Add outerface and to_source unit tests.

voxpupuli · Jun 22, 2020 · c671162 · c671162
1 parent 86b2671
commit c671162
Showing 1 changed file with 50 additions and 0 deletions.
diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb
@@ -41,6 +41,38 @@
         it { is_expected.to compile.and_raise_error(%r{Cannot specify both policy and action}) }
       end
 
+      context 'with outerface on input chain' do
+        let(:title) { 'filter-ssh' }
+        let :params do
+          {
+            chain: 'INPUT',
+            action: 'ACCEPT',
+            proto: 'tcp',
+            dport: '22',
+            saddr: '127.0.0.1',
+            outerface: 'eth1'
+          }
+        end
+
+        it { is_expected.to compile.and_raise_error(%r{Outgoing interface can only be set in the "FORWARD", "OUTPUT" and "POSTROUTING" chains}) }
+      end
+
+      context 'with to_source when action is not SNAT' do
+        let(:title) { 'snat-ssh' }
+        let :params do
+          {
+            chain: 'POSTROUTING',
+            action: 'ACCEPT',
+            proto: 'tcp',
+            dport: '22',
+            saddr: '127.0.0.1',
+            to_source: '192.168.1.1'
+          }
+        end
+
+        it { is_expected.to compile.and_raise_error(%r{Setting new source address is only valid with the "SNAT" action}) }
+      end
+
       context 'without a specific interface using legacy policy param' do
         let(:title) { 'filter-ssh' }
         let :params do
@@ -194,6 +226,24 @@
         it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') }
         it { is_expected.to contain_concat__fragment('filter-SSH-config-include') }
       end
+
+      context 'source nat with outerface and to_source' do
+        let(:title) { 'source-nat' }
+        let :params do
+          {
+            chain: 'POSTROUTING',
+            action: 'SNAT',
+            proto: 'all',
+            saddr: '172.16.0.0/24',
+            outerface: 'eth1',
+            to_source: '192.168.1.1'
+          }
+        end
+
+        it { is_expected.to compile.with_all_deps }
+        it { is_expected.to contain_concat__fragment('POSTROUTING-source-nat').with_content("mod comment comment 'source-nat' proto all saddr @ipfilter((172.16.0.0/24)) outerface eth1 SNAT to @ipfilter((192.168.1.1));\n") }
+        it { is_expected.to contain_concat__fragment('nat-POSTROUTING-config-include') }
+      end
     end
   end
 end