From 510b48f067a026184ea57a3a8756333147949919 Mon Sep 17 00:00:00 2001 From: Ben Magistro Date: Sun, 26 Jun 2022 17:23:22 -0400 Subject: [PATCH] #193 fix rich rule typed action Fixes: #193 Replaces: #194 Signed-off-by: Ben Magistro --- lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb | 4 ++-- lib/puppet/type/firewalld_rich_rule.rb | 4 ++-- spec/unit/puppet/provider/firewalld_rich_rule_spec.rb | 2 +- spec/unit/puppet/type/firewalld_rich_rule_spec.rb | 7 ++----- 4 files changed, 7 insertions(+), 10 deletions(-) diff --git a/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb b/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb index 311a826c..fe0015e7 100644 --- a/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb +++ b/lib/puppet/provider/firewalld_rich_rule/firewall_cmd.rb @@ -113,8 +113,8 @@ def eval_action return [] unless (action = @resource[:action]) args = [] if action.is_a?(Hash) - args << action[:action] - args << quote_keyval('type', action[:type]) + args << action['action'] + args << quote_keyval('type', action['type']) else args << action end diff --git a/lib/puppet/type/firewalld_rich_rule.rb b/lib/puppet/type/firewalld_rich_rule.rb index 4924b2cc..170d6ba1 100644 --- a/lib/puppet/type/firewalld_rich_rule.rb +++ b/lib/puppet/type/firewalld_rich_rule.rb @@ -122,10 +122,10 @@ def _validate_action(value) end validate do |value| if value.is_a?(Hash) - if value.keys.sort != [:action, :type] + if value.keys.sort != ['action', 'type'] raise Puppet::Error, "Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got #{value}" end - _validate_action(value[:action]) + _validate_action(value['action']) elsif value.is_a?(String) _validate_action(value) end diff --git a/spec/unit/puppet/provider/firewalld_rich_rule_spec.rb b/spec/unit/puppet/provider/firewalld_rich_rule_spec.rb index 86360b48..e599a27f 100644 --- a/spec/unit/puppet/provider/firewalld_rich_rule_spec.rb +++ b/spec/unit/puppet/provider/firewalld_rich_rule_spec.rb @@ -60,7 +60,7 @@ resource.expects(:[]).with(:log).returns(nil) resource.expects(:[]).with(:audit).returns(nil) resource.expects(:[]).with(:raw_rule).returns(nil) - resource.expects(:[]).with(:action).returns(action: 'reject', type: 'icmp-admin-prohibited') + resource.expects(:[]).with(:action).returns('action' => 'reject', 'type' => 'icmp-admin-prohibited') expect(provider.build_rich_rule).to eq('rule family="ipv4" destination address="192.168.0.1/32" service name="ssh" reject type="icmp-admin-prohibited"') end end diff --git a/spec/unit/puppet/type/firewalld_rich_rule_spec.rb b/spec/unit/puppet/type/firewalld_rich_rule_spec.rb index da18d9a0..f8a93da7 100644 --- a/spec/unit/puppet/type/firewalld_rich_rule_spec.rb +++ b/spec/unit/puppet/type/firewalld_rich_rule_spec.rb @@ -42,7 +42,7 @@ expect do described_class.new( title: 'SSH from barny', - action: { type: 'accepted', foo: 'bar' } + action: { 'type' => 'accepted', 'foo' => 'bar' } ) end.to raise_error(%r{Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`}) end @@ -50,7 +50,7 @@ expect do described_class.new( title: 'SSH from barny', - action: { type: 'icmp-admin-prohibited', action: 'accepted' } + action: { 'type' => 'icmp-admin-prohibited', 'action' => 'accepted' } ) end.to raise_error(%r{Authorized action values are `accept`, `reject`, `drop` or `mark`}) end @@ -254,9 +254,6 @@ end let(:fakeclass) { Class.new } let(:provider) { resource.provider } - let(:rawrule) do - 'rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" accept' - end it 'queries the status' do fakeclass.stubs(:exitstatus).returns(0)