saltstack-formulas/firewalld-formula
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor backend format, add backward compatibility, simple pkg testing

Browse Source 
See https://github.com/saltstack-formulas/firewalld-formula/pull/21#pullrequestreview-146958098
This commit is contained in:
Javier Bértoli 2018-08-25 19:00:11 -03:00
parent d3928d1be0
commit 15a48462f0
6 changed files with 53 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
firewalld/backend.sls
View File

@ -4,8 +4,34 @@
# #
{% from "firewalld/map.jinja" import firewalld with context %} {% from "firewalld/map.jinja" import firewalld with context %}
{%- if salt['pillar.get']('firewalld:installbackend') %} {% set backend_manage = firewalld.backend.manage %}
{% set backend_pkg = firewalld.backend.pkg %}
# Backward compatibility setting and deprecation notices
### Manage setting (old firewalld:installbackend)
{% if firewalld.installbackend is defined %}
firewalld-installbackend-deprecated:
test.show_notification:
- text: |
'firewalld:installbackend' is deprecated. Set 'firewalld:backend:manage' instead.
See firewalld/pillar.example for more information
{% set backend_manage = firewalld.installbackend %}
{% endif %}
### Package setting (old firewalld:backendpackage)
{% if firewalld.backendpackage is defined %}
firewalld-backendpackage-deprecated:
test.show_notification:
- text: |
'firewalld:backendpackage' is deprecated. Use 'firewalld:backend:pkg' instead
See firewalld/pillar.example for more information
{% set backend_pkg = firewalld.backendpackage %}
{% endif %}
{%- if backend_manage %}
package_backend: package_backend:
pkg.installed: pkg.installed:
- name: {{ firewalld.backendpackage }} - name: {{ backend_pkg }}
{%- endif %} {%- endif %}

4
firewalld/defaults.yaml
View File

@ -7,11 +7,11 @@ firewalld:
config: /etc/firewalld.conf config: /etc/firewalld.conf
ipset: ipset:
manage: true manage: false
pkg: ipset pkg: ipset
backend: backend:
manage: true manage: false
pkg: nftables pkg: nftables
ipsets: {} ipsets: {}

3
pillar.example
View File

@ -5,7 +5,8 @@ firewalld:
manage: True manage: True
pkg: ipset pkg: ipset
installbackend: False installbackend: True
backendpackage: nftables
default_zone: public default_zone: public
services: services:

3
test/integration/default/backend_spec.rb Normal file
View File

@ -0,0 +1,3 @@
describe package('nftables') do
it { should be_installed }
end

15
test/integration/default/firewalld_spec.rb
View File

@ -1,3 +1,18 @@
describe package('firewalld') do
it { should be_installed }
end
describe service('firewalld') do describe service('firewalld') do
it { should be_enabled }
it { should be_running } it { should be_running }
end end
describe service('iptables') do
it { should_not be_enabled }
it { should_not be_running }
end
describe service('ip6tables') do
it { should_not be_enabled }
it { should_not be_running }
end

3
test/integration/default/ipset_spec.rb Normal file
View File

@ -0,0 +1,3 @@
describe package('ipset') do
it { should be_installed }
end