openstack/puppet-tripleo
Code Issues Proposed changes

Add dport/sport parameter to firewall rule

Browse Source 
The port parameter to puppetlabs-firewall is actually deprecated[1].
This adds support for using the new parameter names dport and sport. The
port parameter is still retained in puppet-tripleo for backwards
compatibily for anyone using that interface. It is marked deprecated in
the documentation, however no deprecation warning is needed because
there is already a warning from from puppetlabs-firewall.

blueprint undercloud-elements
Change-Id: I0598007f90018f80a3266193bb24dbf112de49b7
This commit is contained in:
James Slagle 2016-04-20 10:11:36 -04:00
parent 1b13c57364
commit 0bf0f72def
3 changed files with 29 additions and 3 deletions
manifests/firewall
pre.pprule.pp
spec/classes
tripleo_firewall_spec.rb

2
manifests/firewall/pre.pp

@ -50,7 +50,7 @@ class tripleo::firewall::pre(
} }
tripleo::firewall::rule{ '003 accept ssh': tripleo::firewall::rule{ '003 accept ssh':
port => '22', dport => '22',
extras => $firewall_settings, extras => $firewall_settings,
} }

12
manifests/firewall/rule.pp

@ -23,6 +23,14 @@
# (optional) The port associated to the rule. # (optional) The port associated to the rule.
# Defaults to undef # Defaults to undef
# #
# [*dport*]
# (optional) The destination port associated to the rule.
# Defaults to undef
#
# [*sport*]
# (optional) The source port associated to the rule.
# Defaults to undef
#
# [*proto*] # [*proto*]
# (optional) The protocol associated to the rule. # (optional) The protocol associated to the rule.
# Defaults to 'tcp' # Defaults to 'tcp'
@ -57,6 +65,8 @@
# #
define tripleo::firewall::rule ( define tripleo::firewall::rule (
$port = undef, $port = undef,
$dport = undef,
$sport = undef,
$proto = 'tcp', $proto = 'tcp',
$action = 'accept', $action = 'accept',
$state = ['NEW'], $state = ['NEW'],
@ -69,6 +79,8 @@ define tripleo::firewall::rule (
$basic = { $basic = {
'port' => $port, 'port' => $port,
'dport' => $dport,
'sport' => $sport,
'proto' => $proto, 'proto' => $proto,
'action' => $action, 'action' => $action,
'state' => $state, 'state' => $state,

18
spec/classes/tripleo_firewall_spec.rb

@ -51,7 +51,7 @@ describe 'tripleo::firewall' do
:state => ['NEW'], :state => ['NEW'],
) )
is_expected.to contain_firewall('003 accept ssh').with( is_expected.to contain_firewall('003 accept ssh').with(
:port => '22', :dport => '22',
:proto => 'tcp', :proto => 'tcp',
:action => 'accept', :action => 'accept',
:state => ['NEW'], :state => ['NEW'],
@ -74,7 +74,9 @@ describe 'tripleo::firewall' do
:firewall_rules => { :firewall_rules => {
'300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'}, '300 add custom application 1' => {'port' => '999', 'proto' => 'udp', 'action' => 'accept'},
'301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'}, '301 add custom application 2' => {'port' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
'302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'} '302 fwd custom cidr 1' => {'chain' => 'FORWARD', 'destination' => '192.0.2.0/24'},
'303 add custom application 3' => {'dport' => '8081', 'proto' => 'tcp', 'action' => 'accept'},
'304 add custom application 4' => {'sport' => '1000', 'proto' => 'tcp', 'action' => 'accept'}
} }
) )
end end
@ -95,6 +97,18 @@ describe 'tripleo::firewall' do
:chain => 'FORWARD', :chain => 'FORWARD',
:destination => '192.0.2.0/24', :destination => '192.0.2.0/24',
) )
is_expected.to contain_firewall('303 add custom application 3').with(
:dport => '8081',
:proto => 'tcp',
:action => 'accept',
:state => ['NEW'],
)
is_expected.to contain_firewall('304 add custom application 4').with(
:sport => '1000',
:proto => 'tcp',
:action => 'accept',
:state => ['NEW'],
)
end end
end end