]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 41e7982)
(MODULES-5177) fixing tests for certain oses
authortphoney <tp@puppet.com>
Wed, 5 Jul 2017 13:07:22 +0000 (14:07 +0100)
committertphoney <tp@puppet.com>
Wed, 5 Jul 2017 13:07:22 +0000 (14:07 +0100)
spec/acceptance/firewall_spec.rb patch | blob | history
spec/acceptance/invert_spec.rb patch | blob | history

diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 91d0ab11e824a4826d63d5dc191d26371ce03f03..8eee85b1718e34c9578f432f48e75b68717d9705 100644 (file)
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -956,7 +956,7 @@ describe 'firewall basics', docker: true do
 
   # iptables version 1.3.5 is not suppored by the ip6tables provider
   # iptables version 1.4.7 fails for multiple hl entries
-  if default['platform'] !~ /(el-5|el-6)/ and default['platform'] !~ /sles-10/
+  if default['platform'] !~ /(el-5|el-6|sles-10|sles-11)/
     describe 'hop_limit' do
       context '5' do
         it 'applies' do
diff --git a/spec/acceptance/invert_spec.rb b/spec/acceptance/invert_spec.rb
index 0924b95aacf530b46b1af1d196a9201ae3df2044..87bffd89a20a49576325fa898fe4c6d7def574aa 100644 (file)
--- a/spec/acceptance/invert_spec.rb
+++ b/spec/acceptance/invert_spec.rb
@@ -31,13 +31,11 @@ describe 'firewall inverting' do
 
     it 'should contain the rules' do
       shell('iptables-save') do |r|
-        if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (default['platform'] =~ /sles-10/)
-          expect(r.stdout).to match(/-A INPUT -p ! esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
-          expect(r.stdout).to match(/-A INPUT -s ! 10\.0\.0\.0\/255\.0\.0\.0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --sports ! 80,443 -m comment --comment "602 drop NEW external website packets with FIN\/RST\/ACK set and SYN unset" -m state --state NEW -j DROP/)
-        else
-          expect(r.stdout).to match(/-A INPUT ! -p esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
-          expect(r.stdout).to match(/-A INPUT ! -s 10\.0\.0\.0\/8 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m multiport ! --sports 80,443 -m state --state NEW -m comment --comment "602 drop NEW external website packets with FIN\/RST\/ACK set and SYN unset" -j DROP/)
-        end
+        expect(r.stdout).to match(/-A INPUT (-s !|! -s) (10\.0\.0\.0\/8|10\.0\.0\.0\/255\.0\.0\.0).*/)
+        expect(r.stdout).to match(/-A INPUT.*(--sports !|! --sports) 80,443.*/)
+        expect(r.stdout).to match(/-A INPUT.*-m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN.*/)
+        expect(r.stdout).to match(/-A INPUT.*-j DROP/)
+        expect(r.stdout).to match(/-A INPUT (! -p|-p !) esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
       end
     end
   end