Rewrite jail.local handling through source/content.

Add tests

.fixtures.yml

@@ -1,9 +1,9 @@
 fixtures:
   repositories:
-    "puppi": "git://github.com/example42/puppi.git"
-    "monitor": "git://github.com/example42/puppet-monitor.git"
+    "puppi":    "git://github.com/example42/puppi.git"
+    "monitor":  "git://github.com/example42/puppet-monitor.git"
     "iptables": "git://github.com/example42/puppet-iptables.git"
-    "concat": "git://github.com/example42/puppet-concat.git"
+    "concat":   "https://github.com/ripienaar/puppet-concat.git"
   symlinks:
     "fail2ban": "#{source_dir}"
 

manifests/file.pp

@@ -1,29 +0,0 @@
-#
-# Class fail2ban::file
-#
-# This class configures fail2ban via a base rule file
-# The file itselt is not provided. Use this class (or, better,
-# your custom $my_project class that inherits this) to
-# manage the fail2ban file in the way you want
-#
-# It's used if $fail2ban_config = "file"
-#
-class fail2ban::file inherits fail2ban {
-
-  if $fail2ban::manage_file_jails_source or $fail2ban::manage_file_jails_template {
-    file { 'jail.local':
-      ensure  => $fail2ban::manage_file,
-      path    => $fail2ban::jails_file,
-      mode    => $fail2ban::jails_file_mode,
-      owner   => $fail2ban::jails_file_owner,
-      group   => $fail2ban::jails_file_group,
-      require => Package[$fail2ban::package],
-      notify  => $fail2ban::manage_service_autorestart,
-      source  => $fail2ban::manage_file_jails_source,
-      content => $fail2ban::manage_file_jails_content,
-      replace => $fail2ban::manage_file_replace,
-      audit   => $fail2ban::manage_audit,
-      noop    => $fail2ban::bool_noops,
-    }
-  }
-}

manifests/init.pp

@@ -77,29 +77,24 @@
 #   to conventional 'mail'.
 #   Default: sendmail
 #
-# [*jails_protocol*]
-#   Default: tcp
-#
-# [*jails_chain*]
-#   Specify chain where jumps would need to be added in iptables-* actions
-#   Default: INPUT
+# [*jails_file*]
+#   Path to 'jail.local' file
 #
 # [*jails_config*]
 #   Define how you want to manage jails configuration:
-#    "file" - To provide jails.local as a normal file
+#    "file"   - To provide jail.local as a normal file. If you choose this option, 
+#               set ONE of [*jails_source*] or [*jails_template*]
 #    "concat" - To build it up using different fragments
 #             - This option, set as default, permits the use of the fail2ban::jail define
 #
 # [*jails_source*]
-#   Sets the content of source parameter for the jails.local configuration file
-#   Note that single stanzas of jails.local file can be managed also (and alternatively)
-#   by fail2ban::jails
+#   Sets the content of source parameter for the jail.local configuration file
+#   Note that single stanzas of jail.local can be managed by fail2ban::jails
 #
 # [*jails_template*]
-#   Sets the path to the template to use as content for the jails.local configuration file
+#   Sets the path to the template to use as content for the jail.local configuration file
 #   If defined, fail2ban jails config file has: content => content("$jails_template")
 #   Note source and template parameters are mutually exclusive: don't use both
-#   Can be defined also by the (top scope) variable $fail2ban_jails_template
 #
 # [*jails_template_header*]
 #   Path to the template to use as header with concat
@@ -109,6 +104,13 @@
 #   Path to the template to use as footer with concat
 #   Used by fail2ban::jails
 #
+# [*jails_protocol*]
+#   Default: tcp
+#
+# [*jails_chain*]
+#   Specify chain where jumps would need to be added in iptables-* actions
+#   Default: INPUT
+#
 # [*options*]
 #   An hash of custom options to be used in templates for arbitrary settings.
 #   Can be defined also by the (top scope) variable $fail2ban_options
@@ -386,16 +388,6 @@ class fail2ban (
     default   => template($fail2ban::template),
   }
 
-  $manage_file_jails_source = $fail2ban::jails_source ? {
-    ''        => undef,
-    default   => $fail2ban::jails_source,
-  }
-
-  $manage_file_jails_content = $fail2ban::jails_template ? {
-    ''        => undef,
-    default   => template($fail2ban::jails_template),
-  }
-
   ### Managed resources
   package { $fail2ban::package:
     ensure  => $fail2ban::manage_package,
@@ -427,10 +419,37 @@ class fail2ban (
     noop    => $fail2ban::bool_noops,
   }
 
-  # How to manage fail2ban configuration
+  # How to manage fail2ban jail.local configuration
   case $fail2ban::jails_config {
-    'file': { include fail2ban::file }
-    'concat': { include fail2ban::concat }
+    'file': {
+      $manage_file_jails_source = $fail2ban::jails_source ? {
+        ''        => undef,
+        default   => $fail2ban::jails_source,
+      }
+    
+      $manage_file_jails_content = $fail2ban::jails_template ? {
+        ''        => undef,
+        default   => template($fail2ban::jails_template),
+      }
+    
+      file { 'jail.local':
+        ensure  => $fail2ban::manage_file,
+        path    => $fail2ban::jails_file,
+        mode    => $fail2ban::jails_file_mode,
+        owner   => $fail2ban::jails_file_owner,
+        group   => $fail2ban::jails_file_group,
+        require => Package[$fail2ban::package],
+        notify  => $fail2ban::manage_service_autorestart,
+        source  => $fail2ban::manage_file_jails_source,
+        content => $fail2ban::manage_file_jails_content,
+        replace => $fail2ban::manage_file_replace,
+        audit   => $fail2ban::manage_audit,
+        noop    => $fail2ban::bool_noops,
+      }
+    }
+    'concat': { include fail2ban::jailsconcat 
+    
+    }
     default: { }
   }
 

manifests/jail.pp

@@ -2,16 +2,22 @@
 #
 # Adds a custom fail2ban jail
 # Supported arguments:
-# $jailname - The name you want to give the jail. If not set, defaults to == $title
-# $order    - The order in the jail.local file. Default 50. Generally you don't need to change it
+# $jailname - The name you want to give the jail. 
+#             If not set, defaults to == $title
+# $order    - The order in the jail.local file. 
+#             Default 50. Generally you don't need to change it
 # $status   - enabled / disabled. If disabled, the rule _IS ADDED_  to the jail.local file
 #             but it will not be active. Compare with the next one.
+#             Defaults to enabled
 # $enable   - true / false. If false, the rule _IS NOT ADDED_ to the jail.local file
-# $filter   - The filter rule to use. If empty, defaults to == $jailname.
+#             Defaults to true
+# $filter   - The filter rule to use. 
+#             If empty, defaults to == $jailname.
 # $port     - The port to filter. It can be an array of ports.
-# $action   - The action to take when
 # $logpath  - The log file to monitor
 # $maxretry - How many fails are acceptable
+# $action   - The action to take when fail2ban finds $maxretry $filter-matching records in
+#             $logpath
 # $bantime  - How much time to apply the ban, in seconds
 
 define fail2ban::jail (

manifests/jailsconcat.pp

@@ -8,7 +8,7 @@
 # Note that the fail2ban::jail define
 # inserts (by default) its rules with priority 50.
 #
-class fail2ban::concat {
+class fail2ban::jailsconcat {
 
   include fail2ban
   include concat::setup

manifests/params.pp

@@ -63,8 +63,8 @@ class fail2ban::params {
   # Define how you want to manage jails configuration:
   # "file" - To provide jails stanzas as a normal file
   # "concat" - To build them up using different fragments
-  #          - This option, set as default, permits the use of the fail2ban::jail define
-  $jails_config = 'concat'
+  #          - This option, preferred, permits the use of the fail2ban::jail define
+  $jails_config = ''
 
   $jails_file = $::operatingsystem ? {
     default => '/etc/fail2ban/jail.local',

spec/classes/fail2ban_spec.rb

@@ -13,6 +13,31 @@ describe 'fail2ban' do
     it { should contain_file('fail2ban.conf').with_ensure('present') }
   end
 
+  describe 'Test jails config undefined' do
+    let(:params) { {:jails_config => '' } }
+    it { should_not contain_file('jail.local') }
+  end
+
+  describe 'Test jails managed throuh file - source' do
+    let(:params) { {:jails_config => 'file', :jails_source => 'puppet:///modules/fail2ban/spec' } }
+    it { should contain_file('jail.local').with_source('puppet:///modules/fail2ban/spec') }
+    it { should contain_file('jail.local').without_content }
+  end
+
+  describe 'Test jails managed throuh file - template' do
+    let(:params) { {:jails_config => 'file', :jails_template => 'fail2ban/spec.erb', :options => { 'opt_a' => 'value_a' } } }
+    it { should contain_file('jail.local').with_content(/fqdn: rspec.example42.com/) }
+    it { should contain_file('jail.local').without_source }
+    it { should contain_file('jail.local').with_content(/value_a/) }
+  end
+
+#  describe 'Test jails managed throuh concat' do
+#    let(:params) { {:jails_config => 'concat' } }
+#    it { should include_class('fail2ban::jailsconcat') }
+#    it { should contain_fail2ban__jailsconcat() }
+#
+#  end
+
   describe 'Test installation of a specific version' do
     let(:params) { {:version => '1.0.42' } }
     it { should contain_package('fail2ban').with_ensure('1.0.42') }

templates/jail.local.erb

@@ -1,7 +1,4 @@
-##################
-# Puppet Managed #
-##################
-
+# This file is managed by Puppet. DO NOT EDIT.
 [DEFAULT]
 ignoreip = 127.0.0.1
 bantime  = 600