diff options
-rw-r--r-- | .sync.yml | 4 | ||||
-rw-r--r-- | .travis.yml | 12 | ||||
-rw-r--r-- | data/Debian.yaml (renamed from data/Debian-10.yaml) | 0 | ||||
-rw-r--r-- | hiera.yaml | 3 | ||||
-rw-r--r-- | manifests/service.pp | 2 | ||||
-rw-r--r-- | metadata.json | 7 | ||||
-rw-r--r-- | spec/acceptance/ferm_spec.rb | 20 | ||||
-rw-r--r-- | spec/classes/ferm_spec.rb | 6 | ||||
-rw-r--r-- | spec/defines/chain_spec.rb | 2 | ||||
-rw-r--r-- | spec/defines/rule_spec.rb | 2 |
10 files changed, 45 insertions, 13 deletions
@@ -1,8 +1,10 @@ --- .travis.yml: docker_sets: - - set: centos7-64 + - set: debian9-64 + - set: debian10-64 - set: centos6-64 + - set: centos7-64 - set: ubuntu1604-64 - set: ubuntu1804-64 secure: "J7AG0AHVdEVql4c7cwJZCjbXFp5tehPnlS3REkUKu9s3Px+XRb+073W7hM2alfxB5Qo3mqyMdgyjIRMQyXXqfb54QmDG6Y1XfRIcNK/C6TL9JscC7rXN1gXJhrdZiQOtfXa3HFcWJkbsQrjnPbQ5y+ diff --git a/.travis.yml b/.travis.yml index 2b41c68..9fd66c1 100644 --- a/.travis.yml +++ b/.travis.yml @@ -25,6 +25,18 @@ matrix: env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes - rvm: 2.5.3 bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release + env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker + services: docker + - rvm: 2.5.3 + bundler_args: --without development release env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos6-64 BEAKER_HYPERVISOR=docker CHECK=beaker services: docker - rvm: 2.5.3 diff --git a/data/Debian-10.yaml b/data/Debian.yaml index 1bc29fc..1bc29fc 100644 --- a/data/Debian-10.yaml +++ b/data/Debian.yaml @@ -15,8 +15,5 @@ hierarchy: - name: 'Distribution Name' path: '%{facts.os.name}.yaml' - - name: 'Operating System Family' - path: '%{facts.os.family}.yaml' - - name: 'common' path: 'common.yaml' diff --git a/manifests/service.pp b/manifests/service.pp index f19997f..ad6fc47 100644 --- a/manifests/service.pp +++ b/manifests/service.pp @@ -12,7 +12,7 @@ class ferm::service { } # on Ubuntu, we can't start the service, unless we set ENABLED=true in /etc/default/ferm... - if ($facts['os']['name'] == 'Ubuntu') { + if ($facts['os']['name'] in ['Ubuntu', 'Debian']) { file_line{'enable_ferm': path => '/etc/default/ferm', line => 'ENABLED="yes"', diff --git a/metadata.json b/metadata.json index 6d90a53..103d15c 100644 --- a/metadata.json +++ b/metadata.json @@ -46,6 +46,13 @@ ] }, { + "operatingsystem": "Debian", + "operatingsystemrelease": [ + "9", + "10" + ] + }, + { "operatingsystem": "Archlinux" } ], diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb index b0c41a5..c5018da 100644 --- a/spec/acceptance/ferm_spec.rb +++ b/spec/acceptance/ferm_spec.rb @@ -12,6 +12,20 @@ manage_initfile = case sut_os false end +iptables_output = case sut_os + when 'Debian-10' + [ + '-A INPUT -p tcp -m tcp --dport 22 -m comment --comment allow_acceptance_tests -j ACCEPT', + '-A INPUT -p tcp -m tcp --dport 80 -m comment --comment jump_http -j HTTP', + '-A HTTP -s 127.0.0.1/32 -p tcp -m tcp --dport 80 -m comment --comment allow_http_localhost -j ACCEPT' + ] + else + [ + '-A INPUT -p tcp -m comment --comment ["]*allow_acceptance_tests["]* -m tcp --dport 22 -j ACCEPT', + '-A INPUT -p tcp -m comment --comment ["]*jump_http["]* -m tcp --dport 80 -j HTTP', + '-A HTTP -s 127.0.0.1/32 -p tcp -m comment --comment ["]*allow_http_localhost["]* -m tcp --dport 80 -j ACCEPT' + ] + end basic_manifest = %( class { 'ferm': manage_service => true, @@ -57,7 +71,7 @@ describe 'ferm' do describe iptables do it do - is_expected.to have_rule('-A INPUT -p tcp -m comment --comment ["]*allow_acceptance_tests["]* -m tcp --dport 22 -j ACCEPT'). \ + is_expected.to have_rule(iptables_output[0]). \ with_table('filter'). \ with_chain('INPUT') end @@ -97,12 +111,12 @@ describe 'ferm' do describe iptables do it do - is_expected.to have_rule('-A INPUT -p tcp -m comment --comment ["]*jump_http["]* -m tcp --dport 80 -j HTTP'). \ + is_expected.to have_rule(iptables_output[1]). \ with_table('filter'). \ with_chain('INPUT') end it do - is_expected.to have_rule('-A HTTP -s 127.0.0.1/32 -p tcp -m comment --comment ["]*allow_http_localhost["]* -m tcp --dport 80 -j ACCEPT'). \ + is_expected.to have_rule(iptables_output[2]). \ with_table('filter'). \ with_chain('HTTP') end diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb index 225577b..3257fca 100644 --- a/spec/classes/ferm_spec.rb +++ b/spec/classes/ferm_spec.rb @@ -17,7 +17,7 @@ describe 'ferm' do it { is_expected.to contain_class('ferm::service') } it { is_expected.to contain_class('ferm::install') } it { is_expected.to contain_package('ferm') } - if facts[:os]['release']['major'].to_i == 10 + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_file('/etc/ferm/ferm.d') } it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') } it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') } @@ -51,7 +51,7 @@ describe 'ferm' do { manage_configfile: true } end - if facts[:os]['name'] == 'Ubuntu' || facts[:os]['release']['major'].to_i == 10 + if facts[:os]['family'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.conf') } else it { is_expected.to contain_concat('/etc/ferm.conf') } @@ -102,7 +102,7 @@ describe 'ferm' do it { is_expected.to contain_concat__fragment('filter-INPUT-policy') } it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') } it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') } - if facts[:os]['release']['major'].to_i == 10 + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') } it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') } diff --git a/spec/defines/chain_spec.rb b/spec/defines/chain_spec.rb index 4a598b3..1a6bb44 100644 --- a/spec/defines/chain_spec.rb +++ b/spec/defines/chain_spec.rb @@ -30,7 +30,7 @@ describe 'ferm::chain', type: :define do is_expected.to contain_concat__fragment('filter-INPUT2-footer'). \ with_content(%r{LOG log-prefix 'INPUT2: ';}) end - if facts[:os]['release']['major'].to_i == 10 + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-INPUT2.conf') } else it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-INPUT2.conf') } diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb index 33ce169..5e4ad69 100644 --- a/spec/defines/rule_spec.rb +++ b/spec/defines/rule_spec.rb @@ -161,7 +161,7 @@ describe 'ferm::rule', type: :define do that_requires('Ferm::Chain[check-ssh]') end it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') } - if facts[:os]['release']['major'].to_i == 10 + if facts[:os]['name'] == 'Debian' it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-SSH.conf') } else it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-SSH.conf') } |