aboutsummaryrefslogtreecommitdiffstats
path: root/spec/classes/tripleo_firewall_spec.rb
AgeCommit message (Collapse)AuthorFilesLines
2016-11-24Do not configure state matching when using GREBrent Eagles1-1/+3
The firewall rule quite reasonably sets up a default state matching rule but this is invalid for GRE. This patch conditionally adds the state matching if the protocol is not GRE. Closes-Bug: #1644360 Change-Id: Ie4ca41d0f36e79ba6822c358e21b827105736dd7
2016-09-21Add in rspec-puppet-facts supportAlex Schultz1-17/+7
This change pulls in rspec-puppet-facts to provide the basic default facts for puppet-tripleo rspec tests. rspec-puppet-facts provides an easy to use interface to allow for the same set of tests to be executed with multiple sets of operating system facts. In most cases this includes defaults for Debian/RedHat based systems. In puppet-tripleo's case this is just RHEL/CentOS. We are removing the Fedora listing from the metadata.json as we only support RHEL and CentOS for tripleo. This change also updates the existing rspec tests to leverage rspec-puppet-facts to be more consistent with how facts are defined. Change-Id: I0ddc71799d74ee95b9828aea6a8dcb4abb4e4e62
2016-05-05Add dport/sport parameter to firewall ruleJames Slagle1-2/+16
The port parameter to puppetlabs-firewall is actually deprecated[1]. This adds support for using the new parameter names dport and sport. The port parameter is still retained in puppet-tripleo for backwards compatibily for anyone using that interface. It is marked deprecated in the documentation, however no deprecation warning is needed because there is already a warning from from puppetlabs-firewall. blueprint undercloud-elements Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7
2016-04-20Add destination parameter to firewall ruleJames Slagle1-1/+6
Specifying a destination cidr is already supported by puppetlabs-firewall, we just need to pass through the parameter in rule.pp in puppet-tripleo. This will allow creating iptables rules that forward network traffic for a given cidr via puppet-tripleo. Change-Id: I23582a55cd97248be52f45e14de7e813ff499ff7
2015-11-25Fix unit tests failing against Puppet 4.3.0Gael Chamoulaud1-1/+4
Change-Id: I10c0d35b473026a5e1ede265099f73c803402adc Related-bug: #1517805 Signed-off-by: Gael Chamoulaud <gchamoul@redhat.com>
2015-07-15Implement firewalling in tripleo::firewallYanis Guenane1-0/+114
Currently firewalling is implemented in tripleo/init.pp this commit moves it to its own scope tripleo/firewall.pp. This is done so that in tripleo-heat-templates we can have a simple and generic `include tripleo::firewall` in every manifest - unconditional. The rest of the behavior will all be managed by hiera. If a user wants to enable firewalling: ``` tripleo::firewall::manage_firewall: true ``` If a user wants to specify firewall rules: ``` tripleo::firewall::firewall_rules: '103 mongod': port: 27017 ``` Change-Id: I144c60db2a568a94dce5b51257f1d10980173325