#
# This tries deleting again with -p all to see if that helps.
#
- # rubocop:disable Lint/HandleExceptions
if self.class.instance_variable_get(:@protocol) == 'IPv6' && properties[:proto] == 'all'
begin
iptables delete_args.concat(['-p', 'all'])
# String#lines would be nice, but we need to support Ruby 1.8.5
nf_warning_msg = "# Warning: ip6?tables-legacy tables present, use ip6?tables-legacy-save to see them\n"
iptables_save.gsub(%r{#{nf_warning_msg}}, '').split("\n").each do |line|
- unless line =~ %r{^\#\s+|^\:\S+|^COMMIT|^FATAL}
- if line =~ %r{^\*}
+ unless %r{^\#\s+|^\:\S+|^COMMIT|^FATAL}.match?(line)
+ if %r{^\*}.match?(line)
table = line.sub(%r{\*}, '')
else
hash = rule_to_hash(line, table, counter)
# --condition output is in quotes, need to move ! inside quotes
values.gsub!(%r{(!\s+)?--condition "(\S*?)"}, '--condition "\1\2"')
# --match-set can have multiple values with weird iptables format
- if values =~ %r{-m set (!\s+)?--match-set}
+ if %r{-m set (!\s+)?--match-set}.match?(values)
values = values.gsub(%r{(!\s+)?--match-set (\S*) (\S*)}, '--match-set \1\2 \3')
ind = values.index('-m set --match-set')
sets = values.scan(%r{-m set --match-set ((?:!\s+)?\S* \S*)})
values.insert(ind, "-m set --match-set \"#{sets.join(';')}\" ")
end
# --comment can have multiple values, the same as --match-set
- if values =~ %r{-m comment --comment}
+ if %r{-m comment --comment}.match?(values)
ind = values.index('-m comment --comment')
comments = values.scan(%r{-m comment --comment "((?:\\"|[^"])*)"})
comments += values.scan(%r{-m comment --comment ([^"\s]+)\b})
values = values.gsub(%r{-m comment --comment ([^"].*?)[ $]}, '')
values.insert(ind, "-m comment --comment \"#{comments.join(';')}\" ")
end
- if values =~ %r{-m addrtype (!\s+)?--src-type}
+ if %r{-m addrtype (!\s+)?--src-type}.match?(values)
values = values.gsub(%r{(!\s+)?--src-type (\S*)(\s--limit-iface-(in|out))?}, '--src-type \1\2\3')
ind = values.index('-m addrtype --src-type')
types = values.scan(%r{-m addrtype --src-type ((?:!\s+)?\S*(?: --limit-iface-(?:in|out))?)})
values = values.gsub(%r{-m addrtype --src-type ((?:!\s+)?\S*(?: --limit-iface-(?:in|out))?) ?}, '')
values.insert(ind, "-m addrtype --src-type \"#{types.join(';')}\" ")
end
- if values =~ %r{-m addrtype (!\s+)?--dst-type}
+ if %r{-m addrtype (!\s+)?--dst-type}.match?(values)
values = values.gsub(%r{(!\s+)?--dst-type (\S*)(\s--limit-iface-(in|out))?}, '--dst-type \1\2\3')
ind = values.index('-m addrtype --dst-type')
types = values.scan(%r{-m addrtype --dst-type ((?:!\s+)?\S*(?: --limit-iface-(?:in|out))?)})
############
# Here we iterate across our values to generate an array of keys
- parser_list.reverse.each do |k|
+ parser_list.reverse_each do |k|
resource_map_key = resource_map[k]
[resource_map_key].flatten.each do |opt|
if values.slice!(%r{\s#{opt}})
end
# Manually remove chain
- if values =~ %r{(\s|^)-A\s}
+ if %r{(\s|^)-A\s}.match?(values)
values = values.sub(%r{(\s|^)-A\s}, '\1')
keys << :chain
end
# Manually remove table (used in some tests)
- if values =~ %r{^-t\s}
+ if %r{^-t\s}.match?(values)
values = values.sub(%r{^-t\s}, '')
keys << :table
end
# string, handling any quoted characters present in the value, and then
# zipping the values with the array of keys.
keys.zip(valrev) do |f, v|
- hash[f] = if v =~ %r{^".*"$}
+ hash[f] = if %r{^".*"$}.match?(v)
v.sub(%r{^"(.*)"$}, '\1').gsub(%r{\\(\\|'|")}, '\1')
else
v.dup
resource_value, wrong_values = resource_value.map { |value|
if value.is_a?(String)
# rubocop:disable Metrics/BlockNesting
- wrong = value unless value =~ %r{^!\s+}
+ wrong = value unless %r{^!\s+}.match?(value)
[value.sub(%r{^!\s*}, ''), wrong]
else
[value, nil]
re: %r{^:(.+)\s(\S+)$},
},
}.freeze
- INTERNAL_CHAINS = %r{^(PREROUTING|POSTROUTING|BROUTING|INPUT|FORWARD|OUTPUT)$}
- TABLES = 'nat|mangle|filter|raw|rawpost|broute|security'.freeze
- NAME_FORMAT = %r{^(.+):(#{TABLES}):(IP(v[46])?|ethernet)$}
+ INTERNAL_CHAINS = %r{^(PREROUTING|POSTROUTING|BROUTING|INPUT|FORWARD|OUTPUT)$}.freeze
+ TABLES = 'nat|mangle|filter|raw|rawpost|broute|security'
+ NAME_FORMAT = %r{^(.+):(#{TABLES}):(IP(v[46])?|ethernet)$}.freeze
def create
allvalidchains do |t, chain, table, protocol|
- if chain =~ INTERNAL_CHAINS
+ if INTERNAL_CHAINS.match?(chain)
# can't create internal chains
warning "Attempting to create internal chain #{@resource[:name]}"
end
def destroy
allvalidchains do |t, chain, table|
- if chain =~ INTERNAL_CHAINS
+ if INTERNAL_CHAINS.match?(chain)
# can't delete internal chains
warning "Attempting to destroy internal chain #{@resource[:name]}"
else
def exists?
allvalidchains do |_t, chain|
- if chain =~ INTERNAL_CHAINS
+ if INTERNAL_CHAINS.match?(chain)
# If the chain isn't present, it's likely because the module isn't loaded.
# If this is true, then we fall into 2 cases
# 1) It'll be loaded on demand
next
end
end
- rescue Puppet::Error # rubocop:disable Lint/HandleExceptions
+ rescue Puppet::Error
# ignore command not found for ebtables or anything that doesn't exist
end
end
PUPPETCODE
validate do |value|
- unless value =~ %r{^[a-zA-Z0-9\-_]+$}
+ unless %r{^[a-zA-Z0-9\-_]+$}.match?(value)
raise ArgumentError, <<-PUPPETCODE
Jump destination must consist of alphanumeric characters, an
underscore or a hyphen.
PUPPETCODE
validate do |value|
- unless value =~ %r{^[a-zA-Z0-9\-_]+$}
+ unless %r{^[a-zA-Z0-9\-_]+$}.match?(value)
raise ArgumentError, <<-PUPPETCODE
Goto destination must consist of alphanumeric characters, an
underscore or a hyphen.
PUPPETCODE
validate do |value|
- unless value =~ %r{^\d+$}
+ unless %r{^\d+$}.match?(value)
raise ArgumentError, <<-PUPPETCODE
stat_every value must be a digit
PUPPETCODE
PUPPETCODE
munge do |value|
- if value =~ %r{^([0-9]):}
+ if %r{^([0-9]):}.match?(value)
value = "0#{value}"
end
- if value =~ %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$}
+ if %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$}.match?(value)
value = "#{value}:00"
end
PUPPETCODE
munge do |value|
- if value =~ %r{^([0-9]):}
+ if %r{^([0-9]):}.match?(value)
value = "0#{value}"
end
- if value =~ %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$}
+ if %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$}.match?(value)
value = "#{value}:00"
end
# Now we analyse the individual properties to make sure they apply to
# the correct combinations.
if value(:uid)
- unless value(:chain).to_s =~ %r{OUTPUT|POSTROUTING}
+ unless %r{OUTPUT|POSTROUTING}.match?(value(:chain).to_s)
raise 'Parameter uid only applies to chains ' \
'OUTPUT,POSTROUTING'
end
end
if value(:gid)
- unless value(:chain).to_s =~ %r{OUTPUT|POSTROUTING}
+ unless %r{OUTPUT|POSTROUTING}.match?(value(:chain).to_s)
raise 'Parameter gid only applies to chains ' \
'OUTPUT,POSTROUTING'
end
end
if value(:dport)
- unless value(:proto).to_s =~ %r{tcp|udp|sctp}
+ unless %r{tcp|udp|sctp}.match?(value(:proto).to_s)
raise '[%s] Parameter dport only applies to sctp, tcp and udp ' \
'protocols. Current protocol is [%s] and dport is [%s]' %
[value(:name), should(:proto), should(:dport)]
end
if value(:jump).to_s == 'DNAT'
- unless value(:table).to_s =~ %r{nat}
+ unless %r{nat}.match?(value(:table).to_s)
raise 'Parameter jump => DNAT only applies to table => nat'
end
end
if value(:jump).to_s == 'SNAT'
- unless value(:table).to_s =~ %r{nat}
+ unless %r{nat}.match?(value(:table).to_s)
raise 'Parameter jump => SNAT only applies to table => nat'
end
end
if value(:jump).to_s == 'MASQUERADE'
- unless value(:table).to_s =~ %r{nat}
+ unless %r{nat}.match?(value(:table).to_s)
raise 'Parameter jump => MASQUERADE only applies to table => nat'
end
end
end
if value(:jump).to_s == 'CT'
- unless value(:table).to_s =~ %r{raw}
+ unless %r{raw}.match?(value(:table).to_s)
raise 'Parameter jump => CT only applies to table => raw'
end
end
protocol = Regexp.last_match(3)
case table
when 'filter'
- if chain =~ %r{^(PREROUTING|POSTROUTING|BROUTING)$}
+ if %r{^(PREROUTING|POSTROUTING|BROUTING)$}.match?(chain)
raise ArgumentError, "INPUT, OUTPUT and FORWARD are the only inbuilt chains that can be used in table 'filter'"
end
when 'mangle'
raise ArgumentError, "PREROUTING, POSTROUTING, INPUT, FORWARD and OUTPUT are the only inbuilt chains that can be used in table 'mangle'"
end
when 'nat'
- if chain =~ %r{^(BROUTING|FORWARD)$}
+ if %r{^(BROUTING|FORWARD)$}.match?(chain)
raise ArgumentError, "PREROUTING, POSTROUTING, INPUT, and OUTPUT are the only inbuilt chains that can be used in table 'nat'"
end
if Gem::Version.new(Facter['kernelmajversion'].value.dup) < Gem::Version.new('3.7') && protocol =~ %r{^(IP(v6)?)?$}
raise ArgumentError, "table nat isn't valid in IPv6. You must specify ':IPv4' as the name suffix"
end
when 'raw'
- if chain =~ %r{^(POSTROUTING|BROUTING|INPUT|FORWARD)$}
+ if %r{^(POSTROUTING|BROUTING|INPUT|FORWARD)$}.match?(chain)
raise ArgumentError, 'PREROUTING and OUTPUT are the only inbuilt chains in the table \'raw\''
end
when 'broute'
if protocol != 'ethernet'
raise ArgumentError, 'BROUTE is only valid with protocol \'ethernet\''
end
- if chain =~ %r{^PREROUTING|POSTROUTING|INPUT|FORWARD|OUTPUT$}
+ if %r{^PREROUTING|POSTROUTING|INPUT|FORWARD|OUTPUT$}.match?(chain)
raise ArgumentError, 'BROUTING is the only inbuilt chain allowed on on table \'broute\''
end
when 'security'
- if chain =~ %r{^(PREROUTING|POSTROUTING|BROUTING)$}
+ if %r{^(PREROUTING|POSTROUTING|BROUTING)$}.match?(chain)
raise ArgumentError, "INPUT, OUTPUT and FORWARD are the only inbuilt chains that can be used in table 'security'"
end
end
module Puppet::Util::Firewall
# Translate the symbolic names for icmp packet types to integers
def icmp_name_to_number(value_icmp, protocol)
- if value_icmp =~ %r{\d{1,2}$}
+ if %r{\d{1,2}$}.match?(value_icmp)
value_icmp
elsif protocol == 'inet'
case value_icmp
# Convert log_level names to their respective numbers
def log_level_name_to_number(value)
- if value =~ %r{\A[0-7]\z}
+ if %r{\A[0-7]\z}.match?(value)
value
else
case value
# nothing.
def string_to_port(value, proto)
proto = proto.to_s
- unless proto =~ %r{^(tcp|udp)$}
+ unless %r{^(tcp|udp)$}.match?(proto)
proto = 'tcp'
end
m = value.to_s.match(%r{^(!\s+)?(\S+)})
- return "#{m[1]}#{m[2]}" if m[2] =~ %r{^\d+(-\d+)?$}
+ return "#{m[1]}#{m[2]}" if %r{^\d+(-\d+)?$}.match?(m[2])
"#{m[1]}#{Socket.getservbyname(m[2], proto)}"
end
begin
new_value = Puppet::Util::IPCidr.new(addr, family)
break
- rescue # rubocop:disable Lint/HandleExceptions
+ rescue
end
end
if value.between?(0, 0xffffffff)
return '0x' + value.to_s(16)
end
- rescue ArgumentError # rubocop:disable Lint/HandleExceptions
+ rescue ArgumentError
# pass
end
nil
def initialize(ipaddr, family = Socket::AF_UNSPEC)
super(ipaddr, family)
rescue ArgumentError => e
- raise ArgumentError, "Invalid address from IPAddr.new: #{ipaddr}" if e.message =~ %r{invalid address}
+ raise ArgumentError, "Invalid address from IPAddr.new: #{ipaddr}" if %r{invalid address}.match?(e.message)
raise e
end
end
it 'notrack is set' do
notrack_rule = '-A PREROUTING -p udp -m multiport --dports 53 -m comment --comment "004 do not track UDP connections to port 53" -j CT --notrack'
- notrack_rule = '-A PREROUTING -p udp -m multiport --dports 53 -m comment --comment "004 do not track UDP connections to port 53" -j NOTRACK' if os[:family] == 'redhat' && [5, 6].include?(os[:release].to_i)
+ notrack_rule = '-A PREROUTING -p udp -m multiport --dports 53 -m comment --comment "004 do not track UDP connections to port 53" -j NOTRACK' if os[:family] == 'redhat' && [5,
+ 6].include?(os[:release].to_i)
expect(result.stdout).to match(%r{#{notrack_rule}})
end
end
'Debian' => '0.0.20090701',
'Ubuntu' => '0.5.3ubuntu2',
}.each do |os, ver|
-
if os == 'Debian'
os_release = '8.0'
elsif os == 'Ubuntu'
end
[:accept, :drop, :reject].each do |action|
- it "should accept value #{action}" do
+ it "accepts value #{action}" do
resource[:action] = action
expect(resource[:action]).to eql action
end
describe ':chain' do
[:INPUT, :FORWARD, :OUTPUT, :PREROUTING, :POSTROUTING].each do |chain|
- it "should accept chain value #{chain}" do
+ it "accepts chain value #{chain}" do
resource[:chain] = chain
expect(resource[:chain]).to eql chain
end
describe ':table' do
[:nat, :mangle, :filter, :raw].each do |table|
- it "should accept table value #{table}" do
+ it "accepts table value #{table}" do
resource[:table] = table
expect(resource[:table]).to eql table
end
describe ':proto' do
[:ip, :tcp, :udp, :icmp, :esp, :ah, :vrrp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :pim, :all].each do |proto|
- it "should accept proto value #{proto}" do
+ it "accepts proto value #{proto}" do
resource[:proto] = proto
expect(resource[:proto]).to eql proto
end
end
['QUEUE', 'RETURN', 'DNAT', 'SNAT', 'LOG', 'NFLOG', 'MASQUERADE', 'REDIRECT', 'MARK'].each do |jump|
- it "should accept jump value #{jump}" do
+ it "accepts jump value #{jump}" do
resource[:jump] = jump
expect(resource[:jump]).to eql jump
end
end
['ACCEPT', 'DROP', 'REJECT'].each do |jump|
- it "should now fail when value #{jump}" do
+ it "nows fail when value #{jump}" do
expect(-> { resource[:jump] = jump }).to raise_error(Puppet::Error)
end
end
[:source, :destination].each do |addr|
describe addr do
- it "should accept a #{addr} as a string" do
+ it "accepts a #{addr} as a string" do
resource[addr] = '127.0.0.1'
expect(resource[addr]).to eql '127.0.0.1/32'
end
['0.0.0.0/0', '::/0'].each do |prefix|
- it "should be nil for zero prefix length address #{prefix}" do
+ it "is nil for zero prefix length address #{prefix}" do
resource[addr] = prefix
expect(resource[addr]).to be nil
end
end
- it "should accept a negated #{addr} as a string" do
+ it "accepts a negated #{addr} as a string" do
resource[addr] = '! 127.0.0.1'
expect(resource[addr]).to eql '! 127.0.0.1/32'
end
[:dport, :sport].each do |port|
describe port do
- it "should accept a #{port} as string" do
+ it "accepts a #{port} as string" do
resource[port] = '22'
expect(resource[port]).to eql ['22']
end
- it "should accept a #{port} as an array" do
+ it "accepts a #{port} as an array" do
resource[port] = ['22', '23']
expect(resource[port]).to eql ['22', '23']
end
- it "should accept a #{port} as a number" do
+ it "accepts a #{port} as a number" do
resource[port] = 22
expect(resource[port]).to eql ['22']
end
- it "should accept a #{port} as a hyphen separated range" do
+ it "accepts a #{port} as a hyphen separated range" do
resource[port] = ['22-1000']
expect(resource[port]).to eql ['22-1000']
end
it "should accept a #{port} as a combination of arrays of single and " \
'hyphen separated ranges' do
-
resource[port] = ['22-1000', '33', '3000-4000']
expect(resource[port]).to eql ['22-1000', '33', '3000-4000']
end
- it "should convert a port name for #{port} to its number" do
+ it "converts a port name for #{port} to its number" do
resource[port] = 'ssh'
expect(resource[port]).to eql ['22']
end
- it "should not accept something invalid for #{port}" do
+ it "does not accept something invalid for #{port}" do
expect { resource[port] = 'something odd' }.to raise_error(Puppet::Error, %r{^Parameter .+ failed.+Munging failed for value ".+" in class .+: no such service})
end
- it "should not accept something invalid in an array for #{port}" do
+ it "does not accept something invalid in an array for #{port}" do
expect { resource[port] = ['something odd', 'something even odder'] }.to raise_error(Puppet::Error, %r{^Parameter .+ failed.+Munging failed for value ".+" in class .+: no such service})
end
end
:UNREACHABLE, :PROHIBIT, :THROW, :NAT, :XRESOLVE].each do |type|
['! ', ''].each do |negation|
['', ' --limit-iface-in', ' --limit-iface-out'].each do |limit|
- it "should accept #{addrtype} value #{negation}#{type}#{limit}" do
+ it "accepts #{addrtype} value #{negation}#{type}#{limit}" do
resource[addrtype] = type
expect(resource[addrtype]).to eql [type]
end
end
end
- it "should fail when #{addrtype} value is not recognized" do
+ it "fails when #{addrtype} value is not recognized" do
expect(-> { resource[addrtype] = 'foo' }).to raise_error(Puppet::Error)
end
end
[:iniface, :outiface].each do |iface|
describe iface do
- it "should accept #{iface} value as a string" do
+ it "accepts #{iface} value as a string" do
resource[iface] = 'eth1'
expect(resource[iface]).to eql 'eth1'
end
- it "should accept a negated #{iface} value as a string" do
+ it "accepts a negated #{iface} value as a string" do
resource[iface] = '! eth1'
expect(resource[iface]).to eql '! eth1'
end
- it "should accept an interface alias for the #{iface} value as a string" do
+ it "accepts an interface alias for the #{iface} value as a string" do
resource[iface] = 'eth1:2'
expect(resource[iface]).to eql 'eth1:2'
end
[:tosource, :todest, :to].each do |addr|
describe addr do
- it "should accept #{addr} value as a string" do
+ it "accepts #{addr} value as a string" do
resource[addr] = '127.0.0.1'
end
end
[:ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst].each do |addr|
describe addr do
- it "should accept a #{addr} as a string without /32" do
+ it "accepts a #{addr} as a string without /32" do
resource[addr] = '127.0.0.1'
expect(resource[addr]).to eql '127.0.0.1'
end
- it "should accept a #{addr} as a string with /32" do
+ it "accepts a #{addr} as a string with /32" do
resource[addr] = '127.0.0.1/32'
expect(resource[addr]).to eql '127.0.0.1'
end
- it "should accept a #{addr} as a string with cidr" do
+ it "accepts a #{addr} as a string with cidr" do
resource[addr] = '10.0.0.0/8'
expect(resource[addr]).to eql '10.0.0.0/8'
end
- it "should accept a #{addr} as a string with ipv6 cidr" do
+ it "accepts a #{addr} as a string with ipv6 cidr" do
resource[addr] = '2001:DB8::/64'
expect(resource[addr]).to eql '2001:DB8::/64'
end
- it "should accept a negated #{addr} as a string" do
+ it "accepts a negated #{addr} as a string" do
resource[addr] = '! 127.0.0.1'
expect(resource[addr]).to eql '! 127.0.0.1'
end
- it "should accept a negated #{addr} as a string with cidr" do
+ it "accepts a negated #{addr} as a string with cidr" do
resource[addr] = '! 10.0.0.0/8'
expect(resource[addr]).to eql '! 10.0.0.0/8'
end
[:ctorigsrcport, :ctorigdstport, :ctreplsrcport, :ctrepldstport].each do |port|
describe port do
- it "should accept #{port} as numeric value" do
+ it "accepts #{port} as numeric value" do
resource[port] = 80
expect(resource[port]).to be 80
end
- it "should accept #{port} as range value" do
+ it "accepts #{port} as range value" do
resource[port] = '80:81'
expect(resource[port]).to eql '80:81'
end
- it "should accept a negated #{port} as string value" do
+ it "accepts a negated #{port} as string value" do
resource[port] = '! 80'
expect(resource[port]).to eql '! 80'
end
- it "should accept a negated #{port} as range value" do
+ it "accepts a negated #{port} as range value" do
resource[port] = '! 80:81'
expect(resource[port]).to eql '! 80:81'
end
describe ':recent' do
['set', 'update', 'rcheck', 'remove'].each do |recent|
- it "should accept recent value #{recent}" do
+ it "accepts recent value #{recent}" do
resource[:recent] = recent
expect(resource[:recent]).to eql "--#{recent}"
end
end
['/', '1000/', 'pwnie'].each do |bad_mark|
- it "should fail with malformed mark '#{bad_mark}'" do
+ it "fails with malformed mark '#{bad_mark}'" do
expect(-> { resource[:set_mark] = bad_mark }).to raise_error(Puppet::Error)
end
end
# test where autorequire is still needed (table != filter)
['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain|
- it "should autorequire fwchain #{test_chain} when table is mangle and provider is undefined" do
+ it "autorequires fwchain #{test_chain} when table is mangle and provider is undefined" do
resource[param] = test_chain
resource[:table] = :mangle
expect(resource[:provider]).to be :iptables
expect(rel.target.ref).to eql resource.ref
end
- it "should autorequire fwchain #{test_chain} when table is mangle and provider is ip6tables" do
+ it "autorequires fwchain #{test_chain} when table is mangle and provider is ip6tables" do
resource[param] = test_chain
resource[:table] = :mangle
resource[:provider] = :ip6tables
# test of case where autorequire should not happen
['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain|
- it "should not autorequire fwchain #{test_chain} when table and provider are undefined" do
+ it "does not autorequire fwchain #{test_chain} when table and provider are undefined" do
resource[param] = test_chain
expect(resource[:table]).to be :filter
expect(resource[:provider]).to be :iptables
expect(rel).to be nil
end
- it "should not autorequire fwchain #{test_chain} when table is undefined and provider is ip6tables" do
+ it "does not autorequire fwchain #{test_chain} when table is undefined and provider is ip6tables" do
resource[param] = test_chain
expect(resource[:table]).to be :filter
resource[:provider] = :ip6tables
describe ':pkttype' do
[:multicast, :broadcast, :unicast].each do |pkttype|
- it "should accept pkttype value #{pkttype}" do
+ it "accepts pkttype value #{pkttype}" do
resource[:pkttype] = pkttype
expect(resource[:pkttype]).to eql pkttype
end
['test', '$5()*&%\'"^$09):'].each do |chainname|
name = "#{chainname}:#{table}:#{protocol}"
if table == 'nat' && protocol == 'IPv6'
- it "should accept #{name} for Linux 3.7+" do
+ it "accepts #{name} for Linux 3.7+" do
allow(Facter.fact(:kernelmajversion)).to receive(:value).and_return('3.7')
resource[:name] = name
expect(resource[:name]).to eql name
end
- it "should fail #{name} for Linux 2.6" do
+ it "fails #{name} for Linux 2.6" do
allow(Facter.fact(:kernelmajversion)).to receive(:value).and_return('2.6')
expect { resource[:name] = name }.to raise_error(Puppet::Error)
end
elsif protocol != 'ethernet' && table == 'broute'
- it "should fail #{name}" do # rubocop:disable RSpec/RepeatedExample
+ it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample
expect { resource[:name] = name }.to raise_error(Puppet::Error)
end
else
- it "should accept name #{name}" do # rubocop:disable RSpec/RepeatedExample
+ it "accepts name #{name}" do # rubocop:disable RSpec/RepeatedExample
resource[:name] = name
expect(resource[:name]).to eql name
end
'IPv4'
end
if allowedinternalchains.include? internalchain
- it "should allow #{name}" do # rubocop:disable RSpec/RepeatedExample
+ it "allows #{name}" do # rubocop:disable RSpec/RepeatedExample
resource[:name] = name
expect(resource[:name]).to eql name
end
else
- it "should fail #{name}" do # rubocop:disable RSpec/RepeatedExample
+ it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample
expect { resource[:name] = name }.to raise_error(Puppet::Error)
end
end
describe ':policy' do
[:accept, :drop, :queue, :return].each do |policy|
- it "should accept policy #{policy}" do
+ it "accepts policy #{policy}" do
resource[:policy] = policy
expect(resource[:policy]).to eql policy
end
subject(:host) { resource }
['inet5', 'inet8', 'foo'].each do |proto|
- it "should reject invalid proto #{proto}" do
+ it "rejects invalid proto #{proto}" do
expect { host.icmp_name_to_number('echo-reply', proto) }
.to raise_error(ArgumentError, "unsupported protocol family '#{proto}'")
end
end
describe '#persist_iptables' do
- before(:each) { Facter.clear }
subject(:host) { resource }
+ before(:each) { Facter.clear }
+
# rubocop:disable RSpec/SubjectStub
describe 'when proto is IPv4' do
let(:proto) { 'IPv4' }
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff