Add rspecs and travis integration

.fixtures.yml

@@ -0,0 +1,9 @@
+fixtures:
+  repositories:
+    "puppi": "git://github.com/example42/puppi.git"
+    "monitor": "git://github.com/example42/puppet-monitor.git"
+    "iptables": "git://github.com/example42/puppet-iptables.git"
+    "concat": "git://github.com/example42/puppet-concat.git"
+  symlinks:
+    "fail2ban": "#{source_dir}"
+

.gemfile

@@ -0,0 +1,6 @@
+source :rubygems
+
+puppetversion = ENV['PUPPET_VERSION']
+gem 'puppet', puppetversion, :require => false
+gem 'puppet-lint'
+gem 'puppetlabs_spec_helper', '>= 0.1.0'

.project

@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>fail2ban</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.xtext.ui.shared.xtextBuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.cloudsmith.geppetto.pp.dsl.ui.puppetNature</nature>
+		<nature>org.eclipse.xtext.ui.shared.xtextNature</nature>
+	</natures>
+</projectDescription>

.travis.yml

@@ -0,0 +1,23 @@
+language: ruby
+rvm:
+  - 1.8.7
+  - 1.9.3
+script:
+  - "rake spec SPEC_OPTS='--format documentation'"
+env:
+  - PUPPET_VERSION="~> 2.6.0"
+  - PUPPET_VERSION="~> 2.7.0"
+  - PUPPET_VERSION="~> 3.0.0"
+  - PUPPET_VERSION="~> 3.1.0"
+matrix:
+  exclude:
+    - rvm: 1.9.3
+      env: PUPPET_VERSION="~> 2.6.0"
+      gemfile: .gemfile
+    - rvm: 1.9.3
+      env: PUPPET_VERSION="~> 2.7.0"
+      gemfile: .gemfile
+gemfile: .gemfile
+notifications:
+  email:
+    - javier@netmanagers.com.ar

manifests/init.pp

@@ -166,27 +166,6 @@
 #   Can be defined also by the (top scope) variables $fail2ban_puppi_helper
 #   and $puppi_helper
 #
-# [*firewall*]
-#   Set to 'true' to enable firewalling of the services provided by the module
-#   Can be defined also by the (top scope) variables $fail2ban_firewall
-#   and $firewall
-#
-# [*firewall_tool*]
-#   Define which firewall tool(s) (ad defined in Example42 firewall module)
-#   you want to use to open firewall for fail2ban port(s)
-#   Can be defined also by the (top scope) variables $fail2ban_firewall_tool
-#   and $firewall_tool
-#
-# [*firewall_src*]
-#   Define which source ip/net allow for firewalling fail2ban. Default: 0.0.0.0/0
-#   Can be defined also by the (top scope) variables $fail2ban_firewall_src
-#   and $firewall_src
-#
-# [*firewall_dst*]
-#   Define which destination ip to use for firewalling. Default: $ipaddress
-#   Can be defined also by the (top scope) variables $fail2ban_firewall_dst
-#   and $firewall_dst
-#
 # [*debug*]
 #   Set to 'true' to enable modules debugging
 #   Can be defined also by the (top scope) variables $fail2ban_debug and $debug
@@ -258,18 +237,6 @@
 # [*log_file*]
 #   Log file(s). Used by puppi
 #
-# [*port*]
-#   The listening port, if any, of the service.
-#   This is used by monitor, firewall and puppi (optional) components
-#   Note: This doesn't necessarily affect the service configuration file
-#   Can be defined also by the (top scope) variable $fail2ban_port
-#
-# [*protocol*]
-#   The protocol used by the the service.
-#   This is used by monitor, firewall and puppi (optional) components
-#   Can be defined also by the (top scope) variable $fail2ban_protocol
-#
-#
 # == Examples
 #
 # You can use this class in 2 ways:
@@ -323,8 +290,6 @@ class fail2ban (
   $data_dir              = params_lookup( 'data_dir' ),
   $log_dir               = params_lookup( 'log_dir' ),
   $log_file              = params_lookup( 'log_file' ),
-  $port                  = params_lookup( 'port' ),
-  $protocol              = params_lookup( 'protocol' ),
   $ignoreip              = params_lookup( 'ignoreip' ),
   $bantime               = params_lookup( 'bantime' ),
   $findtime              = params_lookup( 'findtime' ),
@@ -354,7 +319,6 @@ class fail2ban (
   $bool_disableboot=any2bool($disableboot)
   $bool_monitor=any2bool($monitor)
   $bool_puppi=any2bool($puppi)
-  $bool_firewall=any2bool($firewall)
   $bool_debug=any2bool($debug)
   $bool_audit_only=any2bool($audit_only)
   $bool_noops=any2bool($noops)
@@ -402,13 +366,6 @@ class fail2ban (
     $manage_monitor = true
   }
 
-  if $fail2ban::bool_absent == true
-  or $fail2ban::bool_disable == true {
-    $manage_firewall = false
-  } else {
-    $manage_firewall = true
-  }
-
   $manage_audit = $fail2ban::bool_audit_only ? {
     true  => 'all',
     false => undef,
@@ -540,22 +497,6 @@ class fail2ban (
   }
 
 
-  ### Firewall management, if enabled ( firewall => true )
-  if $fail2ban::bool_firewall == true and $fail2ban::port != '' {
-    firewall { "fail2ban_${fail2ban::protocol}_${fail2ban::port}":
-      source      => $fail2ban::firewall_src,
-      destination => $fail2ban::firewall_dst,
-      protocol    => $fail2ban::protocol,
-      port        => $fail2ban::port,
-      action      => 'allow',
-      direction   => 'input',
-      tool        => $fail2ban::firewall_tool,
-      enable      => $fail2ban::manage_firewall,
-      noop        => $fail2ban::bool_noops,
-    }
-  }
-
-
   ### Debugging, if enabled ( debug => true )
   if $fail2ban::bool_debug == true {
     file { 'debug_fail2ban':

manifests/params.pp

@@ -120,9 +120,6 @@ class fail2ban::params {
   $jails_template_header = 'fail2ban/concat/jail.local-header.erb'
   $jails_template_footer = 'fail2ban/concat/jail.local-footer.erb'
 
-  $protocol  = ''
-  $port = ''
-
   # General Settings
   $my_class = ''
   $source = ''
@@ -140,10 +137,6 @@ class fail2ban::params {
   $monitor = false
   $monitor_tool = ''
   $monitor_target = $::ipaddress
-  $firewall = false
-  $firewall_tool = ''
-  $firewall_src = '0.0.0.0/0'
-  $firewall_dst = $::ipaddress
   $puppi = false
   $puppi_helper = 'standard'
   $debug = false

spec/classes/fail2ban_spec.rb

@@ -18,56 +18,50 @@ describe 'fail2ban' do
     it { should contain_package('fail2ban').with_ensure('1.0.42') }
   end
 
-  describe 'Test standard installation with monitoring and firewalling' do
-    let(:params) { {:monitor => true , :firewall => true, :port => '42', :protocol => 'tcp' } }
+  describe 'Test standard installation with monitoring' do
+    let(:params) { {:monitor => true } }
     it { should contain_package('fail2ban').with_ensure('present') }
     it { should contain_service('fail2ban').with_ensure('running') }
     it { should contain_service('fail2ban').with_enable('true') }
     it { should contain_file('fail2ban.conf').with_ensure('present') }
     it { should contain_monitor__process('fail2ban_process').with_enable('true') }
-    it { should contain_firewall('fail2ban_tcp_42').with_enable('true') }
   end
 
   describe 'Test decommissioning - absent' do
-    let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+    let(:params) { {:absent => true, :monitor => true } }
     it 'should remove Package[fail2ban]' do should contain_package('fail2ban').with_ensure('absent') end
     it 'should stop Service[fail2ban]' do should contain_service('fail2ban').with_ensure('stopped') end
     it 'should not enable at boot Service[fail2ban]' do should contain_service('fail2ban').with_enable('false') end
     it 'should remove fail2ban configuration file' do should contain_file('fail2ban.conf').with_ensure('absent') end
     it { should contain_monitor__process('fail2ban_process').with_enable('false') }
-    it { should contain_firewall('fail2ban_tcp_42').with_enable('false') }
   end
 
   describe 'Test decommissioning - disable' do
-    let(:params) { {:disable => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+    let(:params) { {:disable => true, :monitor => true } }
     it { should contain_package('fail2ban').with_ensure('present') }
     it 'should stop Service[fail2ban]' do should contain_service('fail2ban').with_ensure('stopped') end
     it 'should not enable at boot Service[fail2ban]' do should contain_service('fail2ban').with_enable('false') end
     it { should contain_file('fail2ban.conf').with_ensure('present') }
     it { should contain_monitor__process('fail2ban_process').with_enable('false') }
-    it { should contain_firewall('fail2ban_tcp_42').with_enable('false') }
   end
 
   describe 'Test decommissioning - disableboot' do
-    let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+    let(:params) { {:disableboot => true, :monitor => true } }
     it { should contain_package('fail2ban').with_ensure('present') }
     it { should_not contain_service('fail2ban').with_ensure('present') }
     it { should_not contain_service('fail2ban').with_ensure('absent') }
     it 'should not enable at boot Service[fail2ban]' do should contain_service('fail2ban').with_enable('false') end
     it { should contain_file('fail2ban.conf').with_ensure('present') }
     it { should contain_monitor__process('fail2ban_process').with_enable('false') }
-    it { should contain_firewall('fail2ban_tcp_42').with_enable('true') }
   end
 
   describe 'Test noops mode' do
-    let(:params) { {:noops => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} }
+    let(:params) { {:noops => true, :monitor => true } }
     it { should contain_package('fail2ban').with_noop('true') }
     it { should contain_service('fail2ban').with_noop('true') }
     it { should contain_file('fail2ban.conf').with_noop('true') }
     it { should contain_monitor__process('fail2ban_process').with_noop('true') }
     it { should contain_monitor__process('fail2ban_process').with_noop('true') }
-    it { should contain_monitor__port('fail2ban_tcp_42').with_noop('true') }
-    it { should contain_firewall('fail2ban_tcp_42').with_noop('true') }
   end
 
   describe 'Test customizations - template' do
@@ -117,39 +111,30 @@ describe 'fail2ban' do
     it { should contain_monitor__process('fail2ban_process').with_tool('puppi') }
   end
 
-  describe 'Test Firewall Tools Integration' do
-    let(:params) { {:firewall => true, :firewall_tool => "iptables" , :protocol => "tcp" , :port => "42" } }
-    it { should contain_firewall('fail2ban_tcp_42').with_tool('iptables') }
-  end
-
   describe 'Test OldGen Module Set Integration' do
-    let(:params) { {:monitor => "yes" , :monitor_tool => "puppi" , :firewall => "yes" , :firewall_tool => "iptables" , :puppi => "yes" , :port => "42" , :protocol => 'tcp' } }
+    let(:params) { {:monitor => "yes" , :monitor_tool => "puppi", :puppi => "yes" } }
     it { should contain_monitor__process('fail2ban_process').with_tool('puppi') }
-    it { should contain_firewall('fail2ban_tcp_42').with_tool('iptables') }
     it { should contain_puppi__ze('fail2ban').with_ensure('present') }
   end
 
   describe 'Test params lookup' do
     let(:facts) { { :monitor => true , :ipaddress => '10.42.42.42' } }
-    let(:params) { { :port => '42' } }
     it 'should honour top scope global vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end
   end
 
   describe 'Test params lookup' do
     let(:facts) { { :fail2ban_monitor => true , :ipaddress => '10.42.42.42' } }
-    let(:params) { { :port => '42' } }
     it 'should honour module specific vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end
   end
 
   describe 'Test params lookup' do
     let(:facts) { { :monitor => false , :fail2ban_monitor => true , :ipaddress => '10.42.42.42' } }
-    let(:params) { { :port => '42' } }
     it 'should honour top scope module specific over global vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end
   end
 
   describe 'Test params lookup' do
     let(:facts) { { :monitor => false , :ipaddress => '10.42.42.42' } }
-    let(:params) { { :monitor => true , :firewall => true, :port => '42' } }
+    let(:params) { { :monitor => true } }
     it 'should honour passed params over global vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end
   end