forked from puppetlabs/puppetlabs-firewall
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfirewall_time_spec.rb
75 lines (68 loc) · 2.84 KB
/
firewall_time_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
require 'spec_helper_acceptance'
describe 'firewall time' do
before :all do
iptables_flush_all_tables
ip6tables_flush_all_tables
end
if default['platform'] =~ /ubuntu-1404/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /debian-8/ or default['platform'] =~ /el-7/
describe "time tests ipv4" do
context 'set all time parameters' do
it 'applies' do
pp = <<-EOS
class { '::firewall': }
firewall { '805 - test':
proto => tcp,
dport => '8080',
action => accept,
chain => 'OUTPUT',
date_start => '2016-01-19T04:17:07',
date_stop => '2038-01-19T04:17:07',
time_start => '6:00',
time_stop => '17:00:00',
month_days => '7',
week_days => 'Tue',
kernel_timezone => true,
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => do_catch_changes)
end
it 'should contain the rule' do
shell('iptables-save') do |r|
expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --dports 8080 -m time --timestart 06:00:00 --timestop 17:00:00 --monthdays 7 --weekdays Tue --datestart 2016-01-19T04:17:07 --datestop 2038-01-19T04:17:07 --kerneltz -m comment --comment "805 - test" -j ACCEPT/)
end
end
end
end
describe "time tests ipv6" do
context 'set all time parameters' do
it 'applies' do
pp = <<-EOS
class { '::firewall': }
firewall { '805 - test':
proto => tcp,
dport => '8080',
action => accept,
chain => 'OUTPUT',
date_start => '2016-01-19T04:17:07',
date_stop => '2038-01-19T04:17:07',
time_start => '6:00',
time_stop => '17:00:00',
month_days => '7',
week_days => 'Tue',
kernel_timezone => true,
provider => 'ip6tables',
}
EOS
apply_manifest(pp, :catch_failures => true)
apply_manifest(pp, :catch_changes => do_catch_changes)
end
it 'should contain the rule' do
shell('ip6tables-save') do |r|
expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --dports 8080 -m time --timestart 06:00:00 --timestop 17:00:00 --monthdays 7 --weekdays Tue --datestart 2016-01-19T04:17:07 --datestop 2038-01-19T04:17:07 --kerneltz -m comment --comment "805 - test" -j ACCEPT/)
end
end
end
end
end
end