Refactor backend format, add backward compatibility, simple pkg testing

See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
This commit is contained in:
Javier Bértoli 2018-08-25 19:00:11 -03:00
parent d3928d1be0
commit 15a48462f0
6 changed files with 53 additions and 5 deletions

View File

@ -4,8 +4,34 @@
# #
{% from "firewalld/map.jinja" import firewalld with context %} {% from "firewalld/map.jinja" import firewalld with context %}
{%- if salt['pillar.get']('firewalld:installbackend') %} {% set backend_manage = firewalld.backend.manage %}
{% set backend_pkg = firewalld.backend.pkg %}
# Backward compatibility setting and deprecation notices
### Manage setting (old firewalld:installbackend)
{% if firewalld.installbackend is defined %}
firewalld-installbackend-deprecated:
test.show_notification:
- text: |
'firewalld:installbackend' is deprecated. Set 'firewalld:backend:manage' instead.
See firewalld/pillar.example for more information
{% set backend_manage = firewalld.installbackend %}
{% endif %}
### Package setting (old firewalld:backendpackage)
{% if firewalld.backendpackage is defined %}
firewalld-backendpackage-deprecated:
test.show_notification:
- text: |
'firewalld:backendpackage' is deprecated. Use 'firewalld:backend:pkg' instead
See firewalld/pillar.example for more information
{% set backend_pkg = firewalld.backendpackage %}
{% endif %}
{%- if backend_manage %}
package_backend: package_backend:
pkg.installed: pkg.installed:
- name: {{ firewalld.backendpackage }} - name: {{ backend_pkg }}
{%- endif %} {%- endif %}

View File

@ -7,11 +7,11 @@ firewalld:
config: /etc/firewalld.conf config: /etc/firewalld.conf
ipset: ipset:
manage: true manage: false
pkg: ipset pkg: ipset
backend: backend:
manage: true manage: false
pkg: nftables pkg: nftables
ipsets: {} ipsets: {}

View File

@ -5,7 +5,8 @@ firewalld:
manage: True manage: True
pkg: ipset pkg: ipset
installbackend: False installbackend: True
backendpackage: nftables
default_zone: public default_zone: public
services: services:

View File

@ -0,0 +1,3 @@
describe package('nftables') do
it { should be_installed }
end

View File

@ -1,3 +1,18 @@
describe package('firewalld') do
it { should be_installed }
end
describe service('firewalld') do describe service('firewalld') do
it { should be_enabled }
it { should be_running } it { should be_running }
end end
describe service('iptables') do
it { should_not be_enabled }
it { should_not be_running }
end
describe service('ip6tables') do
it { should_not be_enabled }
it { should_not be_running }
end

View File

@ -0,0 +1,3 @@
describe package('ipset') do
it { should be_installed }
end