From: Damian Szeluga Date: Fri, 21 Mar 2014 14:12:02 +0000 (+0100) Subject: Making it mergable: X-Git-Tag: 1.3.0~1^2~25^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=90c73e749267618d44b77a8c6d6170a078ecd255;p=puppet-modules%2Fpuppetlabs-firewall.git Making it mergable: * Missing type definition * Fix failing test * Acceptance testing + fix parameter match * Renamed mac_addr to mac_source --- diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index c22f66a..231568f 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -96,7 +96,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir :ipsec_dir => "-m policy --dir", :ipsec_policy => "--pol", :mask => '--mask', - :mac_addr => ["-m mac --mac-source", "--mac-source"], + :mac_source => ["-m mac --mac-source", "--mac-source"], } # These are known booleans that do not take a value, but we want to munge @@ -145,7 +145,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir # This order can be determined by going through iptables source code or just tweaking and trying manually @resource_list = [ :table, :source, :destination, :iniface, :outiface, :proto, :isfragment, - :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_addr, :sport, :dport, :port, + :src_range, :dst_range, :tcp_flags, :gid, :uid, :mac_source, :sport, :dport, :port, :dst_type, :src_type, :socket, :pkttype, :name, :ipsec_dir, :ipsec_policy, :state, :ctstate, :icmp, :limit, :burst, :recent, :rseconds, :reap, :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :jump, :todest, diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index bf28f73..90ea0a8 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -911,6 +911,13 @@ Puppet::Type.newtype(:firewall) do EOS end + newproperty(:mac_source) do + desc <<-EOS + MAC Source + EOS + newvalues(/^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$/i) + end + autorequire(:firewallchain) do reqs = [] protocol = nil diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb index b8a57ce..bb508d9 100644 --- a/spec/acceptance/firewall_spec.rb +++ b/spec/acceptance/firewall_spec.rb @@ -1608,6 +1608,30 @@ describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfami end end + describe 'mac_source' do + context '0A:1B:3C:4D:5E:6F' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '610 - test': + ensure => present, + source => '10.1.5.28/32', + mac_source => '0A:1B:3C:4D:5E:6F', + chain => 'INPUT', + } + EOS + + apply_manifest(pp, :catch_failures => true) + end + + it 'should contain the rule' do + shell('iptables-save') do |r| + expect(r.stdout).to match(/-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"/) + end + end + end + end + describe 'reset' do it 'deletes all rules' do shell('ip6tables --flush') diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb index 1b8f3fc..abe47a1 100644 --- a/spec/fixtures/iptables/conversion_hash.rb +++ b/spec/fixtures/iptables/conversion_hash.rb @@ -7,12 +7,12 @@ # which will be used to create a resource. ARGS_TO_HASH = { 'mac_source_1' => { - :line => '-A neutron-openvswi-FORWARD -b -s 1.2.3.4/32 -m mac --mac-source FA:16:00:00:00:00 -j ACCEPT', + :line => '-A neutron-openvswi-FORWARD -s 1.2.3.4/32 -m mac --mac-source FA:16:00:00:00:00 -j ACCEPT', :table => 'filter', :params => { :chain => 'neutron-openvswi-FORWARD', :source => '1.2.3.4/32', - :mac_addr => 'FA:16:00:00:00:00', + :mac_source => 'FA:16:00:00:00:00', }, }, 'dport_and_sport' => {