diff --git a/manifests/firewall/service_rules.pp b/manifests/firewall/service_rules.pp index 4739f16c6..6ba88a220 100644 --- a/manifests/firewall/service_rules.pp +++ b/manifests/firewall/service_rules.pp @@ -29,10 +29,14 @@ define tripleo::firewall::service_rules ($service_name = $title) { # This allows each composable service to load its own custom rules by # creating its own flat hiera key named: # tripleo..firewall_rules - $service_firewall_rules = hiera("tripleo.${underscore_name}.firewall_rules", {}) + $dots_rules = hiera("tripleo.${underscore_name}.firewall_rules", {}) - if !empty($service_firewall_rules) { - create_resources('tripleo::firewall::rule', $service_firewall_rules) - } + # Supports standard "::" notation: + # tripleo::::firewall_rules + $colons_rules = hiera("tripleo::${underscore_name}::firewall_rules", {}) + # merge rules + $firewall_rules = merge($colons_rules, $dots_rules) + + create_resources('tripleo::firewall::rule', $firewall_rules) } diff --git a/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml b/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml new file mode 100644 index 000000000..fa269069a --- /dev/null +++ b/releasenotes/notes/firewall-service-rules-6586a2c138dfe338.yaml @@ -0,0 +1,10 @@ +--- +features: + - | + Adds support for standard puppet separator. The "." separator does + not work in puppet-rpsec, so we can't get proper unit tests on the + firewall service_rules definition. +fixes: + - Partly fixes `bug 1737086 + `__ in oder to get unit + tests on firewall service_rules definition diff --git a/spec/defines/tripleo_firewall_service_rules_spec.rb b/spec/defines/tripleo_firewall_service_rules_spec.rb new file mode 100644 index 000000000..683ef47ec --- /dev/null +++ b/spec/defines/tripleo_firewall_service_rules_spec.rb @@ -0,0 +1,45 @@ +require 'spec_helper' + +describe 'tripleo::firewall::service_rules' do + + + let :pre_condition do + 'include ::tripleo::firewall' + end + + shared_examples_for 'tripleo firewall service rules' do + context 'with existing service_rules' do + let(:title) { 'dynamic-rules' } + it 'should compile' do + is_expected.to compile.with_all_deps + end + it 'should configure firewall' do + is_expected.to contain_tripleo__firewall__rule('11-neutron') + end + end + context 'with NON-existing service_rules' do + let(:title) { 'no-rules' } + it 'should compile' do + is_expected.to compile.with_all_deps + end + end + end + + context 'on Debian platforms' do + let :facts do + { :osfamily => 'Debian', + :hostname => 'myhost' } + end + + it_configures 'tripleo firewall service rules' + end + + context 'on RedHat platforms' do + let :facts do + { :osfamily => 'RedHat', + :hostname => 'myhost' } + end + + it_configures 'tripleo firewall service rules' + end +end diff --git a/spec/fixtures/hieradata/default.yaml b/spec/fixtures/hieradata/default.yaml index 9752cd9f2..8f99576f5 100644 --- a/spec/fixtures/hieradata/default.yaml +++ b/spec/fixtures/hieradata/default.yaml @@ -62,4 +62,7 @@ pacemaker::resource_defaults::defaults: # pcmk instance ha keystone::endpoint::public_url: 'localhost:5000' keystone::admin_password: 'password' - +# tripleo firewall service_rules +tripleo::dynamic_rules::firewall_rules: + '11-neutron': + port: 1138