diff --git a/test/cookbooks/test/recipes/rule-line-number.rb b/test/cookbooks/test/recipes/rule-line-number.rb index b2ea8a0..3d77702 100644 --- a/test/cookbooks/test/recipes/rule-line-number.rb +++ b/test/cookbooks/test/recipes/rule-line-number.rb @@ -24,7 +24,7 @@ end # This should be the first rule now -iptables_rule 'Allow from loopback interface' do +iptables_rule 'Allow from ethernet interface' do table :filter chain :INPUT ip_version 'ipv4' diff --git a/test/cookbooks/test/recipes/rules.rb b/test/cookbooks/test/recipes/rules.rb index 490b541..a011b39 100644 --- a/test/cookbooks/test/recipes/rules.rb +++ b/test/cookbooks/test/recipes/rules.rb @@ -8,6 +8,9 @@ action :enable delayed_action :start + cookbook 'test' + sensitive false + subscribes :restart, 'template[/etc/sysconfig/iptables]', :delayed subscribes :restart, 'template[/etc/iptables/rules.v4]', :delayed end diff --git a/test/cookbooks/test/templates/default/iptables.erb b/test/cookbooks/test/templates/default/iptables.erb new file mode 100644 index 0000000..770f2b3 --- /dev/null +++ b/test/cookbooks/test/templates/default/iptables.erb @@ -0,0 +1,24 @@ +# Generated by Chef Infra Client +# Do NOT modify this file by hand. +# +# I'm from the test cookbook +# + +<% unless nil_or_empty?(@iptables) -%> +<% @iptables.each do |table, data| -%> +<% next if nil_or_empty?(data) -%> +*<%= table %> +<% unless nil_or_empty?(data[:chains]) -%> +<% data[:chains].each do |chain, value| -%> +:<%= chain %> <%= value %> +<% end -%> +<% end -%> +<% unless nil_or_empty?(data[:rules]) -%> +<% data[:rules].each do |rule| -%> +<%= rule %> +<% end -%> +<% end -%> +COMMIT + +<% end -%> +<% end -%> diff --git a/test/integration/rules/rules.rb b/test/integration/rules/rules.rb index 8fdc76a..25e82de 100644 --- a/test/integration/rules/rules.rb +++ b/test/integration/rules/rules.rb @@ -2,6 +2,7 @@ when 'debian', 'ubuntu' describe file('/etc/iptables/rules.v4') do it { should exist } + its(:content) { should match /# I'm from the test cookbook/ } end describe service('netfilter-persistent') do it { should be_installed } @@ -9,6 +10,9 @@ it { should be_enabled } end when 'redhat', 'fedora' + describe file('/etc/sysconfig/iptables') do + its(:content) { should match /# I'm from the test cookbook/ } + end describe file('/etc/sysconfig/iptables-config') do its(:content) { should match /IPTABLES_STATUS_VERBOSE="no"/ } end