Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Red Hat Enterprise Linux Server release 7.3 (Maipo)
Puppet 3.8.7
-
Modules
-
Modules - Engineering Backlog
-
Needs Assessment
Description
Puppet fails to parse the following rule:
-A KUBE-SERVICES -d 172.1.2.3/32 -p tcp -m comment --comment "project/app:50000-tcp external IP" -m tcp --dport 31236 -m physdev ! --physdev-is-in -m addrtype ! --src-type LOCAL -j KUBE-SVC-123ABCDEFGHI456J
|
The resulting hash looks ~ like this:
{
|
:jump=>"KUBE-SVC-123ABCDEFGHI456J",
|
:dport=>["! LOCAL"],
|
:name=>"--src-type",
|
:proto=>"addrtype",
|
:destination=>"! -m",
|
:chain=>"--physdev-is-in"
|
}
|
Failing test case:
diff --git a/spec/acceptance/resource_cmd_spec.rb b/spec/acceptance/resource_cmd_spec.rb
|
index 39845fb..0dfeb99 100644
|
--- a/spec/acceptance/resource_cmd_spec.rb
|
+++ b/spec/acceptance/resource_cmd_spec.rb
|
@@ -165,6 +165,21 @@ describe 'puppet resource firewall command' do
|
end
|
end
|
|
+ context '???', focus: true do
|
+ before :all do
|
+ iptables_flush_all_tables
|
+ shell('-A KUBE-SERVICES -d 172.1.2.3/32 -p tcp -m comment --comment "project/app:50000-tcp external IP" -m tcp --dport 31236 -m physdev ! --physdev-is-in -m addrtype ! --src-type LOCAL -j KUBE-SVC-123ABCDEFGHI456J')
|
+ end
|
+
|
+ it do
|
+ shell('puppet resource firewall') do |r|
|
+ r.exit_code.should be_zero
|
+ # don't check stdout, testing preexisting rules, output is normal
|
+ r.stderr.should be_empty
|
+ end
|
+ end
|
+ end
|
+
|
# version of iptables that ships with el5 doesn't work with the
|
# ip6tables provider
|
if default['platform'] !~ /el-5/ and default['platform'] !~ /sles-10/
|
Attachments
Issue Links
- relates to
-
MODULES-1552 puppetlabs-firewall fails with error "Invalid address from IPAddr.new: -m"
-
- Resolved
-
-
MODULES-1748 puppetlabs/firewall does not know or handle --physdev-is-bridged properly
-
- Closed
-
- links to