189 changes: 0 additions & 189 deletions .github/workflows/pr_test.yml
View file

This file was deleted.

45 changes: 4 additions & 41 deletions .github/workflows/release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,44 +4,7 @@ on:
workflow_dispatch:

jobs:
create-github-release:
name: Deploy GitHub Release
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
ref: ${{ github.ref }}
clean: true
fetch-depth: 0
- name: Get Version
id: gv
run: |
echo "::set-output name=ver::$(jq --raw-output .version metadata.json)"
- name: Create Release
uses: actions/create-release@v1
id: create_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: "v${{ steps.gv.outputs.ver }}"
draft: false
prerelease: false

deploy-forge:
name: Deploy to Forge
runs-on: ubuntu-20.04
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
ref: ${{ github.ref }}
clean: true
- name: "PDK Build"
uses: docker://puppet/pdk:nightly
with:
args: 'build'
- name: "Push to Forge"
uses: docker://puppet/pdk:nightly
with:
args: 'release publish --forge-token ${{ secrets.FORGE_API_KEY }} --force'
release:
name: "Release"
uses: "puppetlabs/cat-github-actions/.github/workflows/module_release.yml@main"
secrets: "inherit"
126 changes: 0 additions & 126 deletions .github/workflows/spec.yml
View file

This file was deleted.

36 changes: 0 additions & 36 deletions .github/workflows/stale.yml
View file

This file was deleted.

4 changes: 0 additions & 4 deletions .puppet-lint.rc
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1 @@
--relative
--no-relative_classname_inclusion-check
--no-parameter_types-check
--no-top_scope_facts-check
--no-legacy_facts-check
7 changes: 1 addition & 6 deletions .sync.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Gemfile:
optional:
":development":
- gem: github_changelog_generator
version: '= 1.15.2'
Rakefile:
changelog_user: puppetlabs
changelog_max_issues: 500
Expand All @@ -31,9 +32,3 @@ spec/spec_helper.rb:
.travis.yml:
delete: true
changelog_since_tag: 'v3.0.0'
Rakefile:
extra_disabled_lint_checks:
- relative_classname_inclusion
- parameter_types
- top_scope_facts
- legacy_facts
16 changes: 15 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,21 @@

All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).

## [v4.0.1](https://github.com/puppetlabs/puppetlabs-firewall/tree/v4.0.1) (2022-12-06)
## [v4.1.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v4.1.0) (2023-03-31)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v4.0.1...v4.1.0)

### Added

- \(CONT-352\) Syntax update [\#1110](https://github.com/puppetlabs/puppetlabs-firewall/pull/1110) ([LukasAud](https://github.com/LukasAud))

### UNCATEGORIZED PRS; LABEL THEM ON GITHUB

- Ignore OpenBSD, similarly to FreeBSD [\#1107](https://github.com/puppetlabs/puppetlabs-firewall/pull/1107) ([buzzdeee](https://github.com/buzzdeee))
- redhat9 needs iptables service [\#1103](https://github.com/puppetlabs/puppetlabs-firewall/pull/1103) ([robertc99](https://github.com/robertc99))
- debian: service: fix `ensure` parameter usage [\#1095](https://github.com/puppetlabs/puppetlabs-firewall/pull/1095) ([damonbreeden](https://github.com/damonbreeden))

## [v4.0.1](https://github.com/puppetlabs/puppetlabs-firewall/tree/v4.0.1) (2022-12-07)

[Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v4.0.0...v4.0.1)

Expand Down
14 changes: 9 additions & 5 deletions Gemfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,12 @@ def location_for(place_or_version, fake_version = nil)
end

group :development do
gem "json", '~> 2.0', require: false
gem "voxpupuli-puppet-lint-plugins", '~> 3.0', require: false
gem "json", '= 2.1.0', require: false if Gem::Requirement.create(['>= 2.5.0', '< 2.7.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.3.0', require: false if Gem::Requirement.create(['>= 2.7.0', '< 3.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.5.1', require: false if Gem::Requirement.create(['>= 3.0.0', '< 3.0.5']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.1', require: false if Gem::Requirement.create(['>= 3.1.0', '< 3.1.3']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "json", '= 2.6.3', require: false if Gem::Requirement.create(['>= 3.2.0', '< 4.0.0']).satisfied_by?(Gem::Version.new(RUBY_VERSION.dup))
gem "voxpupuli-puppet-lint-plugins", '~> 3.1', require: false
gem "facterdb", '~> 1.18', require: false
gem "metadata-json-lint", '>= 2.0.2', '< 4.0.0', require: false
gem "puppetlabs_spec_helper", '>= 3.0.0', '< 5.0.0', require: false
Expand All @@ -30,11 +34,11 @@ group :development do
gem "rubocop-performance", '= 1.9.1', require: false
gem "rubocop-rspec", '= 2.0.1', require: false
gem "rb-readline", '= 0.5.5', require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "github_changelog_generator", require: false
gem "github_changelog_generator", '= 1.15.2', require: false
end
group :system_tests do
gem "puppet_litmus", '< 1.0.0', require: false, platforms: [:ruby]
gem "serverspec", '~> 2.41', require: false
gem "puppet_litmus", '<= 0.34.6', require: false, platforms: [:ruby]
gem "serverspec", '~> 2.41', require: false
end

puppet_version = ENV['PUPPET_GEM_VERSION']
Expand Down
16 changes: 8 additions & 8 deletions REFERENCE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,55 +57,55 @@ The following parameters are available in the `firewall` class:

##### <a name="-firewall--ensure"></a>`ensure`

Data type: `Any`
Data type: `Enum[running, stopped, 'running', 'stopped']`

Controls the state of the ipv4 iptables service on your system. Valid options: 'running' or 'stopped'.

Default value: `running`

##### <a name="-firewall--ensure_v6"></a>`ensure_v6`

Data type: `Any`
Data type: `Optional[Enum[running, stopped, 'running', 'stopped']]`

Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.

Default value: `undef`

##### <a name="-firewall--pkg_ensure"></a>`pkg_ensure`

Data type: `Any`
Data type: `Enum[present, installed, latest, 'present', 'installed', 'latest']`

Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'.
Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'.

Default value: `present`

##### <a name="-firewall--service_name"></a>`service_name`

Data type: `Any`
Data type: `Variant[String[1], Array[String[1]]]`

Specify the name of the IPv4 iptables service.

Default value: `$firewall::params::service_name`

##### <a name="-firewall--service_name_v6"></a>`service_name_v6`

Data type: `Any`
Data type: `Optional[String[1]]`

Specify the name of the IPv6 iptables service.

Default value: `$firewall::params::service_name_v6`

##### <a name="-firewall--package_name"></a>`package_name`

Data type: `Any`
Data type: `Optional[Variant[String[1], Array[String[1]]]]`

Specify the platform-specific package(s) to install.

Default value: `$firewall::params::package_name`

##### <a name="-firewall--ebtables_manage"></a>`ebtables_manage`

Data type: `Any`
Data type: `Boolean`

Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.

Expand Down
4 changes: 0 additions & 4 deletions Rakefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,6 @@ def changelog_future_release
end

PuppetLint.configuration.send('disable_relative')
PuppetLint.configuration.send('disable_relative_classname_inclusion')
PuppetLint.configuration.send('disable_parameter_types')
PuppetLint.configuration.send('disable_top_scope_facts')
PuppetLint.configuration.send('disable_legacy_facts')


if Bundler.rubygems.find_name('github_changelog_generator').any?
Expand Down
24 changes: 12 additions & 12 deletions manifests/init.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@
# Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'.
#
# @param pkg_ensure
# Controls the state of the iptables package on your system. Valid options: 'present' or 'latest'.
# Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'.
#
# @param service_name
# Specify the name of the IPv4 iptables service.
Expand All @@ -31,14 +31,14 @@
# Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.
#
class firewall (
$ensure = running,
$ensure_v6 = undef,
$pkg_ensure = present,
$service_name = $firewall::params::service_name,
$service_name_v6 = $firewall::params::service_name_v6,
$package_name = $firewall::params::package_name,
$ebtables_manage = false,
) inherits ::firewall::params {
Enum[running, stopped, 'running', 'stopped'] $ensure = running,
Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6 = undef,
Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure = present,
Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
Optional[String[1]] $service_name_v6 = $firewall::params::service_name_v6,
Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
Boolean $ebtables_manage = false,
) inherits firewall::params {
$_ensure_v6 = pick($ensure_v6, $ensure)

case $ensure {
Expand All @@ -61,7 +61,7 @@
}
}

case $::kernel {
case $facts['kernel'] {
'Linux': {
class { "${title}::linux":
ensure => $ensure,
Expand All @@ -74,10 +74,10 @@
}
contain "${title}::linux"
}
'FreeBSD', 'windows': {
'FreeBSD', 'OpenBSD', 'windows': {
}
default: {
fail("${title}: Kernel '${::kernel}' is not currently supported")
fail("${title}: Kernel '${facts['kernel']}' is not currently supported")
}
}
}
22 changes: 11 additions & 11 deletions manifests/linux.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
# Controls the state of the ipv6 iptables service on your system. Valid options: 'running' or 'stopped'. Defaults to 'running'.
#
# @param pkg_ensure
# Controls the state of the iptables package on your system. Valid options: 'installed' or 'latest'. Defaults to 'latest'.
# Controls the state of the iptables package on your system. Valid options: 'present', 'installed' or 'latest'. Defaults to 'latest'.
#
# @param service_name
# Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.
Expand All @@ -24,15 +24,15 @@
# @api private
#
class firewall::linux (
$ensure = running,
$ensure_v6 = undef,
$pkg_ensure = installed,
$service_name = $firewall::params::service_name,
$service_name_v6 = $firewall::params::service_name_v6,
$package_name = $firewall::params::package_name,
$ebtables_manage = false,
$iptables_name = $firewall::params::iptables_name,
) inherits ::firewall::params {
Enum[running, stopped, 'running', 'stopped'] $ensure = running,
Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6 = undef,
Enum[present, installed, latest, 'present', 'installed', 'latest'] $pkg_ensure = installed,
Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
Optional[String[1]] $service_name_v6 = $firewall::params::service_name_v6,
Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
Boolean $ebtables_manage = false,
String[1] $iptables_name = $firewall::params::iptables_name,
) inherits firewall::params {
$enable = $ensure ? {
'running' => true,
'stopped' => false,
Expand All @@ -56,7 +56,7 @@
}
}

case $::operatingsystem {
case $facts['os']['name'] {
'RedHat', 'CentOS', 'Fedora', 'Scientific', 'SL', 'SLC', 'Ascendos',
'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'Amazon', 'XenServer',
'VirtuozzoLinux', 'Rocky', 'AlmaLinux': {
Expand Down
12 changes: 6 additions & 6 deletions manifests/linux/archlinux.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@
# @api private
#
class firewall::linux::archlinux (
$ensure = 'running',
$enable = true,
$service_name = $firewall::params::service_name,
$package_name = $firewall::params::package_name,
$package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
Enum[running, stopped, 'running', 'stopped'] $ensure = 'running',
Variant[Boolean, String[1]] $enable = true,
Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
Enum[present, latest, 'present', 'latest'] $package_ensure = $firewall::params::package_ensure,
) inherits firewall::params {
if $package_name {
package { $package_name:
ensure => $package_ensure,
Expand Down
14 changes: 7 additions & 7 deletions manifests/linux/debian.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@
# @api private
#
class firewall::linux::debian (
$ensure = running,
$enable = true,
$service_name = $firewall::params::service_name,
$package_name = $firewall::params::package_name,
$package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
Enum[running, stopped, 'running', 'stopped'] $ensure = running,
Variant[Boolean, String[1]] $enable = true,
Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
Enum[present, latest, 'present', 'latest'] $package_ensure = $firewall::params::package_ensure,
) inherits firewall::params {
if $package_name {
ensure_packages([$package_name], {
ensure => $package_ensure
Expand All @@ -34,7 +34,7 @@
# This isn't a real service/daemon. The start action loads rules, so just
# needs to be called on system boot.
service { $service_name:
ensure => undef,
ensure => $ensure,
enable => $enable,
hasstatus => true,
require => Package[$package_name],
Expand Down
12 changes: 6 additions & 6 deletions manifests/linux/gentoo.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@
# @api private
#
class firewall::linux::gentoo (
$ensure = 'running',
$enable = true,
$service_name = $firewall::params::service_name,
$package_name = $firewall::params::package_name,
$package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
Enum[running, stopped, 'running', 'stopped'] $ensure = running,
Variant[Boolean, String[1]] $enable = true,
Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
Enum[present, latest, 'present', 'latest'] $package_ensure = $firewall::params::package_ensure,
) inherits firewall::params {
if $package_name {
package { $package_name:
ensure => $package_ensure,
Expand Down
36 changes: 18 additions & 18 deletions manifests/linux/redhat.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,24 +32,24 @@
# @api private
#
class firewall::linux::redhat (
$ensure = running,
$ensure_v6 = undef,
$enable = true,
$enable_v6 = undef,
$service_name = $firewall::params::service_name,
$service_name_v6 = $firewall::params::service_name_v6,
$package_name = $firewall::params::package_name,
$package_ensure = $firewall::params::package_ensure,
$sysconfig_manage = $firewall::params::sysconfig_manage,
$firewalld_manage = $firewall::params::firewalld_manage,
) inherits ::firewall::params {
Enum[running, stopped, 'running', 'stopped'] $ensure = running,
Optional[Enum[running, stopped, 'running', 'stopped']] $ensure_v6 = undef,
Variant[Boolean, String[1]] $enable = true,
Optional[Variant[Boolean, String[1]]] $enable_v6 = undef,
Variant[String[1], Array[String[1]]] $service_name = $firewall::params::service_name,
Optional[String[1]] $service_name_v6 = $firewall::params::service_name_v6,
Optional[Variant[String[1], Array[String[1]]]] $package_name = $firewall::params::package_name,
Enum[present, latest, 'present', 'latest'] $package_ensure = $firewall::params::package_ensure,
Boolean $sysconfig_manage = $firewall::params::sysconfig_manage,
Boolean $firewalld_manage = $firewall::params::firewalld_manage,
) inherits firewall::params {
$_ensure_v6 = pick($ensure_v6, $ensure)
$_enable_v6 = pick($enable_v6, $enable)

# RHEL 7 / CentOS 7 and later and Fedora 15 and later require the iptables-services
# package, which provides the /usr/libexec/iptables/iptables.init used by
# lib/puppet/util/firewall.rb.
if ($::operatingsystem != 'Amazon') {
if ($facts['os']['name'] != 'Amazon') {
if $firewalld_manage {
service { 'firewalld':
ensure => stopped,
Expand All @@ -72,7 +72,7 @@
)
}

if ($::operatingsystem != 'Amazon') {
if ($facts['os']['name'] != 'Amazon') {
if $ensure == 'running' {
$running_command = ['/usr/bin/systemctl', 'daemon-reload']

Expand All @@ -86,8 +86,8 @@
}
}

if ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '4') >= 0)
or ($::operatingsystem == 'Amazon') and (versioncmp($::operatingsystemmajrelease, '2') >= 0) {
if ($facts['os']['name'] == 'Amazon') and (versioncmp($facts['os']['release']['major'], '4') >= 0)
or ($facts['os']['name'] == 'Amazon') and (versioncmp($facts['os']['release']['major'], '2') >= 0) {
service { $service_name:
ensure => $ensure,
enable => $enable,
Expand Down Expand Up @@ -135,12 +135,12 @@

# Redhat 7 selinux user context for /etc/sysconfig/iptables is set to system_u
# Redhat 7 selinux type context for /etc/sysconfig/iptables is set to system_conf_t
case $::selinux {
case $facts['os']['selinux']['enabled'] {
#lint:ignore:quoted_booleans
'true',true: {
case $::operatingsystem {
case $facts['os']['name'] {
'CentOS': {
case $::operatingsystemrelease {
case $facts['os']['release']['full'] {
/^6\..*/: {
$seluser = 'unconfined_u'
$seltype = 'system_conf_t'
Expand Down
24 changes: 12 additions & 12 deletions manifests/params.pp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
#
class firewall::params {
$package_ensure = 'present'
case $::osfamily {
case $facts['os']['family'] {
'RedHat': {
case $::operatingsystem {
case $facts['os']['name'] {
'Amazon': {
$service_name = 'iptables'
$service_name_v6 = 'ip6tables'
Expand All @@ -18,7 +18,7 @@
'Fedora': {
$service_name = 'iptables'
$service_name_v6 = 'ip6tables'
if versioncmp($::operatingsystemrelease, '34') >= 0 {
if versioncmp($facts['os']['release']['full'], '34') >= 0 {
$package_name = 'iptables-services'
$iptables_name = 'iptables-compat'
} else {
Expand All @@ -29,21 +29,21 @@
$firewalld_manage = true
}
default: {
if versioncmp($::operatingsystemrelease, '9') >= 0 {
$service_name = 'nftables'
if versioncmp($facts['os']['release']['full'], '9') >= 0 {
$service_name = ['nftables','iptables']
$service_name_v6 = 'ip6tables'
$package_name = ['iptables-services', 'nftables', 'iptables-nft-services']
$iptables_name = 'iptables-nft'
$sysconfig_manage = false
$firewalld_manage = false
} elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {
} elsif versioncmp($facts['os']['release']['full'], '8.0') >= 0 {
$service_name = ['iptables', 'nftables']
$service_name_v6 = 'ip6tables'
$package_name = ['iptables-services', 'nftables']
$iptables_name = 'iptables'
$sysconfig_manage = false
$firewalld_manage = true
} elsif versioncmp($::operatingsystemrelease, '7.0') >= 0 {
} elsif versioncmp($facts['os']['release']['full'], '7.0') >= 0 {
$service_name = 'iptables'
$service_name_v6 = 'ip6tables'
$package_name = 'iptables-services'
Expand All @@ -64,12 +64,12 @@
'Debian': {
$service_name_v6 = undef
$iptables_name = 'iptables'
case $::operatingsystem {
case $facts['os']['name'] {
'Debian': {
if versioncmp($::operatingsystemrelease, 'unstable') >= 0 {
if versioncmp($facts['os']['release']['full'], 'unstable') >= 0 {
$service_name = 'netfilter-persistent'
$package_name = 'netfilter-persistent'
} elsif versioncmp($::operatingsystemrelease, '8.0') >= 0 {
} elsif versioncmp($facts['os']['release']['full'], '8.0') >= 0 {
$service_name = 'netfilter-persistent'
$package_name = 'iptables-persistent'
} else {
Expand All @@ -78,7 +78,7 @@
}
}
'Ubuntu': {
if versioncmp($::operatingsystemrelease, '14.10') >= 0 {
if versioncmp($facts['os']['release']['full'], '14.10') >= 0 {
$service_name = 'netfilter-persistent'
$package_name = 'iptables-persistent'
} else {
Expand All @@ -100,7 +100,7 @@
default: {
$iptables_name = 'iptables'
$service_name_v6 = undef
case $::operatingsystem {
case $facts['os']['name'] {
'Archlinux': {
$service_name = ['iptables','ip6tables']
$package_name = undef
Expand Down
6 changes: 3 additions & 3 deletions metadata.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "puppetlabs-firewall",
"version": "4.0.1",
"version": "4.1.0",
"author": "puppetlabs",
"summary": "Manages Firewalls such as iptables",
"license": "Apache-2.0",
Expand Down Expand Up @@ -83,6 +83,6 @@
}
],
"template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
"template-ref": "tags/2.6.0-0-gd0490b9",
"pdk-version": "2.5.0"
"template-ref": "2.7.1-0-g9a16c87",
"pdk-version": "2.6.0"
}
8 changes: 5 additions & 3 deletions spec/spec_helper_local.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,9 +33,11 @@ def with_debian_facts
let :facts do
{
kernel: 'Linux',
operatingsystem: 'Debian',
operatingsystemrelease: '8.0',
osfamily: 'Debian',
os: {
name: 'Debian',
release: { full: '8.0' },
family: 'Debian',
},
}
end
end
6 changes: 4 additions & 2 deletions spec/unit/classes/firewall_linux_archlinux_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,10 @@
describe 'firewall::linux::archlinux', type: :class do
let(:facts) do
{
osfamily: 'Archlinux',
operatingsystem: 'Archlinux',
os: {
family: 'ArchLinux',
name: 'ArchLinux',
},
}
end

Expand Down
122 changes: 104 additions & 18 deletions spec/unit/classes/firewall_linux_debian_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,11 @@
context 'with Debian 10' do
let(:facts) do
{
osfamily: 'Debian',
operatingsystem: 'Debian',
operatingsystemrelease: '10.0',
os: {
family: 'Debian',
name: 'Debian',
release: { full: '10.0' },
},
}
end

Expand All @@ -19,7 +21,7 @@
}
it {
is_expected.to contain_service('netfilter-persistent').with(
ensure: nil,
ensure: 'running',
enable: 'true',
require: 'Package[iptables-persistent]',
)
Expand All @@ -29,9 +31,11 @@
context 'with Debian 10, enable => false' do
let(:facts) do
{
osfamily: 'Debian',
operatingsystem: 'Debian',
operatingsystemrelease: '10',
os: {
family: 'Debian',
name: 'Debian',
release: { full: '10' },
},
}
end
let(:params) { { enable: 'false' } }
Expand All @@ -43,12 +47,33 @@
}
end

context 'with Debian 10, ensure => stopped' do
let(:facts) do
{
os: {
family: 'Debian',
name: 'Debian',
release: { full: '10.0' },
},
}
end
let(:params) { { ensure: 'stopped' } }

it {
is_expected.to contain_service('netfilter-persistent').with(
ensure: 'stopped',
)
}
end

context 'with Debian 11' do
let(:facts) do
{
osfamily: 'Debian',
operatingsystem: 'Debian',
operatingsystemrelease: '11.0',
os: {
family: 'Debian',
name: 'Debian',
release: { full: '11.0' },
},
}
end

Expand All @@ -59,7 +84,7 @@
}
it {
is_expected.to contain_service('netfilter-persistent').with(
ensure: nil,
ensure: 'running',
enable: 'true',
require: 'Package[iptables-persistent]',
)
Expand All @@ -69,9 +94,11 @@
context 'with Debian 11, enable => false' do
let(:facts) do
{
osfamily: 'Debian',
operatingsystem: 'Debian',
operatingsystemrelease: '11',
os: {
family: 'Debian',
name: 'Debian',
release: { full: '11' },
},
}
end
let(:params) { { enable: 'false' } }
Expand All @@ -83,12 +110,33 @@
}
end

context 'with Debian 11, ensure => stopped' do
let(:facts) do
{
os: {
family: 'Debian',
name: 'Debian',
release: { full: '10.0' },
},
}
end
let(:params) { { ensure: 'stopped' } }

it {
is_expected.to contain_service('netfilter-persistent').with(
ensure: 'stopped',
)
}
end

context 'with Debian unstable' do
let(:facts) do
{
osfamily: 'Debian',
operatingsystem: 'Debian',
operatingsystemrelease: 'unstable',
os: {
family: 'Debian',
name: 'Debian',
release: { full: 'unstable' },
},
}
end

Expand All @@ -99,10 +147,48 @@
}
it {
is_expected.to contain_service('netfilter-persistent').with(
ensure: nil,
ensure: 'running',
enable: 'true',
require: 'Package[netfilter-persistent]',
)
}
end

context 'with Debian unstable, enable => false' do
let(:facts) do
{
os: {
family: 'Debian',
name: 'Debian',
release: { full: 'unstable' },
},
}
end
let(:params) { { enable: 'false' } }

it {
is_expected.to contain_service('netfilter-persistent').with(
enable: 'false',
)
}
end

context 'with Debian unstable, ensure => stopped' do
let(:facts) do
{
os: {
family: 'Debian',
name: 'Debian',
release: { full: '10.0' },
},
}
end
let(:params) { { ensure: 'stopped' } }

it {
is_expected.to contain_service('netfilter-persistent').with(
ensure: 'stopped',
)
}
end
end
20 changes: 12 additions & 8 deletions spec/unit/classes/firewall_linux_redhat_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,10 +42,12 @@
context "os #{os} and osrel #{osrel}" do
let(:facts) do
{
operatingsystem: os,
operatingsystemrelease: osrel,
osfamily: 'RedHat',
selinux: false,
os: {
name: os,
release: { full: osrel },
family: 'RedHat',
selinux: { enabled: false },
},
puppetversion: Puppet.version,
}
end
Expand Down Expand Up @@ -130,10 +132,12 @@
context "os #{os} and osrel #{osrel}" do
let(:facts) do
{
operatingsystem: os,
operatingsystemrelease: osrel,
osfamily: 'RedHat',
selinux: false,
os: {
name: os,
release: { full: osrel },
family: 'RedHat',
selinux: { enabled: false },
},
puppetversion: Puppet.version,
}
end
Expand Down
20 changes: 12 additions & 8 deletions spec/unit/classes/firewall_linux_spec.rb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,12 @@
let(:facts) do
{
kernel: 'Linux',
operatingsystem: os,
operatingsystemrelease: osrel,
osfamily: 'RedHat',
selinux: false,
os: {
name: os,
release: { full: osrel },
family: 'RedHat',
selinux: { enabled: false },
},
puppetversion: Puppet.version,
}
end
Expand All @@ -33,10 +35,12 @@
let(:facts) do
{
kernel: 'Linux',
operatingsystem: os,
operatingsystemrelease: osrel,
osfamily: 'Debian',
selinux: false,
os: {
name: os,
release: { full: osrel },
family: 'Debian',
selinux: { enabled: false },
},
puppetversion: Puppet.version,
}
end
Expand Down