# Manages the installation of packages for operating systems that are
# currently supported by the firewall type.
#
-class firewall {
+class firewall (
+ $ensure = running
+) {
+ case $ensure {
+ /^(running|stopped)$/: {
+ # Do nothing.
+ }
+ default: {
+ fail("${title}: Ensure value '${ensure}' is not supported")
+ }
+ }
+
case $::kernel {
'Linux': {
- class { "${title}::linux": }
+ class { "${title}::linux":
+ ensure => $ensure,
+ }
}
default: {
fail("${title}: Kernel '${::kernel}' is not currently supported")
-class firewall::linux {
+class firewall::linux (
+ $ensure = running
+) {
+ $enable = $ensure ? {
+ running => true,
+ stopped => false,
+ }
+
package { 'iptables':
ensure => present,
}
case $::operatingsystem {
'RedHat', 'CentOS', 'Fedora': {
class { "${title}::redhat":
+ ensure => $ensure,
+ enable => $enable,
require => Package['iptables'],
}
}
'Debian', 'Ubuntu': {
class { "${title}::debian":
+ ensure => $ensure,
+ enable => $enable,
require => Package['iptables'],
}
}
'Archlinux': {
class { "${title}::archlinux":
+ ensure => $ensure,
+ enable => $enable,
require => Package['iptables'],
}
}
-class firewall::linux::archlinux {
+class firewall::linux::archlinux (
+ $ensure = 'running',
+ $enable = true
+) {
service { 'iptables':
- ensure => running,
- enable => true,
+ ensure => $ensure,
+ enable => $enable,
}
service { 'ip6tables':
- ensure => running,
- enable => true,
+ ensure => $ensure,
+ enable => $enable,
}
file { '/etc/iptables/iptables.rules':
-class firewall::linux::debian {
+class firewall::linux::debian (
+ $ensure = running,
+ $enable = true
+) {
package { 'iptables-persistent':
ensure => present,
}
# needs to be called on system boot.
service { 'iptables-persistent':
ensure => undef,
- enable => true,
+ enable => $enable,
require => Package['iptables-persistent'],
}
}
-class firewall::linux::redhat {
+class firewall::linux::redhat (
+ $ensure = running,
+ $enable = true
+) {
service { 'iptables':
- ensure => running,
- enable => true,
+ ensure => $ensure,
+ enable => $enable,
}
}
:ensure => 'running',
:enable => 'true'
)}
+
+ context 'ensure => stopped' do
+ let(:params) {{ :ensure => 'stopped' }}
+ it { should contain_service('iptables').with(
+ :ensure => 'stopped'
+ )}
+ it { should contain_service('ip6tables').with(
+ :ensure => 'stopped'
+ )}
+ end
+
+ context 'enable => false' do
+ let(:params) {{ :enable => 'false' }}
+ it { should contain_service('iptables').with(
+ :enable => 'false'
+ )}
+ it { should contain_service('ip6tables').with(
+ :enable => 'false'
+ )}
+ end
end
:enable => 'true',
:require => 'Package[iptables-persistent]'
)}
+
+ context 'enable => false' do
+ let(:params) {{ :enable => 'false' }}
+ it { should contain_service('iptables-persistent').with(
+ :enable => 'false'
+ )}
+ end
end
:ensure => 'running',
:enable => 'true'
)}
+
+ context 'ensure => stopped' do
+ let(:params) {{ :ensure => 'stopped' }}
+ it { should contain_service('iptables').with(
+ :ensure => 'stopped'
+ )}
+ end
+
+ context 'enable => false' do
+ let(:params) {{ :enable => 'false' }}
+ it { should contain_service('iptables').with(
+ :enable => 'false'
+ )}
+ end
end
describe 'firewall', :type => :class do
context 'kernel => Linux' do
let(:facts) {{ :kernel => 'Linux' }}
- it { should include_class('firewall::linux') }
+ it { should contain_class('firewall::linux').with_ensure('running') }
+ end
+
+ context 'kernel => Windows' do
+ let(:facts) {{ :kernel => 'Windows' }}
+ it { expect { should include_class('firewall::linux') }.to raise_error(Puppet::Error) }
+ end
+
+ context 'ensure => stopped' do
+ let(:facts) {{ :kernel => 'Linux' }}
+ let(:params) {{ :ensure => 'stopped' }}
+ it { should contain_class('firewall::linux').with_ensure('stopped') }
+ end
+
+ context 'ensure => test' do
+ let(:facts) {{ :kernel => 'Linux' }}
+ let(:params) {{ :ensure => 'test' }}
+ it { expect { should include_class('firewall::linux') }.to raise_error(Puppet::Error) }
end
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff