summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBrent Eagles <beagles@redhat.com>2016-11-23 18:59:58 -0330
committerBrent Eagles <beagles@redhat.com>2016-11-24 08:54:48 -0330
commit688a79c6c68422c0f873074370b1bbc87c6d1007 (patch)
tree1925f5a262adab08fddfacfe4e1eee7588c96d82
parent92f9c952d6cbb0c11c8457de0e49748f3adf667e (diff)
Do not configure state matching when using GRE
The firewall rule quite reasonably sets up a default state matching rule but this is invalid for GRE. This patch conditionally adds the state matching if the protocol is not GRE. Closes-Bug: #1644360 Change-Id: Ie4ca41d0f36e79ba6822c358e21b827105736dd7
-rw-r--r--manifests/firewall/rule.pp11
-rw-r--r--spec/classes/tripleo_firewall_spec.rb4
2 files changed, 12 insertions, 3 deletions
diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index c63162b..6801dc4 100644
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -83,14 +83,21 @@ define tripleo::firewall::rule (
'sport' => $sport,
'proto' => $proto,
'action' => $action,
- 'state' => $state,
'source' => $source,
'iniface' => $iniface,
'chain' => $chain,
'destination' => $destination,
}
+ if $proto != 'gre' {
+ $state_rule = {
+ 'state' => $state
+ }
+ } else {
+ $state_rule = {}
+ }
+
- $rule = merge($basic, $extras)
+ $rule = merge($basic, $state_rule, $extras)
validate_hash($rule)
create_resources('firewall', { "${title}" => $rule })
diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index 1270aa7..3116a51 100644
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -76,7 +76,8 @@ describe 'tripleo::firewall' do
'301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
'302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
'303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
- '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
+ '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'},
+ '305 add gre rule' => {'proto' => 'gre'}
}
)
end
@@ -109,6 +110,7 @@ describe 'tripleo::firewall' do
:action => 'accept',
:state => ['NEW'],
)
+ is_expected.to contain_firewall('305 add gre rule').without(:state)
end
end