From 4e7e2336c19a8a00fceef64167560d6576c5faa1 Mon Sep 17 00:00:00 2001 From: Ashley Penney Date: Fri, 28 Feb 2014 17:44:20 +0000 Subject: [PATCH] Update the tests to not test socket on SLES. --- README.markdown | 9 +- spec/acceptance/firewall_spec.rb | 84 +++++++++-------- spec/acceptance/params_spec.rb | 2 +- spec/acceptance/socket_spec.rb | 152 +++++++++++++++---------------- 4 files changed, 124 insertions(+), 123 deletions(-) diff --git a/README.markdown b/README.markdown index db955cc..401025e 100644 --- a/README.markdown +++ b/README.markdown @@ -364,11 +364,16 @@ Retrieves the version of iptables-persistent from your OS. This is a Debian/Ubun ###SLES -The `socket` parameter is not supported on SLES. In this release it will just cause straight iptables failures rather than clean errors. +The `socket` parameter is not supported on SLES. In this release it will cause +the catalog to fail with iptables failures, rather than correctly warn you that +the features are unusable. ###Oracle Linux 5 -The `socket` and `owner` parameters are unsupported on Oracle Linux 5, when the "Unbreakable" kernel is used. If you switch to the stock Redhat 5 kernel these work. In this release it will just cause straight iptables failures rather than clean errors. +The `socket` and `owner` parameters are unsupported on Oracle Linux 5, when the +"Unbreakable" kernel is used. If you switch to the stock Redhat 5 kernel these +work. In this release it will cause the catalog to fail with iptables +failures, rather than correct ly warn you that the features are unusable. ###Other diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb index 647a66f..486ce56 100644 --- a/spec/acceptance/firewall_spec.rb +++ b/spec/acceptance/firewall_spec.rb @@ -1337,56 +1337,54 @@ describe 'firewall type' do end end - # RHEL5 does not support -m socket - if default['platform'] !~ /el-5/ - describe 'socket' do - context 'true' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { '585 - test': - ensure => present, - proto => tcp, - port => '585', - action => accept, - chain => 'PREROUTING', - table => 'nat', - socket => true, - } - EOS + # RHEL5/SLES does not support -m socket + describe 'socket', :unless => (default['platform'] =~ /el-5/ or fact('operatingsystem') == 'SLES') do + context 'true' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '585 - test': + ensure => present, + proto => tcp, + port => '585', + action => accept, + chain => 'PREROUTING', + table => 'nat', + socket => true, + } + EOS - apply_manifest(pp, :catch_failures => true) - end + apply_manifest(pp, :catch_failures => true) + end - it 'should contain the rule' do - shell('iptables-save -t nat') do |r| - expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 585 -m socket -m comment --comment "585 - test" -j ACCEPT/) - end + it 'should contain the rule' do + shell('iptables-save -t nat') do |r| + expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 585 -m socket -m comment --comment "585 - test" -j ACCEPT/) end end + end - context 'false' do - it 'applies' do - pp = <<-EOS - class { '::firewall': } - firewall { '586 - test': - ensure => present, - proto => tcp, - port => '586', - action => accept, - chain => 'PREROUTING', - table => 'nat', - socket => false, - } - EOS + context 'false' do + it 'applies' do + pp = <<-EOS + class { '::firewall': } + firewall { '586 - test': + ensure => present, + proto => tcp, + port => '586', + action => accept, + chain => 'PREROUTING', + table => 'nat', + socket => false, + } + EOS - apply_manifest(pp, :catch_failures => true) - end + apply_manifest(pp, :catch_failures => true) + end - it 'should contain the rule' do - shell('iptables-save -t nat') do |r| - expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 586 -m comment --comment "586 - test" -j ACCEPT/) - end + it 'should contain the rule' do + shell('iptables-save -t nat') do |r| + expect(r.stdout).to match(/-A PREROUTING -p tcp -m multiport --ports 586 -m comment --comment "586 - test" -j ACCEPT/) end end end diff --git a/spec/acceptance/params_spec.rb b/spec/acceptance/params_spec.rb index d2948ee..bc2b12f 100644 --- a/spec/acceptance/params_spec.rb +++ b/spec/acceptance/params_spec.rb @@ -20,7 +20,7 @@ firewall { '#{name}': pm end - it 'test various params', :unless => default['platform'].match(/el-5/) do + it 'test various params', :unless => (default['platform'].match(/el-5/) || fact('operatinsystem') == 'SLES') do iptables_flush_all_tables ppm = pp({ diff --git a/spec/acceptance/socket_spec.rb b/spec/acceptance/socket_spec.rb index 6b5b78c..c4a0534 100644 --- a/spec/acceptance/socket_spec.rb +++ b/spec/acceptance/socket_spec.rb @@ -1,98 +1,96 @@ require 'spec_helper_acceptance' # RHEL5 does not support -m socket -if default['platform'] !~ /el-5/ - describe 'firewall socket property' do - before :all do - iptables_flush_all_tables - end +describe 'firewall socket property', :unless => (default['platform'] =~ /el-5/ || fact('operatingsystem') == 'SLES') do + before :all do + iptables_flush_all_tables + end - shared_examples "is idempotent" do |value, line_match| - it "changes the value to #{value}" do - pp = <<-EOS - class { '::firewall': } - firewall { '598 - test': - ensure => present, - proto => 'tcp', - chain => 'PREROUTING', - table => 'raw', - #{value} - } - EOS + shared_examples "is idempotent" do |value, line_match| + it "changes the value to #{value}" do + pp = <<-EOS + class { '::firewall': } + firewall { '598 - test': + ensure => present, + proto => 'tcp', + chain => 'PREROUTING', + table => 'raw', + #{value} + } + EOS - apply_manifest(pp, :catch_failures => true) - apply_manifest(pp, :catch_changes => true) + apply_manifest(pp, :catch_failures => true) + apply_manifest(pp, :catch_changes => true) - shell('iptables-save -t raw') do |r| - expect(r.stdout).to match(/#{line_match}/) - end + shell('iptables-save -t raw') do |r| + expect(r.stdout).to match(/#{line_match}/) end end - shared_examples "doesn't change" do |value, line_match| - it "doesn't change the value to #{value}" do - pp = <<-EOS - class { '::firewall': } - firewall { '598 - test': - ensure => present, - proto => 'tcp', - chain => 'PREROUTING', - table => 'raw', - #{value} - } - EOS + end + shared_examples "doesn't change" do |value, line_match| + it "doesn't change the value to #{value}" do + pp = <<-EOS + class { '::firewall': } + firewall { '598 - test': + ensure => present, + proto => 'tcp', + chain => 'PREROUTING', + table => 'raw', + #{value} + } + EOS - apply_manifest(pp, :catch_changes => true) + apply_manifest(pp, :catch_changes => true) - shell('iptables-save -t raw') do |r| - expect(r.stdout).to match(/#{line_match}/) - end + shell('iptables-save -t raw') do |r| + expect(r.stdout).to match(/#{line_match}/) end end + end - describe 'adding a rule' do - context 'when unset' do - before :all do - iptables_flush_all_tables - end - it_behaves_like 'is idempotent', '', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ + describe 'adding a rule' do + context 'when unset' do + before :all do + iptables_flush_all_tables end - context 'when set to true' do - before :all do - iptables_flush_all_tables - end - it_behaves_like 'is idempotent', 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/ + it_behaves_like 'is idempotent', '', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ + end + context 'when set to true' do + before :all do + iptables_flush_all_tables end - context 'when set to false' do - before :all do - iptables_flush_all_tables - end - it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ + it_behaves_like 'is idempotent', 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/ + end + context 'when set to false' do + before :all do + iptables_flush_all_tables end + it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ end - describe 'editing a rule' do - context 'when unset or false' do - before :each do - iptables_flush_all_tables - shell('iptables -t raw -A PREROUTING -p tcp -m comment --comment "598 - test"') - end - context 'and current value is false' do - it_behaves_like "doesn't change", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ - end - context 'and current value is true' do - it_behaves_like "is idempotent", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/ - end + end + describe 'editing a rule' do + context 'when unset or false' do + before :each do + iptables_flush_all_tables + shell('iptables -t raw -A PREROUTING -p tcp -m comment --comment "598 - test"') + end + context 'and current value is false' do + it_behaves_like "doesn't change", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ + end + context 'and current value is true' do + it_behaves_like "is idempotent", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/ + end + end + context 'when set to true' do + before :each do + iptables_flush_all_tables + shell('iptables -t raw -A PREROUTING -p tcp -m socket -m comment --comment "598 - test"') + end + context 'and current value is false' do + it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ end - context 'when set to true' do - before :each do - iptables_flush_all_tables - shell('iptables -t raw -A PREROUTING -p tcp -m socket -m comment --comment "598 - test"') - end - context 'and current value is false' do - it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ - end - context 'and current value is true' do - it_behaves_like "doesn't change", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/ - end + context 'and current value is true' do + it_behaves_like "doesn't change", 'socket => true,', /-A PREROUTING -p tcp -m socket -m comment --comment "598 - test"/ end end end -- 2.45.2