diff options
author | James Slagle <jslagle@redhat.com> | 2016-04-20 10:11:36 -0400 |
---|---|---|
committer | James Slagle <jslagle@redhat.com> | 2016-05-05 13:17:04 -0400 |
commit | 0bf0f72defc5260346717cf7c9d836342b34ebd6 (patch) | |
tree | 0988f51d1a2b8f57a6ad4ee96a239422fc35c044 | |
parent | 1b13c573641fd5ab2355faa3ecb89ad7ce1a76d3 (diff) |
Add dport/sport parameter to firewall rule
The port parameter to puppetlabs-firewall is actually deprecated[1].
This adds support for using the new parameter names dport and sport. The
port parameter is still retained in puppet-tripleo for backwards
compatibily for anyone using that interface. It is marked deprecated in
the documentation, however no deprecation warning is needed because
there is already a warning from from puppetlabs-firewall.
blueprint undercloud-elements
Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7
-rw-r--r-- | manifests/firewall/pre.pp | 2 | ||||
-rw-r--r-- | manifests/firewall/rule.pp | 12 | ||||
-rw-r--r-- | spec/classes/tripleo_firewall_spec.rb | 18 |
3 files changed, 29 insertions, 3 deletions
diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp index 2d7203a..7af7fbc 100644 --- a/manifests/firewall/pre.pp +++ b/manifests/firewall/pre.pp @@ -50,7 +50,7 @@ class tripleo::firewall::pre( } tripleo::firewall::rule{ '003 accept ssh': - port => '22', + dport => '22', extras => $firewall_settings, } diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp index ca9c6d0..c63162b 100644 --- a/manifests/firewall/rule.pp +++ b/manifests/firewall/rule.pp @@ -23,6 +23,14 @@ # (optional) The port associated to the rule. # Defaults to undef # +# [*dport*] +# (optional) The destination port associated to the rule. +# Defaults to undef +# +# [*sport*] +# (optional) The source port associated to the rule. +# Defaults to undef +# # [*proto*] # (optional) The protocol associated to the rule. # Defaults to 'tcp' @@ -57,6 +65,8 @@ # define tripleo::firewall::rule ( $port = undef, + $dport = undef, + $sport = undef, $proto = 'tcp', $action = 'accept', $state = ['NEW'], @@ -69,6 +79,8 @@ define tripleo::firewall::rule ( $basic = { 'port' => $port, + 'dport' => $dport, + 'sport' => $sport, 'proto' => $proto, 'action' => $action, 'state' => $state, diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb index aa5d1d7..27ac62a 100644 --- a/spec/classes/tripleo_firewall_spec.rb +++ b/spec/classes/tripleo_firewall_spec.rb @@ -51,7 +51,7 @@ describe 'tripleo::firewall' do :state => ['NEW'], ) is_expected.to contain_firewall('003 accept ssh').with( - :port => '22', + :dport => '22', :proto => 'tcp', :action => 'accept', :state => ['NEW'], @@ -74,7 +74,9 @@ describe 'tripleo::firewall' do :firewall_rules => { '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, - '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'} + '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}, + '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, + '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'} } ) end @@ -95,6 +97,18 @@ describe 'tripleo::firewall' do :chain => 'FORWARD', :destination => '192.0.2.0/24', ) + is_expected.to contain_firewall('303 add custom application 3').with( + :dport => '8081', + :proto => 'tcp', + :action => 'accept', + :state => ['NEW'], + ) + is_expected.to contain_firewall('304 add custom application 4').with( + :sport => '1000', + :proto => 'tcp', + :action => 'accept', + :state => ['NEW'], + ) end end |