From: Hunter Haugen <hunter@puppetlabs.com>
Date: Wed, 28 May 2014 19:03:29 +0000 (-0700)
Subject: Add tests and fix docs/whitespace
X-Git-Tag: 1.3.0~1^2~35^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=b9ee830ed4091f414730329987a5f284509e9633;p=puppet-modules%2Fpuppetlabs-firewall.git

Add tests and fix docs/whitespace
---

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 22afbd2..e6be89e 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -884,19 +884,19 @@ Puppet::Type.newtype(:firewall) do
   end
 
   newproperty(:ipsec_policy, :required_features => :ipsec_policy) do
-	  desc <<-EOS
-	  	 Sets the ipsec policy type
-	  EOS
+    desc <<-EOS
+       Sets the ipsec policy type. May take a combination of arguments for any flags that can be passed to `--pol ipsec` such as: `--strict`, `--reqid 100`, `--next`, `--proto esp`, etc.
+    EOS
 
-	  newvalues(:none, :ipsec)
+    newvalues(:none, :ipsec)
   end
 
   newproperty(:ipsec_dir, :required_features => :ipsec_dir) do
-	  desc <<-EOS
-	  	 Sets the ipsec policy direction
-	  EOS
+    desc <<-EOS
+       Sets the ipsec policy direction
+    EOS
 
-	  newvalues(:in, :out)
+    newvalues(:in, :out)
   end
 
   newproperty(:mask, :required_features => :mask) do
diff --git a/spec/acceptance/resource_cmd_spec.rb b/spec/acceptance/resource_cmd_spec.rb
index c9a852d..573397b 100644
--- a/spec/acceptance/resource_cmd_spec.rb
+++ b/spec/acceptance/resource_cmd_spec.rb
@@ -90,4 +90,23 @@ describe 'puppet resource firewall command:' do
       end
     end
   end
+
+  context 'accepts rules with negation' do
+    before :all do
+      iptables_flush_all_tables
+      shell('iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -m policy --dir out --pol ipsec -j ACCEPT')
+      shell('iptables -t filter -A FORWARD -s 192.168.1.0/24 -d 192.168.122.0/24 -i eth0 -m policy --dir in --pol ipsec --reqid 108 --proto esp -j ACCEPT')
+      shell('iptables -t filter -A FORWARD -s 192.168.122.0/24 -d 192.168.1.0/24 -o eth0 -m policy --dir out --pol ipsec --reqid 108 --proto esp -j ACCEPT')
+      shell('iptables -t filter -A FORWARD -s 192.168.201.1/32 -d 192.168.122.0/24 -i eth0 -m policy --dir in --pol ipsec --reqid 107 --proto esp -j ACCEPT')
+      shell('iptables -t filter -A FORWARD -s 192.168.122.0/24 -d 192.168.201.1/32 -o eth0 -m policy --dir out --pol ipsec --reqid 107 --proto esp -j ACCEPT')
+    end
+
+    it do
+      shell('puppet resource firewall') do |r|
+        r.exit_code.should be_zero
+        # don't check stdout, testing preexisting rules, output is normal
+        r.stderr.should be_empty
+      end
+    end
+  end
 end