From: David Swan Date: Wed, 30 May 2018 11:38:37 +0000 (+0100) Subject: [FM-6961] Removal of unsupported OS from firewall X-Git-Tag: 1.13.0~11^2 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=bae5dfb69b047b1c13fcb8cb893ed311089e1f92;p=puppet-modules%2Fpuppetlabs-firewall.git [FM-6961] Removal of unsupported OS from firewall --- diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp index 80836ed..5002bb4 100644 --- a/manifests/linux/redhat.pp +++ b/manifests/linux/redhat.pp @@ -106,11 +106,6 @@ class firewall::linux::redhat ( case $::operatingsystem { 'CentOS': { case $::operatingsystemrelease { - /^5\..*/: { - File["/etc/sysconfig/${service_name}"] { seluser => 'system_u', seltype => 'etc_t' } - File["/etc/sysconfig/${service_name_v6}"] { seluser => 'system_u', seltype => 'etc_t' } - } - /^6\..*/: { File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' } File["/etc/sysconfig/${service_name_v6}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' } diff --git a/metadata.json b/metadata.json index 9b206e4..75c02f2 100644 --- a/metadata.json +++ b/metadata.json @@ -40,7 +40,6 @@ { "operatingsystem": "Scientific", "operatingsystemrelease": [ - "5", "6", "7" ] @@ -55,8 +54,6 @@ { "operatingsystem": "Debian", "operatingsystemrelease": [ - "6", - "7", "8" ] }, diff --git a/spec/acceptance/firewall_iptmodules_spec.rb b/spec/acceptance/firewall_iptmodules_spec.rb index e2ee32c..0e189db 100644 --- a/spec/acceptance/firewall_iptmodules_spec.rb +++ b/spec/acceptance/firewall_iptmodules_spec.rb @@ -67,7 +67,7 @@ describe 'firewall iptmodules' do end # iptables version 1.3.5 is not suppored by the ip6tables provider - if default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04} + if default['platform'] =~ %r{ubuntu-14\.04} describe 'ip6tables ipt_modules tests' do context 'when all the modules with multiple args' do pp3 = <<-PUPPETCODE diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb index f4f4d0b..4bb93da 100644 --- a/spec/acceptance/firewall_spec.rb +++ b/spec/acceptance/firewall_spec.rb @@ -803,7 +803,7 @@ describe 'firewall basics', docker: true do end end - if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles} + if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles} describe 'checksum_fill' do context 'when virbr' do pp38 = <<-PUPPETCODE @@ -1256,7 +1256,7 @@ describe 'firewall basics', docker: true do end # ip6tables has limited `-m socket` support - if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles} + if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles} describe 'socket' do context 'when true' do pp56 = <<-PUPPETCODE @@ -1448,7 +1448,7 @@ describe 'firewall basics', docker: true do end # ip6tables only supports ipset, addrtype, and mask on a limited set of platforms - if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04} + if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{ubuntu-14\.04} # ipset is really difficult to test, just testing on one platform if default['platform'] =~ %r{ubuntu-14\.04} describe 'ipset' do @@ -1506,34 +1506,6 @@ describe 'firewall basics', docker: true do end end - # mask isn't supported on deb7 - if default['platform'] !~ %r{debian-7} - describe 'mask' do - pp64 = <<-PUPPETCODE - class { '::firewall': } - firewall { '613 - test': - recent => 'update', - rseconds => 60, - rsource => true, - rname => 'test', - action => 'drop', - chain => 'FORWARD', - mask => 'ffff::', - provider => 'ip6tables', - } - PUPPETCODE - it 'applies' do - apply_manifest(pp64, catch_failures: true) - end - - it 'contains the rule' do - shell('ip6tables-save') do |r| - expect(r.stdout).to match(%r{-A FORWARD -p tcp -m recent --update --seconds 60 --name test --mask ffff:: --rsource -m comment --comment "613 - test" -j DROP}) - end - end - end - end - ['dst_type', 'src_type'].each do |type| describe type.to_s do context 'when MULTICAST' do diff --git a/spec/acceptance/firewall_tee_spec.rb b/spec/acceptance/firewall_tee_spec.rb index 779f56d..3a59683 100644 --- a/spec/acceptance/firewall_tee_spec.rb +++ b/spec/acceptance/firewall_tee_spec.rb @@ -6,7 +6,7 @@ describe 'firewall tee' do ip6tables_flush_all_tables end - if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{ubuntu-1204} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7} + if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7} describe 'tee_gateway' do context 'when 10.0.0.2' do pp1 = <<-PUPPETCODE diff --git a/spec/acceptance/firewall_time_spec.rb b/spec/acceptance/firewall_time_spec.rb index 5d39eed..8c55429 100644 --- a/spec/acceptance/firewall_time_spec.rb +++ b/spec/acceptance/firewall_time_spec.rb @@ -6,7 +6,7 @@ describe 'firewall time' do ip6tables_flush_all_tables end - if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7} + if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7} describe 'time tests ipv4' do context 'when set all time parameters' do pp1 = <<-PUPPETCODE diff --git a/spec/unit/classes/firewall_linux_debian_spec.rb b/spec/unit/classes/firewall_linux_debian_spec.rb index 81b81a2..a58e3c5 100644 --- a/spec/unit/classes/firewall_linux_debian_spec.rb +++ b/spec/unit/classes/firewall_linux_debian_spec.rb @@ -1,46 +1,6 @@ require 'spec_helper' describe 'firewall::linux::debian', type: :class do - context 'with Debian 7' do - let(:facts) do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '7.0', - } - end - - it { - is_expected.to contain_package('iptables-persistent').with( - ensure: 'present', - ) - } - it { - is_expected.to contain_service('iptables-persistent').with( - ensure: nil, - enable: 'true', - require: 'Package[iptables-persistent]', - ) - } - end - - context 'with deb7 enable => false' do - let(:facts) do - { - osfamily: 'Debian', - operatingsystem: 'Debian', - operatingsystemrelease: '7.0', - } - end - let(:params) { { enable: 'false' } } - - it { - is_expected.to contain_service('iptables-persistent').with( - enable: 'false', - ) - } - end - context 'with Debian 8' do let(:facts) do { diff --git a/spec/unit/classes/firewall_linux_spec.rb b/spec/unit/classes/firewall_linux_spec.rb index 2fbb462..c44600d 100644 --- a/spec/unit/classes/firewall_linux_spec.rb +++ b/spec/unit/classes/firewall_linux_spec.rb @@ -1,9 +1,9 @@ require 'spec_helper' describe 'firewall::linux', type: :class do - ['RedHat', 'CentOS', 'Fedora'].each do |os| + ['RedHat', 'CentOS'].each do |os| context "Redhat Like: operatingsystem => #{os}" do - releases = ((os == 'Fedora') ? ['14', '15', 'Rawhide'] : ['6', '7']) + releases = ['6', '7'] releases.each do |osrel| context "operatingsystemrelease => #{osrel}" do let(:facts) do @@ -26,7 +26,7 @@ describe 'firewall::linux', type: :class do ['Debian', 'Ubuntu'].each do |os| context "Debian Like: operatingsystem => #{os}" do - releases = ((os == 'Debian') ? ['6', '7', '8'] : ['10.04', '12.04', '14.04']) + releases = ((os == 'Debian') ? ['8'] : ['14.04']) releases.each do |osrel| let(:facts) do { diff --git a/spec/unit/facter/iptables_persistent_version_spec.rb b/spec/unit/facter/iptables_persistent_version_spec.rb index a0aeca1..880487c 100644 --- a/spec/unit/facter/iptables_persistent_version_spec.rb +++ b/spec/unit/facter/iptables_persistent_version_spec.rb @@ -7,15 +7,9 @@ describe 'Facter::Util::Fact iptables_persistent_version' do let(:dpkg_cmd) { "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null" } { - 'Debian' => '0.0.20090701', 'Ubuntu' => '0.5.3ubuntu2', }.each do |os, ver| - - if os == 'Debian' - os_release = '7.0' - elsif os == 'Ubuntu' - os_release = '14.04' - end + os_release = '14.04' describe "#{os} package installed" do before(:each) do