Add dport/sport parameter to firewall rule

The port parameter to puppetlabs-firewall is actually deprecated[1].
This adds support for using the new parameter names dport and sport. The
port parameter is still retained in puppet-tripleo for backwards
compatibily for anyone using that interface. It is marked deprecated in
the documentation, however no deprecation warning is needed because
there is already a warning from from puppetlabs-firewall.

blueprint undercloud-elements
Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7

diff --git a/manifests/firewall/pre.pp b/manifests/firewall/pre.pp
index 2d7203a..7af7fbc 100644 (file)
--- a/manifests/firewall/pre.pp
+++ b/manifests/firewall/pre.pp
@@ -50,7 +50,7 @@ class tripleo::firewall::pre(
   }
 
   tripleo::firewall::rule{ '003 accept ssh':
-    port   => '22',
+    dport  => '22',
     extras => $firewall_settings,
   }
 

diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index ca9c6d0..c63162b 100644 (file)
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -23,6 +23,14 @@
 #  (optional) The port associated to the rule.
 #  Defaults to undef
 #
+# [*dport*]
+#  (optional) The destination port associated to the rule.
+#  Defaults to undef
+#
+# [*sport*]
+#  (optional) The source port associated to the rule.
+#  Defaults to undef
+#
 # [*proto*]
 #  (optional) The protocol associated to the rule.
 #  Defaults to 'tcp'
@@ -57,6 +65,8 @@
 #
 define tripleo::firewall::rule (
   $port        = undef,
+  $dport       = undef,
+  $sport       = undef,
   $proto       = 'tcp',
   $action      = 'accept',
   $state       = ['NEW'],
@@ -69,6 +79,8 @@ define tripleo::firewall::rule (
 
   $basic = {
     'port'        => $port,
+    'dport'       => $dport,
+    'sport'       => $sport,
     'proto'       => $proto,
     'action'      => $action,
     'state'       => $state,

diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index aa5d1d7..27ac62a 100644 (file)
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -51,7 +51,7 @@ describe 'tripleo::firewall' do
           :state   => ['NEW'],
         )
         is_expected.to contain_firewall('003 accept ssh').with(
-          :port   => '22',
+          :dport   => '22',
           :proto  => 'tcp',
           :action => 'accept',
           :state  => ['NEW'],
@@ -74,7 +74,9 @@ describe 'tripleo::firewall' do
           :firewall_rules => {
             '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
             '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
-            '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'}
+            '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
+            '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
+            '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
           }
         )
       end
@@ -95,6 +97,18 @@ describe 'tripleo::firewall' do
           :chain   => 'FORWARD',
           :destination  => '192.0.2.0/24',
         )
+        is_expected.to contain_firewall('303 add custom application 3').with(
+          :dport   => '8081',
+          :proto  => 'tcp',
+          :action => 'accept',
+          :state  => ['NEW'],
+        )
+        is_expected.to contain_firewall('304 add custom application 4').with(
+          :sport   => '1000',
+          :proto  => 'tcp',
+          :action => 'accept',
+          :state  => ['NEW'],
+        )
       end
     end