if self.class.instance_variable_get(:@protocol) == 'IPv6' && properties[:proto] == 'all'
begin
iptables delete_args.concat(['-p', 'all'])
- rescue Puppet::ExecutionFailure => e
+ rescue Puppet::ExecutionFailure => e # rubocop:disable Lint/SuppressedException
end
end
- # rubocop:enable Lint/HandleExceptions
# Check to see if the iptables rule is already gone. This can sometimes
# happen as a side effect of other resource changes. If it's not gone,
'0x2e' => 'ef',
}
[:set_dscp_class].each do |prop|
- [:set_dscp].each do |dmark|
+ [:set_dscp].each do |dmark| # rubocop:disable Performance/CollectionLiteralInLoop
next unless hash[dmark]
hash[prop] = valid_dscp_classes[hash[dmark]]
end
# Convert booleans removing the previous cludge we did
@known_booleans.each do |bool|
- unless [nil, 'true', '!'].include?(hash[bool])
+ unless [nil, 'true', '!'].include?(hash[bool]) # rubocop:disable Performance/CollectionLiteralInLoop
raise "Parser error: #{bool} was meant to be a boolean but received value: #{hash[bool]}."
end
end
elem.tr(':', '-')
end
end
- if hash[:length]
- hash[:length].tr!(':', '-')
- end
+ hash[:length]&.tr!(':', '-')
# Invert any rules that are prefixed with a '!'
[
:src_range,
:state,
].each do |prop|
- if hash[prop] && hash[prop].is_a?(Array)
+ if hash[prop]&.is_a?(Array)
# find if any are negated, then negate all if so
should_negate = hash[prop].index do |value|
value.match(%r{^(!)\s+})
elsif hash[prop]
m = hash[prop].match(%r{^(!?)\s?(.*)})
neg = '! ' if m[1] == '!'
- hash[prop] = if [:source, :destination].include?(prop)
+ hash[prop] = if [:source, :destination].include?(prop) # rubocop:disable Performance/CollectionLiteralInLoop
# Normalise all rules to CIDR notation.
"#{neg}#{Puppet::Util::IPCidr.new(m[2]).cidr}"
else
raise "#{prop} elements must be unique" if resource[prop].map { |type| type.to_s.gsub(%r{--limit-iface-(in|out)}, '') }.uniq.length != resource[prop].length
end
+ complex_args = [:ipset, :dst_type, :src_type]
+
resource_list.each do |res|
resource_value = nil
if resource[res]
# so we insert before whatever the last argument is
args.insert(-2, '!')
elsif resource_value.is_a?(Symbol) && resource_value.to_s.match(%r{^!})
- # ruby 1.8.7 can't .match Symbols ------------------ ^
resource_value = resource_value.to_s.sub!(%r{^!\s*}, '').to_sym
args.insert(-2, '!')
- elsif resource_value.is_a?(Array) && ![:ipset, :dst_type, :src_type].include?(res)
+ elsif resource_value.is_a?(Array) && !complex_args.include?(res)
+
should_negate = resource_value.index do |value|
- # ruby 1.8.7 can't .match symbols
value.to_s.match(%r{^(!)\s+})
end
if should_negate
resource_value, wrong_values = resource_value.map { |value|
if value.is_a?(String)
- # rubocop:disable Metrics/BlockNesting
wrong = value unless %r{^!\s+}.match?(value)
[value.sub(%r{^!\s*}, ''), wrong]
else
}.transpose
wrong_values = wrong_values.compact
unless wrong_values.empty?
- raise "All values of the '#{res}' property must be prefixed with a '!' when inverting, but '#{wrong_values.join("', '")}' #{(wrong_values.length > 1) ? 'are' : 'is'} not prefixed; aborting" # rubocop:disable Layout/LineLength : Line length cannot be reduced
+ raise "All values of the '#{res}' property must be prefixed with a '!' when inverting, but " \
+ "'#{wrong_values.join("', '")}' #{(wrong_values.length > 1) ? 'are' : 'is'} not prefixed; aborting"
end
args.insert(-2, '!')
# rubocop:enable Metrics/BlockNesting
# For sport and dport, convert hyphens to colons since the type
# expects hyphens for ranges of ports.
- if [:sport, :dport, :port].include?(res)
+ if [:sport, :dport, :port].include?(res) # rubocop:disable Performance/CollectionLiteralInLoop
resource_value = resource_value.map do |elem|
elem.tr('-', ':')
end
end
# ipset can accept multiple values with weird iptables arguments
- if [:ipset, :dst_type, :src_type].include?(res)
+ if complex_args.include?(res)
+
resource_value.join(" #{[resource_map[res]].flatten.first} ").split(' ').each do |a|
if a.sub!(%r{^!\s*}, '')
# Negate ipset options
expect { resource[:name] = name }.to raise_error(Puppet::Error)
end
elsif protocol != 'ethernet' && table == 'broute'
- it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample
+ it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample,RSpec/RepeatedDescription
expect { resource[:name] = name }.to raise_error(Puppet::Error)
end
else
expect(resource[:name]).to eql name
end
else
- it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample
+ it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample,RSpec/RepeatedDescription
expect { resource[:name] = name }.to raise_error(Puppet::Error)
end
end
expect(rel.target.ref).to eql resource.ref
end
end
- # rubocop:enable RSpec/ExampleLength
- # rubocop:enable RSpec/MultipleExpectations
end
describe 'purge iptables rules' do
allow(Puppet::Type.type(:firewall).provider(:iptables)).to receive(:iptables_save).and_return(stub_return)
allow(Puppet::Type.type(:firewall).provider(:ip6tables)).to receive(:ip6tables_save).and_return(stub_return)
end
- # rubocop:enable Layout/IndentHeredoc
it 'generates iptables resources' do
allow(Facter.fact(:ip6tables_version)).to receive(:value).and_return('1.4.21')
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff