diff options
author | Yanis Guenane <yguenane@redhat.com> | 2015-07-15 11:58:46 +0200 |
---|---|---|
committer | Yanis Guenane <yguenane@redhat.com> | 2015-07-15 11:58:46 +0200 |
commit | c59650772c8d7d2e84a19782ef8d53cec02deb9b (patch) | |
tree | aec45b9a2d425ee6bac3815a60a5171cc0d25d3b /spec/classes/tripleo_init_spec.rb | |
parent | 9b22f9f4ddfd511d19f3e34d7be70092a79d18d7 (diff) |
Implement firewalling in tripleo::firewall
Currently firewalling is implemented in tripleo/init.pp this commit
moves it to its own scope tripleo/firewall.pp.
This is done so that in tripleo-heat-templates we can have a simple and
generic `include tripleo::firewall` in every manifest - unconditional.
The rest of the behavior will all be managed by hiera.
If a user wants to enable firewalling:
```
tripleo::firewall::manage_firewall: true
```
If a user wants to specify firewall rules:
```
tripleo::firewall::firewall_rules:
'103 mongod':
port: 27017
```
Change-Id: I144c60db2a568a94dce5b51257f1d10980173325
Diffstat (limited to 'spec/classes/tripleo_init_spec.rb')
-rw-r--r-- | spec/classes/tripleo_init_spec.rb | 91 |
1 files changed, 0 insertions, 91 deletions
diff --git a/spec/classes/tripleo_init_spec.rb b/spec/classes/tripleo_init_spec.rb index 9f01857..57b45e2 100644 --- a/spec/classes/tripleo_init_spec.rb +++ b/spec/classes/tripleo_init_spec.rb @@ -20,95 +20,4 @@ require 'spec_helper' describe 'tripleo' do - let :params do - { } - end - - shared_examples_for 'tripleo node' do - - context 'with firewall enabled' do - before :each do - params.merge!( - :manage_firewall => true, - ) - end - - it 'configure basic pre firewall rules' do - is_expected.to contain_firewall('000 accept related established rules').with( - :proto => 'all', - :state => ['RELATED', 'ESTABLISHED'], - :action => 'accept', - ) - is_expected.to contain_firewall('001 accept all icmp').with( - :proto => 'icmp', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('002 accept all to lo interface').with( - :proto => 'all', - :iniface => 'lo', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('003 accept ssh').with( - :port => '22', - :proto => 'tcp', - :action => 'accept', - :state => ['NEW'], - ) - end - - it 'configure basic post firewall rules' do - is_expected.to contain_firewall('999 drop all').with( - :proto => 'all', - :action => 'drop', - :source => '0.0.0.0/0', - ) - end - end - - context 'with custom firewall rules' do - before :each do - params.merge!( - :manage_firewall => true, - :firewall_rules => { - '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, - '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'} - } - ) - end - it 'configure custom firewall rules' do - is_expected.to contain_firewall('300 add custom application 1').with( - :port => '999', - :proto => 'udp', - :action => 'accept', - :state => ['NEW'], - ) - is_expected.to contain_firewall('301 add custom application 2').with( - :port => '8081', - :proto => 'tcp', - :action => 'accept', - :state => ['NEW'], - ) - end - end - - end - - context 'on Debian platforms' do - let :facts do - { :osfamily => 'Debian' } - end - - it_configures 'tripleo node' - end - - context 'on RedHat platforms' do - let :facts do - { :osfamily => 'RedHat' } - end - - it_configures 'tripleo node' - end - end |