diff --git a/spec/acceptance/firewallchain_spec.rb b/spec/acceptance/firewallchain_spec.rb index d2e0b7e73..44a98261b 100644 --- a/spec/acceptance/firewallchain_spec.rb +++ b/spec/acceptance/firewallchain_spec.rb @@ -83,22 +83,40 @@ end end - context 'with NAT chain' do - pp3 = <<-PUPPETCODE - firewallchain { 'MY_CHAIN:nat:IPv6': + context 'when NAT chain present' do + pp5 = <<-PUPPETCODE + firewallchain { 'MY_NAT_CHAIN:nat:IPv6': ensure => present, } PUPPETCODE it 'applies cleanly' do # Run it twice and test for idempotency - idempotent_apply(pp3) + idempotent_apply(pp5) + end + end + + context 'when NAT chain absent' do + pp6 = <<-PUPPETCODE + firewallchain { 'MY_NAT_CHAIN:nat:IPv6': + ensure => absent, + } + PUPPETCODE + it 'applies cleanly' do + # Run it twice and test for idempotency + idempotent_apply(pp6) + end + + it 'fails to find the chain' do + run_shell('ip6tables-save') do |r| + expect(r.stdout).not_to match(%r{MY_NAT_CHAIN}) + end end end end # XXX purge => false is not yet implemented # context 'when adding a firewall rule to a chain:' do - # pp5 = <<-PUPPETCODE + # pp7 = <<-PUPPETCODE # firewallchain { 'MY_CHAIN:filter:IPv4': # ensure => present, # } @@ -111,13 +129,13 @@ # PUPPETCODE # it 'applies cleanly' do # # Run it twice and test for idempotency - # apply_manifest(pp5, :catch_failures => true) - # apply_manifest(pp5, :catch_changes => do_catch_changes) + # apply_manifest(pp7, :catch_failures => true) + # apply_manifest(pp7, :catch_changes => do_catch_changes) # end # end # context 'when not purge firewallchain chains:' do - # pp6 = <<-PUPPETCODE + # pp8 = <<-PUPPETCODE # firewallchain { 'MY_CHAIN:filter:IPv4': # ensure => present, # purge => false, @@ -129,14 +147,14 @@ # PUPPETCODE # it 'does not purge the rule' do # # Run it twice and test for idempotency - # apply_manifest(pp6, :catch_failures => true) do |r| + # apply_manifest(pp8, :catch_failures => true) do |r| # expect(r.stdout).to_not match(/removed/) # expect(r.stderr).to eq('') # end - # apply_manifest(pp6, :catch_changes => do_catch_changes) + # apply_manifest(pp8, :catch_changes => do_catch_changes) # end - # pp7 = <<-PUPPETCODE + # pp9 = <<-PUPPETCODE # firewall { '100 my rule': # chain => 'MY_CHAIN', # action => 'accept', @@ -146,7 +164,7 @@ # PUPPETCODE # it 'still has the rule' do # # Run it twice and test for idempotency - # apply_manifest(pp7, :catch_changes => do_catch_changes) + # apply_manifest(pp9, :catch_changes => do_catch_changes) # end # end @@ -156,14 +174,14 @@ end context 'when DROP' do - pp8 = <<-PUPPETCODE + pp10 = <<-PUPPETCODE firewallchain { 'FORWARD:filter:IPv4': policy => 'drop', } PUPPETCODE it 'applies cleanly' do # Run it twice and test for idempotency - idempotent_apply(pp8) + idempotent_apply(pp10) end it 'finds the chain' do