aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.sync.yml4
-rw-r--r--.travis.yml12
-rw-r--r--data/Debian.yaml (renamed from data/Debian-10.yaml)0
-rw-r--r--hiera.yaml3
-rw-r--r--manifests/service.pp2
-rw-r--r--metadata.json7
-rw-r--r--spec/acceptance/ferm_spec.rb20
-rw-r--r--spec/classes/ferm_spec.rb6
-rw-r--r--spec/defines/chain_spec.rb2
-rw-r--r--spec/defines/rule_spec.rb2
10 files changed, 45 insertions, 13 deletions
diff --git a/.sync.yml b/.sync.yml
index 9be4265..4d38dc0 100644
--- a/.sync.yml
+++ b/.sync.yml
@@ -1,8 +1,10 @@
---
.travis.yml:
docker_sets:
- - set: centos7-64
+ - set: debian9-64
+ - set: debian10-64
- set: centos6-64
+ - set: centos7-64
- set: ubuntu1604-64
- set: ubuntu1804-64
secure: "J7AG0AHVdEVql4c7cwJZCjbXFp5tehPnlS3REkUKu9s3Px+XRb+073W7hM2alfxB5Qo3mqyMdgyjIRMQyXXqfb54QmDG6Y1XfRIcNK/C6TL9JscC7rXN1gXJhrdZiQOtfXa3HFcWJkbsQrjnPbQ5y+
diff --git a/.travis.yml b/.travis.yml
index 2b41c68..9fd66c1 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -25,6 +25,18 @@ matrix:
env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes
- rvm: 2.5.3
bundler_args: --without development release
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+ services: docker
+ - rvm: 2.5.3
+ bundler_args: --without development release
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+ services: docker
+ - rvm: 2.5.3
+ bundler_args: --without development release
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+ services: docker
+ - rvm: 2.5.3
+ bundler_args: --without development release
env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos6-64 BEAKER_HYPERVISOR=docker CHECK=beaker
services: docker
- rvm: 2.5.3
diff --git a/data/Debian-10.yaml b/data/Debian.yaml
index 1bc29fc..1bc29fc 100644
--- a/data/Debian-10.yaml
+++ b/data/Debian.yaml
diff --git a/hiera.yaml b/hiera.yaml
index 6b62091..aa8c6ec 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -15,8 +15,5 @@ hierarchy:
- name: 'Distribution Name'
path: '%{facts.os.name}.yaml'
- - name: 'Operating System Family'
- path: '%{facts.os.family}.yaml'
-
- name: 'common'
path: 'common.yaml'
diff --git a/manifests/service.pp b/manifests/service.pp
index f19997f..ad6fc47 100644
--- a/manifests/service.pp
+++ b/manifests/service.pp
@@ -12,7 +12,7 @@ class ferm::service {
}
# on Ubuntu, we can't start the service, unless we set ENABLED=true in /etc/default/ferm...
- if ($facts['os']['name'] == 'Ubuntu') {
+ if ($facts['os']['name'] in ['Ubuntu', 'Debian']) {
file_line{'enable_ferm':
path => '/etc/default/ferm',
line => 'ENABLED="yes"',
diff --git a/metadata.json b/metadata.json
index 6d90a53..103d15c 100644
--- a/metadata.json
+++ b/metadata.json
@@ -46,6 +46,13 @@
]
},
{
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "9",
+ "10"
+ ]
+ },
+ {
"operatingsystem": "Archlinux"
}
],
diff --git a/spec/acceptance/ferm_spec.rb b/spec/acceptance/ferm_spec.rb
index b0c41a5..c5018da 100644
--- a/spec/acceptance/ferm_spec.rb
+++ b/spec/acceptance/ferm_spec.rb
@@ -12,6 +12,20 @@ manage_initfile = case sut_os
false
end
+iptables_output = case sut_os
+ when 'Debian-10'
+ [
+ '-A INPUT -p tcp -m tcp --dport 22 -m comment --comment allow_acceptance_tests -j ACCEPT',
+ '-A INPUT -p tcp -m tcp --dport 80 -m comment --comment jump_http -j HTTP',
+ '-A HTTP -s 127.0.0.1/32 -p tcp -m tcp --dport 80 -m comment --comment allow_http_localhost -j ACCEPT'
+ ]
+ else
+ [
+ '-A INPUT -p tcp -m comment --comment ["]*allow_acceptance_tests["]* -m tcp --dport 22 -j ACCEPT',
+ '-A INPUT -p tcp -m comment --comment ["]*jump_http["]* -m tcp --dport 80 -j HTTP',
+ '-A HTTP -s 127.0.0.1/32 -p tcp -m comment --comment ["]*allow_http_localhost["]* -m tcp --dport 80 -j ACCEPT'
+ ]
+ end
basic_manifest = %(
class { 'ferm':
manage_service => true,
@@ -57,7 +71,7 @@ describe 'ferm' do
describe iptables do
it do
- is_expected.to have_rule('-A INPUT -p tcp -m comment --comment ["]*allow_acceptance_tests["]* -m tcp --dport 22 -j ACCEPT'). \
+ is_expected.to have_rule(iptables_output[0]). \
with_table('filter'). \
with_chain('INPUT')
end
@@ -97,12 +111,12 @@ describe 'ferm' do
describe iptables do
it do
- is_expected.to have_rule('-A INPUT -p tcp -m comment --comment ["]*jump_http["]* -m tcp --dport 80 -j HTTP'). \
+ is_expected.to have_rule(iptables_output[1]). \
with_table('filter'). \
with_chain('INPUT')
end
it do
- is_expected.to have_rule('-A HTTP -s 127.0.0.1/32 -p tcp -m comment --comment ["]*allow_http_localhost["]* -m tcp --dport 80 -j ACCEPT'). \
+ is_expected.to have_rule(iptables_output[2]). \
with_table('filter'). \
with_chain('HTTP')
end
diff --git a/spec/classes/ferm_spec.rb b/spec/classes/ferm_spec.rb
index 225577b..3257fca 100644
--- a/spec/classes/ferm_spec.rb
+++ b/spec/classes/ferm_spec.rb
@@ -17,7 +17,7 @@ describe 'ferm' do
it { is_expected.to contain_class('ferm::service') }
it { is_expected.to contain_class('ferm::install') }
it { is_expected.to contain_package('ferm') }
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_file('/etc/ferm/ferm.d') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') }
@@ -51,7 +51,7 @@ describe 'ferm' do
{ manage_configfile: true }
end
- if facts[:os]['name'] == 'Ubuntu' || facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['family'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.conf') }
@@ -102,7 +102,7 @@ describe 'ferm' do
it { is_expected.to contain_concat__fragment('filter-INPUT-policy') }
it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') }
it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') }
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') }
diff --git a/spec/defines/chain_spec.rb b/spec/defines/chain_spec.rb
index 4a598b3..1a6bb44 100644
--- a/spec/defines/chain_spec.rb
+++ b/spec/defines/chain_spec.rb
@@ -30,7 +30,7 @@ describe 'ferm::chain', type: :define do
is_expected.to contain_concat__fragment('filter-INPUT2-footer'). \
with_content(%r{LOG log-prefix 'INPUT2: ';})
end
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-INPUT2.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-INPUT2.conf') }
diff --git a/spec/defines/rule_spec.rb b/spec/defines/rule_spec.rb
index 33ce169..5e4ad69 100644
--- a/spec/defines/rule_spec.rb
+++ b/spec/defines/rule_spec.rb
@@ -161,7 +161,7 @@ describe 'ferm::rule', type: :define do
that_requires('Ferm::Chain[check-ssh]')
end
it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') }
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-SSH.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-SSH.conf') }