Refactor backend format, add backward compatibility, simple pkg testing

See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
2018-08-25 19:00:11 -03:00 · 2018-08-25 19:00:11 -03:00 · 15a48462f0
commit 15a48462f0
parent d3928d1be0
6 changed files with 53 additions and 5 deletions
--- a/firewalld/backend.sls
+++ b/firewalld/backend.sls
@ -4,8 +4,34 @@
 #
 {% from "firewalld/map.jinja" import firewalld with context %}

-{%- if salt['pillar.get']('firewalld:installbackend') %}
+{% set backend_manage = firewalld.backend.manage %}
+{% set backend_pkg = firewalld.backend.pkg %}
+
+# Backward compatibility setting and deprecation notices
+### Manage setting (old firewalld:installbackend)
+{% if firewalld.installbackend is defined %}
+firewalld-installbackend-deprecated:
+  test.show_notification:
+    - text: |
+        'firewalld:installbackend' is deprecated. Set 'firewalld:backend:manage' instead.
+        See firewalld/pillar.example for more information
+
+  {% set backend_manage = firewalld.installbackend %}
+{% endif %}
+
+### Package setting (old firewalld:backendpackage)
+{% if firewalld.backendpackage is defined %}
+firewalld-backendpackage-deprecated:
+  test.show_notification:
+    - text: |
+        'firewalld:backendpackage' is deprecated. Use 'firewalld:backend:pkg' instead
+        See firewalld/pillar.example for more information
+
+  {% set backend_pkg = firewalld.backendpackage %}
+{% endif %}
+
+{%- if backend_manage %}
 package_backend:
  pkg.installed:
-    - name: {{ firewalld.backendpackage }}
+    - name: {{ backend_pkg }}
 {%- endif %}
--- a/firewalld/defaults.yaml
+++ b/firewalld/defaults.yaml
@ -7,11 +7,11 @@ firewalld:
  config: /etc/firewalld.conf

  ipset:
-    manage: true
+    manage: false
    pkg: ipset

  backend:
-    manage: true
+    manage: false
    pkg: nftables

  ipsets: {}
--- a/pillar.example
+++ b/pillar.example
@ -5,7 +5,8 @@ firewalld:
    manage: True
    pkg: ipset

-  installbackend: False
+  installbackend: True
+  backendpackage: nftables
  default_zone: public

  services:
--- a/test/integration/default/backend_spec.rb
+++ b/test/integration/default/backend_spec.rb
@ -0,0 +1,3 @@
+describe package('nftables') do
+  it { should be_installed }
+end
--- a/test/integration/default/firewalld_spec.rb
+++ b/test/integration/default/firewalld_spec.rb
@ -1,3 +1,18 @@
+describe package('firewalld') do
+  it { should be_installed }
+end
+
 describe service('firewalld') do
+  it { should be_enabled }
  it { should be_running }
 end
+
+describe service('iptables') do
+  it { should_not be_enabled }
+  it { should_not be_running }
+end
+
+describe service('ip6tables') do
+  it { should_not be_enabled }
+  it { should_not be_running }
+end
--- a/test/integration/default/ipset_spec.rb
+++ b/test/integration/default/ipset_spec.rb
@ -0,0 +1,3 @@
+describe package('ipset') do
+  it { should be_installed }
+end