Skip to content

Commit

Permalink
Additional cleanup
Browse files Browse the repository at this point in the history
  • Loading branch information
@silug
silug committed Dec 17, 2024
1 parent d4175a1 commit 1b87851
Show file tree
Hide file tree
Showing 5 changed files with 111 additions and 136 deletions.
56 changes: 25 additions & 31 deletions spec/defines/rule/ah_esp_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) do
os_facts.merge({
simplib__firewalls: ['iptables', 'firewalld']
})
os_facts.merge(simplib__firewalls: ['iptables', 'firewalld'])
end

let(:ipv4_nets) do
Expand All @@ -33,77 +31,73 @@
let(:params) do
{
protocol: 'ah',
trusted_nets: ipv4_nets + ipv6_nets,
order: 15
trusted_nets: ipv4_nets + ipv6_nets,
order: 15,
}
end

it { is_expected.to create_simp_firewalld__rule(title) }

it {
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS")
.with(
ensure: 'present',
family: 'ipv4',
source: { 'ipset' => 'simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS' },
action: 'accept',
zone: '99_simp',
protocol: 'ah',
},
)
}
)
end

it {
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-07jxibAQvZRtfJna9ZG6dLvz2e").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-07jxibAQvZRtfJna9ZG6dLvz2e")
.with(
ensure: 'present',
family: 'ipv6',
source: { 'ipset' => 'simp-07jxibAQvZRtfJna9ZG6dLvz2e' },
action: 'accept',
zone: '99_simp',
protocol: 'ah',
},
)
}
)
end
end

context 'esp with trusted_nets in CIDR format' do
let(:title) { 'allow_esp' }
let(:params) do
{
protocol: 'esp',
trusted_nets: ipv4_nets + ipv6_nets,
order: 15
trusted_nets: ipv4_nets + ipv6_nets,
order: 15,
}
end

it { is_expected.to create_simp_firewalld__rule(title) }

it {
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS")
.with(
ensure: 'present',
family: 'ipv4',
source: { 'ipset' => 'simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS' },
action: 'accept',
zone: '99_simp',
protocol: 'esp',
},
)
}
)
end

it {
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-07jxibAQvZRtfJna9ZG6dLvz2e").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_15_#{title}_simp-07jxibAQvZRtfJna9ZG6dLvz2e")
.with(
ensure: 'present',
family: 'ipv6',
source: { 'ipset' => 'simp-07jxibAQvZRtfJna9ZG6dLvz2e' },
action: 'accept',
zone: '99_simp',
protocol: 'esp',
},
)
}
)
end
end
end
end
Expand Down
89 changes: 41 additions & 48 deletions spec/defines/rule/all_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,7 @@
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) do
os_facts.merge({
simplib__firewalls: ['iptables', 'firewalld']
})
os_facts.merge(simplib__firewalls: ['iptables', 'firewalld'])
end

let(:ipv4_nets) do
Expand Down Expand Up @@ -51,20 +49,19 @@
let(:params) do
{
protocol: 'all',
trusted_nets: ipv4_nets + hostnames + ipv6_nets
trusted_nets: ipv4_nets + hostnames + ipv6_nets,
}
end

it { is_expected.to compile.with_all_deps }
it {
is_expected.to create_notify("simp_firewalld::rule[#{title}] - hostname warning").with(
{
it do
is_expected.to create_notify("simp_firewalld::rule[#{title}] - hostname warning")
.with(
message: %r{foo\.bar\.baz, i\.like\.cheese},
withpath: true,
loglevel: 'warning'
},
)
}
loglevel: 'warning',
)
end
end

context "with '0.0.0.0/0' in the address list" do
Expand All @@ -74,7 +71,7 @@
let(:params) do
{
protocol: 'all',
trusted_nets: ipv4_nets + ['0.0.0.0/0']
trusted_nets: ipv4_nets + ['0.0.0.0/0'],
}
end

Expand All @@ -84,32 +81,30 @@
it { is_expected.not_to create_firewalld_service("simp_all_#{title}") }
it { is_expected.not_to create_firewalld_ipset('simp-JLn9X7BmpTacRGDKNCKSeIJhbZ') }
it { is_expected.not_to create_firewalld_ipset('simp-siFVMk3fjxaKSgTnYmVONaUP7g') }
it {
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-JLn9X7BmpTacRGDKNCKSeIJhbZ").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-JLn9X7BmpTacRGDKNCKSeIJhbZ")
.with(
ensure: 'present',
family: 'ipv4',
source: '0.0.0.0/0',
service: nil,
action: 'accept',
zone: '99_simp',
require: 'Service[firewalld]'
},
)
}
it {
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-siFVMk3fjxaKSgTnYmVONaUP7g").with(
{
require: 'Service[firewalld]',
)
end
it do
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-siFVMk3fjxaKSgTnYmVONaUP7g")
.with(
ensure: 'present',
family: 'ipv6',
source: '::/0',
service: nil,
action: 'accept',
zone: '99_simp',
require: 'Service[firewalld]'
},
)
}
require: 'Service[firewalld]',
)
end
end

context 'IPv4 only' do
Expand All @@ -118,24 +113,23 @@
let(:params) do
{
protocol: 'all',
trusted_nets: ipv4_nets + ['0.0.0.0/0'],
apply_to: 'ipv4'
trusted_nets: ipv4_nets + ['0.0.0.0/0'],
apply_to: 'ipv4',
}
end

it {
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-JLn9X7BmpTacRGDKNCKSeIJhbZ").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-JLn9X7BmpTacRGDKNCKSeIJhbZ")
.with(
ensure: 'present',
family: 'ipv4',
source: '0.0.0.0/0',
service: nil,
action: 'accept',
zone: '99_simp',
require: 'Service[firewalld]'
},
)
}
require: 'Service[firewalld]',
)
end

it { is_expected.not_to create_firewalld_rich_rule("simp_11_#{title}_simp-siFVMk3fjxaKSgTnYmVONaUP7g") }
end
Expand All @@ -146,24 +140,23 @@
let(:params) do
{
protocol: 'all',
trusted_nets: ipv4_nets + ['::/0'],
apply_to: 'ipv6'
trusted_nets: ipv4_nets + ['::/0'],
apply_to: 'ipv6',
}
end

it {
is_expected.not_to create_firewalld_rich_rule("simp_11_#{title}_simp-siFVMk3fjxaKSgTnYmVONaUP7g").with(
{
it do
is_expected.not_to create_firewalld_rich_rule("simp_11_#{title}_simp-siFVMk3fjxaKSgTnYmVONaUP7g")
.with(
ensure: 'present',
family: 'ipv6',
source: '[::]/0',
service: nil,
action: 'accept',
zone: 'simp',
require: 'Service[firewalld]'
},
)
}
require: 'Service[firewalld]',
)
end

it { is_expected.not_to create_firewalld_rich_rule("simp_11_#{title}_simp-JLn9X7BmpTacRGDKNCKSeIJhbZ") }
end
Expand All @@ -174,8 +167,8 @@
let(:params) do
{
protocol: 'all',
trusted_nets: ipv4_nets,
apply_to: 'ipv6'
trusted_nets: ipv4_nets,
apply_to: 'ipv6',
}
end

Expand All @@ -190,8 +183,8 @@
let(:params) do
{
protocol: 'all',
trusted_nets: ipv6_nets,
apply_to: 'ipv4'
trusted_nets: ipv6_nets,
apply_to: 'ipv4',
}
end

Expand Down
34 changes: 15 additions & 19 deletions spec/defines/rule/icmp_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,7 @@
on_supported_os.each do |os, os_facts|
context "on #{os}" do
let(:facts) do
os_facts.merge({
simplib__firewalls: ['iptables', 'firewalld']
})
os_facts.merge(simplib__firewalls: ['iptables', 'firewalld'])
end

let(:ipv4_nets) do
Expand All @@ -33,38 +31,36 @@
let(:params) do
{
protocol: 'icmp',
icmp_blocks: '8',
trusted_nets: ipv4_nets + ipv6_nets
icmp_blocks: '8',
trusted_nets: ipv4_nets + ipv6_nets,
}
end

it { is_expected.to create_simp_firewalld__rule(title) }

it {
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS")
.with(
ensure: 'present',
family: 'ipv4',
icmp_block: ['8'],
source: { 'ipset' => 'simp-CmxLn8c8yuIQ2VyzgvzR4yi8TS' },
action: 'accept',
zone: '99_simp'
},
)
}
zone: '99_simp',
)
end

it {
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-07jxibAQvZRtfJna9ZG6dLvz2e").with(
{
it do
is_expected.to create_firewalld_rich_rule("simp_11_#{title}_simp-07jxibAQvZRtfJna9ZG6dLvz2e")
.with(
ensure: 'present',
family: 'ipv6',
icmp_block: ['8'],
source: { 'ipset' => 'simp-07jxibAQvZRtfJna9ZG6dLvz2e' },
action: 'accept',
zone: '99_simp'
},
)
}
zone: '99_simp',
)
end
end
end
end
Expand Down
Loading

0 comments on commit 1b87851

Please sign in to comment.