From 9a1a8a188a3c28e31d841ab9894fe2206ad83776 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20B=C3=A9rtoli?= Date: Sat, 27 Apr 2013 15:04:40 -0300 Subject: [PATCH] Add rspecs and travis integration --- .fixtures.yml | 9 +++ .gemfile | 6 ++ .project | 23 ++++++++ .travis.yml | 23 ++++++++ manifests/init.pp | 59 ------------------- manifests/params.pp | 7 --- .../{standard42_spec.rb => fail2ban_spec.rb} | 31 +++------- 7 files changed, 69 insertions(+), 89 deletions(-) create mode 100644 .fixtures.yml create mode 100644 .gemfile create mode 100644 .project create mode 100644 .travis.yml rename spec/classes/{standard42_spec.rb => fail2ban_spec.rb} (79%) diff --git a/.fixtures.yml b/.fixtures.yml new file mode 100644 index 0000000..daca73c --- /dev/null +++ b/.fixtures.yml @@ -0,0 +1,9 @@ +fixtures: + repositories: + "puppi": "git://github.com/example42/puppi.git" + "monitor": "git://github.com/example42/puppet-monitor.git" + "iptables": "git://github.com/example42/puppet-iptables.git" + "concat": "git://github.com/example42/puppet-concat.git" + symlinks: + "fail2ban": "#{source_dir}" + diff --git a/.gemfile b/.gemfile new file mode 100644 index 0000000..459723a --- /dev/null +++ b/.gemfile @@ -0,0 +1,6 @@ +source :rubygems + +puppetversion = ENV['PUPPET_VERSION'] +gem 'puppet', puppetversion, :require => false +gem 'puppet-lint' +gem 'puppetlabs_spec_helper', '>= 0.1.0' diff --git a/.project b/.project new file mode 100644 index 0000000..927c980 --- /dev/null +++ b/.project @@ -0,0 +1,23 @@ + + + fail2ban + + + + + + org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder + + + + + org.eclipse.xtext.ui.shared.xtextBuilder + + + + + + org.cloudsmith.geppetto.pp.dsl.ui.puppetNature + org.eclipse.xtext.ui.shared.xtextNature + + diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 0000000..79528a4 --- /dev/null +++ b/.travis.yml @@ -0,0 +1,23 @@ +language: ruby +rvm: + - 1.8.7 + - 1.9.3 +script: + - "rake spec SPEC_OPTS='--format documentation'" +env: + - PUPPET_VERSION="~> 2.6.0" + - PUPPET_VERSION="~> 2.7.0" + - PUPPET_VERSION="~> 3.0.0" + - PUPPET_VERSION="~> 3.1.0" +matrix: + exclude: + - rvm: 1.9.3 + env: PUPPET_VERSION="~> 2.6.0" + gemfile: .gemfile + - rvm: 1.9.3 + env: PUPPET_VERSION="~> 2.7.0" + gemfile: .gemfile +gemfile: .gemfile +notifications: + email: + - javier@netmanagers.com.ar diff --git a/manifests/init.pp b/manifests/init.pp index 9e6cef0..dbc9a6d 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -166,27 +166,6 @@ # Can be defined also by the (top scope) variables $fail2ban_puppi_helper # and $puppi_helper # -# [*firewall*] -# Set to 'true' to enable firewalling of the services provided by the module -# Can be defined also by the (top scope) variables $fail2ban_firewall -# and $firewall -# -# [*firewall_tool*] -# Define which firewall tool(s) (ad defined in Example42 firewall module) -# you want to use to open firewall for fail2ban port(s) -# Can be defined also by the (top scope) variables $fail2ban_firewall_tool -# and $firewall_tool -# -# [*firewall_src*] -# Define which source ip/net allow for firewalling fail2ban. Default: 0.0.0.0/0 -# Can be defined also by the (top scope) variables $fail2ban_firewall_src -# and $firewall_src -# -# [*firewall_dst*] -# Define which destination ip to use for firewalling. Default: $ipaddress -# Can be defined also by the (top scope) variables $fail2ban_firewall_dst -# and $firewall_dst -# # [*debug*] # Set to 'true' to enable modules debugging # Can be defined also by the (top scope) variables $fail2ban_debug and $debug @@ -258,18 +237,6 @@ # [*log_file*] # Log file(s). Used by puppi # -# [*port*] -# The listening port, if any, of the service. -# This is used by monitor, firewall and puppi (optional) components -# Note: This doesn't necessarily affect the service configuration file -# Can be defined also by the (top scope) variable $fail2ban_port -# -# [*protocol*] -# The protocol used by the the service. -# This is used by monitor, firewall and puppi (optional) components -# Can be defined also by the (top scope) variable $fail2ban_protocol -# -# # == Examples # # You can use this class in 2 ways: @@ -323,8 +290,6 @@ class fail2ban ( $data_dir = params_lookup( 'data_dir' ), $log_dir = params_lookup( 'log_dir' ), $log_file = params_lookup( 'log_file' ), - $port = params_lookup( 'port' ), - $protocol = params_lookup( 'protocol' ), $ignoreip = params_lookup( 'ignoreip' ), $bantime = params_lookup( 'bantime' ), $findtime = params_lookup( 'findtime' ), @@ -354,7 +319,6 @@ class fail2ban ( $bool_disableboot=any2bool($disableboot) $bool_monitor=any2bool($monitor) $bool_puppi=any2bool($puppi) - $bool_firewall=any2bool($firewall) $bool_debug=any2bool($debug) $bool_audit_only=any2bool($audit_only) $bool_noops=any2bool($noops) @@ -402,13 +366,6 @@ class fail2ban ( $manage_monitor = true } - if $fail2ban::bool_absent == true - or $fail2ban::bool_disable == true { - $manage_firewall = false - } else { - $manage_firewall = true - } - $manage_audit = $fail2ban::bool_audit_only ? { true => 'all', false => undef, @@ -540,22 +497,6 @@ class fail2ban ( } - ### Firewall management, if enabled ( firewall => true ) - if $fail2ban::bool_firewall == true and $fail2ban::port != '' { - firewall { "fail2ban_${fail2ban::protocol}_${fail2ban::port}": - source => $fail2ban::firewall_src, - destination => $fail2ban::firewall_dst, - protocol => $fail2ban::protocol, - port => $fail2ban::port, - action => 'allow', - direction => 'input', - tool => $fail2ban::firewall_tool, - enable => $fail2ban::manage_firewall, - noop => $fail2ban::bool_noops, - } - } - - ### Debugging, if enabled ( debug => true ) if $fail2ban::bool_debug == true { file { 'debug_fail2ban': diff --git a/manifests/params.pp b/manifests/params.pp index efc9bcd..fbf1a08 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -120,9 +120,6 @@ class fail2ban::params { $jails_template_header = 'fail2ban/concat/jail.local-header.erb' $jails_template_footer = 'fail2ban/concat/jail.local-footer.erb' - $protocol = '' - $port = '' - # General Settings $my_class = '' $source = '' @@ -140,10 +137,6 @@ class fail2ban::params { $monitor = false $monitor_tool = '' $monitor_target = $::ipaddress - $firewall = false - $firewall_tool = '' - $firewall_src = '0.0.0.0/0' - $firewall_dst = $::ipaddress $puppi = false $puppi_helper = 'standard' $debug = false diff --git a/spec/classes/standard42_spec.rb b/spec/classes/fail2ban_spec.rb similarity index 79% rename from spec/classes/standard42_spec.rb rename to spec/classes/fail2ban_spec.rb index b47ede4..5d0afd7 100644 --- a/spec/classes/standard42_spec.rb +++ b/spec/classes/fail2ban_spec.rb @@ -18,56 +18,50 @@ describe 'fail2ban' do it { should contain_package('fail2ban').with_ensure('1.0.42') } end - describe 'Test standard installation with monitoring and firewalling' do - let(:params) { {:monitor => true , :firewall => true, :port => '42', :protocol => 'tcp' } } + describe 'Test standard installation with monitoring' do + let(:params) { {:monitor => true } } it { should contain_package('fail2ban').with_ensure('present') } it { should contain_service('fail2ban').with_ensure('running') } it { should contain_service('fail2ban').with_enable('true') } it { should contain_file('fail2ban.conf').with_ensure('present') } it { should contain_monitor__process('fail2ban_process').with_enable('true') } - it { should contain_firewall('fail2ban_tcp_42').with_enable('true') } end describe 'Test decommissioning - absent' do - let(:params) { {:absent => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} } + let(:params) { {:absent => true, :monitor => true } } it 'should remove Package[fail2ban]' do should contain_package('fail2ban').with_ensure('absent') end it 'should stop Service[fail2ban]' do should contain_service('fail2ban').with_ensure('stopped') end it 'should not enable at boot Service[fail2ban]' do should contain_service('fail2ban').with_enable('false') end it 'should remove fail2ban configuration file' do should contain_file('fail2ban.conf').with_ensure('absent') end it { should contain_monitor__process('fail2ban_process').with_enable('false') } - it { should contain_firewall('fail2ban_tcp_42').with_enable('false') } end describe 'Test decommissioning - disable' do - let(:params) { {:disable => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} } + let(:params) { {:disable => true, :monitor => true } } it { should contain_package('fail2ban').with_ensure('present') } it 'should stop Service[fail2ban]' do should contain_service('fail2ban').with_ensure('stopped') end it 'should not enable at boot Service[fail2ban]' do should contain_service('fail2ban').with_enable('false') end it { should contain_file('fail2ban.conf').with_ensure('present') } it { should contain_monitor__process('fail2ban_process').with_enable('false') } - it { should contain_firewall('fail2ban_tcp_42').with_enable('false') } end describe 'Test decommissioning - disableboot' do - let(:params) { {:disableboot => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} } + let(:params) { {:disableboot => true, :monitor => true } } it { should contain_package('fail2ban').with_ensure('present') } it { should_not contain_service('fail2ban').with_ensure('present') } it { should_not contain_service('fail2ban').with_ensure('absent') } it 'should not enable at boot Service[fail2ban]' do should contain_service('fail2ban').with_enable('false') end it { should contain_file('fail2ban.conf').with_ensure('present') } it { should contain_monitor__process('fail2ban_process').with_enable('false') } - it { should contain_firewall('fail2ban_tcp_42').with_enable('true') } end describe 'Test noops mode' do - let(:params) { {:noops => true, :monitor => true , :firewall => true, :port => '42', :protocol => 'tcp'} } + let(:params) { {:noops => true, :monitor => true } } it { should contain_package('fail2ban').with_noop('true') } it { should contain_service('fail2ban').with_noop('true') } it { should contain_file('fail2ban.conf').with_noop('true') } it { should contain_monitor__process('fail2ban_process').with_noop('true') } it { should contain_monitor__process('fail2ban_process').with_noop('true') } - it { should contain_monitor__port('fail2ban_tcp_42').with_noop('true') } - it { should contain_firewall('fail2ban_tcp_42').with_noop('true') } end describe 'Test customizations - template' do @@ -117,39 +111,30 @@ describe 'fail2ban' do it { should contain_monitor__process('fail2ban_process').with_tool('puppi') } end - describe 'Test Firewall Tools Integration' do - let(:params) { {:firewall => true, :firewall_tool => "iptables" , :protocol => "tcp" , :port => "42" } } - it { should contain_firewall('fail2ban_tcp_42').with_tool('iptables') } - end - describe 'Test OldGen Module Set Integration' do - let(:params) { {:monitor => "yes" , :monitor_tool => "puppi" , :firewall => "yes" , :firewall_tool => "iptables" , :puppi => "yes" , :port => "42" , :protocol => 'tcp' } } + let(:params) { {:monitor => "yes" , :monitor_tool => "puppi", :puppi => "yes" } } it { should contain_monitor__process('fail2ban_process').with_tool('puppi') } - it { should contain_firewall('fail2ban_tcp_42').with_tool('iptables') } it { should contain_puppi__ze('fail2ban').with_ensure('present') } end describe 'Test params lookup' do let(:facts) { { :monitor => true , :ipaddress => '10.42.42.42' } } - let(:params) { { :port => '42' } } it 'should honour top scope global vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end end describe 'Test params lookup' do let(:facts) { { :fail2ban_monitor => true , :ipaddress => '10.42.42.42' } } - let(:params) { { :port => '42' } } it 'should honour module specific vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end end describe 'Test params lookup' do let(:facts) { { :monitor => false , :fail2ban_monitor => true , :ipaddress => '10.42.42.42' } } - let(:params) { { :port => '42' } } it 'should honour top scope module specific over global vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end end describe 'Test params lookup' do let(:facts) { { :monitor => false , :ipaddress => '10.42.42.42' } } - let(:params) { { :monitor => true , :firewall => true, :port => '42' } } + let(:params) { { :monitor => true } } it 'should honour passed params over global vars' do should contain_monitor__process('fail2ban_process').with_enable('true') end end