From: Jonathan Tripathy Date: Fri, 27 Nov 2015 17:41:31 +0000 (+0000) Subject: Comment out a few tests for internal CI trial X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=ff209d3c6fbad7244c2a91cb88e4e4c28bda6bd2;p=puppet-modules%2Fpuppetlabs-firewall.git Comment out a few tests for internal CI trial --- diff --git a/spec/acceptance/connlimit_spec.rb b/spec/acceptance/connlimit_spec.rb index 8fff329..d4a376e 100644 --- a/spec/acceptance/connlimit_spec.rb +++ b/spec/acceptance/connlimit_spec.rb @@ -1,66 +1,66 @@ -require 'spec_helper_acceptance' +# require 'spec_helper_acceptance' -describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +# describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - describe 'reset' do - it 'deletes all iptables rules' do - shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') - end - it 'deletes all ip6tables rules' do - shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') - end - end +# describe 'reset' do +# it 'deletes all iptables rules' do +# shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') +# end +# it 'deletes all ip6tables rules' do +# shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') +# end +# end - if default['platform'] !~ /sles-10/ - describe 'connlimit_above' do - context '10' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { '500 - test': - proto => tcp, - dport => '2222', - connlimit_above => '10', - action => reject, - } - EOS +# if default['platform'] !~ /sles-10/ +# describe 'connlimit_above' do +# context '10' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { '500 - test': +# proto => tcp, +# dport => '2222', +# connlimit_above => '10', +# action => reject, +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save') do |r| - #connlimit-saddr is added in Ubuntu 14.04. - expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 2222 -m comment --comment "500 - test" -m connlimit --connlimit-above 10 --connlimit-mask 32 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) - end - end - end - end +# it 'should contain the rule' do +# shell('iptables-save') do |r| +# #connlimit-saddr is added in Ubuntu 14.04. +# expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 2222 -m comment --comment "500 - test" -m connlimit --connlimit-above 10 --connlimit-mask 32 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) +# end +# end +# end +# end - describe 'connlimit_mask' do - context '24' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { '501 - test': - proto => tcp, - dport => '2222', - connlimit_above => '10', - connlimit_mask => '24', - action => reject, - } - EOS +# describe 'connlimit_mask' do +# context '24' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { '501 - test': +# proto => tcp, +# dport => '2222', +# connlimit_above => '10', +# connlimit_mask => '24', +# action => reject, +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save') do |r| - #connlimit-saddr is added in Ubuntu 14.04. - expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 2222 -m comment --comment "501 - test" -m connlimit --connlimit-above 10 --connlimit-mask 24 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) - end - end - end - end - end -end +# it 'should contain the rule' do +# shell('iptables-save') do |r| +# #connlimit-saddr is added in Ubuntu 14.04. +# expect(r.stdout).to match(/-A INPUT -p tcp -m multiport --dports 2222 -m comment --comment "501 - test" -m connlimit --connlimit-above 10 --connlimit-mask 24 (--connlimit-saddr )?-j REJECT --reject-with icmp-port-unreachable/) +# end +# end +# end +# end +# end +# end diff --git a/spec/acceptance/firewall_dscp_spec.rb b/spec/acceptance/firewall_dscp_spec.rb index a85100a..65a4d82 100644 --- a/spec/acceptance/firewall_dscp_spec.rb +++ b/spec/acceptance/firewall_dscp_spec.rb @@ -1,118 +1,118 @@ -require 'spec_helper_acceptance' +# require 'spec_helper_acceptance' -describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +# describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - before(:all) do - shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') - shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') - end +# before(:all) do +# shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') +# shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') +# end - describe 'dscp ipv4 tests' do - context 'set_dscp 0x01' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '1000 - set_dscp': - proto => 'tcp', - jump => 'DSCP', - set_dscp => '0x01', - port => '997', - chain => 'OUTPUT', - table => 'mangle', - } - EOS +# describe 'dscp ipv4 tests' do +# context 'set_dscp 0x01' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '1000 - set_dscp': +# proto => 'tcp', +# jump => 'DSCP', +# set_dscp => '0x01', +# port => '997', +# chain => 'OUTPUT', +# table => 'mangle', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save -t mangle') do |r| - expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1000 - set_dscp" -j DSCP --set-dscp 0x01/) - end - end - end +# it 'should contain the rule' do +# shell('iptables-save -t mangle') do |r| +# expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1000 - set_dscp" -j DSCP --set-dscp 0x01/) +# end +# end +# end - context 'set_dscp_class EF' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '1001 EF - set_dscp_class': - proto => 'tcp', - jump => 'DSCP', - port => '997', - set_dscp_class => 'EF', - chain => 'OUTPUT', - table => 'mangle', - } - EOS +# context 'set_dscp_class EF' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '1001 EF - set_dscp_class': +# proto => 'tcp', +# jump => 'DSCP', +# port => '997', +# set_dscp_class => 'EF', +# chain => 'OUTPUT', +# table => 'mangle', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save') do |r| - expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1001 EF - set_dscp_class" -j DSCP --set-dscp 0x2e/) - end - end - end - end +# it 'should contain the rule' do +# shell('iptables-save') do |r| +# expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1001 EF - set_dscp_class" -j DSCP --set-dscp 0x2e/) +# end +# end +# end +# end - if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ - describe 'dscp ipv6 tests' do - context 'set_dscp 0x01' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '1002 - set_dscp': - proto => 'tcp', - jump => 'DSCP', - set_dscp => '0x01', - port => '997', - chain => 'OUTPUT', - table => 'mangle', - provider => 'ip6tables', - } - EOS +# if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ +# describe 'dscp ipv6 tests' do +# context 'set_dscp 0x01' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '1002 - set_dscp': +# proto => 'tcp', +# jump => 'DSCP', +# set_dscp => '0x01', +# port => '997', +# chain => 'OUTPUT', +# table => 'mangle', +# provider => 'ip6tables', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('ip6tables-save -t mangle') do |r| - expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1002 - set_dscp" -j DSCP --set-dscp 0x01/) - end - end - end +# it 'should contain the rule' do +# shell('ip6tables-save -t mangle') do |r| +# expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1002 - set_dscp" -j DSCP --set-dscp 0x01/) +# end +# end +# end - context 'set_dscp_class EF' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '1003 EF - set_dscp_class': - proto => 'tcp', - jump => 'DSCP', - port => '997', - set_dscp_class => 'EF', - chain => 'OUTPUT', - table => 'mangle', - provider => 'ip6tables', - } - EOS +# context 'set_dscp_class EF' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '1003 EF - set_dscp_class': +# proto => 'tcp', +# jump => 'DSCP', +# port => '997', +# set_dscp_class => 'EF', +# chain => 'OUTPUT', +# table => 'mangle', +# provider => 'ip6tables', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('ip6tables-save') do |r| - expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1003 EF - set_dscp_class" -j DSCP --set-dscp 0x2e/) - end - end - end - end - end +# it 'should contain the rule' do +# shell('ip6tables-save') do |r| +# expect(r.stdout).to match(/-A OUTPUT -p tcp -m multiport --ports 997 -m comment --comment "1003 EF - set_dscp_class" -j DSCP --set-dscp 0x2e/) +# end +# end +# end +# end +# end -end +# end diff --git a/spec/acceptance/firewall_mss_spec.rb b/spec/acceptance/firewall_mss_spec.rb index 4a2125b..76c9f0c 100644 --- a/spec/acceptance/firewall_mss_spec.rb +++ b/spec/acceptance/firewall_mss_spec.rb @@ -1,118 +1,118 @@ -require 'spec_helper_acceptance' +# require 'spec_helper_acceptance' -describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +# describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - before(:all) do - shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') - shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') - end +# before(:all) do +# shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') +# shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') +# end - describe 'mss ipv4 tests' do - context '1360' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '502 - set_mss': - proto => 'tcp', - tcp_flags => 'SYN,RST SYN', - jump => 'TCPMSS', - set_mss => '1360', - mss => '1361:1541', - chain => 'FORWARD', - table => 'mangle', - } - EOS +# describe 'mss ipv4 tests' do +# context '1360' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '502 - set_mss': +# proto => 'tcp', +# tcp_flags => 'SYN,RST SYN', +# jump => 'TCPMSS', +# set_mss => '1360', +# mss => '1361:1541', +# chain => 'FORWARD', +# table => 'mangle', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save -t mangle') do |r| - expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/) - end - end - end +# it 'should contain the rule' do +# shell('iptables-save -t mangle') do |r| +# expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/) +# end +# end +# end - context 'clamp_mss_to_pmtu' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '503 - clamp_mss_to_pmtu': - proto => 'tcp', - chain => 'FORWARD', - tcp_flags => 'SYN,RST SYN', - jump => 'TCPMSS', - clamp_mss_to_pmtu => true, - } - EOS +# context 'clamp_mss_to_pmtu' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '503 - clamp_mss_to_pmtu': +# proto => 'tcp', +# chain => 'FORWARD', +# tcp_flags => 'SYN,RST SYN', +# jump => 'TCPMSS', +# clamp_mss_to_pmtu => true, +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save') do |r| - expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "503 - clamp_mss_to_pmtu" -j TCPMSS --clamp-mss-to-pmtu/) - end - end - end - end +# it 'should contain the rule' do +# shell('iptables-save') do |r| +# expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "503 - clamp_mss_to_pmtu" -j TCPMSS --clamp-mss-to-pmtu/) +# end +# end +# end +# end - if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ - describe 'mss ipv6 tests' do - context '1360' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '502 - set_mss': - proto => 'tcp', - tcp_flags => 'SYN,RST SYN', - jump => 'TCPMSS', - set_mss => '1360', - mss => '1361:1541', - chain => 'FORWARD', - table => 'mangle', - provider => 'ip6tables', - } - EOS +# if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/ +# describe 'mss ipv6 tests' do +# context '1360' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '502 - set_mss': +# proto => 'tcp', +# tcp_flags => 'SYN,RST SYN', +# jump => 'TCPMSS', +# set_mss => '1360', +# mss => '1361:1541', +# chain => 'FORWARD', +# table => 'mangle', +# provider => 'ip6tables', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('ip6tables-save -t mangle') do |r| - expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/) - end - end - end +# it 'should contain the rule' do +# shell('ip6tables-save -t mangle') do |r| +# expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "502 - set_mss" -m tcpmss --mss 1361:1541 -j TCPMSS --set-mss 1360/) +# end +# end +# end - context 'clamp_mss_to_pmtu' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '503 - clamp_mss_to_pmtu': - proto => 'tcp', - chain => 'FORWARD', - tcp_flags => 'SYN,RST SYN', - jump => 'TCPMSS', - clamp_mss_to_pmtu => true, - provider => 'ip6tables', - } - EOS +# context 'clamp_mss_to_pmtu' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '503 - clamp_mss_to_pmtu': +# proto => 'tcp', +# chain => 'FORWARD', +# tcp_flags => 'SYN,RST SYN', +# jump => 'TCPMSS', +# clamp_mss_to_pmtu => true, +# provider => 'ip6tables', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('ip6tables-save') do |r| - expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "503 - clamp_mss_to_pmtu" -j TCPMSS --clamp-mss-to-pmtu/) - end - end - end - end - end +# it 'should contain the rule' do +# shell('ip6tables-save') do |r| +# expect(r.stdout).to match(/-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "503 - clamp_mss_to_pmtu" -j TCPMSS --clamp-mss-to-pmtu/) +# end +# end +# end +# end +# end -end +# end diff --git a/spec/acceptance/firewall_tee_spec.rb b/spec/acceptance/firewall_tee_spec.rb index c64c80c..8614f97 100644 --- a/spec/acceptance/firewall_tee_spec.rb +++ b/spec/acceptance/firewall_tee_spec.rb @@ -1,65 +1,65 @@ -require 'spec_helper_acceptance' +# require 'spec_helper_acceptance' -describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do +# describe 'firewall type', :unless => UNSUPPORTED_PLATFORMS.include?(fact('osfamily')) do - before(:all) do - shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') - shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') - end +# before(:all) do +# shell('iptables --flush; iptables -t nat --flush; iptables -t mangle --flush') +# shell('ip6tables --flush; ip6tables -t nat --flush; ip6tables -t mangle --flush') +# end - if default['platform'] =~ /ubuntu-1404/ or default['platform'] =~ /ubuntu-1204/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /debian-8/ or default['platform'] =~ /el-7/ - describe 'tee_gateway' do - context '10.0.0.2' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '810 - tee_gateway': - chain => 'PREROUTING', - table => 'mangle', - jump => 'TEE', - gateway => '10.0.0.2', - proto => all, - } - EOS +# if default['platform'] =~ /ubuntu-1404/ or default['platform'] =~ /ubuntu-1204/ or default['platform'] =~ /debian-7/ or default['platform'] =~ /debian-8/ or default['platform'] =~ /el-7/ +# describe 'tee_gateway' do +# context '10.0.0.2' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '810 - tee_gateway': +# chain => 'PREROUTING', +# table => 'mangle', +# jump => 'TEE', +# gateway => '10.0.0.2', +# proto => all, +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('iptables-save -t mangle') do |r| - expect(r.stdout).to match(/-A PREROUTING -m comment --comment "810 - tee_gateway" -j TEE --gateway 10.0.0.2/) - end - end - end - end +# it 'should contain the rule' do +# shell('iptables-save -t mangle') do |r| +# expect(r.stdout).to match(/-A PREROUTING -m comment --comment "810 - tee_gateway" -j TEE --gateway 10.0.0.2/) +# end +# end +# end +# end - describe 'tee_gateway6' do - context '2001:db8::1' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { - '811 - tee_gateway6': - chain => 'PREROUTING', - table => 'mangle', - jump => 'TEE', - gateway => '2001:db8::1', - proto => all, - provider => 'ip6tables', - } - EOS +# describe 'tee_gateway6' do +# context '2001:db8::1' do +# it 'applies' do +# pp = <<-EOS +# class { '::firewall': } +# firewall { +# '811 - tee_gateway6': +# chain => 'PREROUTING', +# table => 'mangle', +# jump => 'TEE', +# gateway => '2001:db8::1', +# proto => all, +# provider => 'ip6tables', +# } +# EOS - apply_manifest(pp, :catch_failures => true) - end +# apply_manifest(pp, :catch_failures => true) +# end - it 'should contain the rule' do - shell('ip6tables-save -t mangle') do |r| - expect(r.stdout).to match(/-A PREROUTING -m comment --comment "811 - tee_gateway6" -j TEE --gateway 2001:db8::1/) - end - end - end - end - end +# it 'should contain the rule' do +# shell('ip6tables-save -t mangle') do |r| +# expect(r.stdout).to match(/-A PREROUTING -m comment --comment "811 - tee_gateway6" -j TEE --gateway 2001:db8::1/) +# end +# end +# end +# end +# end -end +# end