From bae5dfb69b047b1c13fcb8cb893ed311089e1f92 Mon Sep 17 00:00:00 2001
From: David Swan <david.swan@puppet.co.uk>
Date: Wed, 30 May 2018 12:38:37 +0100
Subject: [PATCH] [FM-6961] Removal of unsupported OS from firewall
---
manifests/linux/redhat.pp | 5 ---
metadata.json | 3 --
spec/acceptance/firewall_iptmodules_spec.rb | 2 +-
spec/acceptance/firewall_spec.rb | 34 ++--------------
spec/acceptance/firewall_tee_spec.rb | 2 +-
spec/acceptance/firewall_time_spec.rb | 2 +-
.../classes/firewall_linux_debian_spec.rb | 40 -------------------
spec/unit/classes/firewall_linux_spec.rb | 6 +--
.../iptables_persistent_version_spec.rb | 8 +---
9 files changed, 10 insertions(+), 92 deletions(-)
diff --git a/manifests/linux/redhat.pp b/manifests/linux/redhat.pp
index 80836ed..5002bb4 100644
--- a/manifests/linux/redhat.pp
+++ b/manifests/linux/redhat.pp
@@ -106,11 +106,6 @@ class firewall::linux::redhat (
case $::operatingsystem {
'CentOS': {
case $::operatingsystemrelease {
- /^5\..*/: {
- File["/etc/sysconfig/${service_name}"] { seluser => 'system_u', seltype => 'etc_t' }
- File["/etc/sysconfig/${service_name_v6}"] { seluser => 'system_u', seltype => 'etc_t' }
- }
-
/^6\..*/: {
File["/etc/sysconfig/${service_name}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' }
File["/etc/sysconfig/${service_name_v6}"] { seluser => 'unconfined_u', seltype => 'system_conf_t' }
diff --git a/metadata.json b/metadata.json
index 9b206e4..75c02f2 100644
--- a/metadata.json
+++ b/metadata.json
@@ -40,7 +40,6 @@
{
"operatingsystem": "Scientific",
"operatingsystemrelease": [
- "5",
"6",
"7"
]
@@ -55,8 +54,6 @@
{
"operatingsystem": "Debian",
"operatingsystemrelease": [
- "6",
- "7",
"8"
]
},
diff --git a/spec/acceptance/firewall_iptmodules_spec.rb b/spec/acceptance/firewall_iptmodules_spec.rb
index e2ee32c..0e189db 100644
--- a/spec/acceptance/firewall_iptmodules_spec.rb
+++ b/spec/acceptance/firewall_iptmodules_spec.rb
@@ -67,7 +67,7 @@ describe 'firewall iptmodules' do
end
# iptables version 1.3.5 is not suppored by the ip6tables provider
- if default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04}
+ if default['platform'] =~ %r{ubuntu-14\.04}
describe 'ip6tables ipt_modules tests' do
context 'when all the modules with multiple args' do
pp3 = <<-PUPPETCODE
diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb
index f4f4d0b..4bb93da 100644
--- a/spec/acceptance/firewall_spec.rb
+++ b/spec/acceptance/firewall_spec.rb
@@ -803,7 +803,7 @@ describe 'firewall basics', docker: true do
end
end
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles}
+ if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
describe 'checksum_fill' do
context 'when virbr' do
pp38 = <<-PUPPETCODE
@@ -1256,7 +1256,7 @@ describe 'firewall basics', docker: true do
end
# ip6tables has limited `-m socket` support
- if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{ubuntu-10\.04} && default['platform'] !~ %r{debian-6} && default['platform'] !~ %r{sles}
+ if default['platform'] !~ %r{el-5} && default['platform'] !~ %r{sles}
describe 'socket' do
context 'when true' do
pp56 = <<-PUPPETCODE
@@ -1448,7 +1448,7 @@ describe 'firewall basics', docker: true do
end
# ip6tables only supports ipset, addrtype, and mask on a limited set of platforms
- if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{ubuntu-14\.04}
+ if default['platform'] =~ %r{el-7} || default['platform'] =~ %r{ubuntu-14\.04}
# ipset is really difficult to test, just testing on one platform
if default['platform'] =~ %r{ubuntu-14\.04}
describe 'ipset' do
@@ -1506,34 +1506,6 @@ describe 'firewall basics', docker: true do
end
end
- # mask isn't supported on deb7
- if default['platform'] !~ %r{debian-7}
- describe 'mask' do
- pp64 = <<-PUPPETCODE
- class { '::firewall': }
- firewall { '613 - test':
- recent => 'update',
- rseconds => 60,
- rsource => true,
- rname => 'test',
- action => 'drop',
- chain => 'FORWARD',
- mask => 'ffff::',
- provider => 'ip6tables',
- }
- PUPPETCODE
- it 'applies' do
- apply_manifest(pp64, catch_failures: true)
- end
-
- it 'contains the rule' do
- shell('ip6tables-save') do |r|
- expect(r.stdout).to match(%r{-A FORWARD -p tcp -m recent --update --seconds 60 --name test --mask ffff:: --rsource -m comment --comment "613 - test" -j DROP})
- end
- end
- end
- end
-
['dst_type', 'src_type'].each do |type|
describe type.to_s do
context 'when MULTICAST' do
diff --git a/spec/acceptance/firewall_tee_spec.rb b/spec/acceptance/firewall_tee_spec.rb
index 779f56d..3a59683 100644
--- a/spec/acceptance/firewall_tee_spec.rb
+++ b/spec/acceptance/firewall_tee_spec.rb
@@ -6,7 +6,7 @@ describe 'firewall tee' do
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{ubuntu-1204} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
+ if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
describe 'tee_gateway' do
context 'when 10.0.0.2' do
pp1 = <<-PUPPETCODE
diff --git a/spec/acceptance/firewall_time_spec.rb b/spec/acceptance/firewall_time_spec.rb
index 5d39eed..8c55429 100644
--- a/spec/acceptance/firewall_time_spec.rb
+++ b/spec/acceptance/firewall_time_spec.rb
@@ -6,7 +6,7 @@ describe 'firewall time' do
ip6tables_flush_all_tables
end
- if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-7} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
+ if default['platform'] =~ %r{ubuntu-1404} || default['platform'] =~ %r{debian-8} || default['platform'] =~ %r{el-7}
describe 'time tests ipv4' do
context 'when set all time parameters' do
pp1 = <<-PUPPETCODE
diff --git a/spec/unit/classes/firewall_linux_debian_spec.rb b/spec/unit/classes/firewall_linux_debian_spec.rb
index 81b81a2..a58e3c5 100644
--- a/spec/unit/classes/firewall_linux_debian_spec.rb
+++ b/spec/unit/classes/firewall_linux_debian_spec.rb
@@ -1,46 +1,6 @@
require 'spec_helper'
describe 'firewall::linux::debian', type: :class do
- context 'with Debian 7' do
- let(:facts) do
- {
- osfamily: 'Debian',
- operatingsystem: 'Debian',
- operatingsystemrelease: '7.0',
- }
- end
-
- it {
- is_expected.to contain_package('iptables-persistent').with(
- ensure: 'present',
- )
- }
- it {
- is_expected.to contain_service('iptables-persistent').with(
- ensure: nil,
- enable: 'true',
- require: 'Package[iptables-persistent]',
- )
- }
- end
-
- context 'with deb7 enable => false' do
- let(:facts) do
- {
- osfamily: 'Debian',
- operatingsystem: 'Debian',
- operatingsystemrelease: '7.0',
- }
- end
- let(:params) { { enable: 'false' } }
-
- it {
- is_expected.to contain_service('iptables-persistent').with(
- enable: 'false',
- )
- }
- end
-
context 'with Debian 8' do
let(:facts) do
{
diff --git a/spec/unit/classes/firewall_linux_spec.rb b/spec/unit/classes/firewall_linux_spec.rb
index 2fbb462..c44600d 100644
--- a/spec/unit/classes/firewall_linux_spec.rb
+++ b/spec/unit/classes/firewall_linux_spec.rb
@@ -1,9 +1,9 @@
require 'spec_helper'
describe 'firewall::linux', type: :class do
- ['RedHat', 'CentOS', 'Fedora'].each do |os|
+ ['RedHat', 'CentOS'].each do |os|
context "Redhat Like: operatingsystem => #{os}" do
- releases = ((os == 'Fedora') ? ['14', '15', 'Rawhide'] : ['6', '7'])
+ releases = ['6', '7']
releases.each do |osrel|
context "operatingsystemrelease => #{osrel}" do
let(:facts) do
@@ -26,7 +26,7 @@ describe 'firewall::linux', type: :class do
['Debian', 'Ubuntu'].each do |os|
context "Debian Like: operatingsystem => #{os}" do
- releases = ((os == 'Debian') ? ['6', '7', '8'] : ['10.04', '12.04', '14.04'])
+ releases = ((os == 'Debian') ? ['8'] : ['14.04'])
releases.each do |osrel|
let(:facts) do
{
diff --git a/spec/unit/facter/iptables_persistent_version_spec.rb b/spec/unit/facter/iptables_persistent_version_spec.rb
index a0aeca1..880487c 100644
--- a/spec/unit/facter/iptables_persistent_version_spec.rb
+++ b/spec/unit/facter/iptables_persistent_version_spec.rb
@@ -7,15 +7,9 @@ describe 'Facter::Util::Fact iptables_persistent_version' do
let(:dpkg_cmd) { "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null" }
{
- 'Debian' => '0.0.20090701',
'Ubuntu' => '0.5.3ubuntu2',
}.each do |os, ver|
-
- if os == 'Debian'
- os_release = '7.0'
- elsif os == 'Ubuntu'
- os_release = '14.04'
- end
+ os_release = '14.04'
describe "#{os} package installed" do
before(:each) do
--
2.45.2