sensson · yakatz · Oct 30, 2020 · Nov 11, 2020 · Nov 11, 2020 · Nov 11, 2020
diff --git a/.rubocop.yml b/.rubocop.yml
@@ -1,4 +1,5 @@
 AllCops:
+  NewCops: enable
   Exclude:
     - '**/*.erb'
     - 'vendor/**/*'
@@ -18,15 +19,15 @@ Style/SymbolArray:
 Style/WordArray:
   Enabled: false
 
+# There is no real reason to check for line length
+Layout/LineLength:
+  Enabled: false
+
 # This isn't really necessary as they limit us in how
 # long text can be when describing a test
 Metrics/BlockLength:
   Enabled: false
 
-# There is no real reason to check for line length
-Metrics/LineLength:
-  Enabled: false
-
 # Disable MixinUsage
 Style/MixinUsage:
   Enabled: false
@@ -35,4 +36,4 @@ Style/FrozenStringLiteralComment:
   Enabled: false
 
 Style/Documentation:
-  Enabled: false
+  Enabled: false
diff --git a/.ruby-version b/.ruby-version
@@ -1 +1 @@
-2.3.0
+2.5.7
diff --git a/.travis.yml b/.travis.yml
@@ -4,12 +4,8 @@ language: ruby
 bundler_args: --without development system_tests
 before_install: rm Gemfile.lock || true
 rvm:
-  - 2.3.4
+  - 2.5.7
 script: bundle exec rake test
 env:
-  - PUPPET_VERSION="~> 4.5.0"
-  - PUPPET_VERSION="~> 4.6.0"
-  - PUPPET_VERSION="~> 4.7.0"
-  - PUPPET_VERSION="~> 4.8.0"
-  - PUPPET_VERSION="~> 4.9.0"
-  - PUPPET_VERSION="~> 5.0.0"
+  - PUPPET_VERSION="~> 5.5"
+  - PUPPET_VERSION="~> 6.16"
diff --git a/Gemfile b/Gemfile
@@ -3,8 +3,8 @@ source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 puppetversion = ENV.key?('PUPPET_VERSION') ? ENV['PUPPET_VERSION'] : ['>= 3.3', '< 6']
 gem 'facter', '<= 2.4.6', '>= 1.7.0'
 gem 'puppet', puppetversion
-gem 'puppet-lint', '>= 1.0.0'
 gem 'puppetlabs_spec_helper', '>= 1.0.0'
+gem 'puppet-lint', '>= 1.0.0'
 gem 'rspec-puppet', '<= 2.5.0'
 gem 'rspec-puppet-facts', '< 1.8.0'
 gem 'safe_yaml', '~> 1.0.4'

diff --git a/README.md b/README.md
@@ -349,13 +349,15 @@ rules in a particular order. Defaults to '99'
 
 This module has been tested on:
 
-* Debian 7
 * Debian 8
-* CentOS 6
+* Debian 9
+* Debian 10
 * CentOS 7
 * CentOS 8
 * Ubuntu 14.04
 * Ubuntu 16.04
+* Ubuntu 18.04
+* Ubuntu 20.04
 
 ## Development
 
@@ -365,13 +367,6 @@ of saying thanks.
 This module is tested against the Ruby versions from Puppet's support
 matrix. Please make sure you have a supported version of Ruby installed.
 
-Should you wish to clone this repository you have to make sure that you
-clone it recursively. This Puppet module uses git submodules.
-
-```
-git clone --recursive [email protected]:sensson/puppet-csf.git
-```
-
 If you want to contribute please:
 
 1. Fork the repository.
@@ -405,13 +400,16 @@ You can run Beaker tests with:
 
 ```
 bundle exec rake spec_prep
-BEAKER_destroy=onpass bundle exec rake beaker:debian7
 BEAKER_destroy=onpass bundle exec rake beaker:debian8
+BEAKER_destroy=onpass bundle exec rake beaker:debian9
+BEAKER_destroy=onpass bundle exec rake beaker:debian10
 BEAKER_destroy=onpass bundle exec rake beaker:centos6
 BEAKER_destroy=onpass BEAKER_PUPPET_COLLECTION=puppet5 bundle exec rake beaker:centos7
 BEAKER_destroy=onpass BEAKER_PUPPET_COLLECTION=puppet5 bundle exec rake beaker:centos8
 BEAKER_destroy=onpass bundle exec rake beaker:ubuntu1404
 BEAKER_destroy=onpass bundle exec rake beaker:ubuntu1604
+BEAKER_destroy=onpass bundle exec rake beaker:ubuntu1804
+BEAKER_destroy=onpass bundle exec rake beaker:ubuntu2004
 ```
 
 We recommend specifying BEAKER_destroy=onpass as it will keep the

diff --git a/data/os/Debian.yaml b/data/os/Debian.yaml
@@ -0,0 +1,10 @@
+---
+
+csf::packages::required:
+  - perl
+  - iptables
+
+csf::packages::recommended:
+  - libwww-perl
+  - liblwp-protocol-https-perl
+  - libgd-graph-perl
diff --git a/data/os/RedHat.yaml b/data/os/RedHat.yaml
@@ -0,0 +1,10 @@
+---
+
+csf::packages::required:
+  - perl
+  - iptables
+
+csf::packages::recommended:
+  - perl-libwww-perl
+  - perl-LWP-Protocol-https
+  - perl-GDGraph
diff --git a/hiera.yaml b/hiera.yaml
@@ -0,0 +1,21 @@
+---
+version: 5
+
+defaults:  # Used for any hierarchy level that omits these keys.
+  datadir: data         # This path is relative to hiera.yaml's directory.
+  data_hash: yaml_data  # Use the built-in YAML backend.
+
+hierarchy:
+  - name: "osfamily/major release"
+    paths:
+        # Used to distinguish between Debian and Ubuntu
+      - "os/%{facts.os.name}/%{facts.os.release.major}.yaml"
+      - "os/%{facts.os.family}/%{facts.os.release.major}.yaml"
+        # Used for Solaris
+      - "os/%{facts.os.family}/%{facts.kernelrelease}.yaml"
+  - name: "osfamily"
+    paths:
+      - "os/%{facts.os.name}.yaml"
+      - "os/%{facts.os.family}.yaml"
+  - name: 'common'
+    path: 'common.yaml'
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -1,9 +1,10 @@
 # csf
 class csf (
-  $download_location = $::csf::params::download_location,
-  $service_ensure = $::csf::params::service_ensure,
-  $service_enable = $::csf::params::service_enable,
-  $docker = $::csf::params::docker,
+  $download_location            = $::csf::params::download_location,
+  $service_ensure               = $::csf::params::service_ensure,
+  $service_enable               = $::csf::params::service_enable,
+  $docker                       = $::csf::params::docker,
+  $install_recommended_packages = $::csf::params::install_recommended_packages,
 ) inherits csf::params {
   # Install and configure CSF as required
   include ::csf::install

diff --git a/manifests/install.pp b/manifests/install.pp
@@ -1,28 +1,27 @@
 # csf::install
 class csf::install inherits csf {
   # this installs csf and reloads it
-  if $::operatingsystem == 'CentOS' and versioncmp($::operatingsystemmajrelease, '7') < 0 {
-    package { 'iptables-ipv6':
-      ensure => installed,
-      before => Exec['csf-install'],
-    }
-  }
 
-  package { 'iptables':
-    ensure => installed,
-    before => Exec['csf-install'],
-  }
+  $required_packages = lookup('csf::packages::required', Array[String])
+
+  ensure_packages ($required_packages, {
+    ensure => 'present',
+  })
 
-  package { 'csf-perl':
-    ensure => installed,
-    name   => 'perl',
+  if $::csf::install_recommended_packages {
+    $recommended_packages = lookup('csf::packages::recommended', Array[String])
+
+    ensure_packages ($recommended_packages, {
+      ensure => 'present',
+    })
   }
-  -> exec { 'csf-install':
+
+  exec { 'csf-install':
     cwd     => '/tmp',
     command => "/usr/bin/curl -o csf.tgz ${::csf::download_location} && tar -xzf csf.tgz && cd csf && sh install.sh",
     creates => '/usr/sbin/csf',
     notify  => Service['csf'],
-    require => Package['csf-perl'],
+    require => Package['perl'],
   }
 
   # make sure testing is disabled, we trust puppet enough

diff --git a/manifests/params.pp b/manifests/params.pp
@@ -4,4 +4,5 @@
   $docker = absent
   $service_ensure = 'running'
   $service_enable = true
+  $install_recommended_packages = true
 }
diff --git a/metadata.json b/metadata.json
@@ -9,12 +9,12 @@
   "issues_url": "https://github.com/sensson/puppet-csf/issues",
   "tags": [ "csf", "firewall", "lfd", "configserver" ],
   "operatingsystem_support": [
-    { "operatingsystem": "CentOS", "operatingsystemrelease": [ "6", "7", "8" ] },
-    { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04" ] },
-    { "operatingsystem": "Debian", "operatingsystemrelease": [ "7", "8" ] }
+    { "operatingsystem": "CentOS", "operatingsystemrelease": [ "7", "8" ] },
+    { "operatingsystem": "Ubuntu", "operatingsystemrelease": [ "14.04", "16.04", "18.04", "20.04" ] },
+    { "operatingsystem": "Debian", "operatingsystemrelease": [ "8", "9", "10" ] }
   ],
   "dependencies": [
-    { "name": "puppetlabs/stdlib", "version_requirement": ">=4.3.2 < 6.0.0" },
-    { "name": "puppetlabs/concat", "version_requirement": ">=1.1.1 < 6.0.0" }
+    { "name": "puppetlabs/stdlib", "version_requirement": ">=4.3.2 < 7.0.0" },
+    { "name": "puppetlabs/concat", "version_requirement": ">=1.1.1 < 7.0.0" }
   ]
 }
diff --git a/spec/classes/csf_docker_spec.rb b/spec/classes/csf_docker_spec.rb
@@ -1,5 +1,5 @@
 require 'spec_helper'
-require_relative '../facts.rb'
+require_relative '../facts'
 
 describe 'csf::docker' do
   context 'supported operating systems' do

diff --git a/spec/classes/csf_init_spec.rb b/spec/classes/csf_init_spec.rb
@@ -1,5 +1,5 @@
 require 'spec_helper'
-require_relative '../facts.rb'
+require_relative '../facts'
 
 describe 'csf' do
   context 'supported operating systems' do

diff --git a/spec/classes/csf_install_spec.rb b/spec/classes/csf_install_spec.rb
@@ -1,5 +1,5 @@
 require 'spec_helper'
-require_relative '../facts.rb'
+require_relative '../facts'
 
 describe 'csf::install' do
   context 'supported operating systems' do
@@ -16,18 +16,25 @@
           it { is_expected.to contain_class('csf::install') }
 
           # verify packages and installation
-          it { is_expected.to contain_package('csf-perl') }
+          it { is_expected.to contain_package('perl') }
           it { is_expected.to contain_exec('csf-install').with('cwd' => '/tmp') }
           it { is_expected.to contain_exec('csf-install').with('command' => '/usr/bin/curl -o csf.tgz https://download.configserver.com/csf.tgz && tar -xzf csf.tgz && cd csf && sh install.sh') }
           it { is_expected.to contain_exec('csf-install').with('creates' => '/usr/sbin/csf') }
           it { is_expected.to contain_exec('csf-install').with('notify' => 'Service[csf]') }
-          it { is_expected.to contain_exec('csf-install').with('require' => 'Package[csf-perl]') }
+          it { is_expected.to contain_exec('csf-install').with('require' => 'Package[perl]') }
 
-          it { is_expected.to contain_package('iptables').with('ensure' => 'installed') }
+          it { is_expected.to contain_package('iptables').with('ensure' => 'present') }
 
-          if facts[:operatingsystem] == 'CentOS' && facts[:operatingsystemmajrelease].to_i < 7
-            it { is_expected.to contain_package('iptables-ipv6').with('ensure' => 'installed') }
-            it { is_expected.to contain_package('iptables-ipv6').with('before' => 'Exec[csf-install]') }
+          if facts[:operatingsystem] == 'CentOS'
+            it { is_expected.to contain_package('perl-libwww-perl').with('ensure' => 'present') }
+            it { is_expected.to contain_package('perl-LWP-Protocol-https').with('ensure' => 'present') }
+            it { is_expected.to contain_package('perl-GDGraph').with('ensure' => 'present') }
+          end
+
+          if facts[:operatingsystem] == 'Ubuntu'
+            it { is_expected.to contain_package('libwww-perl').with('ensure' => 'present') }
+            it { is_expected.to contain_package('liblwp-protocol-https-perl').with('ensure' => 'present') }
+            it { is_expected.to contain_package('libgd-graph-perl').with('ensure' => 'present') }
           end
 
           # check our configuration

diff --git a/spec/defines/csf_config_spec.rb b/spec/defines/csf_config_spec.rb
@@ -17,7 +17,7 @@
 
         context 'csf::config without parameters' do
           it 'fails' do
-            expect { subject.call } .to raise_error(/Please set a value for/)
+            expect { subject.call }.to raise_error(/Please set a value for/)
           end
         end
 

diff --git a/spec/defines/csf_global_spec.rb b/spec/defines/csf_global_spec.rb
@@ -39,7 +39,7 @@
           end
 
           it 'fails' do
-            expect { subject.call } .to raise_error(/unknown value wrong/)
+            expect { subject.call }.to raise_error(/unknown value wrong/)
           end
         end
       end
-Original file line number
+Diff line change
@@ Expand Up / @@ -39,7 +39,7 @@ @@
               end
               it 'fails' do
-                expect { subject.call } .to raise_error(/unknown value wrong/)
+                expect { subject.call }.to raise_error(/unknown value wrong/)
               end
             end
           end
@@ Expand Down @@