]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 5c5b2f9)
MSS test fixes
authorJonathan Tripathy <jt@puppetlabs.com>
Wed, 6 May 2015 17:33:18 +0000 (18:33 +0100)
committerJonathan Tripathy <jt@puppetlabs.com>
Wed, 6 May 2015 17:37:48 +0000 (18:37 +0100)
lib/puppet/type/firewall.rb patch | blob | history
spec/acceptance/firewall_mss_spec.rb [new file with mode: 0644] patch | blob
spec/acceptance/firewall_spec.rb patch | blob | history

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index f6c723bdcb467431331766088d18d6598732946e..637c0c692c89ef25be7e37d8b1679224342bff3d 100644 (file)
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -1305,7 +1305,7 @@ Puppet::Type.newtype(:firewall) do
 
     if value(:jump).to_s == "TCPMSS"
       unless value(:set_mss)
-        self.fail "Parameter jump => TCPMSS set_mss is required"
+        self.fail "When using jump => TCPMSS, the set_mss property is required"
       end
     end
 
diff --git a/spec/acceptance/firewall_mss_spec.rb b/spec/acceptance/firewall_mss_spec.rb
new file mode 100644 (file)
index 0000000..3798015
--- /dev/null
+++ b/spec/acceptance/firewall_mss_spec.rb
@@ -0,0 +1,69 @@
+require 'spec_helper_acceptance'
+
+describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do
+
+  before(:all) do
+    shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush')
+    shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush')
+  end
+
+  describe 'set_mss' do
+    context '1360' do
+      it 'applies' do
+        pp = <<-EOS
+          class { '::firewall': }
+          firewall {
+            '502 - set_mss':
+              proto     => 'tcp',
+              tcp_flags => 'SYN,RST SYN',
+              jump      => 'TCPMSS',
+              set_mss   => '1360',
+              mss       => '1361:1541',
+              chain     => 'FORWARD',
+              table     => 'mangle',
+          }
+        EOS
+
+        apply_manifest(pp, :catch_failures => true)
+      end
+
+      it 'should contain the rule' do
+        shell('iptables-save -t mangle') do |r|
+          expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
+        end
+      end
+    end
+  end
+
+  if default['platform'] !~ /el-5/
+    describe 'set_mss6' do
+      context '1360' do
+        it 'applies' do
+          pp = <<-EOS
+            class { '::firewall': }
+            firewall {
+              '502 - set_mss':
+                proto     => 'tcp',
+                tcp_flags => 'SYN,RST SYN',
+                jump      => 'TCPMSS',
+                set_mss   => '1360',
+                mss       => '1361:1541',
+                chain     => 'FORWARD',
+                table     => 'mangle',
+                provider  => 'ip6tables',
+            }
+          EOS
+
+          apply_manifest(pp, :catch_failures => true)
+        end
+
+        it 'should contain the rule' do
+          shell('ip6tables-save -t mangle') do |r|
+            expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
+          end
+        end
+      end
+    end
+  end
+
+end
diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 505ef6ebc1e78ef78225440543c1280f4ecb4eac..3509ef814f5bd25a713c35b359f6ce9c08176814 100644 (file)
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -892,63 +892,6 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami
     end
   end
 
-  describe 'set_mss' do
-    context '1360' do
-      it 'applies' do
-        pp = <<-EOS
-          class { '::firewall': }
-          firewall {
-            '502 - set_mss':
-              proto     => 'tcp',
-              tcp_flags => 'SYN,RST SYN',
-              jump      => 'TCPMSS',
-              set_mss   => '1360',
-              mss       => '1361:1541',
-              chain     => 'FORWARD',
-              table     => 'mangle',
-          }
-        EOS
-
-        apply_manifest(pp, :catch_failures => true)
-      end
-
-      it 'should contain the rule' do
-        shell('iptables-save -t mangle') do |r|
-          expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
-        end
-      end
-    end
-  end
-
-  describe 'set_mss6' do
-    context '1360' do
-      it 'applies' do
-        pp = <<-EOS
-          class { '::firewall': }
-          firewall {
-            '502 - set_mss':
-              proto     => 'tcp',
-              tcp_flags => 'SYN,RST SYN',
-              jump      => 'TCPMSS',
-              set_mss   => '1360',
-              mss       => '1361:1541',
-              chain     => 'FORWARD',
-              table     => 'mangle',
-              provider  => 'ip6tables',
-          }
-        EOS
-
-        apply_manifest(pp, :catch_failures => true)
-      end
-
-      it 'should contain the rule' do
-        shell('ip6tables-save -t mangle') do |r|
-          expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/)
-        end
-      end
-    end
-  end
-
   # RHEL5 does not support --random
   if default['platform'] !~ /el-5/
     describe 'random' do