Skip to content

Commit

Permalink
#193 fix rich rule typed action
Browse files Browse the repository at this point in the history
Fixes: #193
Replaces: #194

Signed-off-by: Ben Magistro <koncept1@gmail.com>
  • Loading branch information
bmagistro authored and jcpunk committed Aug 24, 2023
1 parent 3e06371 commit 510b48f
Show file tree
Hide file tree
Showing 4 changed files with 7 additions and 10 deletions.
4 changes: 2 additions & 2 deletions lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb
Original file line number Diff line number Diff line change
Expand Up @@ -113,8 +113,8 @@ def eval_action
return [] unless (action = @resource[:action])
args = []
if action.is_a?(Hash)
args << action[:action]
args << quote_keyval('type', action[:type])
args << action['action']
args << quote_keyval('type', action['type'])
else
args << action
end
Expand Down
4 changes: 2 additions & 2 deletions lib/puppet/type/firewalld_rich_rule.rb
Original file line number Diff line number Diff line change
Expand Up @@ -122,10 +122,10 @@ def _validate_action(value)
end
validate do |value|
if value.is_a?(Hash)
if value.keys.sort != [:action, :type]
if value.keys.sort != ['action', 'type']
raise Puppet::Error, "Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got #{value}"
end
_validate_action(value[:action])
_validate_action(value['action'])
elsif value.is_a?(String)
_validate_action(value)
end
Expand Down
2 changes: 1 addition & 1 deletion spec/unit/puppet/provider/firewalld_rich_rule_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@
resource.expects(:[]).with(:log).returns(nil)
resource.expects(:[]).with(:audit).returns(nil)
resource.expects(:[]).with(:raw_rule).returns(nil)
resource.expects(:[]).with(:action).returns(action: 'reject', type: 'icmp-admin-prohibited')
resource.expects(:[]).with(:action).returns('action' => 'reject', 'type' => 'icmp-admin-prohibited')
expect(provider.build_rich_rule).to eq('rule family="ipv4" destination address="192.168.0.1/32" service name="ssh" reject type="icmp-admin-prohibited"')
end
end
Expand Down
7 changes: 2 additions & 5 deletions spec/unit/puppet/type/firewalld_rich_rule_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -42,15 +42,15 @@
expect do
described_class.new(
title: 'SSH from barny',
action: { type: 'accepted', foo: 'bar' }
action: { 'type' => 'accepted', 'foo' => 'bar' }
)
end.to raise_error(%r{Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`})
end
it 'raises an error if wrong action hash values' do
expect do
described_class.new(
title: 'SSH from barny',
action: { type: 'icmp-admin-prohibited', action: 'accepted' }
action: { 'type' => 'icmp-admin-prohibited', 'action' => 'accepted' }
)
end.to raise_error(%r{Authorized action values are `accept`, `reject`, `drop` or `mark`})
end
Expand Down Expand Up @@ -254,9 +254,6 @@
end
let(:fakeclass) { Class.new }
let(:provider) { resource.provider }
let(:rawrule) do
'rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" accept'
end

it 'queries the status' do
fakeclass.stubs(:exitstatus).returns(0)
Expand Down

0 comments on commit 510b48f

Please sign in to comment.