summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJames Slagle <jslagle@redhat.com>2016-04-20 10:11:36 -0400
committerJames Slagle <jslagle@redhat.com>2016-05-05 13:17:04 -0400
commit0bf0f72defc5260346717cf7c9d836342b34ebd6 (patch)
tree0988f51d1a2b8f57a6ad4ee96a239422fc35c044
parent1b13c573641fd5ab2355faa3ecb89ad7ce1a76d3 (diff)
Add dport/sport parameter to firewall rule
The port parameter to puppetlabs-firewall is actually deprecated[1]. This adds support for using the new parameter names dport and sport. The port parameter is still retained in puppet-tripleo for backwards compatibily for anyone using that interface. It is marked deprecated in the documentation, however no deprecation warning is needed because there is already a warning from from puppetlabs-firewall. blueprint undercloud-elements Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7
-rw-r--r--manifests/firewall/pre.pp2
-rw-r--r--manifests/firewall/rule.pp12
-rw-r--r--spec/classes/tripleo_firewall_spec.rb18
3 files changed, 29 insertions, 3 deletions
diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp
index 2d7203a..7af7fbc 100644
--- a/manifests/firewall/pre.pp
+++ b/manifests/firewall/pre.pp
@@ -50,7 +50,7 @@ class tripleo::firewall::pre(
}
tripleo::firewall::rule{ '003 accept ssh':
- port => '22',
+ dport => '22',
extras => $firewall_settings,
}
diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index ca9c6d0..c63162b 100644
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -23,6 +23,14 @@
# (optional) The port associated to the rule.
# Defaults to undef
#
+# [*dport*]
+# (optional) The destination port associated to the rule.
+# Defaults to undef
+#
+# [*sport*]
+# (optional) The source port associated to the rule.
+# Defaults to undef
+#
# [*proto*]
# (optional) The protocol associated to the rule.
# Defaults to 'tcp'
@@ -57,6 +65,8 @@
#
define tripleo::firewall::rule (
$port = undef,
+ $dport = undef,
+ $sport = undef,
$proto = 'tcp',
$action = 'accept',
$state = ['NEW'],
@@ -69,6 +79,8 @@ define tripleo::firewall::rule (
$basic = {
'port' => $port,
+ 'dport' => $dport,
+ 'sport' => $sport,
'proto' => $proto,
'action' => $action,
'state' => $state,
diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index aa5d1d7..27ac62a 100644
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -51,7 +51,7 @@ describe 'tripleo::firewall' do
:state => ['NEW'],
)
is_expected.to contain_firewall('003 accept ssh').with(
- :port => '22',
+ :dport => '22',
:proto => 'tcp',
:action => 'accept',
:state => ['NEW'],
@@ -74,7 +74,9 @@ describe 'tripleo::firewall' do
:firewall_rules => {
'300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
'301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
- '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}
+ '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
+ '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
+ '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
}
)
end
@@ -95,6 +97,18 @@ describe 'tripleo::firewall' do
:chain => 'FORWARD',
:destination => '192.0.2.0/24',
)
+ is_expected.to contain_firewall('303 add custom application 3').with(
+ :dport => '8081',
+ :proto => 'tcp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ is_expected.to contain_firewall('304 add custom application 4').with(
+ :sport => '1000',
+ :proto => 'tcp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
end
end