, please",
@@ -0,0 +1,38 @@
1
+ require 'beaker-rspec'
2
+
3
+ def iptables_flush_all_tables
4
+ ['filter', 'nat', 'mangle', 'raw'].each do |t|
5
+ expect(shell("/sbin/iptables -t #{t} -F").stderr).to eq("")
6
+ end
7
+ end
8
+
9
+ def ip6tables_flush_all_tables
10
+ ['filter'].each do |t|
11
+ expect(shell("/sbin/ip6tables -t #{t} -F").stderr).to eq("")
12
+ end
13
+ end
14
+
15
+ hosts.each do |host|
16
+ # Install Puppet
17
+ install_package host, 'rubygems'
18
+ on host, 'gem install puppet --no-ri --no-rdoc'
19
+ on host, "mkdir -p #{host['distmoduledir']}"
20
+ end
21
+
22
+ RSpec.configure do |c|
23
+ # Project root
24
+ proj_root = File.expand_path(File.join(File.dirname(__FILE__), '..'))
25
+
26
+ # Readable test descriptions
27
+ c.formatter = :documentation
28
+
29
+ # Configure all nodes in nodeset
30
+ c.before :suite do
31
+ # Install module and dependencies
32
+ puppet_module_install(:source => proj_root, :module_name => 'firewall')
33
+ hosts.each do |host|
34
+ shell('/bin/touch /etc/puppet/hiera.yaml')
35
+ shell('puppet module install puppetlabs-stdlib --version 3.2.0', { :acceptable_exit_codes => [0,1] })
36
+ end
37
+ end
38
+ end
@@ -8,7 +8,7 @@ describe 'firewall', :type => :class do
8
8
 
9
9
  context 'kernel => Windows' do
10
10
  let(:facts) {{ :kernel => 'Windows' }}
11
- it { expect { should include_class('firewall::linux') }.to raise_error(Puppet::Error) }
11
+ it { expect { should contain_class('firewall::linux') }.to raise_error(Puppet::Error) }
12
12
  end
13
13
 
14
14
  context 'ensure => stopped' do
@@ -20,6 +20,6 @@ describe 'firewall', :type => :class do
20
20
  context 'ensure => test' do
21
21
  let(:facts) {{ :kernel => 'Linux' }}
22
22
  let(:params) {{ :ensure => 'test' }}
23
- it { expect { should include_class('firewall::linux') }.to raise_error(Puppet::Error) }
23
+ it { expect { should contain_class('firewall::linux') }.to raise_error(Puppet::Error) }
24
24
  end
25
25
  end
@@ -10,8 +10,9 @@ describe "Facter::Util::Fact iptables_persistent_version" do
10
10
  }.each do |os, ver|
11
11
  describe "#{os} package installed" do
12
12
  before {
13
- Facter.fact(:operatingsystem).stubs(:value).returns(os)
14
- Facter::Util::Resolution.stubs(:exec).with(dpkg_cmd).returns(ver)
13
+ allow(Facter.fact(:operatingsystem)).to receive(:value).and_return(os)
14
+ allow(Facter::Util::Resolution).to receive(:exec).with(dpkg_cmd).
15
+ and_return(ver)
15
16
  }
16
17
  it { Facter.fact(:iptables_persistent_version).value.should == ver }
17
18
  end
@@ -19,14 +20,16 @@ describe "Facter::Util::Fact iptables_persistent_version" do
19
20
 
20
21
  describe 'Ubuntu package not installed' do
21
22
  before {
22
- Facter.fact(:operatingsystem).stubs(:value).returns("Ubuntu")
23
- Facter::Util::Resolution.stubs(:exec).with(dpkg_cmd).returns(nil)
23
+ allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('Ubuntu')
24
+ allow(Facter::Util::Resolution).to receive(:exec).with(dpkg_cmd).
25
+ and_return(nil)
24
26
  }
25
27
  it { Facter.fact(:iptables_persistent_version).value.should be_nil }
26
28
  end
27
29
 
28
30
  describe 'CentOS not supported' do
29
- before { Facter.fact(:operatingsystem).stubs(:value).returns("CentOS") }
31
+ before { allow(Facter.fact(:operatingsystem)).to receive(:value).
32
+ and_return("CentOS") }
30
33
  it { Facter.fact(:iptables_persistent_version).value.should be_nil }
31
34
  end
32
35
  end
@@ -3,19 +3,21 @@ require 'spec_helper'
3
3
  describe "Facter::Util::Fact" do
4
4
  before {
5
5
  Facter.clear
6
- Facter.fact(:kernel).stubs(:value).returns("Linux")
7
- Facter.fact(:kernelrelease).stubs(:value).returns("2.6")
6
+ allow(Facter.fact(:kernel)).to receive(:value).and_return('Linux')
7
+ allow(Facter.fact(:kernelrelease)).to receive(:value).and_return('2.6')
8
8
  }
9
9
 
10
10
  describe 'iptables_version' do
11
11
  it {
12
- Facter::Util::Resolution.stubs(:exec).with('iptables --version').returns('iptables v1.4.7')
12
+ allow(Facter::Util::Resolution).to receive(:exec).with('iptables --version').
13
+ and_return('iptables v1.4.7')
13
14
  Facter.fact(:iptables_version).value.should == '1.4.7'
14
15
  }
15
16
  end
16
17
 
17
18
  describe 'ip6tables_version' do
18
- before { Facter::Util::Resolution.stubs(:exec).with('ip6tables --version').returns('ip6tables v1.4.7') }
19
+ before { allow(Facter::Util::Resolution).to receive(:exec).
20
+ with('ip6tables --version').and_return('ip6tables v1.4.7') }
19
21
  it { Facter.fact(:ip6tables_version).value.should == '1.4.7' }
20
22
  end
21
23
  end
@@ -1,12 +1,22 @@
1
1
  #!/usr/bin/env rspec
2
2
 
3
3
  require 'spec_helper'
4
- require 'puppet'
4
+ if Puppet.version < '3.4.0'
5
+ require 'puppet/provider/confine/exists'
6
+ else
7
+ require 'puppet/confine/exists'
8
+ end
5
9
 
6
10
  describe 'iptables chain provider detection' do
7
- let(:exists) {
8
- Puppet::Provider::Confine::Exists
9
- }
11
+ if Puppet.version < '3.4.0'
12
+ let(:exists) {
13
+ Puppet::Provider::Confine::Exists
14
+ }
15
+ else
16
+ let(:exists) {
17
+ Puppet::Confine::Exists
18
+ }
19
+ end
10
20
 
11
21
  before :each do
12
22
  # Reset the default provider
@@ -1,12 +1,22 @@
1
1
  #!/usr/bin/env rspec
2
2
 
3
3
  require 'spec_helper'
4
- require 'puppet/provider/confine/exists'
4
+ if Puppet.version < '3.4.0'
5
+ require 'puppet/provider/confine/exists'
6
+ else
7
+ require 'puppet/confine/exists'
8
+ end
5
9
 
6
10
  describe 'iptables provider detection' do
7
- let(:exists) {
8
- Puppet::Provider::Confine::Exists
9
- }
11
+ if Puppet.version < '3.4.0'
12
+ let(:exists) {
13
+ Puppet::Provider::Confine::Exists
14
+ }
15
+ else
16
+ let(:exists) {
17
+ Puppet::Confine::Exists
18
+ }
19
+ end
10
20
 
11
21
  before :each do
12
22
  # Reset the default provider
@@ -44,7 +54,7 @@ describe 'iptables provider' do
44
54
  }
45
55
 
46
56
  before :each do
47
- Puppet::Type::Firewall.stubs(:defaultprovider).returns provider
57
+ allow(Puppet::Type::Firewall).to receive(:defaultprovider).and_return provider
48
58
  allow(provider).to receive(:command).with(:iptables_save).and_return "/sbin/iptables-save"
49
59
 
50
60
  # Stub iptables version
@@ -69,6 +79,126 @@ describe 'iptables provider' do
69
79
  expect(provider.instances.length).to be_zero
70
80
  end
71
81
 
82
+ describe '#insert_order' do
83
+ let(:iptables_save_output) { [
84
+ '-A INPUT -s 8.0.0.2/32 -p tcp -m multiport --ports 100 -m comment --comment "100 test" -j ACCEPT',
85
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 200 -m comment --comment "200 test" -j ACCEPT',
86
+ '-A INPUT -s 8.0.0.4/32 -p tcp -m multiport --ports 300 -m comment --comment "300 test" -j ACCEPT'
87
+ ] }
88
+ let(:resources) do
89
+ iptables_save_output.each_with_index.collect { |l,index| provider.rule_to_hash(l, 'filter', index) }
90
+ end
91
+ let(:providers) do
92
+ resources.collect { |r| provider.new(r) }
93
+ end
94
+ it 'understands offsets for adding rules to the beginning' do
95
+ resource = Puppet::Type.type(:firewall).new({ :name => '001 test', })
96
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
97
+ expect(resource.provider.insert_order).to eq(1) # 1-indexed
98
+ end
99
+ it 'understands offsets for editing rules at the beginning' do
100
+ resource = Puppet::Type.type(:firewall).new({ :name => '100 test', })
101
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
102
+ expect(resource.provider.insert_order).to eq(1)
103
+ end
104
+ it 'understands offsets for adding rules to the middle' do
105
+ resource = Puppet::Type.type(:firewall).new({ :name => '101 test', })
106
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
107
+ expect(resource.provider.insert_order).to eq(2)
108
+ end
109
+ it 'understands offsets for editing rules at the middle' do
110
+ resource = Puppet::Type.type(:firewall).new({ :name => '200 test', })
111
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
112
+ expect(resource.provider.insert_order).to eq(2)
113
+ end
114
+ it 'understands offsets for adding rules to the end' do
115
+ resource = Puppet::Type.type(:firewall).new({ :name => '301 test', })
116
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
117
+ expect(resource.provider.insert_order).to eq(4)
118
+ end
119
+ it 'understands offsets for editing rules at the end' do
120
+ resource = Puppet::Type.type(:firewall).new({ :name => '300 test', })
121
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
122
+ expect(resource.provider.insert_order).to eq(3)
123
+ end
124
+
125
+ context 'with unname rules between' do
126
+ let(:iptables_save_output) { [
127
+ '-A INPUT -s 8.0.0.2/32 -p tcp -m multiport --ports 100 -m comment --comment "100 test" -j ACCEPT',
128
+ '-A INPUT -s 8.0.0.2/32 -p tcp -m multiport --ports 150 -m comment --comment "150 test" -j ACCEPT',
129
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 200 -j ACCEPT',
130
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 250 -j ACCEPT',
131
+ '-A INPUT -s 8.0.0.4/32 -p tcp -m multiport --ports 300 -m comment --comment "300 test" -j ACCEPT',
132
+ '-A INPUT -s 8.0.0.4/32 -p tcp -m multiport --ports 350 -m comment --comment "350 test" -j ACCEPT',
133
+ ] }
134
+ it 'understands offsets for adding rules before unnamed rules' do
135
+ resource = Puppet::Type.type(:firewall).new({ :name => '001 test', })
136
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
137
+ expect(resource.provider.insert_order).to eq(1)
138
+ end
139
+ it 'understands offsets for editing rules before unnamed rules' do
140
+ resource = Puppet::Type.type(:firewall).new({ :name => '100 test', })
141
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
142
+ expect(resource.provider.insert_order).to eq(1)
143
+ end
144
+ it 'understands offsets for adding rules between managed rules' do
145
+ resource = Puppet::Type.type(:firewall).new({ :name => '120 test', })
146
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
147
+ expect(resource.provider.insert_order).to eq(2)
148
+ end
149
+ it 'understands offsets for adding rules between unnamed rules' do
150
+ resource = Puppet::Type.type(:firewall).new({ :name => '151 test', })
151
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
152
+ expect(resource.provider.insert_order).to eq(3)
153
+ end
154
+ it 'understands offsets for adding rules after unnamed rules' do
155
+ resource = Puppet::Type.type(:firewall).new({ :name => '351 test', })
156
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
157
+ expect(resource.provider.insert_order).to eq(7)
158
+ end
159
+ end
160
+
161
+ context 'with unname rules before and after' do
162
+ let(:iptables_save_output) { [
163
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 050 -j ACCEPT',
164
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 090 -j ACCEPT',
165
+ '-A INPUT -s 8.0.0.2/32 -p tcp -m multiport --ports 100 -m comment --comment "100 test" -j ACCEPT',
166
+ '-A INPUT -s 8.0.0.2/32 -p tcp -m multiport --ports 150 -m comment --comment "150 test" -j ACCEPT',
167
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 200 -j ACCEPT',
168
+ '-A INPUT -s 8.0.0.3/32 -p tcp -m multiport --ports 250 -j ACCEPT',
169
+ '-A INPUT -s 8.0.0.4/32 -p tcp -m multiport --ports 300 -m comment --comment "300 test" -j ACCEPT',
170
+ '-A INPUT -s 8.0.0.4/32 -p tcp -m multiport --ports 350 -m comment --comment "350 test" -j ACCEPT',
171
+ '-A INPUT -s 8.0.0.5/32 -p tcp -m multiport --ports 400 -j ACCEPT',
172
+ '-A INPUT -s 8.0.0.5/32 -p tcp -m multiport --ports 450 -j ACCEPT',
173
+ ] }
174
+ it 'understands offsets for adding rules before unnamed rules' do
175
+ resource = Puppet::Type.type(:firewall).new({ :name => '001 test', })
176
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
177
+ expect(resource.provider.insert_order).to eq(1)
178
+ end
179
+ it 'understands offsets for editing rules before unnamed rules' do
180
+ resource = Puppet::Type.type(:firewall).new({ :name => '100 test', })
181
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
182
+ expect(resource.provider.insert_order).to eq(3)
183
+ end
184
+ it 'understands offsets for adding rules between managed rules' do
185
+ resource = Puppet::Type.type(:firewall).new({ :name => '120 test', })
186
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
187
+ expect(resource.provider.insert_order).to eq(4)
188
+ end
189
+ it 'understands offsets for adding rules between unnamed rules' do
190
+ resource = Puppet::Type.type(:firewall).new({ :name => '151 test', })
191
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
192
+ expect(resource.provider.insert_order).to eq(5)
193
+ end
194
+ it 'understands offsets for adding rules after unnamed rules' do
195
+ resource = Puppet::Type.type(:firewall).new({ :name => '351 test', })
196
+ allow(resource.provider.class).to receive(:instances).and_return(providers)
197
+ expect(resource.provider.insert_order).to eq(9)
198
+ end
199
+ end
200
+ end
201
+
72
202
  # Load in ruby hash for test fixtures.
73
203
  load 'spec/fixtures/iptables/conversion_hash.rb'
74
204
 
@@ -123,6 +253,37 @@ describe 'iptables provider' do
123
253
  it 'rule name contains a MD5 sum of the line' do
124
254
  expect(resource[:name]).to eq("9000 #{Digest::MD5.hexdigest(resource[:line])}")
125
255
  end
256
+
257
+ it 'parsed the rule arguments correctly' do
258
+ expect(resource[:chain]).to eq('INPUT')
259
+ expect(resource[:source]).to eq('1.1.1.1/32')
260
+ expect(resource[:destination]).to eq('1.1.1.1/32')
261
+ expect(resource[:proto]).to eq('tcp')
262
+ expect(resource[:dport]).to eq(['7061', '7062'])
263
+ expect(resource[:sport]).to eq(['7061', '7062'])
264
+ expect(resource[:action]).to eq('accept')
265
+ end
266
+ end
267
+
268
+ describe 'when converting existing rules generates by system-config-firewall-tui to resources' do
269
+ let(:sample_rule) {
270
+ # as generated by iptables-save from rules created with system-config-firewall-tui
271
+ '-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT'
272
+ }
273
+ let(:resource) { provider.rule_to_hash(sample_rule, 'filter', 0) }
274
+ let(:instance) { provider.new(resource) }
275
+
276
+ it 'rule name contains a MD5 sum of the line' do
277
+ expect(resource[:name]).to eq("9000 #{Digest::MD5.hexdigest(resource[:line])}")
278
+ end
279
+
280
+ it 'parse arguments' do
281
+ expect(resource[:chain]).to eq('INPUT')
282
+ expect(resource[:proto]).to eq('tcp')
283
+ expect(resource[:dport]).to eq(['22'])
284
+ expect(resource[:state]).to eq(['NEW'])
285
+ expect(resource[:action]).to eq('accept')
286
+ end
126
287
  end
127
288
 
128
289
  describe 'when creating resources' do
@@ -139,6 +300,10 @@ describe 'iptables provider' do
139
300
  it 'update_args should be an array' do
140
301
  expect(instance.update_args.class).to eq(Array)
141
302
  end
303
+
304
+ it 'fails when modifying the chain' do
305
+ expect { instance.chain = "OUTPUT" }.to raise_error(/is not supported/)
306
+ end
142
307
  end
143
308
 
144
309
  describe 'when deleting resources' do
@@ -162,3 +327,79 @@ describe 'iptables provider' do
162
327
  end
163
328
  end
164
329
  end
330
+
331
+ describe 'ip6tables provider' do
332
+ let(:provider6) { Puppet::Type.type(:firewall).provider(:ip6tables) }
333
+ let(:resource) {
334
+ Puppet::Type.type(:firewall).new({
335
+ :name => '000 test foo',
336
+ :action => 'accept',
337
+ :provider => "ip6tables",
338
+ })
339
+ }
340
+
341
+ before :each do
342
+ allow(Puppet::Type::Firewall).to receive(:ip6tables).and_return provider6
343
+ allow(provider6).to receive(:command).with(:ip6tables_save).and_return "/sbin/ip6tables-save"
344
+
345
+ # Stub iptables version
346
+ allow(Facter.fact(:ip6tables_version)).to receive(:value).and_return '1.4.7'
347
+
348
+ allow(Puppet::Util::Execution).to receive(:execute).and_return ''
349
+ allow(Puppet::Util).to receive(:which).with("ip6tables-save").
350
+ and_return "/sbin/ip6tables-save"
351
+ end
352
+
353
+ it 'should be able to get a list of existing rules' do
354
+ provider6.instances.each do |rule|
355
+ rule.should be_instance_of(provider6)
356
+ rule.properties[:provider6].to_s.should == provider6.name.to_s
357
+ end
358
+ end
359
+
360
+ it 'should ignore lines with fatal errors' do
361
+ allow(Puppet::Util::Execution).to receive(:execute).with(['/sbin/ip6tables-save']).
362
+ and_return("FATAL: Could not load /lib/modules/2.6.18-028stab095.1/modules.dep: No such file or directory")
363
+ provider6.instances.length.should == 0
364
+ end
365
+
366
+ # Load in ruby hash for test fixtures.
367
+ load 'spec/fixtures/ip6tables/conversion_hash.rb'
368
+
369
+ describe 'when converting rules to resources' do
370
+ ARGS_TO_HASH6.each do |test_name,data|
371
+ describe "for test data '#{test_name}'" do
372
+ let(:resource) { provider6.rule_to_hash(data[:line], data[:table], 0) }
373
+
374
+ # If this option is enabled, make sure the parameters exactly match
375
+ if data[:compare_all] then
376
+ it "the parameter hash keys should be the same as returned by rules_to_hash" do
377
+ resource.keys.should =~ data[:params].keys
378
+ end
379
+ end
380
+
381
+ # Iterate across each parameter, creating an example for comparison
382
+ data[:params].each do |param_name, param_value|
383
+ it "the parameter '#{param_name.to_s}' should match #{param_value.inspect}" do
384
+ resource[param_name].should == data[:params][param_name]
385
+ end
386
+ end
387
+ end
388
+ end
389
+ end
390
+
391
+ describe 'when working out general_args' do
392
+ HASH_TO_ARGS6.each do |test_name,data|
393
+ describe "for test data '#{test_name}'" do
394
+ let(:resource) { Puppet::Type.type(:firewall).new(data[:params]) }
395
+ let(:provider6) { Puppet::Type.type(:firewall).provider(:ip6tables) }
396
+ let(:instance) { provider6.new(resource) }
397
+
398
+ it 'general_args should be valid' do
399
+ instance.general_args.flatten.should == data[:args]
400
+ end
401
+ end
402
+ end
403
+ end
404
+ end
405
+