From 26ad761cedd230299bae0e5f9bf7ecd239371319 Mon Sep 17 00:00:00 2001 From: Trevor Vaughan Date: Fri, 18 Oct 2019 12:56:20 -0400 Subject: [PATCH 1/3] Native type autorequires for the firewalld service * Added an autorequire for each native type that uses firewall-cmd. This is due to what appears to be the requirement that any firewall-cmd activities occur after the service has been started the first time. Running commands prior to the service start can result in malformed configurations being applied to the system which silently break the firewalld service. * Tested against simp/iptables 6.4.0 Closes #224 --- lib/puppet/type/firewalld_direct_chain.rb | 4 ++++ .../type/firewalld_direct_passthrough.rb | 4 ++++ lib/puppet/type/firewalld_direct_purge.rb | 4 ++++ lib/puppet/type/firewalld_direct_rule.rb | 4 ++++ lib/puppet/type/firewalld_ipset.rb | 4 ++++ lib/puppet/type/firewalld_port.rb | 4 ++++ lib/puppet/type/firewalld_rich_rule.rb | 4 ++++ lib/puppet/type/firewalld_service.rb | 7 ++++--- lib/puppet/type/firewalld_zone.rb | 20 +++++++++++-------- 9 files changed, 44 insertions(+), 11 deletions(-) diff --git a/lib/puppet/type/firewalld_direct_chain.rb b/lib/puppet/type/firewalld_direct_chain.rb index a5e8fd13..52ad43a1 100644 --- a/lib/puppet/type/firewalld_direct_chain.rb +++ b/lib/puppet/type/firewalld_direct_chain.rb @@ -45,4 +45,8 @@ def self.title_patterns desc 'Name of the table type to add (e.g: filter, nat, mangle, raw)' isnamevar end + + autorequire(:service) do + ['firewalld'] + end end diff --git a/lib/puppet/type/firewalld_direct_passthrough.rb b/lib/puppet/type/firewalld_direct_passthrough.rb index 5ae5183c..de94a22f 100644 --- a/lib/puppet/type/firewalld_direct_passthrough.rb +++ b/lib/puppet/type/firewalld_direct_passthrough.rb @@ -32,4 +32,8 @@ isnamevar desc 'Name of the passthroughhrough to add (e.g: -A OUTPUT -j OUTPUT_filter)' end + + autorequire(:service) do + ['firewalld'] + end end diff --git a/lib/puppet/type/firewalld_direct_purge.rb b/lib/puppet/type/firewalld_direct_purge.rb index 5df859bf..db2808a3 100644 --- a/lib/puppet/type/firewalld_direct_purge.rb +++ b/lib/puppet/type/firewalld_direct_purge.rb @@ -51,6 +51,10 @@ def generate newvalues('chain', 'passthrough', 'rule') end + autorequire(:service) do + ['firewalld'] + end + def purge? !@purge_resources.empty? end diff --git a/lib/puppet/type/firewalld_direct_rule.rb b/lib/puppet/type/firewalld_direct_rule.rb index f3663179..929c2eff 100644 --- a/lib/puppet/type/firewalld_direct_rule.rb +++ b/lib/puppet/type/firewalld_direct_rule.rb @@ -44,4 +44,8 @@ newparam(:args) do desc ' can be all iptables, ip6tables and ebtables command line arguments' end + + autorequire(:service) do + ['firewalld'] + end end diff --git a/lib/puppet/type/firewalld_ipset.rb b/lib/puppet/type/firewalld_ipset.rb index 141e52bb..43111daa 100644 --- a/lib/puppet/type/firewalld_ipset.rb +++ b/lib/puppet/type/firewalld_ipset.rb @@ -93,4 +93,8 @@ def change_to_s(current, desire) raise(Puppet::Error, "Ipset should not declare entries if it doesn't manage entries") end end + + autorequire(:service) do + ['firewalld'] + end end diff --git a/lib/puppet/type/firewalld_port.rb b/lib/puppet/type/firewalld_port.rb index 99ea6b76..8d25f852 100644 --- a/lib/puppet/type/firewalld_port.rb +++ b/lib/puppet/type/firewalld_port.rb @@ -47,4 +47,8 @@ autorequire(:firewalld_zone) do self[:zone] end + + autorequire(:service) do + ['firewalld'] + end end diff --git a/lib/puppet/type/firewalld_rich_rule.rb b/lib/puppet/type/firewalld_rich_rule.rb index 12d3af63..b8cb7a31 100644 --- a/lib/puppet/type/firewalld_rich_rule.rb +++ b/lib/puppet/type/firewalld_rich_rule.rb @@ -127,4 +127,8 @@ def elements autorequire(:ipset) do self[:source]['ipset'] if self[:source].is_a?(Hash) end + + autorequire(:service) do + ['firewalld'] + end end diff --git a/lib/puppet/type/firewalld_service.rb b/lib/puppet/type/firewalld_service.rb index edef960c..b5db686a 100644 --- a/lib/puppet/type/firewalld_service.rb +++ b/lib/puppet/type/firewalld_service.rb @@ -45,8 +45,9 @@ end autorequire(:service) do - catalog.resources.select do |res| - res.title == "Firewalld::Custom_service[#{self[:service]}]" - end + ['firewalld'] + + catalog.resources.select do |res| + res.title == "Firewalld::Custom_service[#{self[:service]}]" + end end end diff --git a/lib/puppet/type/firewalld_zone.rb b/lib/puppet/type/firewalld_zone.rb index ce08cd79..7561a7d6 100644 --- a/lib/puppet/type/firewalld_zone.rb +++ b/lib/puppet/type/firewalld_zone.rb @@ -52,6 +52,14 @@ def generate desc 'Name of the zone' end + newparam(:description) do + desc 'Description of the zone to add' + end + + newparam(:short) do + desc 'Short description of the zone to add' + end + newproperty(:target) do desc 'Specify the target for the zone' end @@ -151,6 +159,10 @@ def retrieve end end + autorequire(:service) do + ['firewalld'] + end + def purge_resource(res_type) if Puppet.settings[:noop] || self[:noop] Puppet.debug "Would have purged #{res_type.ref}, (noop)" @@ -233,12 +245,4 @@ def purge_ports @ports_purgable = true end end - - newparam(:description) do - desc 'Description of the zone to add' - end - - newparam(:short) do - desc 'Short description of the zone to add' - end end From 4c83eb121971dfc0cf14573614cb72d5d6b83370 Mon Sep 17 00:00:00 2001 From: Trevor Vaughan Date: Fri, 18 Oct 2019 16:26:50 -0400 Subject: [PATCH 2/3] updated spec tests for autorequires --- .../type/firewalld_direct_chain_spec.rb | 15 +++++++++++ .../type/firewalld_direct_passthrough_spec.rb | 15 +++++++++++ .../puppet/type/firewalld_direct_rule_spec.rb | 26 ++++++++++++++++++ spec/unit/puppet/type/firewalld_ipset_spec.rb | 15 +++++++++++ spec/unit/puppet/type/firewalld_port_spec.rb | 15 +++++++++++ .../puppet/type/firewalld_rich_rule_spec.rb | 27 +++++++++++++++++++ .../puppet/type/firewalld_service_spec.rb | 15 +++++++++++ spec/unit/puppet/type/firewalld_zone_spec.rb | 15 +++++++++++ 8 files changed, 143 insertions(+) diff --git a/spec/unit/puppet/type/firewalld_direct_chain_spec.rb b/spec/unit/puppet/type/firewalld_direct_chain_spec.rb index 39ef6c45..b8c09df2 100644 --- a/spec/unit/puppet/type/firewalld_direct_chain_spec.rb +++ b/spec/unit/puppet/type/firewalld_direct_chain_spec.rb @@ -48,4 +48,19 @@ end end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(:name => 'ipv4:filter:LOG_DROPS') + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb b/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb index 9222ec7a..07c1e559 100644 --- a/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb +++ b/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb @@ -51,4 +51,19 @@ provider.destroy end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(:name => '-A OUTPUT -j OUTPUT_filter') + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb index 734209ff..52e5eabd 100644 --- a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb +++ b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb @@ -78,4 +78,30 @@ end end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + let(:attrs) do + { + title: 'Allow SSH', + ensure: 'present', + table: 'filter', + chain: 'OUTPUT', + priority: 1, + args: '-p tcp ---dport=22 -j ACCEPT' + } + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(attrs) + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_ipset_spec.rb b/spec/unit/puppet/type/firewalld_ipset_spec.rb index 67d0afff..ed76135e 100644 --- a/spec/unit/puppet/type/firewalld_ipset_spec.rb +++ b/spec/unit/puppet/type/firewalld_ipset_spec.rb @@ -155,4 +155,19 @@ end.to raise_error(%r{Ipset should not declare entries if it doesn't manage entries}) end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(:name => 'test', hashsize: 128) + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_port_spec.rb b/spec/unit/puppet/type/firewalld_port_spec.rb index 40c97b85..94780628 100644 --- a/spec/unit/puppet/type/firewalld_port_spec.rb +++ b/spec/unit/puppet/type/firewalld_port_spec.rb @@ -20,4 +20,19 @@ end end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(:name => 'test', :port => 1234) + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_rich_rule_spec.rb b/spec/unit/puppet/type/firewalld_rich_rule_spec.rb index 3bf96c76..17cd4bcc 100644 --- a/spec/unit/puppet/type/firewalld_rich_rule_spec.rb +++ b/spec/unit/puppet/type/firewalld_rich_rule_spec.rb @@ -204,4 +204,31 @@ end end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + let(:attrs) do + { + title: 'SSH from barny', + ensure: 'present', + zone: 'restricted', + source: '192.168.1.2/32', + dest: '192.168.99.2/32', + service: 'ssh', + action: 'accept' + } + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(attrs) + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_service_spec.rb b/spec/unit/puppet/type/firewalld_service_spec.rb index 1409a038..5d05e458 100644 --- a/spec/unit/puppet/type/firewalld_service_spec.rb +++ b/spec/unit/puppet/type/firewalld_service_spec.rb @@ -20,4 +20,19 @@ end end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(:name => 'test', :service => 'test') + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end diff --git a/spec/unit/puppet/type/firewalld_zone_spec.rb b/spec/unit/puppet/type/firewalld_zone_spec.rb index f2d6ab74..c3967ae1 100644 --- a/spec/unit/puppet/type/firewalld_zone_spec.rb +++ b/spec/unit/puppet/type/firewalld_zone_spec.rb @@ -161,4 +161,19 @@ end end end + + context 'autorequires' do + before :each do + @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + @catalog = Puppet::Resource::Catalog.new + @catalog.add_resource(@firewalld_service) + end + + it 'should autorequire the firewalld service' do + @resource = described_class.new(:name => 'test') + @catalog.add_resource(@resource) + + expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + end + end end From 6a41607d7b9d4b45a79d146f6fd2620446e9d489 Mon Sep 17 00:00:00 2001 From: Trevor Vaughan Date: Fri, 18 Oct 2019 16:48:41 -0400 Subject: [PATCH 3/3] rubocop --- spec/unit/puppet/type/firewalld_direct_chain_spec.rb | 12 +++++++----- .../puppet/type/firewalld_direct_passthrough_spec.rb | 12 +++++++----- spec/unit/puppet/type/firewalld_direct_rule_spec.rb | 10 ++++++---- spec/unit/puppet/type/firewalld_ipset_spec.rb | 12 +++++++----- spec/unit/puppet/type/firewalld_port_spec.rb | 12 +++++++----- spec/unit/puppet/type/firewalld_rich_rule_spec.rb | 10 ++++++---- spec/unit/puppet/type/firewalld_service_spec.rb | 12 +++++++----- spec/unit/puppet/type/firewalld_zone_spec.rb | 12 +++++++----- 8 files changed, 54 insertions(+), 38 deletions(-) diff --git a/spec/unit/puppet/type/firewalld_direct_chain_spec.rb b/spec/unit/puppet/type/firewalld_direct_chain_spec.rb index b8c09df2..81fe9ebf 100644 --- a/spec/unit/puppet/type/firewalld_direct_chain_spec.rb +++ b/spec/unit/puppet/type/firewalld_direct_chain_spec.rb @@ -50,17 +50,19 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end - it 'should autorequire the firewalld service' do - @resource = described_class.new(:name => 'ipv4:filter:LOG_DROPS') + it 'autorequires the firewalld service' do + @resource = described_class.new(name: 'ipv4:filter:LOG_DROPS') @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb b/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb index 07c1e559..18f6373e 100644 --- a/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb +++ b/spec/unit/puppet/type/firewalld_direct_passthrough_spec.rb @@ -53,17 +53,19 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end - it 'should autorequire the firewalld service' do - @resource = described_class.new(:name => '-A OUTPUT -j OUTPUT_filter') + it 'autorequires the firewalld service' do + @resource = described_class.new(name: '-A OUTPUT -j OUTPUT_filter') @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb index 52e5eabd..840691dc 100644 --- a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb +++ b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb @@ -80,8 +80,9 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end @@ -97,11 +98,12 @@ } end - it 'should autorequire the firewalld service' do + it 'autorequires the firewalld service' do @resource = described_class.new(attrs) @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_ipset_spec.rb b/spec/unit/puppet/type/firewalld_ipset_spec.rb index ed76135e..97ca7cc3 100644 --- a/spec/unit/puppet/type/firewalld_ipset_spec.rb +++ b/spec/unit/puppet/type/firewalld_ipset_spec.rb @@ -157,17 +157,19 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end - it 'should autorequire the firewalld service' do - @resource = described_class.new(:name => 'test', hashsize: 128) + it 'autorequires the firewalld service' do + @resource = described_class.new(name: 'test', hashsize: 128) @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_port_spec.rb b/spec/unit/puppet/type/firewalld_port_spec.rb index 94780628..711883b0 100644 --- a/spec/unit/puppet/type/firewalld_port_spec.rb +++ b/spec/unit/puppet/type/firewalld_port_spec.rb @@ -22,17 +22,19 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end - it 'should autorequire the firewalld service' do - @resource = described_class.new(:name => 'test', :port => 1234) + it 'autorequires the firewalld service' do + @resource = described_class.new(name: 'test', port: 1234) @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_rich_rule_spec.rb b/spec/unit/puppet/type/firewalld_rich_rule_spec.rb index 17cd4bcc..4a4ea999 100644 --- a/spec/unit/puppet/type/firewalld_rich_rule_spec.rb +++ b/spec/unit/puppet/type/firewalld_rich_rule_spec.rb @@ -206,8 +206,9 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end @@ -224,11 +225,12 @@ } end - it 'should autorequire the firewalld service' do + it 'autorequires the firewalld service' do @resource = described_class.new(attrs) @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_service_spec.rb b/spec/unit/puppet/type/firewalld_service_spec.rb index 5d05e458..e880580c 100644 --- a/spec/unit/puppet/type/firewalld_service_spec.rb +++ b/spec/unit/puppet/type/firewalld_service_spec.rb @@ -22,17 +22,19 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end - it 'should autorequire the firewalld service' do - @resource = described_class.new(:name => 'test', :service => 'test') + it 'autorequires the firewalld service' do + @resource = described_class.new(name: 'test', service: 'test') @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end diff --git a/spec/unit/puppet/type/firewalld_zone_spec.rb b/spec/unit/puppet/type/firewalld_zone_spec.rb index c3967ae1..19cb2948 100644 --- a/spec/unit/puppet/type/firewalld_zone_spec.rb +++ b/spec/unit/puppet/type/firewalld_zone_spec.rb @@ -163,17 +163,19 @@ end context 'autorequires' do - before :each do - @firewalld_service = Puppet::Type.type(:service).new(:name => 'firewalld') + # rubocop:disable RSpec/InstanceVariable + before do + @firewalld_service = Puppet::Type.type(:service).new(name: 'firewalld') @catalog = Puppet::Resource::Catalog.new @catalog.add_resource(@firewalld_service) end - it 'should autorequire the firewalld service' do - @resource = described_class.new(:name => 'test') + it 'autorequires the firewalld service' do + @resource = described_class.new(name: 'test') @catalog.add_resource(@resource) - expect(@resource.autorequire.map{|rp| rp.source.to_s}).to include('Service[firewalld]') + expect(@resource.autorequire.map { |rp| rp.source.to_s }).to include('Service[firewalld]') end + # rubocop:enable RSpec/InstanceVariable end end