diff options
author | Tor Magnus Rakvåg <tor.magnus@outlook.com> | 2018-11-01 14:41:15 +0100 |
---|---|---|
committer | Tim Smith <tsmith@chef.io> | 2018-11-05 09:41:33 -0800 |
commit | d5b74e04925d6d5ae447458334841d7a9975b0d9 (patch) | |
tree | efa0ca3c44e540b87ee5e8fe95a80350b5d27308 | |
parent | d83737c8bada84381bb8e89fcc2a4e0362232224 (diff) | |
download | chef-d5b74e04925d6d5ae447458334841d7a9975b0d9.tar.gz |
add tests
Signed-off-by: Tor Magnus Rakvåg <tor.magnus@outlook.com>
-rw-r--r-- | spec/unit/resource/windows_firewall_rule_spec.rb | 361 |
1 files changed, 361 insertions, 0 deletions
diff --git a/spec/unit/resource/windows_firewall_rule_spec.rb b/spec/unit/resource/windows_firewall_rule_spec.rb new file mode 100644 index 0000000000..b20425e21b --- /dev/null +++ b/spec/unit/resource/windows_firewall_rule_spec.rb @@ -0,0 +1,361 @@ +# Author:: Tor Magnus Rakvåg (tor.magnus@outlook.com) +# Copyright:: 2018, Intility AS +# License:: Apache License, Version 2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +require "spec_helper" + +describe Chef::Resource::WindowsFirewallRule do + let(:resource) { Chef::Resource::WindowsFirewallRule.new("rule") } + let(:provider) { resource.provider_for_action(:enable) } + + it "has a resource name of :windows_firewall_rule" do + expect(resource.resource_name).to eql(:windows_firewall_rule) + end + + it "the name_property is 'rule_name'" do + expect(resource.rule_name).to eql("rule") + end + + it "the default action is :create" do + expect(resource.action).to eql([:create]) + end + + it "supports :create and :delete actions" do + expect { resource.action :create }.not_to raise_error + expect { resource.action :delete }.not_to raise_error + end + + it "the rule_name property accepts strings" do + resource.rule_name("rule2") + expect(resource.rule_name).to eql("rule2") + end + + it "the description property accepts strings" do + resource.description("firewall rule") + expect(resource.description).to eql("firewall rule") + end + + it "the local_address property accepts strings" do + resource.local_address("192.168.1.1") + expect(resource.local_address).to eql("192.168.1.1") + end + + it "the local_port property accepts strings" do + resource.local_port("8080") + expect(resource.local_port).to eql("8080") + end + + it "the remote_address property accepts strings" do + resource.remote_address("8.8.4.4") + expect(resource.remote_address).to eql("8.8.4.4") + end + + it "the remote_port property accepts strings" do + resource.remote_port("8081") + expect(resource.remote_port).to eql("8081") + end + + it "the direction property accepts :inbound and :outbound" do + resource.direction(:inbound) + expect(resource.direction).to eql(:inbound) + resource.direction(:outbound) + expect(resource.direction).to eql(:outbound) + end + + it "the direction property coerces strings to symbols" do + resource.direction("Inbound") + expect(resource.direction).to eql(:inbound) + end + + it "the protocol property accepts strings" do + resource.protocol("TCP") + expect(resource.protocol).to eql("TCP") + end + + it "the firewall_action property accepts :allow, :block and :notconfigured" do + resource.firewall_action(:allow) + expect(resource.firewall_action).to eql(:allow) + resource.firewall_action(:block) + expect(resource.firewall_action).to eql(:block) + resource.firewall_action(:notconfigured) + expect(resource.firewall_action).to eql(:notconfigured) + end + + it "the firewall_action property coerces strings to symbols" do + resource.firewall_action("Allow") + expect(resource.firewall_action).to eql(:allow) + end + + it "the profile property accepts :public, :private, :domain, :any and :notapplicable" do + resource.profile(:public) + expect(resource.profile).to eql(:public) + resource.profile(:private) + expect(resource.profile).to eql(:private) + resource.profile(:domain) + expect(resource.profile).to eql(:domain) + resource.profile(:any) + expect(resource.profile).to eql(:any) + resource.profile(:notapplicable) + expect(resource.profile).to eql(:notapplicable) + end + + it "the profile property coerces strings to symbols" do + resource.profile("Public") + expect(resource.profile).to eql(:public) + end + + it "the program property accepts strings" do + resource.program("C:/Test/test.exe") + expect(resource.program).to eql("C:/Test/test.exe") + end + + it "the service property accepts strings" do + resource.service("Spooler") + expect(resource.service).to eql("Spooler") + end + + it "the interface_type property accepts :any, :wireless, :wired and :remoteaccess" do + resource.interface_type(:any) + expect(resource.interface_type).to eql(:any) + resource.interface_type(:wireless) + expect(resource.interface_type).to eql(:wireless) + resource.interface_type(:wired) + expect(resource.interface_type).to eql(:wired) + resource.interface_type(:remoteaccess) + expect(resource.interface_type).to eql(:remoteaccess) + end + + it "the interface_type property coerces strings to symbols" do + resource.interface_type("Any") + expect(resource.interface_type).to eql(:any) + end + + it "the enabled property accepts true and false" do + resource.enabled(true) + expect(resource.enabled).to eql(true) + resource.enabled(false) + expect(resource.enabled).to eql(false) + end + + it "aliases :localip to :local_address" do + resource.localip("192.168.30.30") + expect(resource.local_address).to eql("192.168.30.30") + end + + it "aliases :remoteip to :remote_address" do + resource.remoteip("8.8.8.8") + expect(resource.remote_address).to eql("8.8.8.8") + end + + it "aliases :localport to :local_port" do + resource.localport("80") + expect(resource.local_port).to eql("80") + end + + it "aliases :remoteport to :remote_port" do + resource.remoteport("8080") + expect(resource.remote_port).to eql("8080") + end + + it "aliases :interfacetype to :interface_type" do + resource.interfacetype(:any) + expect(resource.interface_type).to eql(:any) + end + + describe "#firewall_command" do + before do + resource.rule_name("test_rule") + end + + context "#new" do + it "build a minimal command" do + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets a description" do + resource.description("New description") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'New description' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets LocalAddress" do + resource.local_address("127.0.0.1") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -LocalAddress '127.0.0.1' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets LocalPort" do + resource.local_port("80") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -LocalPort '80' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets RemoteAddress" do + resource.remote_address("8.8.8.8") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets RemotePort" do + resource.remote_port("443") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -RemotePort '443' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Direction" do + resource.direction(:outbound) + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'outbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Protocol" do + resource.protocol("UDP") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'UDP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Action" do + resource.firewall_action(:block) + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'block' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Profile" do + resource.profile(:private) + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'private' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Program" do + resource.program("C:/calc.exe") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Program 'C:/calc.exe' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Service" do + resource.service("Spooler") + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Service 'Spooler' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets InterfaceType" do + resource.interface_type(:wired) + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'wired' -Enabled 'true'") + end + + it "sets Enabled" do + resource.enabled(false) + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule' -DisplayName 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'false'") + end + + it "sets all properties" do + resource.rule_name("test_rule_the_second") + resource.description("some other rule") + resource.local_address("192.168.40.40") + resource.local_port("80") + resource.remote_address("8.8.4.4") + resource.remote_port("8081") + resource.direction(:outbound) + resource.protocol("UDP") + resource.firewall_action(:notconfigured) + resource.profile(:domain) + resource.program('%WINDIR%\System32\lsass.exe') + resource.service("SomeService") + resource.interface_type(:remoteaccess) + resource.enabled(false) + expect(provider.firewall_command("New")).to eql("New-NetFirewallRule -Name 'test_rule_the_second' -DisplayName 'test_rule_the_second' -Description 'some other rule' -LocalAddress '192.168.40.40' -LocalPort '80' -RemoteAddress '8.8.4.4' -RemotePort '8081' -Direction 'outbound' -Protocol 'UDP' -Action 'notconfigured' -Profile 'domain' -Program '%WINDIR%\\System32\\lsass.exe' -Service 'SomeService' -InterfaceType 'remoteaccess' -Enabled 'false'") + end + end + + context "#set" do + it "build a minimal command" do + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets a description" do + resource.description("New description") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'New description' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets LocalAddress" do + resource.local_address("127.0.0.1") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -LocalAddress '127.0.0.1' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets LocalPort" do + resource.local_port("80") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -LocalPort '80' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets RemoteAddress" do + resource.remote_address("8.8.8.8") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -RemoteAddress '8.8.8.8' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets RemotePort" do + resource.remote_port("443") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -RemotePort '443' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Direction" do + resource.direction(:outbound) + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'outbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Protocol" do + resource.protocol("UDP") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'UDP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Action" do + resource.firewall_action(:block) + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'block' -Profile 'any' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Profile" do + resource.profile(:private) + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'private' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Program" do + resource.program("C:/calc.exe") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Program 'C:/calc.exe' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets Service" do + resource.service("Spooler") + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -Service 'Spooler' -InterfaceType 'any' -Enabled 'true'") + end + + it "sets InterfaceType" do + resource.interface_type(:wired) + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'wired' -Enabled 'true'") + end + + it "sets Enabled" do + resource.enabled(false) + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule' -Description 'Firewall rule' -Direction 'inbound' -Protocol 'TCP' -Action 'allow' -Profile 'any' -InterfaceType 'any' -Enabled 'false'") + end + + it "sets all properties" do + resource.rule_name("test_rule_the_second") + resource.description("some other rule") + resource.local_address("192.168.40.40") + resource.local_port("80") + resource.remote_address("8.8.4.4") + resource.remote_port("8081") + resource.direction(:outbound) + resource.protocol("UDP") + resource.firewall_action(:notconfigured) + resource.profile(:domain) + resource.program('%WINDIR%\System32\lsass.exe') + resource.service("SomeService") + resource.interface_type(:remoteaccess) + resource.enabled(false) + expect(provider.firewall_command("Set")).to eql("Set-NetFirewallRule -Name 'test_rule_the_second' -Description 'some other rule' -LocalAddress '192.168.40.40' -LocalPort '80' -RemoteAddress '8.8.4.4' -RemotePort '8081' -Direction 'outbound' -Protocol 'UDP' -Action 'notconfigured' -Profile 'domain' -Program '%WINDIR%\\System32\\lsass.exe' -Service 'SomeService' -InterfaceType 'remoteaccess' -Enabled 'false'") + end + end + end +end |