--- /dev/null
+#
+# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# == Class: tripleo
+#
+# Configure the TripleO firewall
+#
+# === Parameters:
+#
+# [*manage_firewall*]
+# (optional) Completely enable or disable firewall settings
+# (false means disabled, and true means enabled)
+# Defaults to false
+#
+# [*firewall_rules*]
+# (optional) Allow to add custom firewall rules
+# Should be an hash.
+# Default to {}
+#
+# [*purge_firewall_rules*]
+# (optional) Boolean, purge all firewall resources
+# Defaults to false
+#
+# [*firewall_pre_extras*]
+# (optional) Allow to add custom parameters to firewall rules (pre stage)
+# Should be an hash.
+# Default to {}
+#
+# [*firewall_post_extras*]
+# (optional) Allow to add custom parameters to firewall rules (post stage)
+# Should be an hash.
+# Default to {}
+#
+class tripleo::firewall(
+ $manage_firewall = false,
+ $firewall_rules = {},
+ $purge_firewall_rules = false,
+ $firewall_pre_extras = {},
+ $firewall_post_extras = {},
+) {
+
+ include ::stdlib
+
+ if $manage_firewall {
+
+ # Only purges IPv4 rules
+ if $purge_firewall_rules {
+ resources { 'firewall':
+ purge => true
+ }
+ }
+
+ # anyone can add your own rules
+ # example with Hiera:
+ #
+ # tripleo::firewall::rules:
+ # '300 allow custom application 1':
+ # port: 999
+ # proto: udp
+ # action: accept
+ # '301 allow custom application 2':
+ # port: 8081
+ # proto: tcp
+ # action: accept
+ #
+ create_resources('tripleo::firewall::rule', $firewall_rules)
+
+ ensure_resource('class', 'tripleo::firewall::pre', {
+ 'firewall_settings' => $firewall_pre_extras,
+ 'stage' => 'setup',
+ })
+
+ ensure_resource('class', 'tripleo::firewall::post', {
+ 'stage' => 'runtime',
+ 'firewall_settings' => $firewall_post_extras,
+ })
+ }
+
+}
#
# Installs the system requirements
#
-# === Parameters:
-#
-# [*manage_firewall*]
-# (optional) Completely enable or disable firewall settings
-# (false means disabled, and true means enabled)
-# Defaults to false
-#
-# [*firewall_rules*]
-# (optional) Allow to add custom firewall rules
-# Should be an hash.
-# Default to {}
-#
-# [*purge_firewall_rules*]
-# (optional) Boolean, purge all firewall resources
-# Defaults to false
-#
-# [*firewall_pre_extras*]
-# (optional) Allow to add custom parameters to firewall rules (pre stage)
-# Should be an hash.
-# Default to {}
-#
-# [*firewall_post_extras*]
-# (optional) Allow to add custom parameters to firewall rules (post stage)
-# Should be an hash.
-# Default to {}
-#
-class tripleo(
- $manage_firewall = false,
- $firewall_rules = {},
- $purge_firewall_rules = false,
- $firewall_pre_extras = {},
- $firewall_post_extras = {},
-) {
-
- include ::stdlib
-
- if $manage_firewall {
-
- # Only purges IPv4 rules
- if $purge_firewall_rules {
- resources { 'firewall':
- purge => true
- }
- }
-
- # anyone can add your own rules
- # example with Hiera:
- #
- # tripleo::firewall::rules:
- # '300 allow custom application 1':
- # port: 999
- # proto: udp
- # action: accept
- # '301 allow custom application 2':
- # port: 8081
- # proto: tcp
- # action: accept
- #
- create_resources('tripleo::firewall::rule', $firewall_rules)
-
- ensure_resource('class', 'tripleo::firewall::pre', {
- 'firewall_settings' => $firewall_pre_extras,
- 'stage' => 'setup',
- })
- ensure_resource('class', 'tripleo::firewall::post', {
- 'stage' => 'runtime',
- 'firewall_settings' => $firewall_post_extras,
- })
- }
+class tripleo{
}
--- /dev/null
+#
+# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+# Unit tests for tripleo
+#
+
+require 'spec_helper'
+
+describe 'tripleo::firewall' do
+
+ let :params do
+ { }
+ end
+
+ shared_examples_for 'tripleo node' do
+
+ context 'with firewall enabled' do
+ before :each do
+ params.merge!(
+ :manage_firewall => true,
+ )
+ end
+
+ it 'configure basic pre firewall rules' do
+ is_expected.to contain_firewall('000 accept related established rules').with(
+ :proto => 'all',
+ :state => ['RELATED', 'ESTABLISHED'],
+ :action => 'accept',
+ )
+ is_expected.to contain_firewall('001 accept all icmp').with(
+ :proto => 'icmp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ is_expected.to contain_firewall('002 accept all to lo interface').with(
+ :proto => 'all',
+ :iniface => 'lo',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ is_expected.to contain_firewall('003 accept ssh').with(
+ :port => '22',
+ :proto => 'tcp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ end
+
+ it 'configure basic post firewall rules' do
+ is_expected.to contain_firewall('999 drop all').with(
+ :proto => 'all',
+ :action => 'drop',
+ :source => '0.0.0.0/0',
+ )
+ end
+ end
+
+ context 'with custom firewall rules' do
+ before :each do
+ params.merge!(
+ :manage_firewall => true,
+ :firewall_rules => {
+ '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
+ '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}
+ }
+ )
+ end
+ it 'configure custom firewall rules' do
+ is_expected.to contain_firewall('300 add custom application 1').with(
+ :port => '999',
+ :proto => 'udp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ is_expected.to contain_firewall('301 add custom application 2').with(
+ :port => '8081',
+ :proto => 'tcp',
+ :action => 'accept',
+ :state => ['NEW'],
+ )
+ end
+ end
+
+ end
+
+ context 'on Debian platforms' do
+ let :facts do
+ { :osfamily => 'Debian' }
+ end
+
+ it_configures 'tripleo node'
+ end
+
+ context 'on RedHat platforms' do
+ let :facts do
+ { :osfamily => 'RedHat' }
+ end
+
+ it_configures 'tripleo node'
+ end
+
+end
describe 'tripleo' do
- let :params do
- { }
- end
-
- shared_examples_for 'tripleo node' do
-
- context 'with firewall enabled' do
- before :each do
- params.merge!(
- :manage_firewall => true,
- )
- end
-
- it 'configure basic pre firewall rules' do
- is_expected.to contain_firewall('000 accept related established rules').with(
- :proto => 'all',
- :state => ['RELATED', 'ESTABLISHED'],
- :action => 'accept',
- )
- is_expected.to contain_firewall('001 accept all icmp').with(
- :proto => 'icmp',
- :action => 'accept',
- :state => ['NEW'],
- )
- is_expected.to contain_firewall('002 accept all to lo interface').with(
- :proto => 'all',
- :iniface => 'lo',
- :action => 'accept',
- :state => ['NEW'],
- )
- is_expected.to contain_firewall('003 accept ssh').with(
- :port => '22',
- :proto => 'tcp',
- :action => 'accept',
- :state => ['NEW'],
- )
- end
-
- it 'configure basic post firewall rules' do
- is_expected.to contain_firewall('999 drop all').with(
- :proto => 'all',
- :action => 'drop',
- :source => '0.0.0.0/0',
- )
- end
- end
-
- context 'with custom firewall rules' do
- before :each do
- params.merge!(
- :manage_firewall => true,
- :firewall_rules => {
- '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
- '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}
- }
- )
- end
- it 'configure custom firewall rules' do
- is_expected.to contain_firewall('300 add custom application 1').with(
- :port => '999',
- :proto => 'udp',
- :action => 'accept',
- :state => ['NEW'],
- )
- is_expected.to contain_firewall('301 add custom application 2').with(
- :port => '8081',
- :proto => 'tcp',
- :action => 'accept',
- :state => ['NEW'],
- )
- end
- end
-
- end
-
- context 'on Debian platforms' do
- let :facts do
- { :osfamily => 'Debian' }
- end
-
- it_configures 'tripleo node'
- end
-
- context 'on RedHat platforms' do
- let :facts do
- { :osfamily => 'RedHat' }
- end
-
- it_configures 'tripleo node'
- end
-
end
Code Review / apex-puppet-tripleo.git / commitdiff