From cd76eaedc9e9b08209746b95006c338ab4b4bffc Mon Sep 17 00:00:00 2001
From: tphoney <tp@puppet.com>
Date: Tue, 19 Feb 2019 16:25:26 +0000
Subject: [PATCH] clean up connlimit and connmark tests

---
 spec/acceptance/connlimit_spec.rb           | 61 ---------------------
 spec/acceptance/connmark_spec.rb            | 25 ---------
 spec/acceptance/firewall_attributes_spec.rb | 40 ++++++++++++++
 3 files changed, 40 insertions(+), 86 deletions(-)
 delete mode 100644 spec/acceptance/connlimit_spec.rb
 delete mode 100644 spec/acceptance/connmark_spec.rb
 create mode 100644 spec/acceptance/firewall_attributes_spec.rb

diff --git a/spec/acceptance/connlimit_spec.rb b/spec/acceptance/connlimit_spec.rb
deleted file mode 100644
index 674e947..0000000
--- a/spec/acceptance/connlimit_spec.rb
+++ /dev/null
@@ -1,61 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe 'connlimit property' do
-  before :all do
-    iptables_flush_all_tables
-    ip6tables_flush_all_tables
-  end
-
-  if default['platform'] !~ %r{sles-10}
-    describe 'connlimit_above' do
-      context 'when 10' do
-        pp1 = <<-PUPPETCODE
-            class { '::firewall': }
-            firewall { '500 - test':
-              proto           => tcp,
-              dport           => '2222',
-              connlimit_above => '10',
-              action          => reject,
-            }
-        PUPPETCODE
-        it 'applies' do
-          apply_manifest(pp1, catch_failures: true)
-          apply_manifest(pp1, catch_changes: do_catch_changes)
-        end
-
-        it 'contains the rule' do
-          shell('iptables-save') do |r|
-            # connlimit-saddr is added in Ubuntu 14.04.
-            expect(r.stdout).to match(%r{-A INPUT -p tcp -m multiport --dports 2222 -m connlimit --connlimit-above 10 --connlimit-mask 32 (--connlimit-saddr )?-m comment --comment "500 - test" -j REJECT --reject-with icmp-port-unreachable}) # rubocop:disable Metrics/LineLength : Cannot reduce length to required size
-          end
-        end
-      end
-    end
-
-    describe 'connlimit_mask' do
-      context 'when 24' do
-        pp2 = <<-PUPPETCODE
-            class { '::firewall': }
-            firewall { '501 - test':
-              proto           => tcp,
-              dport           => '2222',
-              connlimit_above => '10',
-              connlimit_mask  => '24',
-              action          => reject,
-            }
-        PUPPETCODE
-        it 'applies' do
-          apply_manifest(pp2, catch_failures: true)
-          apply_manifest(pp2, catch_changes: do_catch_changes)
-        end
-
-        it 'contains the rule' do
-          shell('iptables-save') do |r|
-            # connlimit-saddr is added in Ubuntu 14.04.
-            expect(r.stdout).to match(%r{-A INPUT -p tcp -m multiport --dports 2222 -m connlimit --connlimit-above 10 --connlimit-mask 24 (--connlimit-saddr )?-m comment --comment "501 - test" -j REJECT --reject-with icmp-port-unreachable}) # rubocop:disable Metrics/LineLength : Cannot reduce length to required size
-          end
-        end
-      end
-    end
-  end
-end
diff --git a/spec/acceptance/connmark_spec.rb b/spec/acceptance/connmark_spec.rb
deleted file mode 100644
index 1408a23..0000000
--- a/spec/acceptance/connmark_spec.rb
+++ /dev/null
@@ -1,25 +0,0 @@
-require 'spec_helper_acceptance'
-
-describe 'connmark property' do
-  describe 'connmark' do
-    context 'when 50' do
-      pp = <<-PUPPETCODE
-          class { '::firewall': }
-          firewall { '502 - test':
-            proto    => 'all',
-            connmark => '0x1',
-            action   => reject,
-          }
-      PUPPETCODE
-      it 'applies' do
-        apply_manifest(pp, catch_failures: true)
-      end
-
-      it 'contains the rule' do
-        shell('iptables-save') do |r|
-          expect(r.stdout).to match(%r{-A INPUT -m connmark --mark 0x1 -m comment --comment "502 - test" -j REJECT --reject-with icmp-port-unreachable})
-        end
-      end
-    end
-  end
-end
diff --git a/spec/acceptance/firewall_attributes_spec.rb b/spec/acceptance/firewall_attributes_spec.rb
new file mode 100644
index 0000000..41634b2
--- /dev/null
+++ b/spec/acceptance/firewall_attributes_spec.rb
@@ -0,0 +1,40 @@
+require 'spec_helper_acceptance'
+
+describe 'connlimit property' do
+  before :all do
+    iptables_flush_all_tables
+    ip6tables_flush_all_tables
+  end
+
+  describe 'attributes test' do
+    before(:all) do
+      pp = <<-PUPPETCODE
+          class { '::firewall': }
+          firewall { '501 - connlimit':
+            proto           => tcp,
+            dport           => '2222',
+            connlimit_above => '10',
+            connlimit_mask  => '24',
+            action          => reject,
+          }
+          firewall { '502 - connmark':
+            proto    => 'all',
+            connmark => '0x1',
+            action   => reject,
+          }
+      PUPPETCODE
+      apply_manifest(pp, catch_failures: true)
+      apply_manifest(pp, catch_changes: do_catch_changes)
+    end
+    let(:result) { shell('iptables-save') }
+
+    it 'contains the connlimit and connlimit_mask rule' do
+      expect(result.stdout).to match(
+        %r{-A INPUT -p tcp -m multiport --dports 2222 -m connlimit --connlimit-above 10 --connlimit-mask 24 (--connlimit-saddr )?-m comment --comment "501 - connlimit" -j REJECT --reject-with icmp-port-unreachable}, # rubocop:disable Metrics/LineLength
+      )
+    end
+    it 'contains the connmark' do
+      expect(result.stdout).to match(%r{-A INPUT -m connmark --mark 0x1 -m comment --comment "502 - connmark" -j REJECT --reject-with icmp-port-unreachable})
+    end
+  end
+end
-- 
2.45.2