case $::operatingsystem {
'CentOS': {
case $::operatingsystemrelease {
- /^5\..*/: {
- File["/etc/sysconfig/${service_name}"] { seluser => 'system_u', seltype => 'etc_t' }
- File["/etc/sysconfig/${service_name_v6}"] { seluser => 'system_u', seltype => 'etc_t' }
- }
-
/^6\..*/: {
File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' }
File["/etc/sysconfig/${service_name_v6}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' }
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
- "5",
"6",
"7"
]
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
- "6",
- "7",
"8"
]
},
end
# iptables version 1.3.5 is not suppored by the ip6tables provider
- if default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04}
+ if default['platform'] =~ %r{ubuntu-14\.04}
describe 'ip6tables ipt_modules tests' do
context 'when all the modules with multiple args' do
pp3 = <<-PUPPETCODE
end
end
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles}
+ if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
describe 'checksum_fill' do
context 'when virbr' do
pp38 = <<-PUPPETCODE
end
# ip6tables has limited `-m socket` support
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles}
+ if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
describe 'socket' do
context 'when true' do
pp56 = <<-PUPPETCODE
end
# ip6tables only supports ipset, addrtype, and mask on a limited set of platforms
- if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04}
+ if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{ubuntu-14\.04}
# ipset is really difficult to test, just testing on one platform
if default['platform'] =~ %r{ubuntu-14\.04}
describe 'ipset' do
end
end
- # mask isn't supported on deb7
- if default['platform'] !~ %r{debian-7}
- describe 'mask' do
- pp64 = <<-PUPPETCODE
- class { '::firewall': }
- firewall { '613 - test':
- recent => 'update',
- rseconds => 60,
- rsource => true,
- rname => 'test',
- action => 'drop',
- chain => 'FORWARD',
- mask => 'ffff::',
- provider => 'ip6tables',
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp64, catch_failures: true)
- end
-
- it 'contains the rule' do
- shell('ip6tables-save') do |r|
- expect(r.stdout).to match(%r{-A FORWARD -p tcp -m recent --update --seconds 60 --name test --mask ffff:: --rsource -m comment --comment "613 - test" -j DROP})
- end
- end
- end
- end
-
['dst_type', 'src_type'].each do |type|
describe type.to_s do
context 'when MULTICAST' do
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{ubuntu-1204} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
+ if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
describe 'tee_gateway' do
context 'when 10.0.0.2' do
pp1 = <<-PUPPETCODE
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
+ if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
describe 'time tests ipv4' do
context 'when set all time parameters' do
pp1 = <<-PUPPETCODE
require 'spec_helper'
describe 'firewall::linux::debian', type: :class do
- context 'with Debian 7' do
- let(:facts) do
- {
- osfamily: 'Debian',
- operatingsystem: 'Debian',
- operatingsystemrelease: '7.0',
- }
- end
-
- it {
- is_expected.to contain_package('iptables-persistent').with(
- ensure: 'present',
- )
- }
- it {
- is_expected.to contain_service('iptables-persistent').with(
- ensure: nil,
- enable: 'true',
- require: 'Package[iptables-persistent]',
- )
- }
- end
-
- context 'with deb7 enable => false' do
- let(:facts) do
- {
- osfamily: 'Debian',
- operatingsystem: 'Debian',
- operatingsystemrelease: '7.0',
- }
- end
- let(:params) { { enable: 'false' } }
-
- it {
- is_expected.to contain_service('iptables-persistent').with(
- enable: 'false',
- )
- }
- end
-
context 'with Debian 8' do
let(:facts) do
{
require 'spec_helper'
describe 'firewall::linux', type: :class do
- ['RedHat', 'CentOS', 'Fedora'].each do |os|
+ ['RedHat', 'CentOS'].each do |os|
context "Redhat Like: operatingsystem => #{os}" do
- releases = ((os == 'Fedora') ? ['14', '15', 'Rawhide'] : ['6', '7'])
+ releases = ['6', '7']
releases.each do |osrel|
context "operatingsystemrelease => #{osrel}" do
let(:facts) do
['Debian', 'Ubuntu'].each do |os|
context "Debian Like: operatingsystem => #{os}" do
- releases = ((os == 'Debian') ? ['6', '7', '8'] : ['10.04', '12.04', '14.04'])
+ releases = ((os == 'Debian') ? ['8'] : ['14.04'])
releases.each do |osrel|
let(:facts) do
{
let(:dpkg_cmd) { "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null" }
{
- 'Debian' => '0.0.20090701',
'Ubuntu' => '0.5.3ubuntu2',
}.each do |os, ver|
-
- if os == 'Debian'
- os_release = '7.0'
- elsif os == 'Ubuntu'
- os_release = '14.04'
- end
+ os_release = '14.04'
describe "#{os} package installed" do
before(:each) do
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff