clean uid and gid testing

diff --git a/spec/acceptance/firewall_attributes_spec.rb b/spec/acceptance/firewall_attributes_spec.rb
index 41634b2fba97275e0e919b0bf44ed804c53c8f0b..18abccc1ddf415a70daf260e01258a104b74de35 100644 (file)
--- a/spec/acceptance/firewall_attributes_spec.rb
+++ b/spec/acceptance/firewall_attributes_spec.rb
@@ -22,6 +22,30 @@ describe 'connlimit property' do
             connmark => '0x1',
             action   => reject,
           }
+          firewall { '801 - gid root':
+            chain => 'OUTPUT',
+            action => accept,
+            gid => 'root',
+            proto => 'all',
+          }
+          firewall { '802 - gid not root':
+            chain => 'OUTPUT',
+            action => accept,
+            gid => '!root',
+            proto => 'all',
+          }
+          firewall { '803 - uid 0':
+            chain => 'OUTPUT',
+            action => accept,
+            uid => '0',
+            proto => 'all',
+          }
+          firewall { '804 - uid not 0':
+            chain => 'OUTPUT',
+            action => accept,
+            uid => '!0',
+            proto => 'all',
+          }
       PUPPETCODE
       apply_manifest(pp, catch_failures: true)
       apply_manifest(pp, catch_changes: do_catch_changes)
@@ -36,5 +60,17 @@ describe 'connlimit property' do
     it 'contains the connmark' do
       expect(result.stdout).to match(%r{-A INPUT -m connmark --mark 0x1 -m comment --comment "502 - connmark" -j REJECT --reject-with icmp-port-unreachable})
     end
+    it 'when gid set to root' do
+      expect(result.stdout).to match(%r{-A OUTPUT -m owner --gid-owner (0|root) -m comment --comment "801 - gid root" -j ACCEPT})
+    end
+    it 'when gid set to not root' do
+      expect(result.stdout).to match(%r{-A OUTPUT -m owner ! --gid-owner (0|root) -m comment --comment "802 - gid not root" -j ACCEPT})
+    end
+    it 'when uid set to 0' do
+      expect(result.stdout).to match(%r{-A OUTPUT -m owner --uid-owner (0|root) -m comment --comment "803 - uid 0" -j ACCEPT})
+    end
+    it 'when uid set to not 0' do
+      expect(result.stdout).to match(%r{-A OUTPUT -m owner ! --uid-owner (0|root) -m comment --comment "804 - uid not 0" -j ACCEPT})
+    end
   end
 end

diff --git a/spec/acceptance/firewall_gid_spec.rb b/spec/acceptance/firewall_gid_spec.rb
deleted file mode 100644 (file)
index f5c360d..0000000
--- a/spec/acceptance/firewall_gid_spec.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe 'firewall gid' do
-  before :all do
-    iptables_flush_all_tables
-    ip6tables_flush_all_tables
-  end
-
-  describe 'gid tests' do
-    context 'when gid set to root' do
-      pp1 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '801 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            gid => 'root',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp1, catch_failures: true)
-        apply_manifest(pp1, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner --gid-owner (0|root) -m comment --comment "801 - test" -j ACCEPT})
-        end
-      end
-    end
-
-    context 'when gid set to !root' do
-      pp2 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '802 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            gid => '!root',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp2, catch_failures: true)
-        apply_manifest(pp2, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner ! --gid-owner (0|root) -m comment --comment "802 - test" -j ACCEPT})
-        end
-      end
-    end
-
-    context 'when gid set to 0' do
-      pp3 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '803 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            gid => '0',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp3, catch_failures: true)
-        apply_manifest(pp3, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner --gid-owner (0|root) -m comment --comment "803 - test" -j ACCEPT})
-        end
-      end
-    end
-
-    context 'when gid set to !0' do
-      pp4 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '804 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            gid => '!0',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp4, catch_failures: true)
-        apply_manifest(pp4, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner ! --gid-owner (0|root) -m comment --comment "804 - test" -j ACCEPT})
-        end
-      end
-    end
-  end
-end

diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 4f77048cbc853c402ac46eb7adc2f08d579a3036..17ebfbce813bdcafaad4e76eb2f4c7e4716c761e 100644 (file)
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -1880,31 +1880,6 @@ describe 'firewall basics', docker: true do
     end
   end
 
-  describe 'gid' do
-    context 'when root' do
-      pp72 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '575 - test':
-            ensure => present,
-            proto => tcp,
-            chain => 'OUTPUT',
-            port   => '575',
-            action => accept,
-            gid => 'root',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp72, catch_failures: true)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -p tcp -m owner --gid-owner (root|\d+) -m multiport --ports 575 -m comment --comment "575 - test" -j ACCEPT})
-        end
-      end
-    end
-  end
-
   # iptables version 1.3.5 does not support masks on MARK rules
   if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles-10}
     describe 'set_mark' do

diff --git a/spec/acceptance/firewall_uid_spec.rb b/spec/acceptance/firewall_uid_spec.rb
deleted file mode 100644 (file)
index adeb39d..0000000
--- a/spec/acceptance/firewall_uid_spec.rb
+++ /dev/null
@@ -1,98 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe 'firewall uid' do
-  before :all do
-    iptables_flush_all_tables
-    ip6tables_flush_all_tables
-  end
-
-  describe 'uid tests' do
-    context 'when uid set to root' do
-      pp1 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '801 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            uid => 'root',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp1, catch_failures: true)
-        apply_manifest(pp1, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner --uid-owner (0|root) -m comment --comment "801 - test" -j ACCEPT})
-        end
-      end
-    end
-
-    context 'when uid set to !root' do
-      pp2 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '802 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            uid => '!root',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp2, catch_failures: true)
-        apply_manifest(pp2, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner ! --uid-owner (0|root) -m comment --comment "802 - test" -j ACCEPT})
-        end
-      end
-    end
-
-    context 'when uid set to 0' do
-      pp3 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '803 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            uid => '0',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp3, catch_failures: true)
-        apply_manifest(pp3, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner --uid-owner (0|root) -m comment --comment "803 - test" -j ACCEPT})
-        end
-      end
-    end
-
-    context 'when uid set to !0' do
-      pp4 = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '804 - test':
-            chain => 'OUTPUT',
-            action => accept,
-            uid => '!0',
-            proto => 'all',
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp4, catch_failures: true)
-        apply_manifest(pp4, catch_changes: do_catch_changes)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A OUTPUT -m owner ! --uid-owner (0|root) -m comment --comment "804 - test" -j ACCEPT})
-        end
-      end
-    end
-  end
-end