end
end
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
+ unless (os[:family] == 'redhat' && os[:release].start_with?('5')) || os[:family] == 'sles'
describe 'checksum_fill' do
context 'when virbr' do
pp38 = <<-PUPPETCODE
end
# RHEL5 does not support --random
- if default['platform'] !~ %r{el-5}
+ unless os[:family] == 'redhat' && os[:release].start_with?('5')
describe 'random' do
context 'when 192.168.1.1' do
pp40 = <<-PUPPETCODE
end
# ip6tables has limited `-m socket` support
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
+ unless (os[:family] == 'redhat' && os[:release].start_with?('5')) || os[:family] == 'sles'
describe 'socket' do
context 'when true' do
pp56 = <<-PUPPETCODE
end
# iptables version 1.3.5 does not support masks on MARK rules
- if default['platform'] !~ %r{el-5}
+ unless os[:family] == 'redhat' && os[:release].start_with?('5')
describe 'set_mark' do
context 'when 0x3e8/0xffffffff' do
pp73 = <<-PUPPETCODE
end
# RHEL5/SLES does not support -m socket
- describe 'socket', unless: (default['platform'] =~ %r{el-5} || os[:family] == 'sles') do
+ describe 'socket', unless: (os[:family] == 'redhat' && os[:release].start_with?('5')) || (os[:family] == 'sles') do
context 'when true' do
pp78 = <<-PUPPETCODE
class { '::firewall': }
end
describe 'iptables physdev tests' do
# iptables version 1.3.5 is not suppored by the ip6tables provider
- if default['platform'] !~ %r{el-5}
+ unless os[:family] == 'redhat' && os[:release].start_with?('5')
describe 'ip6tables physdev tests' do
context 'when physdev_in eth0' do
pp8 = <<-PUPPETCODE
ip6tables_flush_all_tables
end
- if default['platform'] !~ %r{el-5}
+ unless os[:family] == 'redhat' && os[:release].start_with?('5')
describe 'mss ipv6 tests' do
context 'when 1360' do
pp3 = <<-PUPPETCODE
require 'spec_helper_acceptance'
-describe 'firewall tee' do
+describe 'firewall tee', unless: (os[:family] == 'redhat' && ['5', '6'].include?(os[:release][0])) || (os[:family] == 'sles') do
before :all do
iptables_flush_all_tables
ip6tables_flush_all_tables
end
+ describe 'tee_gateway' do
+ context 'when 10.0.0.2' do
+ pp1 = <<-PUPPETCODE
+ class { '::firewall': }
+ firewall {
+ '810 - tee_gateway':
+ chain => 'PREROUTING',
+ table => 'mangle',
+ jump => 'TEE',
+ gateway => '10.0.0.2',
+ proto => all,
+ }
+ PUPPETCODE
+ it 'applies' do
+ apply_manifest(pp1, catch_failures: true)
+ end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
- describe 'tee_gateway' do
- context 'when 10.0.0.2' do
- pp1 = <<-PUPPETCODE
- class { '::firewall': }
- firewall {
- '810 - tee_gateway':
- chain => 'PREROUTING',
- table => 'mangle',
- jump => 'TEE',
- gateway => '10.0.0.2',
- proto => all,
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp1, catch_failures: true)
- end
-
- it 'contains the rule' do
- shell('iptables-save -t mangle') do |r|
- expect(r.stdout).to match(%r{-A PREROUTING -m comment --comment "810 - tee_gateway" -j TEE --gateway 10.0.0.2})
- end
+ it 'contains the rule' do
+ shell('iptables-save -t mangle') do |r|
+ expect(r.stdout).to match(%r{-A PREROUTING -m comment --comment "810 - tee_gateway" -j TEE --gateway 10.0.0.2})
end
end
end
+ end
- describe 'tee_gateway6' do
- context 'when 2001:db8::1' do
- pp2 = <<-PUPPETCODE
- class { '::firewall': }
- firewall {
- '811 - tee_gateway6':
- chain => 'PREROUTING',
- table => 'mangle',
- jump => 'TEE',
- gateway => '2001:db8::1',
- proto => all,
- provider => 'ip6tables',
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp2, catch_failures: true)
- end
+ describe 'tee_gateway6' do
+ context 'when 2001:db8::1' do
+ pp2 = <<-PUPPETCODE
+ class { '::firewall': }
+ firewall {
+ '811 - tee_gateway6':
+ chain => 'PREROUTING',
+ table => 'mangle',
+ jump => 'TEE',
+ gateway => '2001:db8::1',
+ proto => all,
+ provider => 'ip6tables',
+ }
+ PUPPETCODE
+ it 'applies' do
+ apply_manifest(pp2, catch_failures: true)
+ end
- it 'contains the rule' do
- shell('ip6tables-save -t mangle') do |r|
- expect(r.stdout).to match(%r{-A PREROUTING -m comment --comment "811 - tee_gateway6" -j TEE --gateway 2001:db8::1})
- end
+ it 'contains the rule' do
+ shell('ip6tables-save -t mangle') do |r|
+ expect(r.stdout).to match(%r{-A PREROUTING -m comment --comment "811 - tee_gateway6" -j TEE --gateway 2001:db8::1})
end
end
end
require 'spec_helper_acceptance'
-describe 'firewall time' do
+describe 'firewall time', unless: (os[:family] == 'redhat' && ['5', '6'].include?(os[:release][0])) || (os[:family] == 'sles') do
before :all do
iptables_flush_all_tables
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
- describe 'time tests ipv4' do
- context 'when set all time parameters' do
- pp1 = <<-PUPPETCODE
- class { '::firewall': }
- firewall { '805 - test':
- proto => tcp,
- dport => '8080',
- action => accept,
- chain => 'OUTPUT',
- date_start => '2016-01-19T04:17:07',
- date_stop => '2038-01-19T04:17:07',
- time_start => '6:00',
- time_stop => '17:00:00',
- month_days => '7',
- week_days => 'Tue',
- kernel_timezone => true,
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp1, catch_failures: true)
- apply_manifest(pp1, catch_changes: do_catch_changes)
- end
+ describe 'time tests ipv4' do
+ context 'when set all time parameters' do
+ pp1 = <<-PUPPETCODE
+ class { '::firewall': }
+ firewall { '805 - test':
+ proto => tcp,
+ dport => '8080',
+ action => accept,
+ chain => 'OUTPUT',
+ date_start => '2016-01-19T04:17:07',
+ date_stop => '2038-01-19T04:17:07',
+ time_start => '6:00',
+ time_stop => '17:00:00',
+ month_days => '7',
+ week_days => 'Tue',
+ kernel_timezone => true,
+ }
+ PUPPETCODE
+ it 'applies' do
+ apply_manifest(pp1, catch_failures: true)
+ apply_manifest(pp1, catch_changes: do_catch_changes)
+ end
- it 'contains the rule' do
- shell('iptables-save') do |r|
- expect(r.stdout).to match(%r{-A OUTPUT -p tcp -m multiport --dports 8080 -m time --timestart 06:00:00 --timestop 17:00:00 --monthdays 7 --weekdays Tue --datestart 2016-01-19T04:17:07 --datestop 2038-01-19T04:17:07 --kerneltz -m comment --comment "805 - test" -j ACCEPT}) # rubocop:disable Metrics/LineLength : Cannot reduce line length to the required size
- end
+ it 'contains the rule' do
+ shell('iptables-save') do |r|
+ expect(r.stdout).to match(
+ %r{-A OUTPUT -p tcp -m multiport --dports 8080 -m time --timestart 06:00:00 --timestop 17:00:00 --monthdays 7 --weekdays Tue --datestart 2016-01-19T04:17:07 --datestop 2038-01-19T04:17:07 --kerneltz -m comment --comment "805 - test" -j ACCEPT}, # rubocop:disable Metrics/LineLength
+ )
end
end
end
+ end
- describe 'time tests ipv6' do
- context 'when when set all time parameters' do
- pp2 = <<-PUPPETCODE
- class { '::firewall': }
- firewall { '805 - test':
- proto => tcp,
- dport => '8080',
- action => accept,
- chain => 'OUTPUT',
- date_start => '2016-01-19T04:17:07',
- date_stop => '2038-01-19T04:17:07',
- time_start => '6:00',
- time_stop => '17:00:00',
- month_days => '7',
- week_days => 'Tue',
- kernel_timezone => true,
- provider => 'ip6tables',
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp2, catch_failures: true)
- apply_manifest(pp2, catch_changes: do_catch_changes)
- end
+ describe 'time tests ipv6' do
+ context 'when when set all time parameters' do
+ pp2 = <<-PUPPETCODE
+ class { '::firewall': }
+ firewall { '805 - test':
+ proto => tcp,
+ dport => '8080',
+ action => accept,
+ chain => 'OUTPUT',
+ date_start => '2016-01-19T04:17:07',
+ date_stop => '2038-01-19T04:17:07',
+ time_start => '6:00',
+ time_stop => '17:00:00',
+ month_days => '7',
+ week_days => 'Tue',
+ kernel_timezone => true,
+ provider => 'ip6tables',
+ }
+ PUPPETCODE
+ it 'applies' do
+ apply_manifest(pp2, catch_failures: true)
+ apply_manifest(pp2, catch_changes: do_catch_changes)
+ end
- it 'contains the rule' do
- shell('ip6tables-save') do |r|
- expect(r.stdout).to match(%r{-A OUTPUT -p tcp -m multiport --dports 8080 -m time --timestart 06:00:00 --timestop 17:00:00 --monthdays 7 --weekdays Tue --datestart 2016-01-19T04:17:07 --datestop 2038-01-19T04:17:07 --kerneltz -m comment --comment "805 - test" -j ACCEPT}) # rubocop:disable Metrics/LineLength : Cannot reduce line length to the required size
- end
+ it 'contains the rule' do
+ shell('ip6tables-save') do |r|
+ expect(r.stdout).to match(
+ %r{-A OUTPUT -p tcp -m multiport --dports 8080 -m time --timestart 06:00:00 --timestop 17:00:00 --monthdays 7 --weekdays Tue --datestart 2016-01-19T04:17:07 --datestop 2038-01-19T04:17:07 --kerneltz -m comment --comment "805 - test" -j ACCEPT}, # rubocop:disable Metrics/LineLength
+ )
end
end
end
require 'spec_helper_acceptance'
-if default['platform'] =~ %r{el-5}
+if os[:family] == 'redhat' && os[:release].start_with?('5')
describe "firewall ip6tables doesn't work on 1.3.5 because --comment is missing" do
before :all do
iptables_flush_all_tables
ip6tables_flush_all_tables
end
- if default['platform'] !~ %r{el-5}
+ unless os[:family] == 'redhat' && os[:release].start_with?('5')
describe 'match_mark' do
context 'when 0x1' do
pp1 = <<-PUPPETCODE
# version of iptables that ships with el5 doesn't work with the
# ip6tables provider
# TODO: Test below fails if this file is run seperately. i.e. bundle exec rspec spec/acceptance/resource_cmd_spec.rb
- if default['platform'] !~ %r{el-5}
+ unless os[:family] == 'redhat' && os[:release].start_with?('5')
context 'when dport/sport with ip6tables' do
before :all do
if os['family'] == 'debian'
require 'spec_helper_acceptance'
# RHEL5 does not support -m socket
-describe 'firewall socket property', unless: default['platform'] =~ %r{el-5} || os[:family] == 'sles' do
+describe 'firewall socket property', unless: (os[:family] == 'redhat' && os[:release].start_with?('5')) || os[:family] == 'sles' do
before :all do
iptables_flush_all_tables
ip6tables_flush_all_tables
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff