When using ChefSpec is it possible to verify the firewall_rule parameters?

[pvandervelde]

When I set a firewall rule like this:

firewall_rule 'consul-http' do
  command :allow
  description 'Allow Consul serf WAN traffic'
  dest_port 8500
  direction :in
end

Can I use ChefSpec to verify that I not only create the rule but actually open the correct port for the correct direction? I though this would work

context 'configures the firewall for consul' do
  let(:chef_run) { ChefSpec::SoloRunner.converge(described_recipe) }

  it 'opens the Consul HTTP port' do
    expect(chef_run).to create_firewall_rule('consul-http').with(
      values: [{
        command: 'allow',
        dest_port: 8500,
        direction: 'in'
      }]
    )
  end
end

But it does not. The message is

expected "firewall_rule[consul-http]" to have parameters:
         values [{:command=>"allow", :dest_port=>8500, :direction=>"in"}], was nil

I assume that means there is no way to check the parameters with ChefSpec or have I made a mistake in my code / test code?

[martinb3]

Hi there -- the Chef resource name and ports are different in your examples (firewall_rule[consul-http] vs. firewall_rule['consul-serf-wan'], and 8302 vs. 8500) -- I think that's definitely not going to work.

[pvandervelde]

Darn. That's a copy paste error. The resource names are definitely the same in my code.

[martinb3]

@pvandervelde I think your rspec syntax is just not correct -- this passes for me given your rule:

  it 'opens the Consul HTTP port' do
    expect(chef_run).to create_firewall_rule('consul-http').with(
        command: :allow,
        dest_port: 8500,
        direction: :in
    )
  end

[pvandervelde]

Awesome that works. Turns out I had indeed got the rspec syntax incorrect. Thanks heaps for giving me an example to work from!