puppet-tripleo/spec/classes/tripleo_masquerade_networks_spec.rb
Harald Jensås bebe7b8c58 Fix Undercloud masquerading firewall rules
Iterate over destination for each source to have the
correct return rules created. (Passing a list as
destination to tripleo::firewall::rule does not work.)

Also the "forward destinations" rules should use the
source addresses in the data for both source and
destination rules.

Change-Id: I3d572bf4aab65f5befb596f7c90c94fc0abe7afa
Closes-Bug: #1797455
2018-10-23 07:24:31 +00:00

96 lines
3.1 KiB
Ruby

# Copyright 2018 Red Hat, Inc.
# All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Unit tests for tripleo
#
require 'spec_helper'
describe 'tripleo::masquerade_networks' do
let :params do
{ }
end
shared_examples_for 'tripleo::masquerade_networks' do
context 'with masquerade networks enabled' do
before :each do
params.merge!(
:masquerade_networks => {'192.168.24.0/24' => ['192.168.24.0/24', '192.168.25.0/24']},
)
end
it 'configure RETURN rule' do
is_expected.to contain_firewall('137 routed_network return src 192.168.24.0/24 dest 192.168.24.0/24 ipv4').with(
:table => 'nat',
:source => '192.168.24.0/24',
:destination => '192.168.24.0/24',
:jump => 'RETURN',
:chain => 'POSTROUTING',
:proto => 'all',
:state => ['ESTABLISHED', 'NEW', 'RELATED'],
)
is_expected.to contain_firewall('137 routed_network return src 192.168.24.0/24 dest 192.168.25.0/24 ipv4').with(
:table => 'nat',
:source => '192.168.24.0/24',
:destination => '192.168.25.0/24',
:jump => 'RETURN',
:chain => 'POSTROUTING',
:proto => 'all',
:state => ['ESTABLISHED', 'NEW', 'RELATED'],
)
end
it 'configure MASQUERADE rule' do
is_expected.to contain_firewall('138 routed_network masquerade 192.168.24.0/24 ipv4').with(
:table => 'nat',
:source => '192.168.24.0/24',
:jump => 'MASQUERADE',
:chain => 'POSTROUTING',
:proto => 'all',
:state => ['ESTABLISHED', 'NEW', 'RELATED'],
)
end
it 'configure FORWARD rules' do
is_expected.to contain_firewall('139 routed_network forward source 192.168.24.0/24 ipv4').with(
:source => '192.168.24.0/24',
:chain => 'FORWARD',
:proto => 'all',
:state => ['ESTABLISHED', 'NEW', 'RELATED'],
)
is_expected.to contain_firewall('140 routed_network forward destinations 192.168.24.0/24 ipv4').with(
:destination => '192.168.24.0/24',
:chain => 'FORWARD',
:proto => 'all',
:state => ['ESTABLISHED', 'NEW', 'RELATED'],
)
end
end
end
on_supported_os.each do |os, facts|
context "on #{os}" do
let(:facts) do
facts.merge({})
end
it_behaves_like 'tripleo::masquerade_networks'
end
end
end