Code Review / apex-puppet-tripleo.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 92f9c95)
Do not configure state matching when using GRE
authorBrent Eagles <beagles@redhat.com>
Wed, 23 Nov 2016 22:29:58 +0000 (18:59 -0330)
committerBrent Eagles <beagles@redhat.com>
Thu, 24 Nov 2016 12:24:48 +0000 (08:54 -0330)
The firewall rule quite reasonably sets up a default state matching rule
but this is invalid for GRE. This patch conditionally adds the state
matching if the protocol is not GRE.

Closes-Bug: #1644360
Change-Id: Ie4ca41d0f36e79ba6822c358e21b827105736dd7

manifests/firewall/rule.pp patch | blob | history
spec/classes/tripleo_firewall_spec.rb patch | blob | history

diff --git a/manifests/firewall/rule.pp b/manifests/firewall/rule.pp
index c63162b..6801dc4 100644 (file)
--- a/manifests/firewall/rule.pp
+++ b/manifests/firewall/rule.pp
@@ -83,14 +83,21 @@ define tripleo::firewall::rule (
     'sport'       => $sport,
     'proto'       => $proto,
     'action'      => $action,
-    'state'       => $state,
     'source'      => $source,
     'iniface'     => $iniface,
     'chain'       => $chain,
     'destination' => $destination,
   }
+  if $proto != 'gre' {
+    $state_rule = {
+      'state' => $state
+    }
+  } else {
+    $state_rule = {}
+  }
+
 
-  $rule = merge($basic, $extras)
+  $rule = merge($basic, $state_rule, $extras)
   validate_hash($rule)
 
   create_resources('firewall', { "${title}" => $rule })
diff --git a/spec/classes/tripleo_firewall_spec.rb b/spec/classes/tripleo_firewall_spec.rb
index 1270aa7..3116a51 100644 (file)
--- a/spec/classes/tripleo_firewall_spec.rb
+++ b/spec/classes/tripleo_firewall_spec.rb
@@ -76,7 +76,8 @@ describe 'tripleo::firewall' do
             '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
             '302 fwd custom cidr 1'        => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
             '303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
-            '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
+            '304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'},
+            '305 add gre rule'             => {'proto' => 'gre'}
           }
         )
       end
@@ -109,6 +110,7 @@ describe 'tripleo::firewall' do
           :action => 'accept',
           :state  => ['NEW'],
         )
+        is_expected.to contain_firewall('305 add gre rule').without(:state)
       end
     end