Merge pull request #1084 from puppetlabs/CONT-256-module_cleanup

(CONT-256) Removing outdated code

Author: david22swan

lib/facter/iptables_persistent_version.rb

@@ -5,15 +5,7 @@
   setcode do
     # Throw away STDERR because dpkg >= 1.16.7 will make some noise if the
     # package isn't currently installed.
-    os = Facter.value(:operatingsystem)
-    os_release = Facter.value(:operatingsystemrelease)
-    cmd = if (os == 'Debian' && (Puppet::Util::Package.versioncmp(os_release, '8.0') >= 0)) ||
-             (os == 'Ubuntu' && (Puppet::Util::Package.versioncmp(os_release, '14.10') >= 0)) ||
-             (os == 'Debian' && (Puppet::Util::Package.versioncmp(os_release, 'unstable') >= 0))
-            "dpkg-query -Wf '${Version}' netfilter-persistent 2>/dev/null"
-          else
-            "dpkg-query -Wf '${Version}' iptables-persistent 2>/dev/null"
-          end
+    cmd = "dpkg-query -Wf '${Version}' netfilter-persistent 2>/dev/null"
     version = Facter::Core::Execution.execute(cmd)
 
     if version.nil? || !version.match(%r{\d+\.\d+})

lib/puppet/type/firewall.rb

@@ -2342,12 +2342,9 @@ def should_to_s(value)
     end
   end
 
-  # autobefore is only provided since puppet 4.0
-  if Puppet::Util::Package.versioncmp(Puppet.version, '4.0') >= 0
-    # On RHEL 7 this needs to be threaded correctly to manage SE Linux permissions after persisting the rules
-    autobefore(:file) do
-      ['/etc/sysconfig/iptables', '/etc/sysconfig/ip6tables']
-    end
+  # On RHEL 7 this needs to be threaded correctly to manage SE Linux permissions after persisting the rules
+  autobefore(:file) do
+    ['/etc/sysconfig/iptables', '/etc/sysconfig/ip6tables']
   end
 
   validate do

manifests/linux/debian.pp

@@ -26,38 +26,17 @@
   $package_ensure = $firewall::params::package_ensure,
 ) inherits ::firewall::params {
   if $package_name {
-    #Fixes hang while installing iptables-persistent on debian 8
-    exec { 'iptables-persistent-debconf':
-      command     => "/bin/echo \"${package_name} ${package_name}/autosave_v4 boolean false\" |
-                      /usr/bin/debconf-set-selections && /bin/echo \"${package_name} ${package_name}/autosave_v6 boolean false\" |
-                      /usr/bin/debconf-set-selections",
-
-      refreshonly => true,
-    }
     ensure_packages([$package_name], {
-        ensure  => $package_ensure,
-        require => Exec['iptables-persistent-debconf']
+        ensure  => $package_ensure
     })
   }
 
-  if($::operatingsystemrelease =~ /^6\./ and $enable == true and $::iptables_persistent_version
-  and versioncmp($::iptables_persistent_version, '0.5.0') < 0) {
-    # This fixes a bug in the iptables-persistent LSB headers in 6.x, without it
-    # we lose idempotency
-    exec { 'iptables-persistent-enable':
-      logoutput => on_failure,
-      command   => '/usr/sbin/update-rc.d iptables-persistent enable',
-      unless    => '/usr/bin/test -f /etc/rcS.d/S*iptables-persistent',
-      require   => Package[$package_name],
-    }
-  } else {
-    # This isn't a real service/daemon. The start action loads rules, so just
-    # needs to be called on system boot.
-    service { $service_name:
-      ensure    => undef,
-      enable    => $enable,
-      hasstatus => true,
-      require   => Package[$package_name],
-    }
+  # This isn't a real service/daemon. The start action loads rules, so just
+  # needs to be called on system boot.
+  service { $service_name:
+    ensure    => undef,
+    enable    => $enable,
+    hasstatus => true,
+    require   => Package[$package_name],
   }
 }

manifests/linux/redhat.pp

@@ -49,9 +49,7 @@
   # RHEL 7 / CentOS 7 and later and Fedora 15 and later require the iptables-services
   # package, which provides the /usr/libexec/iptables/iptables.init used by
   # lib/puppet/util/firewall.rb.
-  if ($::operatingsystem != 'Amazon')
-  and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
-  or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
+  if ($::operatingsystem != 'Amazon') {
     if $firewalld_manage {
       service { 'firewalld':
         ensure => stopped,
@@ -74,9 +72,7 @@
     )
   }
 
-  if ($::operatingsystem != 'Amazon')
-  and (($::operatingsystem != 'Fedora' and versioncmp($::operatingsystemrelease, '7.0') >= 0)
-  or  ($::operatingsystem == 'Fedora' and versioncmp($::operatingsystemrelease, '15') >= 0)) {
+  if ($::operatingsystem != 'Amazon') {
     if $ensure == 'running' {
       exec { '/usr/bin/systemctl daemon-reload':
         require     => Package[$package_name],
@@ -134,13 +130,6 @@
       }
     }
 
-    # Before puppet 4, the autobefore on the firewall type does not work - therefore
-    # we need to keep this workaround here
-    if versioncmp($::puppetversion, '4.0') <= 0 {
-      File<| title == "/etc/sysconfig/${service_name}" |> -> Service<| title == $service_name |>
-      File<| title == "/etc/sysconfig/${service_name_v6}" |> -> Service<| title == $service_name_v6 |>
-    }
-
     # Redhat 7 selinux user context for /etc/sysconfig/iptables is set to system_u
     # Redhat 7 selinux type context for /etc/sysconfig/iptables is set to system_conf_t
     case $::selinux {
@@ -149,11 +138,6 @@
         case $::operatingsystem {
           'CentOS': {
             case $::operatingsystemrelease {
-              /^5\..*/: {
-                $seluser = 'system_u'
-                $seltype = 'etc_t'
-              }
-
               /^6\..*/: {
                 $seluser = 'unconfined_u'
                 $seltype = 'system_conf_t'

manifests/params.pp

@@ -21,9 +21,6 @@
           if versioncmp($::operatingsystemrelease, '34') >= 0 {
             $package_name = 'iptables-services'
             $iptables_name = 'iptables-compat'
-          } elsif versioncmp($::operatingsystemrelease, '15') >= 0 {
-            $package_name = 'iptables-services'
-            $iptables_name = 'iptables'
           } else {
             $iptables_name = 'iptables'
             $package_name = undef

spec/unit/classes/firewall_linux_debian_spec.rb

@@ -3,52 +3,12 @@
 require 'spec_helper'
 
 describe 'firewall::linux::debian', type: :class do
-  context 'with Debian 8' do
-    let(:facts) do
-      {
-        osfamily: 'Debian',
-        operatingsystem: 'Debian',
-        operatingsystemrelease: 'jessie/sid',
-      }
-    end
-
-    it {
-      is_expected.to contain_package('iptables-persistent').with(
-        ensure: 'installed',
-      )
-    }
-    it {
-      is_expected.to contain_service('netfilter-persistent').with(
-        ensure: nil,
-        enable: 'true',
-        require: 'Package[iptables-persistent]',
-      )
-    }
-  end
-
-  context 'with deb8 enable => false' do
-    let(:facts) do
-      {
-        osfamily: 'Debian',
-        operatingsystem: 'Debian',
-        operatingsystemrelease: 'jessie/sid',
-      }
-    end
-    let(:params) { { enable: 'false' } }
-
-    it {
-      is_expected.to contain_service('netfilter-persistent').with(
-        enable: 'false',
-      )
-    }
-  end
-
-  context 'with Debian 8, alt operatingsystem' do
+  context 'with Debian 10' do
     let(:facts) do
       {
         osfamily: 'Debian',
         operatingsystem: 'Debian',
-        operatingsystemrelease: '8.0',
+        operatingsystemrelease: '10.0',
       }
     end
 
@@ -66,12 +26,12 @@
     }
   end
 
-  context 'with deb8, alt operatingsystem, enable => false' do
+  context 'with Debian 10, enable => false' do
     let(:facts) do
       {
         osfamily: 'Debian',
         operatingsystem: 'Debian',
-        operatingsystemrelease: '8.0',
+        operatingsystemrelease: '10',
       }
     end
     let(:params) { { enable: 'false' } }
@@ -83,12 +43,12 @@
     }
   end
 
-  context 'with Debian 10' do
+  context 'with Debian 11' do
     let(:facts) do
       {
         osfamily: 'Debian',
         operatingsystem: 'Debian',
-        operatingsystemrelease: '10.0',
+        operatingsystemrelease: '11.0',
       }
     end
 
@@ -106,12 +66,12 @@
     }
   end
 
-  context 'with Debian 10, enable => false' do
+  context 'with Debian 11, enable => false' do
     let(:facts) do
       {
         osfamily: 'Debian',
         operatingsystem: 'Debian',
-        operatingsystemrelease: '10',
+        operatingsystemrelease: '11',
       }
     end
     let(:params) { { enable: 'false' } }

spec/unit/classes/firewall_linux_redhat_spec.rb

@@ -35,34 +35,10 @@
 
 describe 'firewall::linux::redhat', type: :class do
   ['RedHat', 'CentOS', 'Fedora', 'AlmaLinux'].each do |os|
-    oldreleases = ((os == 'Fedora') ? ['14'] : ['6.5'])
-    newreleases = ((os == 'Fedora') ? ['15', 'Rawhide'] : ['7.0.1406'])
+    releases = ((os == 'Fedora') ? ['36'] : ['7.0.1406'])
     nftablesreleases = ((os == 'Fedora') ? [] : ['8.0'])
 
-    oldreleases.each do |osrel|
-      context "os #{os} and osrel #{osrel}" do
-        let(:facts) do
-          {
-            operatingsystem: os,
-            operatingsystemrelease: osrel,
-            osfamily: 'RedHat',
-            selinux: false,
-            puppetversion: Puppet.version,
-          }
-        end
-
-        it { is_expected.not_to contain_service('firewalld') }
-        it { is_expected.not_to contain_package('iptables-services') }
-        it {
-          is_expected.to contain_file('/etc/sysconfig/iptables')
-          is_expected.to contain_file('/etc/sysconfig/ip6tables')
-        }
-
-        it_behaves_like 'ensures iptables service'
-      end
-    end
-
-    newreleases.each do |osrel|
+    releases.each do |osrel|
       context "os #{os} and osrel #{osrel}" do
         let(:facts) do
           {

spec/unit/classes/firewall_linux_spec.rb

@@ -5,7 +5,7 @@
 describe 'firewall::linux', type: :class do
   ['RedHat', 'CentOS'].each do |os|
     context "Redhat Like: operatingsystem => #{os}" do
-      releases = ['6', '7']
+      releases = ['6', '7', '8']
       releases.each do |osrel|
         context "operatingsystemrelease => #{osrel}" do
           let(:facts) do
@@ -28,7 +28,7 @@
 
   ['Debian', 'Ubuntu'].each do |os|
     context "Debian Like: operatingsystem => #{os}" do
-      releases = ((os == 'Debian') ? ['10'] : ['20.04'])
+      releases = ((os == 'Debian') ? ['10', '11'] : ['20.04', '22.04'])
       releases.each do |osrel|
         let(:facts) do
           {

spec/unit/puppet/provider/ip6tables_spec.rb

@@ -2,11 +2,8 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
-if Puppet::Util::Package.versioncmp(Puppet.version, '3.4.0') < 0
-  require 'puppet/provider/confine/exists'
-else
-  require 'puppet/confine/exists'
-end
+require 'puppet/confine/exists'
+
 provider_class = Puppet::Type.type(:firewall).provider(:ip6tables)
 describe 'ip6tables' do
   let(:params) { { name: '000 test foo', action: 'accept' } }

spec/unit/puppet/provider/iptables_chain_spec.rb

@@ -2,22 +2,12 @@
 # frozen_string_literal: true
 
 require 'spec_helper'
-if Puppet::Util::Package.versioncmp(Puppet.version, '3.4.0') < 0
-  require 'puppet/provider/confine/exists'
-else
-  require 'puppet/confine/exists'
-end
+require 'puppet/confine/exists'
 
 describe 'iptables chain' do
   describe 'iptables chain provider detection' do
-    if Puppet::Util::Package.versioncmp(Puppet.version, '3.4.0') < 0
-      let(:exists) do
-        Puppet::Provider::Confine::Exists
-      end
-    else
-      let(:exists) do
-        Puppet::Confine::Exists
-      end
+    let(:exists) do
+      Puppet::Confine::Exists
     end
 
     before :each do