Ken Barber [Sat, 13 Apr 2013 22:48:30 +0000 (23:48 +0100)]
Fix rspec colour in jenkins
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 13 Apr 2013 22:41:27 +0000 (15:41 -0700)]
Merge pull request #162 from kbarber/booleans_not_idempotent
Booleans not idempotent
Georg Koester [Thu, 11 Apr 2013 16:46:07 +0000 (09:46 -0700)]
Fix boolean rules being always recognized as changed.
String and boolean types were compared.
Had to adapt the tests which checked for booleans, when in
reality strings where present.
Ken Barber [Sat, 13 Apr 2013 22:08:20 +0000 (23:08 +0100)]
Add system tests for socket property
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 13 Apr 2013 20:39:06 +0000 (21:39 +0100)]
Merge branch 'add_isfragment_option2'
* add_isfragment_option2:
Add match rule for fragments.
Georg Koester [Wed, 10 Apr 2013 12:47:56 +0000 (05:47 -0700)]
Add match rule for fragments.
Via isfragment true/false property, toggles '-f'.
Same implementation as socket property, same bug
where the property is always recognized as changed.
Ken Barber [Sat, 13 Apr 2013 20:06:46 +0000 (13:06 -0700)]
Merge pull request #145 from ecbypi/ticket/20096-fedora-systemd-support
(20096) Support systemd on Fedora 15 and up
Ken Barber [Sat, 13 Apr 2013 19:40:18 +0000 (12:40 -0700)]
Merge pull request #161 from kbarber/standard_run_tests
Add tests for the recommended setup
Ken Barber [Sat, 13 Apr 2013 19:00:43 +0000 (20:00 +0100)]
Add tests for the recommended setup
Using the documented recommended setup, we test if it works with no error and
test if it is idempotent by running it again, looking for resource changes.
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 13 Apr 2013 17:17:34 +0000 (10:17 -0700)]
Merge pull request #160 from kbarber/more_rspec_tests
Add more system tests: class testing in particular
Ken Barber [Sat, 13 Apr 2013 16:27:00 +0000 (17:27 +0100)]
Add more system tests: class testing in particular
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Fri, 12 Apr 2013 14:58:49 +0000 (15:58 +0100)]
Merge branch 'absolute_path_to_iptables_for_tests'
* absolute_path_to_iptables_for_tests:
Add an absolute path to iptables to make system tests pass
Ken Barber [Fri, 12 Apr 2013 14:32:32 +0000 (15:32 +0100)]
Add an absolute path to iptables to make system tests pass
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Fri, 12 Apr 2013 12:48:56 +0000 (13:48 +0100)]
Merge branch '20125'
* 20125:
(#20125) Add persistence support for Archlinux platform
(#20125) Use PATH to find (ip|ip6|eb)tables for chain provider
(#20125) Use PATH to find (ip|ip6)tables for (ip|ip6)tables provider
(#20125) Add archlinux firewall class and unit test
Ingmar Steen [Mon, 8 Apr 2013 12:38:27 +0000 (14:38 +0200)]
(#20125) Add persistence support for Archlinux platform
This only works with facter 1.7.0-rc1 and up because os_key isn't
properly defined in facter 1.6.18 on Archlinux (it's set to Linux).
Ingmar Steen [Mon, 8 Apr 2013 12:32:02 +0000 (14:32 +0200)]
(#20125) Use PATH to find (ip|ip6|eb)tables for chain provider
Ingmar Steen [Mon, 8 Apr 2013 12:29:05 +0000 (14:29 +0200)]
(#20125) Use PATH to find (ip|ip6)tables for (ip|ip6)tables provider
Ingmar Steen [Mon, 8 Apr 2013 09:32:13 +0000 (11:32 +0200)]
(#20125) Add archlinux firewall class and unit test
Ken Barber [Fri, 12 Apr 2013 12:07:01 +0000 (05:07 -0700)]
Merge pull request #155 from bobtfish/error_reporting_fix
Error reporting fix
Tomas Doran [Thu, 11 Apr 2013 22:19:42 +0000 (23:19 +0100)]
Update to also be for destination
Ken Barber [Thu, 11 Apr 2013 13:53:49 +0000 (14:53 +0100)]
Fix for rspec-system-puppet 0.3.x
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 11 Apr 2013 03:50:05 +0000 (04:50 +0100)]
Use rspec-system-puppet 0.3.0
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 11 Apr 2013 00:45:20 +0000 (01:45 +0100)]
Support for new prefabs from rspec-system
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Wed, 10 Apr 2013 12:44:38 +0000 (13:44 +0100)]
Get rid of examples it isn't being maintained and it belongs in docs
I think the expectation that people should drop to looking at code for examples
is wrong anyway, we should express examples through documentation if we can.
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 6 Apr 2013 02:30:16 +0000 (03:30 +0100)]
Merge branch 'rspec-system-puppet'
* rspec-system-puppet:
Moved some of the puppet setup stuff in system tests to rspec-system-puppet
Ken Barber [Sat, 6 Apr 2013 02:29:15 +0000 (03:29 +0100)]
Moved some of the puppet setup stuff in system tests to rspec-system-puppet
Signed-off-by: Ken Barber <ken@bob.sh>
Eduardo Gutierrez [Fri, 5 Apr 2013 01:18:46 +0000 (21:18 -0400)]
(20096) Support systemd on Fedora 15 and up
Add a check to see if running Fedora 15 in order to use init scripts
provided by systemd. This adds compatibility for systemd on Fedora,
which currently returns an incorrect failure message when persisting
rules.
Ken Barber [Mon, 1 Apr 2013 02:54:10 +0000 (03:54 +0100)]
Use latest rspec-system gem
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 30 Mar 2013 22:15:38 +0000 (22:15 +0000)]
Merge branch 'rspec-system'
* rspec-system:
Initial start on rspec-system tests
Ken Barber [Fri, 29 Mar 2013 20:35:04 +0000 (20:35 +0000)]
Initial start on rspec-system tests
This patch includes system tests using rspec-system. You can try these out
with:
rake spec:system
Consult the docs in the README.md for details on how to run tests on
different OS variants.
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 14 Mar 2013 05:04:47 +0000 (22:04 -0700)]
Merge branch 'ticket/master/release_021'
* ticket/master/release_021:
Release 0.2.1
Ken Barber [Thu, 14 Mar 2013 05:04:32 +0000 (22:04 -0700)]
Release 0.2.1
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 14 Mar 2013 04:24:16 +0000 (21:24 -0700)]
Merge branch 'maint/master/fix_spec_failures'
* maint/master/fix_spec_failures:
Fix failing spec tests, due to dpkg change in iptables_persistent_version_spec
Ken Barber [Thu, 14 Mar 2013 04:19:20 +0000 (21:19 -0700)]
Fix failing spec tests, due to dpkg change in iptables_persistent_version_spec
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Wed, 6 Mar 2013 00:48:46 +0000 (16:48 -0800)]
Merge pull request #140 from laurenrother/readme_cleanup
Update README to be consistent with module documentation template
Lauren Rother [Tue, 5 Mar 2013 00:02:08 +0000 (16:02 -0800)]
Update README to be consistent with module documentation template
Dan Carley [Mon, 4 Mar 2013 08:08:51 +0000 (08:08 +0000)]
(GH-139) Throw away STDERR from dpkg-query in Fact
Newer versions of dpkg-query, as of Ubuntu 12.10, will make noise on STDERR
if the queried package isn't currently installed. Facter's `exec()` outputs
this without giving us a chance to catch it.
Pipe STDERR to `/dev/null` so that it's not seen by the end-user. STDOUT
will still be `nil` if the package isn't installed. It doesn't seem
reasonable to spec test for this without reaching deep into Facter, so I'm
not going to.
Ken Barber [Mon, 4 Mar 2013 06:19:47 +0000 (22:19 -0800)]
Fix links to forge and github issues in README
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Mon, 4 Mar 2013 06:10:16 +0000 (22:10 -0800)]
Merge branch 'ticket/master/release_020'
* ticket/master/release_020:
Release 0.2.0
Ken Barber [Mon, 4 Mar 2013 05:06:13 +0000 (21:06 -0800)]
Release 0.2.0
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sun, 3 Mar 2013 21:00:42 +0000 (13:00 -0800)]
Merge pull request #137 from dcarley/persist_iptables_tests
Tests for #persist_iptables
Ken Barber [Sun, 3 Mar 2013 21:00:16 +0000 (13:00 -0800)]
Merge pull request #138 from dcarley/129-autoreq_bad_return
(GH-129) Replace errant return in autoreq block
Dan Carley [Sun, 3 Mar 2013 14:32:38 +0000 (14:32 +0000)]
(GH-129) Replace errant return in autoreq block
It's not valid to use `return` within a block. We could use `next []`,
however it's probably better form to just always return the array, whether
it's populated or not. This will stop the error:
err: Got an uncaught exception of type LocalJumpError: unexpected return
When one of the listed providers isn't selected. Which is suitable, because
this autorequire won't be suitable to any other future providers anyway.
Dan Carley [Sat, 2 Mar 2013 18:30:12 +0000 (18:30 +0000)]
Tests for #persist_iptables
Basic coverage of protocol and OS detection. Including older and newer
Debian versions. Nearly all based on expectations since there aren't any
return values.
Dan Carley [Sat, 2 Mar 2013 17:44:34 +0000 (17:44 +0000)]
Typo in #persist_iptables OS normalisation
Debian is upstream of Ubuntu. Not the other way around. Would have affected
users of Facter <1.6.2 which doesn't have osfamily. Discovered while writing
tests, yey tests.
Ken Barber [Fri, 1 Mar 2013 19:54:36 +0000 (11:54 -0800)]
Merge pull request #136 from dcarley/134-autorequire_packages
(GH-134) Autorequire iptables related packages
Dan Carley [Fri, 1 Mar 2013 19:40:26 +0000 (19:40 +0000)]
(GH-134) Refer to new classes in documentation.
Dan Carley [Fri, 1 Mar 2013 18:55:32 +0000 (18:55 +0000)]
(GH-134) Autorequire iptables related packages
autorequires from firewall and firewallchain resources to iptables and
iptables-persistent packages, when the appropriate provider is selected and
the packages are managed in the catalog. This will prevent failed rule
creation and persistence on fresh nodes where the packages may not be
pre-installed.
Ken Barber [Fri, 1 Mar 2013 13:24:10 +0000 (05:24 -0800)]
Merge pull request #133 from dcarley/native_persistence
Native persistence
Dan Carley [Tue, 26 Feb 2013 21:07:01 +0000 (21:07 +0000)]
Firewall and firewallchain persistence
Call the necessary commands from the provider to persist rules between
reboots. Tested on the following distros:
- CentOS 5.8
- CentOS 6.3
- Ubuntu 10.04
- Ubuntu 12.04
- Debian 6
Cavaets:
- Persistence may fail on the first run if Firewall resources are actioned
before the Package resource.
- Older iptables-persistent doesn't support the restoration of ip6tables.
- ebtables cannot be restored.
Ken Barber [Thu, 28 Feb 2013 22:20:06 +0000 (22:20 +0000)]
Missing modulefile change
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 28 Feb 2013 22:18:24 +0000 (22:18 +0000)]
Release 0.1.1
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 28 Feb 2013 21:47:22 +0000 (21:47 +0000)]
Fix define_method for Ruby 1.9.x
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Thu, 28 Feb 2013 21:16:05 +0000 (21:16 +0000)]
Merge branch 'ticket/master/128-puppet_30_broke_method_missing'
* ticket/master/128-puppet_30_broke_method_missing:
(GH-128) Change method_missing to define_method
Ken Barber [Thu, 28 Feb 2013 21:15:02 +0000 (21:15 +0000)]
(GH-128) Change method_missing to define_method
Previously method_missing was enough to create dynamic methods but Puppet 3.0
broke that functionality. So here we used 'define_method' instead to work
around that.
Signed-off-by: Ken Barber <ken@bob.sh>
Dan Carley [Mon, 11 Jun 2012 07:09:13 +0000 (08:09 +0100)]
Firewall class manifests
Manifests for managing the required packages and services on supported Linux
operating systems. These will be required for persistence.
Ken Barber [Tue, 26 Feb 2013 15:12:00 +0000 (15:12 +0000)]
Change source to specific https target
This removes the warnings from rubygems-2.0.0 and ruby-2.0.0.
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Mon, 25 Feb 2013 19:24:06 +0000 (19:24 +0000)]
Merge branch 'maint/master/fix_travis_gem_versions'
* maint/master/fix_travis_gem_versions:
Fix gem versions for travis.yml
Ken Barber [Mon, 25 Feb 2013 18:33:52 +0000 (18:33 +0000)]
Fix gem versions for travis.yml
Signed-off-by: Ken Barber <ken@bob.sh>
Tomas Doran [Tue, 4 Sep 2012 16:04:35 +0000 (17:04 +0100)]
Fix error reporting for insane hostnames.
If you put some really silly values in (e.g. /) into hostnames then
the error message s super super cryptic.
This patch fixes that, so it's at least obvious what / where / why it's
failing if you use --trace --debug
Ken Barber [Sun, 24 Feb 2013 14:54:55 +0000 (14:54 +0000)]
Merge branch 'maint/master/fix_forge_rendering'
* maint/master/fix_forge_rendering:
New changelog
Ken Barber [Sun, 24 Feb 2013 14:49:43 +0000 (14:49 +0000)]
New changelog
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sun, 24 Feb 2013 14:03:43 +0000 (14:03 +0000)]
Merge branch 'maint/master/new_release_010'
* maint/master/new_release_010:
Release 0.1.0
Ken Barber [Sun, 24 Feb 2013 14:03:29 +0000 (14:03 +0000)]
Release 0.1.0
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 23 Feb 2013 20:38:47 +0000 (20:38 +0000)]
Update docs for source and dest - they are not arrays
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 23 Feb 2013 20:28:02 +0000 (12:28 -0800)]
Merge pull request #105 from wuwx/master
ip6tables provider allways execute /sbin/iptables command
Ken Barber [Sat, 23 Feb 2013 19:18:37 +0000 (11:18 -0800)]
Merge pull request #110 from dcarley/expect_resolv_getaddress
Mock Resolv.getaddress in #host_to_ip
Dan Carley [Sat, 23 Feb 2013 14:36:17 +0000 (14:36 +0000)]
Mock Resolv.getaddress in #host_to_ip
Add an expect for Resolv.getaddress in Puppet::Util::Firewall#host_to_ip so
that the test can be run when disconnected from the net. Also isolates it
should should puppetlabs.com move to a different address.
Ken Barber [Sat, 23 Feb 2013 15:24:27 +0000 (15:24 +0000)]
Merge branch 'maint/master/add_puppet_31_to_travis'
* maint/master/add_puppet_31_to_travis:
Add Puppet 3.1 to travis-ci test matrix
Ken Barber [Sat, 23 Feb 2013 15:20:29 +0000 (15:20 +0000)]
Add Puppet 3.1 to travis-ci test matrix
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sat, 23 Feb 2013 15:16:03 +0000 (07:16 -0800)]
Merge pull request #96 from sfozz/documentation-fixes
Add missing class declaration
Ken Barber [Sat, 23 Feb 2013 15:00:44 +0000 (07:00 -0800)]
Merge pull request #109 from dcarley/fix_tests_ruby_193
Fix tests for Ruby 1.9.3 from
3e13bf3
Dan Carley [Sat, 23 Feb 2013 14:10:39 +0000 (14:10 +0000)]
Fix tests for Ruby 1.9.3 from
3e13bf3
Changes in
3e13bf3 broke tests for Ruby 1.9.3 which doesn't support
Enumerable on Strings. Workaround this by casting everything as an array and
flattening to prevent existing arrays from being encapsulated.
Ken Barber [Fri, 22 Feb 2013 17:00:20 +0000 (17:00 +0000)]
Merge branch 'ticket/master/single_sport_dport_support_for_parsing'
* ticket/master/single_sport_dport_support_for_parsing:
Add support for single --sport and --dport parsing
Ken Barber [Fri, 22 Feb 2013 16:55:37 +0000 (16:55 +0000)]
Add support for single --sport and --dport parsing
Previously if someone already had a rule with a single --sport or --dport we
would fail the parse. This now accepts parsing in the single variant, while
still supporting the multiport variant.
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Fri, 22 Feb 2013 16:06:22 +0000 (16:06 +0000)]
Merge branch 'ticket/master/socket'
* ticket/master/socket:
Add support for -m socket option
Added type for socket
Add tests for socket option
Ken Barber [Fri, 22 Feb 2013 15:50:41 +0000 (15:50 +0000)]
Add support for -m socket option
This adds support to boolean-style flags like '-m socket' as well.
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Fri, 22 Feb 2013 15:08:19 +0000 (15:08 +0000)]
Added type for socket
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Fri, 22 Feb 2013 15:03:10 +0000 (15:03 +0000)]
Add tests for socket option
Signed-off-by: Ken Barber <ken@bob.sh>
Ken Barber [Sun, 3 Feb 2013 02:10:35 +0000 (03:10 +0100)]
Merge branch 'standardize_travis'
* standardize_travis:
Fix require of precise puppet library
Update travis and gemfile to be like stdlib travis files
Remove gemfile.lock and add to gitignore
Ken Barber [Sun, 3 Feb 2013 02:03:55 +0000 (03:03 +0100)]
Fix require of precise puppet library
rspec tests fail unless we added require 'puppet'.
Signed-off-by: Ken Barber <ken@bob.sh>
William Van Hevelingen [Sun, 3 Feb 2013 01:38:46 +0000 (17:38 -0800)]
Update travis and gemfile to be like stdlib travis files
William Van Hevelingen [Sun, 3 Feb 2013 01:37:23 +0000 (17:37 -0800)]
Remove gemfile.lock and add to gitignore
wuwx [Fri, 25 Jan 2013 18:25:03 +0000 (02:25 +0800)]
working with ip6tables support
Ken Barber [Tue, 15 Jan 2013 06:09:05 +0000 (22:09 -0800)]
Merge pull request #102 from kbarber/test_updates
Update test framework to the modern age
Ken Barber [Mon, 14 Jan 2013 03:22:29 +0000 (03:22 +0000)]
Update test framework to the modern age
* Install puppetalbs_spec_helper and removed the stuff we were using previously
* Get tests running on 3.0.x
* Update gemspecs to more recent revisions of test tooling
Signed-off-by: Ken Barber <ken@bob.sh>
Dan Carley [Thu, 29 Nov 2012 17:25:51 +0000 (17:25 +0000)]
Merge branch '14463-port_fixnums_to_strings'
Fixes #101 pull request.
Sharif Nassar [Tue, 27 Nov 2012 22:32:46 +0000 (14:32 -0800)]
(#14463) Fix to pass unit tests
* Add default protocol to fix the test for converting a string 'ssh' to a port
number was failing like so:
1) Puppet::Type::Firewall dport should convert a port name for dport to its number
Failure/Error: @resource[port] = 'ssh'
Puppet::Error:
Parameter dport failed: Munging failed for value "ssh" in class dport: no such service ssh/proto
# ./lib/puppet/type/../../puppet/util/firewall.rb:84:in `getservbyname'
# ./lib/puppet/type/../../puppet/util/firewall.rb:84:in `string_to_port'
# ./lib/puppet/type/firewall.rb:164:in `unsafe_munge'
# ./spec/unit/puppet/type/firewall_spec.rb:161
* Always convert the response .to_s
Sharif Nassar [Tue, 27 Nov 2012 19:39:59 +0000 (11:39 -0800)]
(#14463) Convert port Fixnum into strings
Avert errors like this:
Parameter dport failed: Munging failed for value 1194 in class dport: can’t convert Fixnum into String
Also, pass along the protocol so Socket can make well informed decisions.
Dan Carley [Mon, 19 Nov 2012 11:59:48 +0000 (03:59 -0800)]
Merge pull request #100 from mediatemple/16004-fix_uidgid
(#16004) uid/gid array_matching is contraindicated.
Sharif Nassar [Fri, 16 Nov 2012 20:49:18 +0000 (12:49 -0800)]
(#16004) array_matching is contraindicated.
With ":array_matching =>:all", uid/gid rules are reloaded with every
Puppet run. This is ugly and annoying, and arguably wrong.
sfozz [Fri, 24 Aug 2012 11:30:39 +0000 (12:30 +0100)]
Add missing class declaration
README.markdown was missing details about declaring 'my_fw::pre'
and 'my_fw::post' which caused folks following the example to see
the following error:
Could not find dependency Class[My_w::Pre] for Firewall[BLAH]
Ken Barber [Fri, 27 Jul 2012 19:59:44 +0000 (12:59 -0700)]
Merge pull request #91 from saysjonathan/rspec_new_api
rspec 2.11 compatibility
Jonathan Boyett [Fri, 27 Jul 2012 17:54:02 +0000 (10:54 -0700)]
rspec 2.11 compatibility
Dan Carley [Wed, 25 Jul 2012 08:56:28 +0000 (01:56 -0700)]
Merge pull request #89 from kbarber/ticket/master/10322-error_with_same_chain_diff_table
(#10322) Insert order hash included chains from different tables
Ken Barber [Tue, 24 Jul 2012 19:29:54 +0000 (20:29 +0100)]
(#10322) Insert order hash included chains from different tables
This fix corrects the insert_order handling to make sure that not only are
rules from the same chain evaulated, but we also check that the table
matches as well.
Ken Barber [Tue, 17 Jul 2012 12:23:39 +0000 (05:23 -0700)]
Merge pull request #87 from dcarley/15556-icmp6_codes
(#15556) Support for ICMP6 type code resolutions
Dan Carley [Fri, 6 Jul 2012 07:22:32 +0000 (08:22 +0100)]
(#15556) Support for ICMP6 type code resolutions
Add support for IPv6 ICMP code types as strings, which differ in mapping
from IPv4. A subset of the currently supported strings for IPv4 are
supported where applicable to the IPv6 specification.
Currently the only way of determining the protocol family is by whether the
provider is :iptables or :ip6tables. This can be changed within the type in
the future.
Ken Barber [Thu, 28 Jun 2012 22:32:55 +0000 (15:32 -0700)]
Merge pull request #86 from Whopper92/readme_best_practices
Update formatting of README to meet Puppet Labs best practices
Will Hopper [Thu, 28 Jun 2012 22:08:12 +0000 (15:08 -0700)]
Update formatting of README to meet Puppet Labs best practices
Code Review / puppet-modules / puppetlabs-firewall.git / log