Bump minor version after issue #14

add ignoreip to jail options

.travis.yml

@@ -1,22 +1,33 @@
+---
 language: ruby
 rvm:
   - 1.8.7
   - 1.9.3
-script:
-  - "rake spec SPEC_OPTS='--format documentation'"
+  - 2.0.0
+script: "bundle exec rake spec SPEC_OPTS='--format documentation'"
+branches:
+  only:
+    master
 env:
-  - PUPPET_VERSION="~> 2.6.0"
-  - PUPPET_VERSION="~> 2.7.0"
-  - PUPPET_VERSION="~> 3.0.0"
-  - PUPPET_VERSION="~> 3.1.0"
+  matrix:
+    - PUPPET_GEM_VERSION="~> 2.7.0"
+    - PUPPET_GEM_VERSION="~> 3.0.0"
+    - PUPPET_GEM_VERSION="~> 3.1.0"
+    - PUPPET_GEM_VERSION="~> 3.2.0"
 matrix:
+  allow_failures:
+    # - rvm: ruby-head
   exclude:
+    - rvm: 1.8.7
+      env: PUPPET_GEM_VERSION="~> 2.7.0"
     - rvm: 1.9.3
-      env: PUPPET_VERSION="~> 2.6.0"
-      gemfile: .gemfile
-    - rvm: 1.9.3
-      env: PUPPET_VERSION="~> 2.7.0"
-      gemfile: .gemfile
+      env: PUPPET_GEM_VERSION="~> 2.7.0"
+    - rvm: 2.0.0
+      env: PUPPET_GEM_VERSION="~> 2.7.0"
+    - rvm: 2.0.0
+      env: PUPPET_GEM_VERSION="~> 3.0.0"
+    - rvm: 2.0.0
+      env: PUPPET_GEM_VERSION="~> 3.1.0"
 gemfile: .gemfile
 notifications:
   email:

Modulefile

@@ -1,5 +1,5 @@
 name    'netmanagers-fail2ban'
-version '1.1.1'
+version '1.3.0'
 author  'Javier Bertoli'
 license 'Apache2'
 project_page 'http://www.netmanagers.com.ar'

manifests/filter.pp

@@ -92,7 +92,10 @@ define fail2ban::filter (
 
   $manage_file_content = $filtertemplate ? {
     ''        => undef,
-    default   => template($filtertemplate),
+    default   => $filtersource ? {
+      ''        => template($filtertemplate),
+      default   => undef,
+    }
   }
 
   file { "${real_filtername}.local":

manifests/jail.pp

@@ -15,6 +15,7 @@
 #             Defaults to true
 # $filter   - The filter rule to use.
 #             If empty, defaults to == $jailname.
+# $ignoreip - Don't ban a host which matches an address in this list.
 # $port     - The port to filter. It can be an array of ports.
 # $logpath  - The log file to monitor
 # $maxretry - How many fails are acceptable
@@ -29,6 +30,7 @@ define fail2ban::jail (
   $order     = '',
   $status    = '',
   $filter    = '',
+  $ignoreip  = '',
   $port      = '',
   $action    = '',
   $logpath   = '',
@@ -62,6 +64,14 @@ define fail2ban::jail (
     default => $filter,
   }
 
+  $array_ignoreip = is_array($ignoreip) ? {
+    false     => $ignoreip ? {
+      ''      => [],
+      default => [$ignoreip],
+    },
+    default   => $ignoreip,
+  }
+
   $array_port = is_array($port) ? {
     false     => $port ? {
       ''      => [],
@@ -78,9 +88,12 @@ define fail2ban::jail (
     default   => $action,
   }
 
-  $real_logpath = $logpath ? {
-    ''      => '',
-    default => $logpath,
+  $array_logpath = is_array($logpath) ? {
+    false     => $logpath ? {
+      ''      => [],
+      default => [$logpath],
+    },
+    default   => $logpath,
   }
 
   $real_maxretry = $maxretry ? {

manifests/params.pp

@@ -29,8 +29,9 @@ class fail2ban::params {
   }
 
   $process = $::operatingsystem ? {
-    /(?i:Debian|Ubuntu|Mint)/ => 'fail2ban-server',
-    default                   => 'fail2ban',
+    /(?i:Debian|Ubuntu|Mint)/                           => 'fail2ban-server',
+    /(?i:RedHat|Centos|Scientific|Fedora|OracleLinux)/  => 'fail2ban-server',
+    default                                             => 'fail2ban',
   }
 
   $process_args = $::operatingsystem ? {

spec/classes/fail2ban_spec.rb

@@ -97,12 +97,10 @@ enabled  = true/) }
   describe 'Test customizations - template' do
     let(:params) { {:template => "fail2ban/spec.erb" , :options => { 'opt_a' => 'value_a' } } }
     it 'should generate a valid template' do
-      content = catalogue.resource('file', 'fail2ban.local').send(:parameters)[:content]
-      content.should match "fqdn: rspec.example42.com"
+      should contain_file('fail2ban.local').with_content(/fqdn: rspec.example42.com/)
     end
     it 'should generate a template that uses custom options' do
-      content = catalogue.resource('file', 'fail2ban.local').send(:parameters)[:content]
-      content.should match "value_a"
+      should contain_file('fail2ban.local').with_content(/value_a/)
     end
   end
 
@@ -136,8 +134,7 @@ enabled  = true/) }
       }
     end
     it 'should not automatically restart the service, when service_autorestart => false' do
-      content = catalogue.resource('file', 'fail2ban.local').send(:parameters)[:notify]
-      content.should be_nil
+      should contain_file('fail2ban.local').with_notify(nil)
     end
   end
 

spec/defines/fail2ban_filter_spec.rb

@@ -61,7 +61,7 @@ b = 2
 not c
 "
      end
- 
+
      it { should contain_file('sample2.local').with_path('/etc/fail2ban/filter.d/sample2.local').with_content(expected) }
      it { should contain_file('sample2.local').without_source }
    end
@@ -75,6 +75,7 @@ not c
     end
 
     it { should contain_file('sample3.local').with_path('/etc/fail2ban/filter.d/sample3.local').with_source('puppet:///some/path/to/source') }
+    it { should contain_file('sample3.local').with_content(nil) }
     it { should contain_file('sample3.local').without_template }
   end
 end

spec/defines/fail2ban_jail_spec.rb

@@ -27,7 +27,9 @@ filter   = fail2ban::jail
 "
     end
 
-    it { should contain_concat__fragment('fail2ban_jail_sample1').with_target('/etc/fail2ban/jail.local').with_content(expected) }
+    it 'should create a named jail, enabled and with a filter of the same name' do
+      should contain_concat__fragment('fail2ban_jail_sample1').with_target('/etc/fail2ban/jail.local').with_content(expected)
+    end
   end
 
   describe 'Test jail.local is created with all options' do
@@ -37,6 +39,7 @@ filter   = fail2ban::jail
         :port     => ['42', '43'],
         :logpath  => '/path/to/somelog',
         :enable   => true,
+        :ignoreip => [ '10.3.2.0/24', '192.168.56.0/24' ],
         :findtime => '9000',
         :maxretry => '5',
         :bantime  => '3600',
@@ -51,6 +54,7 @@ filter   = fail2ban::jail
 [fail2ban::jail]
 enabled  = true
 filter   = fail2ban::jail
+ignoreip = 10.3.2.0/24 192.168.56.0/24
 port     = 42,43
 action   = iptables[name=SSH, port=ssh, protocol=tcp]
 	mail-whois[name=SSH, dest=yourmail@mail.com]
@@ -62,6 +66,35 @@ findtime = 9000
 "
     end
 
-    it { should contain_concat__fragment('fail2ban_jail_sample1').with_target('/etc/fail2ban/jail.local').with_content(expected) }
+    it 'should create a customized jail, with own actions parsing a single log file' do
+      should contain_concat__fragment('fail2ban_jail_sample1').with_target('/etc/fail2ban/jail.local').with_content(expected)
+    end
+  end
+  describe 'Test jail.local is created with multiple logpaths' do
+    let(:params) do
+      {
+        :name     => 'title_sample2',
+        :jailname => 'sample2',
+        :port     => '44',
+        :logpath  => [ '/path/to/somelog_1', '/path/to/somelog_2' ],
+        :bantime  => '3003',
+      }
+    end
+    let(:expected) do
+"##################
+[sample2]
+enabled  = true
+filter   = sample2
+port     = 44
+logpath  = /path/to/somelog_1
+	/path/to/somelog_2
+bantime  = 3003
+
+"
+    end
+
+    it 'should create a customized jail, with own actions parsing a single log file' do
+      should contain_concat__fragment('fail2ban_jail_title_sample2').with_target('/etc/fail2ban/jail.local').with_content(expected)
+    end
   end
 end

templates/concat/jail.local-stanza.erb

@@ -4,14 +4,17 @@ enabled  = <%= @real_status %>
 <% if @real_filter != '' -%>
 filter   = <%= @real_filter %>
 <% end -%>
+<% if @array_ignoreip != [] -%>
+ignoreip = <%= @array_ignoreip * ' ' %>
+<% end -%>
 <% if @array_port != [] -%>
 port     = <%= @array_port * ',' %>
 <% end -%>
 <% if @array_action != [] -%>
 action   = <%= @array_action.join("\n\t") %>
 <% end -%>
-<% if @real_logpath != '' -%>
-logpath  = <%= @real_logpath %>
+<% if @array_logpath != [] -%>
+logpath  = <%= @array_logpath.join("\n\t") %>
 <% end -%>
 <% if @real_maxretry != '' -%>
 maxretry = <%= @real_maxretry %>