diff options
| author |   James Slagle <jslagle@redhat.com> | 2016-04-20 09:03:03 -0400 |
|---|---|---|
| committer | James Slagle <jslagle@redhat.com> | 2016-04-20 10:17:24 -0400 |
| commit | a005e3e052a4e41397e7060ad3bc8f45860e5336 (patch) | |
| tree | 7308f8793e00618a27238fba783a2b6e0cc23d49 | |
| parent | 33c6afe89ade18f3017158bddf60c1e51937583e (diff) | |
Add destination parameter to firewall rule
Specifying a destination cidr is already supported by
puppetlabs-firewall, we just need to pass through the parameter in
rule.pp in puppet-tripleo.
This will allow creating iptables rules that forward network traffic for
a given cidr via puppet-tripleo.
Change-Id: I23582a55cd97248be52f45e14de7e813ff499ff7
| -rw-r--r-- | manifests/firewall/rule.pp | 38 | ||||
| -rw-r--r-- | spec/classes/tripleo_firewall_spec.rb | 7 |
2 files changed, 28 insertions, 17 deletions
diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp index 02afbc2..ca9c6d0 100644 --- a/manifests/firewall/rule.pp +++ b/manifests/firewall/rule.pp @@ -47,29 +47,35 @@ # (optional) The chain associated to the rule. # Defaults to 'INPUT' # -# [*extras*] +# [*destination*] +# (optional) The destination cidr associated to the rule. +# Defaults to undef +# +# [*extras*] # (optional) Hash of any puppetlabs-firewall supported parameters. # Defaults to {} # define tripleo::firewall::rule ( - $port = undef, - $proto = 'tcp', - $action = 'accept', - $state = ['NEW'], - $source = '0.0.0.0/0', - $iniface = undef, - $chain = 'INPUT', - $extras = {}, + $port = undef, + $proto = 'tcp', + $action = 'accept', + $state = ['NEW'], + $source = '0.0.0.0/0', + $iniface = undef, + $chain = 'INPUT', + $destination = undef, + $extras = {}, ) { $basic = { - 'port' => $port, - 'proto' => $proto, - 'action' => $action, - 'state' => $state, - 'source' => $source, - 'iniface' => $iniface, - 'chain' => $chain, + 'port' => $port, + 'proto' => $proto, + 'action' => $action, + 'state' => $state, + 'source' => $source, + 'iniface' => $iniface, + 'chain' => $chain, + 'destination' => $destination, } $rule = merge($basic, $extras) diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb index 7d1d1ec..aa5d1d7 100644 --- a/spec/classes/tripleo_firewall_spec.rb +++ b/spec/classes/tripleo_firewall_spec.rb @@ -73,7 +73,8 @@ describe 'tripleo::firewall' do :manage_firewall => true, :firewall_rules => { '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, - '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'} + '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, + '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'} } ) end @@ -90,6 +91,10 @@ describe 'tripleo::firewall' do :action => 'accept', :state => ['NEW'], ) + is_expected.to contain_firewall('302 fwd custom cidr 1').with( + :chain => 'FORWARD', + :destination => '192.0.2.0/24', + ) end end |