Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Remove FreeBSD from Test Kitchen; it's not supported by this cookbook Signed-off-by: Joseph Larionov <[email protected]> * Correct the suite platform matrix in Test Kitchen Suites now correctly test against all compatible platforms for each firewall solution. Signed-off-by: Joseph Larionov <[email protected]> * Add modern platforms and remove obsolete ones Signed-off-by: Joseph Larionov <[email protected]> * Update list of platforms that the cookbook supports Signed-off-by: Joseph Larionov <[email protected]> * Get firewalld working in kitchen-dokken containers Signed-off-by: Joseph Larionov <[email protected]> * Fixed: firewall_rule resource fails on firewalld The resource was specifying --zone when creating --direct rules, which is not allowed for direct rules in firewalld. Fixes #298 Signed-off-by: Joseph Larionov <[email protected]> * Ensure firewalld service remains enabled and started when installed Signed-off-by: Joseph Larionov <[email protected]> * Fixed: New zones are created with forwarding enabled Due to firewalld/firewalld#1438 Signed-off-by: Joseph Larionov <[email protected]> * Fixed: firewalld resources ignore properties whose value is false Signed-off-by: Joseph Larionov <[email protected]> * Test firewalld on all compatible Linux platforms Signed-off-by: Joseph Larionov <[email protected]> * Add support for firewalld 2.0.0 The firewalld_zone resource has been updated to support priority, ingress_priority, and egress_priority zone options introduced in firewalld 2.0.0. As a result, this update extends support to RHEL 10, its derivatives, and Ubuntu 24.04, all of which utilize firewalld 2.0.0 or later. Signed-off-by: Joseph Larionov <[email protected]> * Fixed ufw test when running in kitchen-dokken Signed-off-by: Joseph Larionov <[email protected]> * Disable Oracle 9 iptables test, its iptables package fails to install Signed-off-by: Joseph Larionov <[email protected]> * Fixed: firewalld resources were not idempotent Signed-off-by: Joseph Larionov <[email protected]> * Add firewalld_rich_rule resource Signed-off-by: Joseph Larionov <[email protected]> * Migrate firewall_rule to a modern custom resource Signed-off-by: Joseph Larionov <[email protected]> * Remove deprecated disabled property from firewall resource Signed-off-by: Joseph Larionov <[email protected]> * firewall_rule now implements firewalld rich rules on firewalld platforms Refactors firewalld support to use rich rules instead of the "--direct" interface, which was deprecated with the firewalld 1.0.0 release [1]. Adds IPv6 support for firewalld platforms (fixes #86). [1] https://firewalld.org/2021/06/the-upcoming-1-0-0 Signed-off-by: Joseph Larionov <[email protected]> * Fixed: ufw provider doesn't ensure ufw service is enabled Signed-off-by: Joseph Larionov <[email protected]> * Allow any compatible firewall solution on Linux platforms Signed-off-by: Joseph Larionov <[email protected]> * Pin dokken to Chef 18.3 due to bug in latest Chef container Until chef/chef#14760 is fixed. Signed-off-by: Joseph Larionov <[email protected]> * Add upgrade instructions for this release Signed-off-by: Joseph Larionov <[email protected]> * Linting Signed-off-by: Joseph Larionov <[email protected]> * Run tests with kitchen-dokken in GitHub Actions CI Signed-off-by: Joseph Larionov <[email protected]> --------- Signed-off-by: Joseph Larionov <[email protected]>
- Loading branch information
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -17,46 +17,196 @@ jobs: | |
|
|
||
| integration: | ||
| needs: lint-unit | ||
| runs-on: ubuntu-24.04 | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| include: | ||
| # Default suite | ||
| - suite: default | ||
| os: almalinux-8 | ||
| - suite: default | ||
| os: almalinux-9 | ||
| - suite: default | ||
| os: almalinux-10 | ||
| - suite: default | ||
| os: amazonlinux-2023 | ||
| - suite: default | ||
| os: centos-stream-9 | ||
| - suite: default | ||
| os: centos-stream-10 | ||
| - suite: default | ||
| os: debian-11 | ||
| - suite: default | ||
| os: debian-12 | ||
| - suite: default | ||
| os: fedora-latest | ||
| - suite: default | ||
| os: opensuse-leap-15 | ||
| - suite: default | ||
| os: oracle-8 | ||
| - suite: default | ||
| os: oracle-9 | ||
| - suite: default | ||
| os: rockylinux-8 | ||
| - suite: default | ||
| os: rockylinux-9 | ||
| - suite: default | ||
| os: ubuntu-2204 | ||
| - suite: default | ||
| os: ubuntu-2404 | ||
|
|
||
| # Firewalld simple suite | ||
| - suite: firewalld-simple | ||
| os: almalinux-8 | ||
| - suite: firewalld-simple | ||
| os: almalinux-9 | ||
| - suite: firewalld-simple | ||
| os: almalinux-10 | ||
| - suite: firewalld-simple | ||
| os: amazonlinux-2023 | ||
| - suite: firewalld-simple | ||
| os: centos-stream-9 | ||
| - suite: firewalld-simple | ||
| os: centos-stream-10 | ||
| - suite: firewalld-simple | ||
| os: debian-11 | ||
| - suite: firewalld-simple | ||
| os: debian-12 | ||
| - suite: firewalld-simple | ||
| os: fedora-latest | ||
| - suite: firewalld-simple | ||
| os: opensuse-leap-15 | ||
| - suite: firewalld-simple | ||
| os: oracle-8 | ||
| - suite: firewalld-simple | ||
| os: oracle-9 | ||
| - suite: firewalld-simple | ||
| os: rockylinux-8 | ||
| - suite: firewalld-simple | ||
| os: rockylinux-9 | ||
| - suite: firewalld-simple | ||
| os: ubuntu-2004 | ||
| - suite: firewalld-simple | ||
| os: ubuntu-2204 | ||
| - suite: firewalld-simple | ||
| os: ubuntu-2404 | ||
|
|
||
| # UFW suite | ||
| - suite: ufw | ||
| os: almalinux-8 | ||
| - suite: ufw | ||
| os: almalinux-9 | ||
| - suite: ufw | ||
| os: centos-stream-9 | ||
| - suite: ufw | ||
| os: debian-11 | ||
| - suite: ufw | ||
| os: debian-12 | ||
| # - suite: ufw # Fails on GitHub Actions with: Module ip6_tables not found in directory /lib/modules/6.8.0-1017-azure | ||
| # os: fedora-latest | ||
| - suite: ufw | ||
| os: oracle-8 | ||
| - suite: ufw | ||
| os: oracle-9 | ||
| - suite: ufw | ||
| os: rockylinux-8 | ||
| - suite: ufw | ||
| os: rockylinux-9 | ||
| - suite: ufw | ||
| os: ubuntu-2204 | ||
| - suite: ufw | ||
| os: ubuntu-2404 | ||
|
|
||
| # Iptables suite | ||
| - suite: iptables | ||
| os: almalinux-8 | ||
| - suite: iptables | ||
| os: almalinux-9 | ||
| - suite: iptables | ||
| os: almalinux-10 | ||
| - suite: iptables | ||
| os: amazonlinux-2023 | ||
| - suite: iptables | ||
| os: centos-stream-9 | ||
| - suite: iptables | ||
| os: centos-stream-10 | ||
| - suite: iptables | ||
| os: debian-11 | ||
| - suite: iptables | ||
| os: debian-12 | ||
| # - suite: iptables # Fails on GitHub Actions with: ip6tables.service failed | ||
| # os: fedora-latest | ||
| - suite: iptables | ||
| os: oracle-8 | ||
| - suite: iptables | ||
| os: rockylinux-8 | ||
| - suite: iptables | ||
| os: rockylinux-9 | ||
| - suite: iptables | ||
| os: ubuntu-2204 | ||
| - suite: iptables | ||
| os: ubuntu-2404 | ||
|
|
||
| # NFTables suite | ||
| - suite: nftables | ||
| os: debian-11 | ||
| - suite: nftables | ||
| os: debian-12 | ||
| - suite: nftables | ||
| os: oracle-8 | ||
| - suite: nftables | ||
| os: oracle-9 | ||
|
|
||
| # Firewalld advanced suite | ||
| - suite: firewalld-advanced | ||
| os: almalinux-8 | ||
| - suite: firewalld-advanced | ||
| os: almalinux-9 | ||
| - suite: firewalld-advanced | ||
| os: almalinux-10 | ||
| - suite: firewalld-advanced | ||
| os: amazonlinux-2023 | ||
| - suite: firewalld-advanced | ||
| os: centos-stream-9 | ||
| - suite: firewalld-advanced | ||
| os: centos-stream-10 | ||
| - suite: firewalld-advanced | ||
| os: debian-11 | ||
| - suite: firewalld-advanced | ||
| os: debian-12 | ||
| - suite: firewalld-advanced | ||
| os: fedora-latest | ||
| - suite: firewalld-advanced | ||
| os: opensuse-leap-15 | ||
| - suite: firewalld-advanced | ||
| os: oracle-8 | ||
| - suite: firewalld-advanced | ||
| os: oracle-9 | ||
| - suite: firewalld-advanced | ||
| os: rockylinux-8 | ||
| - suite: firewalld-advanced | ||
| os: rockylinux-9 | ||
| - suite: firewalld-advanced | ||
| os: ubuntu-2204 | ||
| - suite: firewalld-advanced | ||
| os: ubuntu-2404 | ||
|
|
||
| # TODO: Windows suite | ||
| # - suite: windows | ||
| # os: windows-2016 | ||
| # - suite: windows | ||
| # os: windows-2019 | ||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| - name: Install Chef | ||
| uses: actionshub/[email protected] | ||
| - name: Dokken | ||
| uses: actionshub/[email protected] | ||
| env: | ||
| CHEF_LICENSE: accept-no-persist | ||
| KITCHEN_LOCAL_YAML: kitchen.dokken.yml | ||
| with: | ||
| suite: ${{ matrix.suite }} | ||
| os: ${{ matrix.os }} | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.