Update the tests to not test socket on SLES.

diff --git a/README.markdown b/README.markdown
index db955ccf51f1e1f11861cca96192fba88e45fe65..401025e0b0c6b29ac19696a2562b38d678e03943 100644 (file)
--- a/README.markdown
+++ b/README.markdown
@@ -364,11 +364,16 @@ Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubun
 
 ###SLES
 
-The `socket` parameter is not supported on SLES.  In this release it will just cause straight iptables failures rather than clean errors.
+The `socket` parameter is not supported on SLES.  In this release it will cause
+the catalog to fail with iptables failures, rather than correctly warn you that
+the features are unusable.
 
 ###Oracle Linux 5
 
-The `socket` and `owner` parameters are unsupported on Oracle Linux 5, when the "Unbreakable" kernel is used.  If you switch to the stock Redhat 5 kernel these work.   In this release it will just cause straight iptables failures rather than clean errors.
+The `socket` and `owner` parameters are unsupported on Oracle Linux 5, when the
+"Unbreakable" kernel is used.  If you switch to the stock Redhat 5 kernel these
+work.   In this release it will cause the catalog to fail with iptables
+failures, rather than correct ly warn you that the features are unusable.
 
 ###Other
 

diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 647a66ff8aa579ecb9ceada49c80a4a0557d77cf..486ce569430ce6e9f24eeb5338d5d4c37108bb90 100644 (file)
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -1337,56 +1337,54 @@ describe 'firewall type' do
     end
   end
 
-  # RHEL5 does not support -m socket
-  if default['platform'] !~ /el-5/
-    describe 'socket' do
-      context 'true' do
-        it 'applies' do
-          pp = <<-EOS
-            class { '::firewall': }
-            firewall { '585 - test':
-              ensure => present,
-              proto => tcp,
-              port   => '585',
-              action => accept,
-              chain  => 'PREROUTING',
-              table  => 'nat',
-              socket => true,
-            }
-          EOS
+  # RHEL5/SLES does not support -m socket
+  describe 'socket', :unless => (default['platform'] =~ /el-5/ or fact('operatingsystem') == 'SLES') do
+    context 'true' do
+      it 'applies' do
+        pp = <<-EOS
+          class { '::firewall': }
+          firewall { '585 - test':
+            ensure => present,
+            proto => tcp,
+            port   => '585',
+            action => accept,
+            chain  => 'PREROUTING',
+            table  => 'nat',
+            socket => true,
+          }
+        EOS
 
-          apply_manifest(pp, :catch_failures => true)
-        end
+        apply_manifest(pp, :catch_failures => true)
+      end
 
-        it 'should contain the rule' do
-          shell('iptables-save -t nat') do |r|
-            expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 585 -m socket -m comment --comment "585 - test" -j ACCEPT/)
-          end
+      it 'should contain the rule' do
+        shell('iptables-save -t nat') do |r|
+          expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 585 -m socket -m comment --comment "585 - test" -j ACCEPT/)
         end
       end
+    end
 
-      context 'false' do
-        it 'applies' do
-          pp = <<-EOS
-            class { '::firewall': }
-            firewall { '586 - test':
-              ensure => present,
-              proto => tcp,
-              port   => '586',
-              action => accept,
-              chain  => 'PREROUTING',
-              table  => 'nat',
-              socket => false,
-            }
-          EOS
+    context 'false' do
+      it 'applies' do
+        pp = <<-EOS
+          class { '::firewall': }
+          firewall { '586 - test':
+            ensure => present,
+            proto => tcp,
+            port   => '586',
+            action => accept,
+            chain  => 'PREROUTING',
+            table  => 'nat',
+            socket => false,
+          }
+        EOS
 
-          apply_manifest(pp, :catch_failures => true)
-        end
+        apply_manifest(pp, :catch_failures => true)
+      end
 
-        it 'should contain the rule' do
-          shell('iptables-save -t nat') do |r|
-            expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 586 -m comment --comment "586 - test" -j ACCEPT/)
-          end
+      it 'should contain the rule' do
+        shell('iptables-save -t nat') do |r|
+          expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 586 -m comment --comment "586 - test" -j ACCEPT/)
         end
       end
     end

diff --git a/spec/acceptance/params_spec.rb b/spec/acceptance/params_spec.rb
index d2948eed898d15a51c552e99fb64c2bd7c94c65a..bc2b12f1abeb25da1ab4d71d42c04c34ba5af1d8 100644 (file)
--- a/spec/acceptance/params_spec.rb
+++ b/spec/acceptance/params_spec.rb
@@ -20,7 +20,7 @@ firewall { '#{name}':
     pm
   end
 
-  it 'test various params', :unless => default['platform'].match(/el-5/) do
+  it 'test various params', :unless => (default['platform'].match(/el-5/) || fact('operatinsystem') == 'SLES') do
     iptables_flush_all_tables
 
     ppm = pp({

diff --git a/spec/acceptance/socket_spec.rb b/spec/acceptance/socket_spec.rb
index 6b5b78ce522e8840bca58dc8cb6694a2d95ebad3..c4a05348cf35c5bb61e55c94eb1fbfefe27ba193 100644 (file)
--- a/spec/acceptance/socket_spec.rb
+++ b/spec/acceptance/socket_spec.rb
@@ -1,98 +1,96 @@
 require 'spec_helper_acceptance'
 
 # RHEL5 does not support -m socket
-if default['platform'] !~ /el-5/
-  describe 'firewall socket property' do
-    before :all do
-      iptables_flush_all_tables
-    end
+describe 'firewall socket property', :unless => (default['platform'] =~ /el-5/ || fact('operatingsystem') == 'SLES') do
+  before :all do
+    iptables_flush_all_tables
+  end
 
-    shared_examples "is idempotent" do |value, line_match|
-      it "changes the value to #{value}" do
-        pp = <<-EOS
-            class { '::firewall': }
-            firewall { '598 - test':
-              ensure => present,
-              proto  => 'tcp',
-              chain  => 'PREROUTING',
-              table  => 'raw',
-              #{value}
-            }
-        EOS
+  shared_examples "is idempotent" do |value, line_match|
+    it "changes the value to #{value}" do
+      pp = <<-EOS
+          class { '::firewall': }
+          firewall { '598 - test':
+            ensure => present,
+            proto  => 'tcp',
+            chain  => 'PREROUTING',
+            table  => 'raw',
+            #{value}
+          }
+      EOS
 
-        apply_manifest(pp, :catch_failures => true)
-        apply_manifest(pp, :catch_changes => true)
+      apply_manifest(pp, :catch_failures => true)
+      apply_manifest(pp, :catch_changes => true)
 
-        shell('iptables-save -t raw') do |r|
-          expect(r.stdout).to match(/#{line_match}/)
-        end
+      shell('iptables-save -t raw') do |r|
+        expect(r.stdout).to match(/#{line_match}/)
       end
     end
-    shared_examples "doesn't change" do |value, line_match|
-      it "doesn't change the value to #{value}" do
-        pp = <<-EOS
-            class { '::firewall': }
-            firewall { '598 - test':
-              ensure => present,
-              proto  => 'tcp',
-              chain  => 'PREROUTING',
-              table  => 'raw',
-              #{value}
-            }
-        EOS
+  end
+  shared_examples "doesn't change" do |value, line_match|
+    it "doesn't change the value to #{value}" do
+      pp = <<-EOS
+          class { '::firewall': }
+          firewall { '598 - test':
+            ensure => present,
+            proto  => 'tcp',
+            chain  => 'PREROUTING',
+            table  => 'raw',
+            #{value}
+          }
+      EOS
 
-        apply_manifest(pp, :catch_changes => true)
+      apply_manifest(pp, :catch_changes => true)
 
-        shell('iptables-save -t raw') do |r|
-          expect(r.stdout).to match(/#{line_match}/)
-        end
+      shell('iptables-save -t raw') do |r|
+        expect(r.stdout).to match(/#{line_match}/)
       end
     end
+  end
 
-    describe 'adding a rule' do
-      context 'when unset' do
-        before :all do
-          iptables_flush_all_tables
-        end
-        it_behaves_like 'is idempotent', '', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
+  describe 'adding a rule' do
+    context 'when unset' do
+      before :all do
+        iptables_flush_all_tables
       end
-      context 'when set to true' do
-        before :all do
-          iptables_flush_all_tables
-        end
-        it_behaves_like 'is idempotent', 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/
+      it_behaves_like 'is idempotent', '', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
+    end
+    context 'when set to true' do
+      before :all do
+        iptables_flush_all_tables
       end
-      context 'when set to false' do
-        before :all do
-          iptables_flush_all_tables
-        end
-        it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
+      it_behaves_like 'is idempotent', 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/
+    end
+    context 'when set to false' do
+      before :all do
+        iptables_flush_all_tables
       end
+      it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
     end
-    describe 'editing a rule' do
-      context 'when unset or false' do
-        before :each do
-          iptables_flush_all_tables
-          shell('iptables -t raw -A PREROUTING -p tcp -m comment --comment "598 - test"')
-        end
-        context 'and current value is false' do
-          it_behaves_like "doesn't change", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
-        end
-        context 'and current value is true' do
-          it_behaves_like "is idempotent", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/
-        end
+  end
+  describe 'editing a rule' do
+    context 'when unset or false' do
+      before :each do
+        iptables_flush_all_tables
+        shell('iptables -t raw -A PREROUTING -p tcp -m comment --comment "598 - test"')
+      end
+      context 'and current value is false' do
+        it_behaves_like "doesn't change", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
+      end
+      context 'and current value is true' do
+        it_behaves_like "is idempotent", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/
+      end
+    end
+    context 'when set to true' do
+      before :each do
+        iptables_flush_all_tables
+        shell('iptables -t raw -A PREROUTING -p tcp -m socket -m comment --comment "598 - test"')
+      end
+      context 'and current value is false' do
+        it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
       end
-      context 'when set to true' do
-        before :each do
-          iptables_flush_all_tables
-          shell('iptables -t raw -A PREROUTING -p tcp -m socket -m comment --comment "598 - test"')
-        end
-        context 'and current value is false' do
-          it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/
-        end
-        context 'and current value is true' do
-          it_behaves_like "doesn't change", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/
-        end
+      context 'and current value is true' do
+        it_behaves_like "doesn't change", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/
       end
     end
   end