Permalink
Browse files

Merge pull request #764 from david22swan/FM-6961

[FM-6961] Removal of unsupported OS from firewall
  • Loading branch information...
HelenCampbell committed May 31, 2018
2 parents 8222166 + bae5dfb commit ab38e45853e87866117b3b7e8e67fe2e1c114f2f
@@ -106,11 +106,6 @@
case $::operatingsystem {
'CentOS': {
case $::operatingsystemrelease {
- /^5\..*/: {
- File["/etc/sysconfig/${service_name}"] { seluser => 'system_u', seltype => 'etc_t' }
- File["/etc/sysconfig/${service_name_v6}"] { seluser => 'system_u', seltype => 'etc_t' }
- }
-
/^6\..*/: {
File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' }
File["/etc/sysconfig/${service_name_v6}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' }
View
@@ -40,7 +40,6 @@
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
- "5",
"6",
"7"
]
@@ -55,8 +54,6 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
- "6",
- "7",
"8"
]
},
@@ -67,7 +67,7 @@ class { '::firewall': }
end
# iptables version 1.3.5 is not suppored by the ip6tables provider
- if default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04}
+ if default['platform'] =~ %r{ubuntu-14\.04}
describe 'ip6tables ipt_modules tests' do
context 'when all the modules with multiple args' do
pp3 = <<-PUPPETCODE
@@ -803,7 +803,7 @@ class { '::firewall': }
end
end
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles}
+ if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
describe 'checksum_fill' do
context 'when virbr' do
pp38 = <<-PUPPETCODE
@@ -1256,7 +1256,7 @@ class { '::firewall': }
end
# ip6tables has limited `-m socket` support
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles}
+ if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
describe 'socket' do
context 'when true' do
pp56 = <<-PUPPETCODE
@@ -1448,7 +1448,7 @@ class { '::firewall': }
end
# ip6tables only supports ipset, addrtype, and mask on a limited set of platforms
- if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04}
+ if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{ubuntu-14\.04}
# ipset is really difficult to test, just testing on one platform
if default['platform'] =~ %r{ubuntu-14\.04}
describe 'ipset' do
@@ -1506,34 +1506,6 @@ class { '::firewall': }
end
end
- # mask isn't supported on deb7
- if default['platform'] !~ %r{debian-7}
- describe 'mask' do
- pp64 = <<-PUPPETCODE
- class { '::firewall': }
- firewall { '613 - test':
- recent => 'update',
- rseconds => 60,
- rsource => true,
- rname => 'test',
- action => 'drop',
- chain => 'FORWARD',
- mask => 'ffff::',
- provider => 'ip6tables',
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp64, catch_failures: true)
- end
-
- it 'contains the rule' do
- shell('ip6tables-save') do |r|
- expect(r.stdout).to match(%r{-A FORWARD -p tcp -m recent --update --seconds 60 --name test --mask ffff:: --rsource -m comment --comment "613 - test" -j DROP})
- end
- end
- end
- end
-
['dst_type', 'src_type'].each do |type|
describe type.to_s do
context 'when MULTICAST' do
@@ -6,7 +6,7 @@
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{ubuntu-1204} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
+ if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
describe 'tee_gateway' do
context 'when 10.0.0.2' do
pp1 = <<-PUPPETCODE
@@ -6,7 +6,7 @@
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
+ if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
describe 'time tests ipv4' do
context 'when set all time parameters' do
pp1 = <<-PUPPETCODE
@@ -1,46 +1,6 @@
require 'spec_helper'
describe 'firewall::linux::debian', type: :class do
- context 'with Debian 7' do
- let(:facts) do
- {
- osfamily: 'Debian',
- operatingsystem: 'Debian',
- operatingsystemrelease: '7.0',
- }
- end
-
- it {
- is_expected.to contain_package('iptables-persistent').with(
- ensure: 'present',
- )
- }
- it {
- is_expected.to contain_service('iptables-persistent').with(
- ensure: nil,
- enable: 'true',
- require: 'Package[iptables-persistent]',
- )
- }
- end
-
- context 'with deb7 enable => false' do
- let(:facts) do
- {
- osfamily: 'Debian',
- operatingsystem: 'Debian',
- operatingsystemrelease: '7.0',
- }
- end
- let(:params) { { enable: 'false' } }
-
- it {
- is_expected.to contain_service('iptables-persistent').with(
- enable: 'false',
- )
- }
- end
-
context 'with Debian 8' do
let(:facts) do
{
@@ -1,9 +1,9 @@
require 'spec_helper'
describe 'firewall::linux', type: :class do
- ['RedHat', 'CentOS', 'Fedora'].each do |os|
+ ['RedHat', 'CentOS'].each do |os|
context "Redhat Like: operatingsystem => #{os}" do
- releases = ((os == 'Fedora') ? ['14', '15', 'Rawhide'] : ['6', '7'])
+ releases = ['6', '7']
releases.each do |osrel|
context "operatingsystemrelease => #{osrel}" do
let(:facts) do
@@ -26,7 +26,7 @@
['Debian', 'Ubuntu'].each do |os|
context "Debian Like: operatingsystem => #{os}" do
- releases = ((os == 'Debian') ? ['6', '7', '8'] : ['10.04', '12.04', '14.04'])
+ releases = ((os == 'Debian') ? ['8'] : ['14.04'])
releases.each do |osrel|
let(:facts) do
{
@@ -7,15 +7,9 @@
let(:dpkg_cmd) { "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null" }
{
- 'Debian' => '0.0.20090701',
'Ubuntu' => '0.5.3ubuntu2',
}.each do |os, ver|
-
- if os == 'Debian'
- os_release = '7.0'
- elsif os == 'Ubuntu'
- os_release = '14.04'
- end
+ os_release = '14.04'
describe "#{os} package installed" do
before(:each) do

0 comments on commit ab38e45

Please sign in to comment.