Merge pull request #136 from dcarley/134-autorequire_packages

(GH-134) Autorequire iptables related packages

lib/puppet/type/firewall.rb

@@ -16,9 +16,16 @@
     This type provides the capability to manage firewall rules within
     puppet.
 
-    **Autorequires:** If Puppet is managing the iptables or ip6tables chains
-    specified in the `chain` or `jump` parameters, the firewall resource
-    will autorequire those firewallchain resources.
+    **Autorequires:**
+
+    If Puppet is managing the iptables or ip6tables chains specified in the
+    `chain` or `jump` parameters, the firewall resource will autorequire
+    those firewallchain resources.
+
+    If Puppet is managing the iptables or iptables-persistent packages, and
+    the provider is iptables or ip6tables, the firewall resource will
+    autorequire those packages to ensure that any required binaries are
+    installed.
   EOS
 
   feature :rate_limiting, "Rate limiting features."
@@ -569,6 +576,17 @@ def should_to_s(value)
     reqs
   end
 
+  # Classes would be a better abstraction, pending:
+  # http://projects.puppetlabs.com/issues/19001
+  autorequire(:package) do
+    case value(:provider)
+    when :iptables, :ip6tables
+      %w{iptables iptables-persistent}
+    else
+      []
+    end
+  end
+
   validate do
     debug("[validate]")
 

lib/puppet/type/firewallchain.rb

@@ -16,6 +16,11 @@
     Currently this supports only iptables, ip6tables and ebtables on Linux. And
     provides support for setting the default policy on chains and tables that
     allow it.
+
+    **Autorequires:**
+    If Puppet is managing the iptables or iptables-persistent packages, and
+    the provider is iptables_chain, the firewall resource will autorequire
+    those packages to ensure that any required binaries are installed.
   EOS
 
   feature :iptables_chain, "The provider provides iptables chain features."
@@ -100,6 +105,17 @@
     end
   end
 
+  # Classes would be a better abstraction, pending:
+  # http://projects.puppetlabs.com/issues/19001
+  autorequire(:package) do
+    case value(:provider)
+    when :iptables_chain
+      %w{iptables iptables-persistent}
+    else
+      []
+    end
+  end
+
   validate do
     debug("[validate]")
 

spec/unit/puppet/type/firewall_spec.rb

@@ -496,4 +496,38 @@
       lambda { @resource[:pkttype] = 'not valid' }.should raise_error(Puppet::Error)
     end
   end
+
+  describe 'autorequire packages' do
+    [:iptables, :ip6tables].each do |provider|
+      it "provider #{provider} should autorequire package iptables" do
+        @resource[:provider] = provider
+        @resource[:provider].should == provider
+        package = Puppet::Type.type(:package).new(:name => 'iptables')
+        catalog = Puppet::Resource::Catalog.new
+        catalog.add_resource @resource
+        catalog.add_resource package
+        rel = @resource.autorequire[0]
+        rel.source.ref.should == package.ref
+        rel.target.ref.should == @resource.ref
+      end
+
+      it "provider #{provider} should autorequire packages iptables and iptables-persistent" do
+        @resource[:provider] = provider
+        @resource[:provider].should == provider
+        packages = [
+          Puppet::Type.type(:package).new(:name => 'iptables'),
+          Puppet::Type.type(:package).new(:name => 'iptables-persistent')
+        ]
+        catalog = Puppet::Resource::Catalog.new
+        catalog.add_resource @resource
+        packages.each do |package|
+          catalog.add_resource package
+        end
+        packages.zip(@resource.autorequire) do |package, rel|
+          rel.source.ref.should == package.ref
+          rel.target.ref.should == @resource.ref
+        end
+      end
+    end
+  end
 end

spec/unit/puppet/type/firewallchain_spec.rb

@@ -104,4 +104,33 @@
 
   end
 
+  describe 'autorequire packages' do
+    it "provider iptables_chain should autorequire package iptables" do
+      resource[:provider].should == :iptables_chain
+      package = Puppet::Type.type(:package).new(:name => 'iptables')
+      catalog = Puppet::Resource::Catalog.new
+      catalog.add_resource resource
+      catalog.add_resource package
+      rel = resource.autorequire[0]
+      rel.source.ref.should == package.ref
+      rel.target.ref.should == resource.ref
+    end
+
+    it "provider iptables_chain should autorequire packages iptables and iptables-persistent" do
+      resource[:provider].should == :iptables_chain
+      packages = [
+        Puppet::Type.type(:package).new(:name => 'iptables'),
+        Puppet::Type.type(:package).new(:name => 'iptables-persistent')
+      ]
+      catalog = Puppet::Resource::Catalog.new
+      catalog.add_resource resource
+      packages.each do |package|
+        catalog.add_resource package
+      end
+      packages.zip(resource.autorequire) do |package, rel|
+        rel.source.ref.should == package.ref
+        rel.target.ref.should == resource.ref
+      end
+    end
+  end
 end