From 15a48462f078f89707ea26c00639af770c6d7aea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Sat, 25 Aug 2018 19:00:11 -0300 Subject: [PATCH] Refactor backend format, add backward compatibility, simple pkg testing See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098 --- firewalld/backend.sls | 30 ++++++++++++++++++++-- firewalld/defaults.yaml | 4 +-- pillar.example | 3 ++- test/integration/default/backend_spec.rb | 3 +++ test/integration/default/firewalld_spec.rb | 15 +++++++++++ test/integration/default/ipset_spec.rb | 3 +++ 6 files changed, 53 insertions(+), 5 deletions(-) create mode 100644 test/integration/default/backend_spec.rb create mode 100644 test/integration/default/ipset_spec.rb diff --git a/firewalld/backend.sls b/firewalld/backend.sls index 7190c89..9b9e37f 100644 --- a/firewalld/backend.sls +++ b/firewalld/backend.sls @@ -4,8 +4,34 @@ # {% from "firewalld/map.jinja" import firewalld with context %} -{%- if salt['pillar.get']('firewalld:installbackend') %} +{% set backend_manage = firewalld.backend.manage %} +{% set backend_pkg = firewalld.backend.pkg %} + +# Backward compatibility setting and deprecation notices +### Manage setting (old firewalld:installbackend) +{% if firewalld.installbackend is defined %} +firewalld-installbackend-deprecated: + test.show_notification: + - text: | + 'firewalld:installbackend' is deprecated. Set 'firewalld:backend:manage' instead. + See firewalld/pillar.example for more information + + {% set backend_manage = firewalld.installbackend %} +{% endif %} + +### Package setting (old firewalld:backendpackage) +{% if firewalld.backendpackage is defined %} +firewalld-backendpackage-deprecated: + test.show_notification: + - text: | + 'firewalld:backendpackage' is deprecated. Use 'firewalld:backend:pkg' instead + See firewalld/pillar.example for more information + + {% set backend_pkg = firewalld.backendpackage %} +{% endif %} + +{%- if backend_manage %} package_backend: pkg.installed: - - name: {{ firewalld.backendpackage }} + - name: {{ backend_pkg }} {%- endif %} diff --git a/firewalld/defaults.yaml b/firewalld/defaults.yaml index 73b7e7f..1334058 100644 --- a/firewalld/defaults.yaml +++ b/firewalld/defaults.yaml @@ -7,11 +7,11 @@ firewalld: config: /etc/firewalld.conf ipset: - manage: true + manage: false pkg: ipset backend: - manage: true + manage: false pkg: nftables ipsets: {} diff --git a/pillar.example b/pillar.example index 2abd4db..779e933 100644 --- a/pillar.example +++ b/pillar.example @@ -5,7 +5,8 @@ firewalld: manage: True pkg: ipset - installbackend: False + installbackend: True + backendpackage: nftables default_zone: public services: diff --git a/test/integration/default/backend_spec.rb b/test/integration/default/backend_spec.rb new file mode 100644 index 0000000..f27673a --- /dev/null +++ b/test/integration/default/backend_spec.rb @@ -0,0 +1,3 @@ +describe package('nftables') do + it { should be_installed } +end diff --git a/test/integration/default/firewalld_spec.rb b/test/integration/default/firewalld_spec.rb index 07d3a60..ef81e55 100644 --- a/test/integration/default/firewalld_spec.rb +++ b/test/integration/default/firewalld_spec.rb @@ -1,3 +1,18 @@ +describe package('firewalld') do + it { should be_installed } +end + describe service('firewalld') do + it { should be_enabled } it { should be_running } end + +describe service('iptables') do + it { should_not be_enabled } + it { should_not be_running } +end + +describe service('ip6tables') do + it { should_not be_enabled } + it { should_not be_running } +end diff --git a/test/integration/default/ipset_spec.rb b/test/integration/default/ipset_spec.rb new file mode 100644 index 0000000..3a45f32 --- /dev/null +++ b/test/integration/default/ipset_spec.rb @@ -0,0 +1,3 @@ +describe package('ipset') do + it { should be_installed } +end