2 files changed, 45 insertions, 2 deletions

diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index 3116a51..3a1a0a0 100644
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -74,7 +74,7 @@ describe 'tripleo::firewall' do
           :firewall_rules => {
             '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
             '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
-            '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
+            '302 fwd custom cidr 1'        => {'port' => 'all', 'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
             '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
             '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'},
             '305 add gre rule'             => {'proto' => 'gre'}
@@ -96,7 +96,8 @@ describe 'tripleo::firewall' do
         )
         is_expected.to contain_firewall('302 fwd custom cidr 1').with(
           :chain   => 'FORWARD',
-          :destination  => '192.0.2.0/24',
+          :proto   => 'tcp',
+          :destination => '192.0.2.0/24',
         )
         is_expected.to contain_firewall('303 add custom application 3').with(
           :dport   => '8081',
@@ -114,6 +115,18 @@ describe 'tripleo::firewall' do
       end
     end
 
+    context 'with TCP rule without port or dport or sport specified' do
+      before :each do
+        params.merge!(
+          :manage_firewall => true,
+          :firewall_rules  => {
+            '500 wrong tcp rule' => {'proto' => 'tcp', 'action' => 'accept'},
+          }
+        )
+      end
+      it_raises 'a Puppet::Error', /500 wrong tcp rule firewall rule cannot be created. TCP or UDP rules for INPUT or OUTPUT need port or sport or dport./
+    end
+
   end
 
   on_supported_os.each do |os, facts|
diff --git a/spec/classes/tripleo_profile_base_sshd_spec.rb b/spec/classes/tripleo_profile_base_sshd_spec.rb
new file mode 100644
index 0000000..210b41c
--- /dev/null
+++ b/spec/classes/tripleo_profile_base_sshd_spec.rb
@@ -0,0 +1,30 @@
+# Copyright 2016 Red Hat, Inc.
+# All Rights Reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+
+require 'spec_helper'
+
+describe 'tripleo::profile::base::sshd' do
+
+  context 'with banner configured' do
+    it do
+      is_expected.to contain_file('/etc/issue').with({
+        'owner'  => 'root',
+        'group'  => 'root',
+        'mode'   => '0600',
+        })
+    end
+  end
+end