update specs & metatdata for firewall 8

mlibrary · Nov 6, 2024 · e36efdf · e36efdf
1 parent 28d6069
commit e36efdf
Show file tree

Hide file tree

Showing 11 changed files with 22 additions and 23 deletions.
diff --git a/.fixtures.yml b/.fixtures.yml
@@ -28,9 +28,8 @@ fixtures:
     augeas_core:         {"repo": "puppetlabs/augeas_core",     "ref": "1.5.0" }
     concat:              {"repo": "puppetlabs/concat",          "ref": "9.0.2" }
     cron_core:           {"repo": "puppetlabs/cron_core",       "ref": "1.3.0" }
-    docker:              {"repo": "puppetlabs/docker",          "ref": "10.0.1" }
-    # TODO: Upgrading to 7 requires nuking PuppetDB. https://forge.puppet.com/modules/puppetlabs/firewall/8.0.3/changelog
-    firewall:            {"repo": "puppetlabs/firewall",        "ref": "6.0.0" }
+    docker:              {"repo": "puppetlabs/docker",          "ref": "10.0.1"}
+    firewall:            {"repo": "puppetlabs/firewall",        "ref": "8.1.1" }
     host_core:           {"repo": "puppetlabs/host_core",       "ref": "1.3.0" }
     inifile:             {"repo": "puppetlabs/inifile",         "ref": "6.1.1" }
     lvm:                 {"repo": "puppetlabs/lvm",             "ref": "2.3.0" }

diff --git a/metadata.json b/metadata.json
@@ -20,7 +20,7 @@
     {"name": "puppetlabs/concat",          "version_requirement": ">= 9.0.2  < 10.0.0"},
     {"name": "puppetlabs/cron_core",       "version_requirement": ">= 1.3.0  < 2.0.0" },
     {"name": "puppetlabs/docker",          "version_requirement": ">= 10.0.1 < 11.0.0"},
-    {"name": "puppetlabs/firewall",        "version_requirement": "6.0.0"},
+    {"name": "puppetlabs/firewall",        "version_requirement": ">= 8.1.1  < 9.0.0 "},
     {"name": "puppetlabs/host_core",       "version_requirement": ">= 1.3.0  < 2.0.0" },
     {"name": "puppetlabs/inifile",         "version_requirement": ">= 6.1.1  < 7.0.0" },
     {"name": "puppetlabs/lvm",             "version_requirement": ">= 2.3.0  < 3.0.0" },

diff --git a/spec/classes/profile/kubernetes/dns_server_spec.rb b/spec/classes/profile/kubernetes/dns_server_spec.rb
@@ -36,7 +36,7 @@
               .with_dport(53)
               .with_source('172.28.0.0/14')
               .with_state('NEW')
-              .with_action('accept')
+              .with_jump('accept')
           end
         end
 

diff --git a/spec/classes/profile/kubernetes/haproxy_spec.rb b/spec/classes/profile/kubernetes/haproxy_spec.rb
@@ -66,7 +66,7 @@
                 expect(subject).to contain_firewall("200 public #{service}")
                   .with_proto('tcp')
                   .with_state('NEW')
-                  .with_action('accept')
+                  .with_jump('accept')
                   .with_dport(port)
                   .without_source
               when :private
@@ -77,7 +77,7 @@
                 expect(subject).to contain_firewall("200 private #{service}")
                   .with_proto('tcp')
                   .with_state('NEW')
-                  .with_action('accept')
+                  .with_jump('accept')
                   .with_dport(port)
                   .with_source('172.28.0.0/14')
               end

diff --git a/spec/classes/profile/kubernetes/kubelet_spec.rb b/spec/classes/profile/kubernetes/kubelet_spec.rb
@@ -102,7 +102,7 @@
               .with_dport(ports)
               .with_source('172.28.0.0/14')
               .with_state('NEW')
-              .with_action('accept')
+              .with_jump('accept')
           end
         end
       end

diff --git a/spec/classes/profile/kubernetes/router_spec.rb b/spec/classes/profile/kubernetes/router_spec.rb
@@ -23,7 +23,7 @@
         expect(subject).to contain_firewall('001 Do not NAT internal requests')
           .with_table('nat')
           .with_chain('POSTROUTING')
-          .with_action('accept')
+          .with_jump('accept')
           .with_proto('all')
           .with_source('172.28.0.0/14')
           .with_destination('172.28.0.0/14')

diff --git a/spec/classes/profile/networking/firewall/private_ssh_spec.rb b/spec/classes/profile/networking/firewall/private_ssh_spec.rb
@@ -17,7 +17,7 @@
 
         it { is_expected.to compile }
         it { is_expected.to contain_firewall('100 Private SSH: 10.0.0.0/8').with_state('NEW') }
-        it { is_expected.to contain_firewall('100 Private SSH: 10.0.0.0/8').with_action('accept') }
+        it { is_expected.to contain_firewall('100 Private SSH: 10.0.0.0/8').with_jump('accept') }
         it { is_expected.to contain_firewall('100 Private SSH: 10.0.0.0/8').with_proto('tcp') }
         it { is_expected.to contain_firewall('100 Private SSH: 10.0.0.0/8').with_dport(22) }
         it { is_expected.to contain_firewall('100 Private SSH: 10.0.0.0/8').with_source('10.0.0.0/8') }

diff --git a/spec/classes/profile/networking/firewall_spec.rb b/spec/classes/profile/networking/firewall_spec.rb
@@ -16,15 +16,15 @@
         expect(subject).to contain_firewall('001 accept related established rules').with(
           proto: 'all',
           state: %w[RELATED ESTABLISHED],
-          action: 'accept',
+          jump: 'accept',
         )
       end
 
       it do
         expect(subject).to contain_firewall('001 accept related established rules (v6)').with(
           proto: 'all',
           state: %w[RELATED ESTABLISHED],
-          action: 'accept',
+          jump: 'accept',
           provider: 'ip6tables',
         )
       end
@@ -33,15 +33,15 @@
         expect(subject).to contain_firewall('001 accept all to lo interface').with(
           proto: 'all',
           iniface: 'lo',
-          action: 'accept',
+          jump: 'accept',
         )
       end
 
       it do
         expect(subject).to contain_firewall('001 accept all to lo interface (v6)').with(
           proto: 'all',
           iniface: 'lo',
-          action: 'accept',
+          jump: 'accept',
           provider: 'ip6tables',
         )
       end
@@ -53,7 +53,7 @@
           dport: %w[8081 8082],
           source: '10.2.3.4',
           state: 'NEW',
-          action: 'accept',
+          jump: 'accept',
         )
       end
 
@@ -63,7 +63,7 @@
           dport: 123,
           source: '10.4.5.6',
           state: 'NEW',
-          action: 'accept',
+          jump: 'accept',
         )
       end
 
@@ -77,22 +77,22 @@
           toports: '1234',
         )
         expect(subject).not_to contain_firewall('900 port forwarding: an advanced rule').with(
-          action: 'accept',
+          jump: 'accept',
           state: 'NEW',
         )
       end
 
       it do
         expect(subject).to contain_firewall('999 drop all').with(
           proto: 'all',
-          action: 'drop',
+          jump: 'drop',
         )
       end
 
       it do
         expect(subject).to contain_firewall('999 drop all (v6)').with(
           proto: 'all',
-          action: 'drop',
+          jump: 'drop',
           provider: 'ip6tables',
         )
       end

diff --git a/spec/defines/cert_spec.rb b/spec/defines/cert_spec.rb
@@ -28,7 +28,7 @@
             .with_proto('tcp')
             .with_dport(80)
             .with_state('NEW')
-            .with_action('accept')
+            .with_jump('accept')
         end
 
         context 'with additional_domains set to sub.example.invalid' do

diff --git a/spec/defines/exposed_port_spec.rb b/spec/defines/exposed_port_spec.rb
@@ -23,7 +23,7 @@
             dport: 22,
             source: '10.0.0.0/16',
             state: 'NEW',
-            action: 'accept',
+            jump: 'accept',
           )
         end
 

diff --git a/spec/defines/firewall_allow_spec.rb b/spec/defines/firewall_allow_spec.rb
@@ -23,7 +23,7 @@
             dport: 1234,
             source: '10.0.0.0/32',
             state: 'NEW',
-            action: 'accept',
+            jump: 'accept',
           )
         end
 
@@ -59,7 +59,7 @@
             dport: [123, 456, 789],
             source: '10.255.255.255/32',
             state: 'NEW',
-            action: 'accept',
+            jump: 'accept',
           )
         end
       end