Firewall class manifests

Manifests for managing the required packages and services on supported Linux
operating systems. These will be required for persistence.

diff --git a/manifests/init.pp b/manifests/init.pp
new file mode 100644 (file)
index 0000000..2aa6155
--- /dev/null
+++ b/manifests/init.pp
@@ -0,0 +1,15 @@
+# Class: firewall
+#
+# Manages the installation of packages for operating systems that are
+#   currently supported by the firewall type.
+#
+class firewall {
+  case $::kernel {
+    'Linux': {
+      class { "${title}::linux": }
+    }
+    default: {
+      fail("${title}: Kernel '${::kernel}' is not currently supported")
+    }
+  }
+}

diff --git a/manifests/linux.pp b/manifests/linux.pp
new file mode 100644 (file)
index 0000000..ffa68d0
--- /dev/null
+++ b/manifests/linux.pp
@@ -0,0 +1,19 @@
+class firewall::linux {
+  package { 'iptables':
+    ensure => present,
+  }
+
+  case $::operatingsystem {
+    'RedHat', 'CentOS', 'Fedora': {
+      class { "${title}::redhat":
+        require => Package['iptables'],
+      }
+    }
+    'Debian', 'Ubuntu': {
+      class { "${title}::debian":
+        require => Package['iptables'],
+      }
+    }
+    default: {}
+  }
+}

diff --git a/manifests/linux/debian.pp b/manifests/linux/debian.pp
new file mode 100644 (file)
index 0000000..4a2242b
--- /dev/null
+++ b/manifests/linux/debian.pp
@@ -0,0 +1,13 @@
+class firewall::linux::debian {
+  package { 'iptables-persistent':
+    ensure => present,
+  }
+
+  # This isn't a real service/daemon. The start action loads rules, so just
+  # needs to be called on system boot.
+  service { 'iptables-persistent':
+    ensure  => undef,
+    enable  => true,
+    require => Package['iptables-persistent'],
+  }
+}

diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
new file mode 100644 (file)
index 0000000..e89feca
--- /dev/null
+++ b/manifests/linux/redhat.pp
@@ -0,0 +1,6 @@
+class firewall::linux::redhat {
+  service { 'iptables':
+    ensure => running,
+    enable => true,
+  }
+}

diff --git a/spec/classes/firewall_linux_debian_spec.rb b/spec/classes/firewall_linux_debian_spec.rb
new file mode 100644 (file)
index 0000000..2d7581e
--- /dev/null
+++ b/spec/classes/firewall_linux_debian_spec.rb
@@ -0,0 +1,12 @@
+require 'spec_helper'
+
+describe 'firewall::linux::debian' do
+  it { should contain_package('iptables-persistent').with(
+    :ensure => 'present',
+  )}
+  it { should contain_service('iptables-persistent').with(
+    :ensure   => nil,
+    :enable   => 'true',
+    :require  => 'Package[iptables-persistent]',
+  )}
+end

diff --git a/spec/classes/firewall_linux_redhat_spec.rb b/spec/classes/firewall_linux_redhat_spec.rb
new file mode 100644 (file)
index 0000000..89f30fc
--- /dev/null
+++ b/spec/classes/firewall_linux_redhat_spec.rb
@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+describe 'firewall::linux::redhat' do
+  it { should contain_service('iptables').with(
+    :ensure => 'running',
+    :enable => 'true',
+  )}
+end

diff --git a/spec/classes/firewall_linux_spec.rb b/spec/classes/firewall_linux_spec.rb
new file mode 100644 (file)
index 0000000..61a1b64
--- /dev/null
+++ b/spec/classes/firewall_linux_spec.rb
@@ -0,0 +1,24 @@
+require 'spec_helper'
+
+describe 'firewall::linux' do
+  let(:facts_default) {{ :kernel => 'Linux' }}
+  it { should contain_package('iptables').with_ensure('present') }
+
+  context 'RedHat like' do
+    %w{RedHat CentOS Fedora}.each do |os|
+      context "operatingsystem => #{os}" do
+        let(:facts) { facts_default.merge({ :operatingsystem => os }) }
+        it { should contain_class('firewall::linux::redhat').with_require('Package[iptables]') }
+      end
+    end
+  end
+
+  context 'Debian like' do
+    %w{Debian Ubuntu}.each do |os|
+      context "operatingsystem => #{os}" do
+        let(:facts) { facts_default.merge({ :operatingsystem => os }) }
+        it { should contain_class('firewall::linux::debian').with_require('Package[iptables]') }
+      end
+    end
+  end
+end

diff --git a/spec/classes/firewall_spec.rb b/spec/classes/firewall_spec.rb
new file mode 100644 (file)
index 0000000..d97443f
--- /dev/null
+++ b/spec/classes/firewall_spec.rb
@@ -0,0 +1,8 @@
+require 'spec_helper'
+
+describe 'firewall' do
+  context 'kernel => Linux' do
+    let(:facts) {{ :kernel => 'Linux' }}
+    it { should include_class('firewall::linux') }
+  end
+end

diff --git a/spec/fixtures/modules/firewall/lib b/spec/fixtures/modules/firewall/lib
new file mode 120000 (symlink)
index 0000000..42892ea
--- /dev/null
+++ b/spec/fixtures/modules/firewall/lib
@@ -0,0 +1 @@
+../../../../lib
\ No newline at end of file

diff --git a/spec/fixtures/modules/firewall/manifests b/spec/fixtures/modules/firewall/manifests
new file mode 120000 (symlink)
index 0000000..373b992
--- /dev/null
+++ b/spec/fixtures/modules/firewall/manifests
@@ -0,0 +1 @@
+../../../../manifests
\ No newline at end of file

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 3d8b19739333a040fa642ef8e82b170dff8954ba..dbb60d68022fd4515c9ef06530241dc18b24bca4 100644 (file)
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -6,6 +6,7 @@ ARGV.clear
 
 require 'rubygems'
 require 'bundler/setup'
+require 'rspec-puppet'
 
 Bundler.require :default, :test
 
@@ -16,6 +17,10 @@ Pathname.glob("#{dir}/shared_behaviours/**/*.rb") do |behaviour|
   require behaviour.relative_path_from(Pathname.new(dir))
 end
 
+fixture_path = File.expand_path(File.join(__FILE__, '..', 'fixtures'))
+
 RSpec.configure do |config|
   config.mock_with :mocha
+  config.module_path = File.join(fixture_path, 'modules')
+  config.manifest_dir = File.join(fixture_path, 'manifests')
 end