diff --git a/manifests/init.pp b/manifests/init.pp index 58be7e5..80125f8 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -31,35 +31,35 @@ # # class firewalld ( - Enum['present','absent','latest','installed'] $package_ensure = 'installed', - String $package = 'firewalld', - Stdlib::Ensure::Service $service_ensure = 'running', - String $config_package = 'firewall-config', - Boolean $install_gui = false, - Boolean $service_enable = true, - Hash $zones = {}, - Hash $ports = {}, - Hash $services = {}, - Hash $rich_rules = {}, - Hash $custom_services = {}, - Hash $ipsets = {}, - Hash $direct_rules = {}, - Hash $direct_chains = {}, - Hash $direct_passthroughs = {}, - Boolean $purge_direct_rules = false, - Boolean $purge_direct_chains = false, - Boolean $purge_direct_passthroughs = false, - Boolean $purge_unknown_ipsets = false, - Optional[String] $default_zone = undef, - Optional[Enum['off','all','unicast','broadcast','multicast']] $log_denied = undef, - Optional[Enum['yes', 'no']] $cleanup_on_exit = undef, - Optional[Integer] $minimal_mark = undef, - Optional[Enum['yes', 'no']] $lockdown = undef, - Optional[Enum['yes', 'no']] $ipv6_rpfilter = undef, - Optional[Enum['iptables', 'nftables']] $firewall_backend = undef, - Optional[String] $default_service_zone = undef, - Optional[String] $default_port_zone = undef, - Optional[String] $default_port_protocol = undef, + Enum['present','absent','latest','installed'] $package_ensure = 'installed', + String $package = 'firewalld', + Stdlib::Ensure::Service $service_ensure = 'running', + String $config_package = 'firewall-config', + Boolean $install_gui = false, + Boolean $service_enable = true, + Hash $zones = {}, + Hash $ports = {}, + Hash $services = {}, + Hash $rich_rules = {}, + Hash $custom_services = {}, + Hash $ipsets = {}, + Hash $direct_rules = {}, + Hash $direct_chains = {}, + Hash $direct_passthroughs = {}, + Boolean $purge_direct_rules = false, + Boolean $purge_direct_chains = false, + Boolean $purge_direct_passthroughs = false, + Boolean $purge_unknown_ipsets = false, + Optional[String] $default_zone = undef, + Optional[Enum['off','all','unicast','broadcast','multicast']] $log_denied = undef, + Optional[Enum['yes', 'no']] $cleanup_on_exit = undef, + Optional[Integer] $minimal_mark = undef, + Optional[Enum['yes', 'no']] $lockdown = undef, + Optional[Enum['yes', 'no']] $ipv6_rpfilter = undef, + Optional[Enum['iptables', 'nftables']] $firewall_backend = undef, + Optional[String] $default_service_zone = undef, + Optional[String] $default_port_zone = undef, + Optional[String] $default_port_protocol = undef, ) { package { $package: @@ -236,7 +236,10 @@ class firewalld ( } } - if $firewall_backend { + if $facts['firewalld_version'] and + (versioncmp($facts['firewalld_version'], '0.6.0') >= 0) and + $firewall_backend + { augeas { 'firewalld::firewall_backend': changes => [ diff --git a/spec/classes/init_spec.rb b/spec/classes/init_spec.rb index 979e65b..2d65379 100644 --- a/spec/classes/init_spec.rb +++ b/spec/classes/init_spec.rb @@ -6,6 +6,12 @@ describe 'firewalld' do Puppet::Provider::Firewalld.any_instance.stubs(:running).returns(:true) # rubocop:disable RSpec/AnyInstance end + let(:facts) do + { + firewalld_version: '0.5.0' + } + end + context 'with defaults for all parameters' do it { is_expected.to contain_class('firewalld') } it { is_expected.not_to contain_augeas('firewalld::firewallbackend') } @@ -256,16 +262,40 @@ describe 'firewalld' do end context 'with parameter firewall_backend' do - let(:params) do - { - firewall_backend: 'nftables' - } - end + context 'with firewalld version' do + let(:params) do + { + firewall_backend: 'nftables' + } + end - it do - is_expected.to contain_augeas('firewalld::firewall_backend').with( - changes: ['set FirewallBackend "nftables"'] - ) + ['0.6.0', '1.0.0'].each do |version| + let(:facts) do + { + firewalld_version: version + } + end + + context version do + it do + is_expected.to contain_augeas('firewalld::firewall_backend').with( + changes: ['set FirewallBackend "nftables"'] + ) + end + end + end + + context '0.5.0' do + let(:facts) do + { + firewalld_version: '0.5.0' + } + end + + it do + is_expected.to_not contain_augeas('firewalld::firewall_backend') + end + end end end