From 90a581b15fd2b52ab18e20052ff3a860d19721bf Mon Sep 17 00:00:00 2001 From: Hunter Haugen Date: Fri, 21 Feb 2014 13:06:00 -0800 Subject: [PATCH] Remove path from tests On sles and potentially other platforms iptables is not in /sbin --- spec/acceptance/change_source_spec.rb | 2 +- spec/acceptance/ip6_fragment_spec.rb | 4 ++-- spec/acceptance/isfragment_spec.rb | 4 ++-- spec/acceptance/nodesets/centos-59-x64-pe.yml | 12 ++++++++++++ spec/acceptance/purge_spec.rb | 16 ++++++++-------- spec/acceptance/resource_cmd_spec.rb | 12 ++++++------ spec/acceptance/socket_spec.rb | 4 ++-- spec/spec_helper_acceptance.rb | 4 ++-- 8 files changed, 35 insertions(+), 23 deletions(-) create mode 100644 spec/acceptance/nodesets/centos-59-x64-pe.yml diff --git a/spec/acceptance/change_source_spec.rb b/spec/acceptance/change_source_spec.rb index 04347c1..cdb4eab 100644 --- a/spec/acceptance/change_source_spec.rb +++ b/spec/acceptance/change_source_spec.rb @@ -29,7 +29,7 @@ describe 'firewall type' do end it 'adds a unmanaged rule without a comment' do - shell('/sbin/iptables -A INPUT -t filter -s 8.0.0.3/32 -p tcp -m multiport --ports 102 -j ACCEPT') + shell('iptables -A INPUT -t filter -s 8.0.0.3/32 -p tcp -m multiport --ports 102 -j ACCEPT') expect(shell('iptables-save').stdout).to match(/-A INPUT -s 8\.0\.0\.3(\/32)? -p tcp -m multiport --ports 102 -j ACCEPT/) end diff --git a/spec/acceptance/ip6_fragment_spec.rb b/spec/acceptance/ip6_fragment_spec.rb index a83c88c..bfce0e6 100644 --- a/spec/acceptance/ip6_fragment_spec.rb +++ b/spec/acceptance/ip6_fragment_spec.rb @@ -88,7 +88,7 @@ else context 'when unset or false' do before :each do ip6tables_flush_all_tables - shell('/sbin/ip6tables -A INPUT -p tcp -m comment --comment "599 - test"') + shell('ip6tables -A INPUT -p tcp -m comment --comment "599 - test"') end context 'and current value is false' do it_behaves_like "doesn't change", 'ishasmorefrags => false, islastfrag => false, isfirstfrag => false', /-A INPUT -p tcp -m comment --comment "599 - test"/ @@ -100,7 +100,7 @@ else context 'when set to true' do before :each do ip6tables_flush_all_tables - shell('/sbin/ip6tables -A INPUT -p tcp -m frag --fragid 0 --fragmore -m frag --fragid 0 --fraglast -m frag --fragid 0 --fragfirst -m comment --comment "599 - test"') + shell('ip6tables -A INPUT -p tcp -m frag --fragid 0 --fragmore -m frag --fragid 0 --fraglast -m frag --fragid 0 --fragfirst -m comment --comment "599 - test"') end context 'and current value is false' do it_behaves_like "is idempotent", 'ishasmorefrags => false, islastfrag => false, isfirstfrag => false', /-A INPUT -p tcp -m comment --comment "599 - test"/ diff --git a/spec/acceptance/isfragment_spec.rb b/spec/acceptance/isfragment_spec.rb index b82ebc4..7fdedc2 100644 --- a/spec/acceptance/isfragment_spec.rb +++ b/spec/acceptance/isfragment_spec.rb @@ -67,7 +67,7 @@ describe 'firewall isfragment property' do context 'when unset or false' do before :each do iptables_flush_all_tables - shell('/sbin/iptables -A INPUT -p tcp -m comment --comment "597 - test"') + shell('iptables -A INPUT -p tcp -m comment --comment "597 - test"') end context 'and current value is false' do it_behaves_like "doesn't change", 'isfragment => false,', /-A INPUT -p tcp -m comment --comment "597 - test"/ @@ -79,7 +79,7 @@ describe 'firewall isfragment property' do context 'when set to true' do before :each do iptables_flush_all_tables - shell('/sbin/iptables -A INPUT -p tcp -f -m comment --comment "597 - test"') + shell('iptables -A INPUT -p tcp -f -m comment --comment "597 - test"') end context 'and current value is false' do it_behaves_like "is idempotent", 'isfragment => false,', /-A INPUT -p tcp -m comment --comment "597 - test"/ diff --git a/spec/acceptance/nodesets/centos-59-x64-pe.yml b/spec/acceptance/nodesets/centos-59-x64-pe.yml new file mode 100644 index 0000000..3a6470b --- /dev/null +++ b/spec/acceptance/nodesets/centos-59-x64-pe.yml @@ -0,0 +1,12 @@ +HOSTS: + centos-59-x64: + roles: + - master + - database + - console + platform: el-5-x86_64 + box : centos-59-x64-vbox4210-nocm + box_url : http://puppet-vagrant-boxes.puppetlabs.com/centos-59-x64-vbox4210-nocm.box + hypervisor : vagrant +CONFIG: + type: pe diff --git a/spec/acceptance/purge_spec.rb b/spec/acceptance/purge_spec.rb index cebe753..f62b14f 100644 --- a/spec/acceptance/purge_spec.rb +++ b/spec/acceptance/purge_spec.rb @@ -5,8 +5,8 @@ describe "purge tests:" do before(:all) do iptables_flush_all_tables - shell('/sbin/iptables -A INPUT -s 1.2.1.2') - shell('/sbin/iptables -A INPUT -s 1.2.1.2') + shell('iptables -A INPUT -s 1.2.1.2') + shell('iptables -A INPUT -s 1.2.1.2') end it 'make sure duplicate existing rules get purged' do @@ -22,7 +22,7 @@ describe "purge tests:" do end it 'saves' do - shell('/sbin/iptables-save') do |r| + shell('iptables-save') do |r| expect(r.stdout).to_not match(/1\.2\.1\.2/) expect(r.stderr).to eq("") end @@ -33,9 +33,9 @@ describe "purge tests:" do before(:each) do iptables_flush_all_tables - shell('/sbin/iptables -A INPUT -p tcp -s 1.2.1.1') - shell('/sbin/iptables -A INPUT -p udp -s 1.2.1.1') - shell('/sbin/iptables -A OUTPUT -s 1.2.1.2 -m comment --comment "010 output-1.2.1.2"') + shell('iptables -A INPUT -p tcp -s 1.2.1.1') + shell('iptables -A INPUT -p udp -s 1.2.1.1') + shell('iptables -A OUTPUT -s 1.2.1.2 -m comment --comment "010 output-1.2.1.2"') end it 'purges only the specified chain' do @@ -48,7 +48,7 @@ describe "purge tests:" do apply_manifest(pp, :expect_changes => true) - shell('/sbin/iptables-save') do |r| + shell('iptables-save') do |r| expect(r.stdout).to match(/010 output-1\.2\.1\.2/) expect(r.stdout).to_not match(/1\.2\.1\.1/) expect(r.stderr).to eq("") @@ -118,7 +118,7 @@ describe "purge tests:" do apply_manifest(pp, :catch_failures => true) - expect(shell('/sbin/iptables-save').stdout).to match(/-A INPUT -s 1\.2\.1\.1(\/32)? -p tcp\s?\n-A INPUT -s 1\.2\.1\.1(\/32)? -p udp/) + expect(shell('iptables-save').stdout).to match(/-A INPUT -s 1\.2\.1\.1(\/32)? -p tcp\s?\n-A INPUT -s 1\.2\.1\.1(\/32)? -p udp/) end end end diff --git a/spec/acceptance/resource_cmd_spec.rb b/spec/acceptance/resource_cmd_spec.rb index 8334b6c..c9a852d 100644 --- a/spec/acceptance/resource_cmd_spec.rb +++ b/spec/acceptance/resource_cmd_spec.rb @@ -32,7 +32,7 @@ describe 'puppet resource firewall command:' do context 'accepts rules without comments' do before(:all) do iptables_flush_all_tables - shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80') + shell('iptables -A INPUT -j ACCEPT -p tcp --dport 80') end it do @@ -47,7 +47,7 @@ describe 'puppet resource firewall command:' do context 'accepts rules with invalid comments' do before(:all) do iptables_flush_all_tables - shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http"') + shell('iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http"') end it do @@ -62,9 +62,9 @@ describe 'puppet resource firewall command:' do context 'accepts rules with negation' do before :all do iptables_flush_all_tables - shell('/sbin/iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535') - shell('/sbin/iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535') - shell('/sbin/iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE') + shell('iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535') + shell('iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535') + shell('iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE') end it do @@ -79,7 +79,7 @@ describe 'puppet resource firewall command:' do context 'accepts rules with match extension tcp flag' do before :all do iptables_flush_all_tables - shell('/sbin/iptables -t mangle -A PREROUTING -d 1.2.3.4 -p tcp -m tcp -m multiport --dports 80,443,8140 -j MARK --set-mark 42') + shell('iptables -t mangle -A PREROUTING -d 1.2.3.4 -p tcp -m tcp -m multiport --dports 80,443,8140 -j MARK --set-mark 42') end it do diff --git a/spec/acceptance/socket_spec.rb b/spec/acceptance/socket_spec.rb index 2436503..6b5b78c 100644 --- a/spec/acceptance/socket_spec.rb +++ b/spec/acceptance/socket_spec.rb @@ -73,7 +73,7 @@ if default['platform'] !~ /el-5/ context 'when unset or false' do before :each do iptables_flush_all_tables - shell('/sbin/iptables -t raw -A PREROUTING -p tcp -m comment --comment "598 - test"') + shell('iptables -t raw -A PREROUTING -p tcp -m comment --comment "598 - test"') end context 'and current value is false' do it_behaves_like "doesn't change", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ @@ -85,7 +85,7 @@ if default['platform'] !~ /el-5/ context 'when set to true' do before :each do iptables_flush_all_tables - shell('/sbin/iptables -t raw -A PREROUTING -p tcp -m socket -m comment --comment "598 - test"') + shell('iptables -t raw -A PREROUTING -p tcp -m socket -m comment --comment "598 - test"') end context 'and current value is false' do it_behaves_like "is idempotent", 'socket => false,', /-A PREROUTING -p tcp -m comment --comment "598 - test"/ diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index afd6c5c..a0e807c 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -2,13 +2,13 @@ require 'beaker-rspec' def iptables_flush_all_tables ['filter', 'nat', 'mangle', 'raw'].each do |t| - expect(shell("/sbin/iptables -t #{t} -F").stderr).to eq("") + expect(shell("iptables -t #{t} -F").stderr).to eq("") end end def ip6tables_flush_all_tables ['filter'].each do |t| - expect(shell("/sbin/ip6tables -t #{t} -F").stderr).to eq("") + expect(shell("ip6tables -t #{t} -F").stderr).to eq("") end end -- 2.45.2