---
.travis.yml:
docker_sets:
- - set: centos7-64
+ - set: debian9-64
+ - set: debian10-64
- set: centos6-64
+ - set: centos7-64
- set: ubuntu1604-64
- set: ubuntu1804-64
secure: "J7AG0AHVdEVql4c7cwJZCjbXFp5tehPnlS3REkUKu9s3Px+XRb+073W7hM2alfxB5Qo3mqyMdgyjIRMQyXXqfb54QmDG6Y1XfRIcNK/C6TL9JscC7rXN1gXJhrdZiQOtfXa3HFcWJkbsQrjnPbQ5y+
- rvm: 2.4.4
bundler_args: --without system_tests development release
env: PUPPET_VERSION="~> 5.0" CHECK=build DEPLOY_TO_FORGE=yes
+ - rvm: 2.5.3
+ bundler_args: --without development release
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+ services: docker
+ - rvm: 2.5.3
+ bundler_args: --without development release
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian9-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+ services: docker
+ - rvm: 2.5.3
+ bundler_args: --without development release
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet6 BEAKER_debug=true BEAKER_setfile=debian10-64 BEAKER_HYPERVISOR=docker CHECK=beaker
+ services: docker
- rvm: 2.5.3
bundler_args: --without development release
env: PUPPET_INSTALL_TYPE=agent BEAKER_IS_PE=no BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_debug=true BEAKER_setfile=centos6-64 BEAKER_HYPERVISOR=docker CHECK=beaker
- name: 'Distribution Name'
path: '%{facts.os.name}.yaml'
- - name: 'Operating System Family'
- path: '%{facts.os.family}.yaml'
-
- name: 'common'
path: 'common.yaml'
}
# on Ubuntu, we can't start the service, unless we set ENABLED=true in /etc/default/ferm...
- if ($facts['os']['name'] == 'Ubuntu') {
+ if ($facts['os']['name'] in ['Ubuntu', 'Debian']) {
file_line{'enable_ferm':
path => '/etc/default/ferm',
line => 'ENABLED="yes"',
"26"
]
},
+ {
+ "operatingsystem": "Debian",
+ "operatingsystemrelease": [
+ "9",
+ "10"
+ ]
+ },
{
"operatingsystem": "Archlinux"
}
false
end
+iptables_output = case sut_os
+ when 'Debian-10'
+ [
+ '-A INPUT -p tcp -m tcp --dport 22 -m comment --comment allow_acceptance_tests -j ACCEPT',
+ '-A INPUT -p tcp -m tcp --dport 80 -m comment --comment jump_http -j HTTP',
+ '-A HTTP -s 127.0.0.1/32 -p tcp -m tcp --dport 80 -m comment --comment allow_http_localhost -j ACCEPT'
+ ]
+ else
+ [
+ '-A INPUT -p tcp -m comment --comment ["]*allow_acceptance_tests["]* -m tcp --dport 22 -j ACCEPT',
+ '-A INPUT -p tcp -m comment --comment ["]*jump_http["]* -m tcp --dport 80 -j HTTP',
+ '-A HTTP -s 127.0.0.1/32 -p tcp -m comment --comment ["]*allow_http_localhost["]* -m tcp --dport 80 -j ACCEPT'
+ ]
+ end
basic_manifest = %(
class { 'ferm':
manage_service => true,
describe iptables do
it do
- is_expected.to have_rule('-A INPUT -p tcp -m comment --comment ["]*allow_acceptance_tests["]* -m tcp --dport 22 -j ACCEPT'). \
+ is_expected.to have_rule(iptables_output[0]). \
with_table('filter'). \
with_chain('INPUT')
end
describe iptables do
it do
- is_expected.to have_rule('-A INPUT -p tcp -m comment --comment ["]*jump_http["]* -m tcp --dport 80 -j HTTP'). \
+ is_expected.to have_rule(iptables_output[1]). \
with_table('filter'). \
with_chain('INPUT')
end
it do
- is_expected.to have_rule('-A HTTP -s 127.0.0.1/32 -p tcp -m comment --comment ["]*allow_http_localhost["]* -m tcp --dport 80 -j ACCEPT'). \
+ is_expected.to have_rule(iptables_output[2]). \
with_table('filter'). \
with_chain('HTTP')
end
it { is_expected.to contain_class('ferm::service') }
it { is_expected.to contain_class('ferm::install') }
it { is_expected.to contain_package('ferm') }
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_file('/etc/ferm/ferm.d') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/definitions') }
it { is_expected.to contain_file('/etc/ferm/ferm.d/chains') }
{ manage_configfile: true }
end
- if facts[:os]['name'] == 'Ubuntu' || facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['family'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.conf') }
it { is_expected.to contain_concat__fragment('filter-INPUT-policy') }
it { is_expected.to contain_concat__fragment('filter-FORWARD-policy') }
it { is_expected.to contain_concat__fragment('filter-OUTPUT-policy') }
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-PREROUTING.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/raw-OUTPUT.conf') }
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/nat-PREROUTING.conf') }
is_expected.to contain_concat__fragment('filter-INPUT2-footer'). \
with_content(%r{LOG log-prefix 'INPUT2: ';})
end
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-INPUT2.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-INPUT2.conf') }
that_requires('Ferm::Chain[check-ssh]')
end
it { is_expected.to contain_concat__fragment('filter-INPUT-config-include') }
- if facts[:os]['release']['major'].to_i == 10
+ if facts[:os]['name'] == 'Debian'
it { is_expected.to contain_concat('/etc/ferm/ferm.d/chains/filter-SSH.conf') }
else
it { is_expected.to contain_concat('/etc/ferm.d/chains/filter-SSH.conf') }
projects / puppet-ferm.git / commitdiff