From: tphoney <tp@puppet.com>
Date: Wed, 5 Jul 2017 13:07:22 +0000 (+0100)
Subject: (MODULES-5177) fixing tests for certain oses
X-Git-Tag: 1.10.0~24^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=40a285ceba9736035cf004934c835e092c64b0cb;p=puppet-modules%2Fpuppetlabs-firewall.git

(MODULES-5177) fixing tests for certain oses
---

diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index 91d0ab1..8eee85b 100644
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -956,7 +956,7 @@ describe 'firewall basics', docker: true do
 
   # iptables version 1.3.5 is not suppored by the ip6tables provider
   # iptables version 1.4.7 fails for multiple hl entries
-  if default['platform'] !~ /(el-5|el-6)/ and default['platform'] !~ /sles-10/
+  if default['platform'] !~ /(el-5|el-6|sles-10|sles-11)/
     describe 'hop_limit' do
       context '5' do
         it 'applies' do
diff --git a/spec/acceptance/invert_spec.rb b/spec/acceptance/invert_spec.rb
index 0924b95..87bffd8 100644
--- a/spec/acceptance/invert_spec.rb
+++ b/spec/acceptance/invert_spec.rb
@@ -31,13 +31,11 @@ describe 'firewall inverting' do
 
     it 'should contain the rules' do
       shell('iptables-save') do |r|
-        if (fact('osfamily') == 'RedHat' and fact('operatingsystemmajrelease') == '5') or (default['platform'] =~ /sles-10/)
-          expect(r.stdout).to match(/-A INPUT -p ! esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
-          expect(r.stdout).to match(/-A INPUT -s ! 10\.0\.0\.0\/255\.0\.0\.0 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m multiport --sports ! 80,443 -m comment --comment "602 drop NEW external website packets with FIN\/RST\/ACK set and SYN unset" -m state --state NEW -j DROP/)
-        else
-          expect(r.stdout).to match(/-A INPUT ! -p esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
-          expect(r.stdout).to match(/-A INPUT ! -s 10\.0\.0\.0\/8 -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m multiport ! --sports 80,443 -m state --state NEW -m comment --comment "602 drop NEW external website packets with FIN\/RST\/ACK set and SYN unset" -j DROP/)
-        end
+        expect(r.stdout).to match(/-A INPUT (-s !|! -s) (10\.0\.0\.0\/8|10\.0\.0\.0\/255\.0\.0\.0).*/)
+        expect(r.stdout).to match(/-A INPUT.*(--sports !|! --sports) 80,443.*/)
+        expect(r.stdout).to match(/-A INPUT.*-m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN.*/)
+        expect(r.stdout).to match(/-A INPUT.*-j DROP/)
+        expect(r.stdout).to match(/-A INPUT (! -p|-p !) esp -m comment --comment "601 disallow esp protocol" -j ACCEPT/)
       end
     end
   end