Add unit tests for tripleo::firewall::service_rules

In order to get a proper unit test suits, we need to change the separator from the "dot" to "double-semicolons". The "." is a reserved character in YAML for hashes. In puppet world, we commonly use "::". Unit tests don't work if we let the "dot" separator, and apparently it's an intended outcome with that kind of syntax. Fact it's working in the deploy process is kind of black magic (see the tripleo::haproxy::service_endpoints resource for example). And the "dot" creates something weird, as all other resources are using the standard double-semicolon. Change-Id: If53d632ab458b0c04a8b7211194c18ebc8978d23 Closes-Bug: 1737086
2017-12-08 04:34:25 +01:00 · 2017-12-08 04:34:25 +01:00 · 41f9b0d3cf
commit 41f9b0d3cf
parent 24f73597b6
4 changed files with 67 additions and 5 deletions
--- a/manifests/firewall/service_rules.pp
+++ b/manifests/firewall/service_rules.pp
@ -29,10 +29,14 @@ define tripleo::firewall::service_rules ($service_name = $title) {
  # This allows each composable service to load its own custom rules by
  # creating its own flat hiera key named:
  #   tripleo.<service name with underscores>.firewall_rules
-  $service_firewall_rules = hiera("tripleo.${underscore_name}.firewall_rules", {})
+  $dots_rules = hiera("tripleo.${underscore_name}.firewall_rules", {})

-  if !empty($service_firewall_rules) {
-    create_resources('tripleo::firewall::rule', $service_firewall_rules)
-  }
+  # Supports standard "::" notation:
+  #   tripleo::<service name with underscores>::firewall_rules
+  $colons_rules = hiera("tripleo::${underscore_name}::firewall_rules", {})

+  # merge rules
+  $firewall_rules = merge($colons_rules, $dots_rules)
+
+  create_resources('tripleo::firewall::rule', $firewall_rules)
 }
--- a/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml
+++ b/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml
@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Adds support for standard puppet separator. The "." separator does
+    not work in puppet-rpsec, so we can't get proper unit tests on the
+    firewall service_rules definition.
+fixes:
+  - Partly fixes `bug 1737086
+    <https://bugs.launchpad.net/tripleo/+bug/1737086>`__ in oder to get unit
+    tests on firewall service_rules definition
--- a/spec/defines/tripleo_firewall_service_rules_spec.rb
+++ b/spec/defines/tripleo_firewall_service_rules_spec.rb
@ -0,0 +1,45 @@
+require 'spec_helper'
+
+describe 'tripleo::firewall::service_rules' do
+
+
+  let :pre_condition do
+    'include ::tripleo::firewall'
+  end
+
+  shared_examples_for 'tripleo firewall service rules' do
+    context 'with existing service_rules' do
+      let(:title) { 'dynamic-rules' }
+      it 'should compile' do
+        is_expected.to compile.with_all_deps
+      end
+      it 'should configure firewall' do
+        is_expected.to contain_tripleo__firewall__rule('11-neutron')
+      end
+    end
+    context 'with NON-existing service_rules' do
+      let(:title) { 'no-rules' }
+      it 'should compile' do
+        is_expected.to compile.with_all_deps
+      end
+    end
+  end
+
+  context 'on Debian platforms' do
+    let :facts do
+      { :osfamily => 'Debian',
+        :hostname => 'myhost' }
+    end
+
+    it_configures 'tripleo firewall service rules'
+  end
+
+  context 'on RedHat platforms' do
+    let :facts do
+      { :osfamily => 'RedHat',
+        :hostname => 'myhost' }
+    end
+
+    it_configures 'tripleo firewall service rules'
+  end
+end
--- a/spec/fixtures/hieradata/default.yaml
+++ b/spec/fixtures/hieradata/default.yaml
@ -62,4 +62,7 @@ pacemaker::resource_defaults::defaults:
 # pcmk instance ha
 keystone::endpoint::public_url: 'localhost:5000'
 keystone::admin_password: 'password'
-
+# tripleo firewall service_rules
+tripleo::dynamic_rules::firewall_rules:
+  '11-neutron':
+    port: 1138