Major update of module from asasfu

.travis.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -ev
+rake lint
+rake syntax
+# we can't ssh to localhost
+#rspec spec/acceptance

.travis.yml

@@ -0,0 +1,22 @@
+language: ruby
+install:
+script: "./.travis.sh"
+rvm:
+  - 2.0.0
+matrix:
+  fast_finish: true
+env:
+  matrix:
+notifications:
+  email: false
+  irc:
+    template:
+      - "%{repository}#%{build_number} (%{branch} - %{commit} : %{author}): %{message}"
+      - "Change view : %{compare_url}"
+      - "Build details : %{build_url}"
+    channels:
+        - "chat.freenode.net#rdo-puppet"
+    on_success: always
+    on_failure: always
+    use_notice: true
+    skip_join: true

Gemfile

@@ -0,0 +1,29 @@
+source 'https://rubygems.org'
+
+group :development, :test do
+  gem 'puppetlabs_spec_helper', :require => false
+  gem 'rspec-puppet', '~> 2.1.0', :require => false
+
+  gem 'metadata-json-lint'
+  gem 'puppet-lint-param-docs'
+  gem 'puppet-lint-absolute_classname-check'
+  gem 'puppet-lint-absolute_template_path'
+  gem 'puppet-lint-trailing_newline-check'
+
+  # Puppet 4.x related lint checks
+  gem 'puppet-lint-unquoted_string-check'
+  gem 'puppet-lint-leading_zero-check'
+  gem 'puppet-lint-variable_contains_upcase'
+  gem 'puppet-lint-numericvariable'
+
+  gem 'rspec', :require => false
+  gem 'beaker-rspec', :require => false
+  gem 'beaker-puppet_install_helper', :require => false
+end
+
+if puppetversion = ENV['PUPPET_GEM_VERSION']
+  gem 'puppet', puppetversion, :require => false
+else
+  gem 'puppet', :require => false
+end
+

README

@@ -1,21 +1 @@
-This is puppet-firewalld a puppet module for firewalld.
-
-You have several ways how to install it:
-
-a) Install module from Puppet Forge
-# puppet module install jpopelka-firewalld
-
-b) If you run Fedora/EPEL7, use
-# yum install puppet-firewalld
-
-c) If you want to keep up with upstream git repo, you can do:
-$ cd ~; mkdir git; cd git
-$ git clone https://github.com/jpopelka/puppet-firewalld.git
-$ su -c 'ln -s /home/user/git/puppet-firewalld /etc/puppet/modules/firewalld'
-
-
-Look in the examples/ folder for usage.
-
-See http://jpopelka.fedorapeople.org/puppet-firewalld/doc
-for documentation, or generate it yourself:
-puppet doc --mode rdoc --outputdir ./moduledocs --modulepath /etc/puppet/modules/
+EOL - Use https://github.com/crayfishx/puppet-firewalld

Rakefile

@@ -0,0 +1,6 @@
+require 'puppetlabs_spec_helper/rake_tasks'
+require 'puppet-lint/tasks/puppet-lint'
+
+PuppetLint.configuration.fail_on_warnings = true
+PuppetLint.configuration.send('disable_80chars')
+PuppetLint.configuration.send('disable_class_parameter_defaults')

examples/direct.pp

@@ -3,21 +3,22 @@
 
 # this can be run with 'puppet apply direct.pp'
 
-class {'firewalld::direct':
-	chains	=> [{
-		ipv   => 'ipv4',
-		#table => 'filter',
-		chain => 'mine',},],
-
-	rules	=> [{
-		ipv      => 'ipv4',
-		#table    => 'filter',
-		chain    => 'mine',
-		#priority => '1',
-		args     => "-j LOG --log-prefix 'my prefix'",},
-		    {
-		ipv      => 'ipv4',
-		table    => 'mangle',
-		chain    => 'PREROUTING',
-		args     => "-p tcp -m tcp --dport 123 -j MARK --set-mark 1' -j DROP",},],
+class { '::firewalld::direct':
+  chains => [{
+    ipv   => 'ipv4',
+    #table => 'filter',
+    chain => 'mine',}
+  ,],
+  rules  => [{
+    ipv   => 'ipv4',
+    #table  => 'filter',
+    chain => 'mine',
+    #priority => '1',
+    args  => "-j LOG --log-prefix 'my prefix'",
+  }, {
+    ipv   => 'ipv4',
+    table => 'mangle',
+    chain => 'PREROUTING',
+    args  => "-p tcp -m tcp --dport 123 -j MARK --set-mark 1' -j DROP",
+  },],
 }

examples/lockdown_whitelist.pp

@@ -4,12 +4,19 @@
 
 # this can be run with 'puppet apply lockdown-whitelist.pp'
 
-class {'firewalld::configuration':
-  lockdown          => 'yes',}
+class { '::firewalld::configuration':
+  lockdown => 'yes',
+}
 
-class {'firewalld::lockdown_whitelist':
-  selinux_contexts  => ['system_u:system_r:NetworkManager_t:s0',
-                        'system_u:system_r:virtd_t:s0-s0:c0.c1023'],
-  commands          => ['/usr/bin/python -Es /usr/bin/firewall-config'],
-  users             => [{username => 'me'},
-                        {userid   => '1020'},],}
+class { '::firewalld::lockdown_whitelist':
+  selinux_contexts => [
+    'system_u:system_r:NetworkManager_t:s0',
+    'system_u:system_r:virtd_t:s0-s0:c0.c1023'
+  ],
+  commands         => ['/usr/bin/python -Es /usr/bin/firewall-config'],
+  users            => [{
+    username => 'me'
+  }, {
+    userid => '1020'
+  }],
+}

examples/service.pp

@@ -6,8 +6,14 @@
 
 # define a service
 firewalld::service { 'dummy':
-	description	=> 'My dummy service',
-	ports		=> [{port => '1234', protocol => 'tcp',},],
-	modules		=> ['some_module_to_load'],
-	destination	=> {ipv4 => '224.0.0.251', ipv6 => 'ff02::fb'},
+  description => 'My dummy service',
+  ports       => [{
+    port     => '1234',
+    protocol => 'tcp',
+  },],
+  modules     => ['some_module_to_load'],
+  destination => {
+    ipv4 => '224.0.0.251',
+    ipv6 => 'ff02::fb'
+  },
 }

examples/zone.pp

@@ -5,53 +5,50 @@
 #
 # run this with 'puppet apply zone.pp'
 
-class {'firewalld::configuration':
-        default_zone    =>      'custom',
+class { '::firewalld::configuration':
+  default_zone => 'custom',
 }
 
 # define a zone
 firewalld::zone { 'custom':
-	description	=> 'This is an example zone',
-	services	=> ['ssh', 'dhcpv6-client'],
-	ports		=> [{
-			port		=> '1234',
-			protocol	=> 'tcp',},],
-	masquerade	=> true,
-	forward_ports	=> [{
-			port		=> '123',
-			protocol	=> 'tcp',
-			to_port		=> '321',
-			to_addr		=> '1.2.3.4',},],
-	rich_rules	=> [{
-			family		=> 'ipv4',
-			source		=> {
-				address		=> '1.1.1.1',
-				invert		=> true,},
-			destination		=> {
-				address		=> '2.2.2.2/24',},
-#			service		=> 'ssh',
-			port		=> {
-				portid		=> '123-321',
-				protocol	=> 'udp',},
-# these are commented out because you can specify only one of
-# {service, port, protocol, icmp_block, masquerade, forward_port}
-#			protocol	=> 'ah',
-#			icmp_block	=> 'router-solicitation',
-#			masquerade	=> true,
-#			forward_port	=> {
-#				portid		=> '555',
-#				protocol	=> 'udp',
-#				to_port		=> '666',
-#				to_addr		=> '6.6.6.6',},
-			log		=> {
-				prefix		=> 'testing',
-				level		=> 'notice',
-				limit		=> '3/s',},
-			audit		=> {
-				limit		=> '2/h',},
-			action		=> {
-				action_type	=> 'reject',
-				reject_type	=> 'icmp-host-prohibited',
-				limit		=> '2/m',},
-			},],
+  description   => 'This is an example zone',
+  services      => ['ssh', 'dhcpv6-client'],
+  masquerade    => true,
+  ports         => [{
+    port     => '1234',
+    protocol => 'tcp',
+  },],
+  forward_ports => [{
+    port     => '123',
+    protocol => 'tcp',
+    to_port  => '321',
+    to_addr  => '1.2.3.4',
+  },],
+  rich_rules    => [{
+    family      => 'ipv4',
+    source      => {
+      address => '1.1.1.1',
+      invert  => true,
+    },
+    destination => {
+      address => '2.2.2.2/24',
+    },
+    port        => {
+      portid   => '123-321',
+      protocol => 'udp',
+    },
+    log         => {
+      prefix => 'testing',
+      level  => 'notice',
+      limit  => '3/s',
+    },
+    audit       => {
+      limit => '2/h',
+    },
+    action      => {
+      action_type => 'reject',
+      reject_type => 'icmp-host-prohibited',
+      limit       => '2/m',
+    },
+  },],
 }