/Gemfile.lock
/junit/
/log/
-/log/
/pkg/
/spec/fixtures/manifests/
/spec/fixtures/modules/
/tmp/
/vendor/
/convert_report.txt
-
+/update_report.txt
+.DS_Store
--- /dev/null
+.*.sw[op]
+.metadata
+.yardoc
+.yardwarns
+*.iml
+/.bundle/
+/.idea/
+/.vagrant/
+/coverage/
+/bin/
+/doc/
+/Gemfile.local
+/Gemfile.lock
+/junit/
+/log/
+/pkg/
+/spec/fixtures/manifests/
+/spec/fixtures/modules/
+/tmp/
+/vendor/
+/convert_report.txt
+/update_report.txt
+.DS_Store
Exclude:
- bin/*
- ".vendor/**/*"
- - Gemfile
- - Rakefile
+ - "**/Gemfile"
+ - "**/Rakefile"
- pkg/**/*
- spec/fixtures/**/*
- vendor/**/*
+ - "**/Puppetfile"
+ - "**/Vagrantfile"
+ - "**/Guardfile"
Metrics/LineLength:
Description: People have wide screens, use them.
Max: 200
Style/SymbolArray:
Description: Using percent style obscures symbolic intent of array's contents.
EnforcedStyle: brackets
+RSpec/MessageSpies:
+ EnforcedStyle: receive
+Style/Documentation:
+ Exclude:
+ - lib/puppet/parser/functions/**/*
+Style/WordArray:
+ EnforcedStyle: brackets
Style/CollectionMethods:
Enabled: true
Style/MethodCalledOnDoEndBlock:
- bundle -v
- rm -f Gemfile.lock
- gem update --system
- - gem update bundler
- gem --version
- bundle -v
script:
rvm:
- 2.4.1
env:
- - PUPPET_GEM_VERSION="~> 5.0" CHECK=spec
+ global:
+ - BEAKER_PUPPET_COLLECTION=puppet5 PUPPET_GEM_VERSION="~> 5.0"
matrix:
fast_finish: true
include:
-
bundler_args:
dist: trusty
- env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/centos-7
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=docker/centos-7
rvm: 2.4.1
script: bundle exec rake beaker
services: docker
-
bundler_args:
dist: trusty
- env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/ubuntu-14.04
+ env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=docker/ubuntu-14.04
rvm: 2.4.1
script: bundle exec rake beaker
services: docker
sudo: required
-
- env: CHECK=rubocop
+ env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop"
-
- env: CHECK="syntax lint"
+ env: CHECK=parallel_spec
-
- env: CHECK=metadata_lint
- -
- env: CHECK=release_checks
- -
- env: CHECK=spec
- -
- env: PUPPET_GEM_VERSION="~> 4.0" CHECK=spec
+ env: PUPPET_GEM_VERSION="~> 4.0" CHECK=parallel_spec
rvm: 2.1.9
branches:
only:
--- /dev/null
+--markup markdown
gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0')
gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0')
gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9')
+ gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4')
gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby]
gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby]
gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw]
- gem "puppet-blacksmith", '~> 3.4', require: false
+ gem "puppet-blacksmith", '~> 3.4', require: false, platforms: [:ruby]
end
group :system_tests do
gem "puppet-module-posix-system-r#{minor_version}", require: false, platforms: [:ruby]
facter_version = ENV['FACTER_GEM_VERSION']
hiera_version = ENV['HIERA_GEM_VERSION']
-def puppet_older_than?(version)
- puppet_version = ENV['PUPPET_GEM_VERSION']
- !puppet_version.nil? &&
- Gem::Version.correct?(puppet_version) &&
- Gem::Requirement.new("< #{version}").satisfied_by?(Gem::Version.new(puppet_version.dup))
-end
-
gems = {}
gems['puppet'] = location_for(puppet_version)
# If facter or hiera versions have been specified via the environment
-# variables, use those versions. If not, and if the puppet version is < 3.5.0,
-# use known good versions of both for puppet < 3.5.0.
-if facter_version
- gems['facter'] = location_for(facter_version)
-elsif puppet_type == :gem && puppet_older_than?('3.5.0')
- gems['facter'] = ['>= 1.6.11', '<= 1.7.5', require: false]
-end
-
-if hiera_version
- gems['hiera'] = location_for(ENV['HIERA_GEM_VERSION'])
-elsif puppet_type == :gem && puppet_older_than?('3.5.0')
- gems['hiera'] = ['>= 1.0.0', '<= 1.3.0', require: false]
-end
+# variables
-if Gem.win_platform? && (puppet_type != :gem || puppet_older_than?('3.5.0'))
- # For Puppet gems < 3.5.0 (tested as far back as 3.0.0) on Windows
- if puppet_type == :gem
- gems['ffi'] = ['1.9.0', require: false]
- gems['minitar'] = ['0.5.4', require: false]
- gems['win32-eventlog'] = ['0.5.3', '<= 0.6.5', require: false]
- gems['win32-process'] = ['0.6.5', '<= 0.7.5', require: false]
- gems['win32-security'] = ['~> 0.1.2', '<= 0.2.5', require: false]
- gems['win32-service'] = ['0.7.2', '<= 0.8.8', require: false]
- else
- gems['ffi'] = ['~> 1.9.0', require: false]
- gems['minitar'] = ['~> 0.5.4', require: false]
- gems['win32-eventlog'] = ['~> 0.5', '<= 0.6.5', require: false]
- gems['win32-process'] = ['~> 0.6', '<= 0.7.5', require: false]
- gems['win32-security'] = ['~> 0.1', '<= 0.2.5', require: false]
- gems['win32-service'] = ['~> 0.7', '<= 0.8.8', require: false]
- end
-
- gems['win32-dir'] = ['~> 0.3', '<= 0.4.9', require: false]
-
- if RUBY_VERSION.start_with?('1.')
- gems['win32console'] = ['1.3.2', require: false]
- # sys-admin was removed in Puppet 3.7.0 and doesn't compile under Ruby 2.x
- gems['sys-admin'] = ['1.5.6', require: false]
- end
+gems['facter'] = location_for(facter_version) if facter_version
+gems['hiera'] = location_for(hiera_version) if hiera_version
- # Puppet < 3.7.0 requires these.
- # Puppet >= 3.5.0 gem includes these as requirements.
- # The following versions are tested to work with 3.0.0 <= puppet < 3.7.0.
- gems['win32-api'] = ['1.4.8', require: false]
- gems['win32-taskscheduler'] = ['0.2.2', require: false]
- gems['windows-api'] = ['0.4.3', require: false]
- gems['windows-pr'] = ['1.2.3', require: false]
-elsif Gem.win_platform?
+if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)}
# If we're using a Puppet gem on Windows which handles its own win32-xxx gem
# dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
gems['win32-dir'] = ['<= 0.4.9', require: false]
gems['win32-eventlog'] = ['<= 0.6.5', require: false]
gems['win32-process'] = ['<= 0.7.5', require: false]
gems['win32-security'] = ['<= 0.2.5', require: false]
- gems['win32-service'] = ['<= 0.8.8', require: false]
+ gems['win32-service'] = ['0.8.8', require: false]
end
gems.each do |gem_name, gem_params|
require 'puppetlabs_spec_helper/rake_tasks'
require 'puppet-syntax/tasks/puppet-syntax'
-require 'puppet_blacksmith/rake_tasks'
+require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any?
+
+PuppetLint.configuration.send('disable_relative')
+
Facter.add(:iptables_persistent_version) do
- confine operatingsystem: %w[Debian Ubuntu]
+ confine operatingsystem: ['Debian', 'Ubuntu']
setcode do
# Throw away STDERR because dpkg >= 1.16.7 will make some noise if the
# package isn't currently installed.
# If the jump parameter is set to one of: ACCEPT, REJECT or DROP then
# we should set the action parameter instead.
- if %w[ACCEPT REJECT DROP].include?(hash[:jump])
+ if ['ACCEPT', 'REJECT', 'DROP'].include?(hash[:jump])
hash[:action] = hash[:jump].downcase
hash.delete(:jump)
end
PUPPETCODE
end
- if %w[accept reject drop].include?(value.downcase)
+ if ['accept', 'reject', 'drop'].include?(value.downcase)
raise ArgumentError, <<-PUPPETCODE
Jump destination should not be one of ACCEPT, REJECT or DROP. Use
the action property instead.
PUPPETCODE
end
- if %w[accept reject drop].include?(value.downcase)
+ if ['accept', 'reject', 'drop'].include?(value.downcase)
raise ArgumentError, <<-PUPPETCODE
Goto destination should not be one of ACCEPT, REJECT or DROP. Use
the action property instead.
PUPPETCODE
# iptables uses the cisco DSCP classes as the basis for this flag. Values may be found here:
# 'http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-dscpvalues.html'
- valid_codes = %w[
- af11 af12 af13 af21 af22 af23 af31 af32 af33 af41
- af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef
- ]
+ valid_codes = ['af11', 'af12', 'af13', 'af21', 'af22', 'af23', 'af31', 'af32', 'af33', 'af41', 'af42', 'af43', 'cs1', 'cs2', 'cs3', 'cs4', 'cs5', 'cs6', 'cs7', 'ef']
munge do |value|
unless valid_codes.include? value.downcase
raise ArgumentError, "#{value} is not a valid DSCP Class"
unless protocol.nil?
table = value(:table)
[value(:chain), value(:jump)].each do |chain|
- reqs << "#{chain}:#{table}:#{protocol}" unless chain.nil? || (%w[INPUT OUTPUT FORWARD].include?(chain) && table == :filter)
+ reqs << "#{chain}:#{table}:#{protocol}" unless chain.nil? || (['INPUT', 'OUTPUT', 'FORWARD'].include?(chain) && table == :filter)
end
end
autorequire(:package) do
case value(:provider)
when :iptables, :ip6tables
- %w[iptables iptables-persistent iptables-services]
+ ['iptables', 'iptables-persistent', 'iptables-services']
else
[]
end
autorequire(:service) do
case value(:provider)
when :iptables, :ip6tables
- %w[firewalld iptables ip6tables iptables-persistent netfilter-persistent]
+ ['firewalld', 'iptables', 'ip6tables', 'iptables-persistent', 'netfilter-persistent']
else
[]
end
autorequire(:package) do
case value(:provider)
when :iptables_chain
- %w[iptables iptables-persistent iptables-services]
+ ['iptables', 'iptables-persistent', 'iptables-services']
else
[]
end
autorequire(:service) do
case value(:provider)
when :iptables, :ip6tables
- %w[firewalld iptables ip6tables iptables-persistent netfilter-persistent]
+ ['firewalld', 'iptables', 'ip6tables', 'iptables-persistent', 'netfilter-persistent']
else
[]
end
end
# RHEL 7 and newer also use systemd to persist iptable rules
- if os_key == 'RedHat' && %w[RedHat CentOS Scientific SL SLC Ascendos CloudLinux PSBM OracleLinux OVS OEL XenServer VirtuozzoLinux]
+ if os_key == 'RedHat' && ['RedHat', 'CentOS', 'Scientific', 'SL', 'SLC', 'Ascendos', 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'XenServer', 'VirtuozzoLinux']
.include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7
os_key = 'Fedora'
end
when :RedHat
case proto.to_sym
when :IPv4
- %w[/sbin/service iptables save]
+ ['/sbin/service', 'iptables', 'save']
when :IPv6
- %w[/sbin/service ip6tables save]
+ ['/sbin/service', 'ip6tables', 'save']
end
when :Fedora
case proto.to_sym
when :IPv4
- %w[/usr/libexec/iptables/iptables.init save]
+ ['/usr/libexec/iptables/iptables.init', 'save']
when :IPv6
- %w[/usr/libexec/iptables/ip6tables.init save]
+ ['/usr/libexec/iptables/ip6tables.init', 'save']
end
when :Debian
case proto.to_sym
when :IPv4, :IPv6
if persist_ver && Puppet::Util::Package.versioncmp(persist_ver, '1.0') > 0
- %w[/usr/sbin/service netfilter-persistent save]
+ ['/usr/sbin/service', 'netfilter-persistent', 'save']
else
- %w[/usr/sbin/service iptables-persistent save]
+ ['/usr/sbin/service', 'iptables-persistent', 'save']
end
end
when :Debian_manual
"version_requirement": ">= 4.7.0 < 6.0.0"
}
],
- "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git",
- "template-ref": "1.3.2-0-g07678c8"
+ "template-url": "https://github.com/puppetlabs/pdk-templates",
+ "template-ref": "heads/master-0-g34e3266",
+ "pdk-version": "1.5.0"
}
end
end
- %w[dst_type src_type].each do |type|
+ ['dst_type', 'src_type'].each do |type|
describe type.to_s do
context 'when MULTICAST' do
pp26 = <<-PUPPETCODE
end
end
- %w[dst_type src_type].each do |type|
+ ['dst_type', 'src_type'].each do |type|
describe type.to_s do
context 'when MULTICAST' do
pp65 = <<-PUPPETCODE
action: 'accept',
chain: 'INPUT',
destination: '1.1.1.1/32',
- dport: %w[7061 7062],
+ dport: ['7061', '7062'],
ensure: :present,
line: '-A INPUT -s 1.1.1.1/32 -d 1.1.1.1/32 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061,7062 -j ACCEPT -m comment --comment "000 allow foo"',
name: '000 allow foo',
proto: 'tcp',
provider: 'iptables',
source: '1.1.1.1/32',
- sport: %w[7061 7062],
+ sport: ['7061', '7062'],
table: 'filter',
},
},
line: '-A INPUT -m state --state INVALID,RELATED,ESTABLISHED',
table: 'filter',
params: {
- state: %w[ESTABLISHED INVALID RELATED],
+ state: ['ESTABLISHED', 'INVALID', 'RELATED'],
action: nil,
},
},
line: '-A INPUT -m conntrack --ctstate INVALID,RELATED,ESTABLISHED',
table: 'filter',
params: {
- ctstate: %w[ESTABLISHED INVALID RELATED],
+ ctstate: ['ESTABLISHED', 'INVALID', 'RELATED'],
action: nil,
},
},
action: 'accept',
chain: 'INPUT',
destination: '1.1.1.1',
- dport: %w[7061 7062],
+ dport: ['7061', '7062'],
ensure: :present,
name: '000 allow foo',
proto: 'tcp',
source: '1.1.1.1',
- sport: %w[7061 7062],
+ sport: ['7061', '7062'],
table: 'filter',
},
args: ['-t', :filter, '-s', '1.1.1.1/32', '-d', '1.1.1.1/32', '-p', :tcp, '-m', 'multiport', '--sports', '7061,7062', '-m', 'multiport', '--dports', '7061,7062', '-j', 'ACCEPT', '-m', 'comment', '--comment', '000 allow foo'], # rubocop:disable Metrics/LineLength
name: '700 allow bar',
proto: 'udp',
source: '1.1.1.1',
- sport: %w[7061 7062],
+ sport: ['7061', '7062'],
table: 'filter',
},
args: ['-t', :filter, '-s', '1.1.1.1/32', '-d', '2.10.13.0/24', '-p', :udp, '-m', 'multiport', '--sports', '7061,7062', '-m', 'multiport', '--dports', '7061', '-j', 'my_custom_chain', '-m', 'comment', '--comment', '700 allow bar'], # rubocop:disable Metrics/LineLength
params: {
name: '100 states_set_from_array',
table: 'filter',
- state: %w[ESTABLISHED INVALID],
+ state: ['ESTABLISHED', 'INVALID'],
},
args: ['-t', :filter, '-p', :tcp, '-m', 'state', '--state', 'ESTABLISHED,INVALID', '-m', 'comment', '--comment', '100 states_set_from_array'],
},
params: {
name: '100 ctstates_set_from_array',
table: 'filter',
- ctstate: %w[ESTABLISHED INVALID],
+ ctstate: ['ESTABLISHED', 'INVALID'],
},
args: ['-t', :filter, '-p', :tcp, '-m', 'conntrack', '--ctstate', 'ESTABLISHED,INVALID', '-m', 'comment', '--comment', '100 ctstates_set_from_array'],
},
+
require 'puppetlabs_spec_helper/module_spec_helper'
require 'rspec-puppet-facts'
+
+begin
+ require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb'))
+rescue LoadError => loaderror
+ warn "Could not require spec_helper_local: #{loaderror.message}"
+end
+
include RspecPuppetFacts
default_facts = {
RSpec.configure do |c|
c.default_facts = default_facts
+ c.before :each do
+ # set to strictest setting for testing
+ # by default Puppet runs at warning level
+ Puppet.settings[:strict] = :warning
+ end
end
-require 'spec_helper_local'
require 'beaker/module_install_helper'
def iptables_flush_all_tables
- %w[filter nat mangle raw].each do |t|
+ ['filter', 'nat', 'mangle', 'raw'].each do |t|
expect(shell("iptables -t #{t} -F").stderr).to eq('')
end
end
def ip6tables_flush_all_tables
- %w[filter mangle].each do |t|
+ ['filter', 'mangle'].each do |t|
expect(shell("ip6tables -t #{t} -F").stderr).to eq('')
end
end
end
describe 'firewall::linux::redhat', type: :class do
- %w[RedHat CentOS Fedora].each do |os|
+ ['RedHat', 'CentOS', 'Fedora'].each do |os|
oldreleases = ((os == 'Fedora') ? ['14'] : ['6.5'])
- newreleases = ((os == 'Fedora') ? %w[15 Rawhide] : ['7.0.1406'])
+ newreleases = ((os == 'Fedora') ? ['15', 'Rawhide'] : ['7.0.1406'])
oldreleases.each do |osrel|
context "os #{os} and osrel #{osrel}" do
require 'spec_helper'
describe 'firewall::linux', type: :class do
- %w[RedHat CentOS Fedora].each do |os|
+ ['RedHat', 'CentOS', 'Fedora'].each do |os|
context "Redhat Like: operatingsystem => #{os}" do
- releases = ((os == 'Fedora') ? %w[14 15 Rawhide] : %w[6 7])
+ releases = ((os == 'Fedora') ? ['14', '15', 'Rawhide'] : ['6', '7'])
releases.each do |osrel|
context "operatingsystemrelease => #{osrel}" do
let(:facts) do
end
end
- %w[Debian Ubuntu].each do |os|
+ ['Debian', 'Ubuntu'].each do |os|
context "Debian Like: operatingsystem => #{os}" do
- releases = ((os == 'Debian') ? %w[6 7 8] : ['10.04', '12.04', '14.04'])
+ releases = ((os == 'Debian') ? ['6', '7', '8'] : ['10.04', '12.04', '14.04'])
releases.each do |osrel|
let(:facts) do
{
end
resource_types = [:chain, :source, :destination, :proto, :dport, :sport, :action]
- rule_values = ['INPUT', '1.1.1.1/32', '1.1.1.1/32', 'tcp', %w[7061 7062], %w[7061 7062], 'accept']
+ rule_values = ['INPUT', '1.1.1.1/32', '1.1.1.1/32', 'tcp', ['7061', '7062'], ['7061', '7062'], 'accept']
it 'parsed the rule arguments correctly' do
resource_types.each_with_index do |type, index|
expect(resource[type]).to eq(rule_values[index])
expect(res.parameters[:jump]).to be nil
end
- %w[QUEUE RETURN DNAT SNAT LOG NFLOG MASQUERADE REDIRECT MARK].each do |jump|
+ ['QUEUE', 'RETURN', 'DNAT', 'SNAT', 'LOG', 'NFLOG', 'MASQUERADE', 'REDIRECT', 'MARK'].each do |jump|
it "should accept jump value #{jump}" do
resource[:jump] = jump
expect(resource[:jump]).to eql jump
end
end
- %w[ACCEPT DROP REJECT].each do |jump|
+ ['ACCEPT', 'DROP', 'REJECT'].each do |jump|
it "should now fail when value #{jump}" do
expect(-> { resource[:jump] = jump }).to raise_error(Puppet::Error)
end
end
it "should accept a #{port} as an array" do
- resource[port] = %w[22 23]
- expect(resource[port]).to eql %w[22 23]
+ resource[port] = ['22', '23']
+ expect(resource[port]).to eql ['22', '23']
end
it "should accept a #{port} as a number" do
end
describe ':recent' do
- %w[set update rcheck remove].each do |recent|
+ ['set', 'update', 'rcheck', 'remove'].each do |recent|
it "should accept recent value #{recent}" do
resource[:recent] = recent
expect(resource[:recent]).to eql "--#{recent}"
expect(resource[:uid]).to eql 'root'
end
it 'allows me to set uid as an array, and silently hide my error' do
- resource[:uid] = %w[root bobby]
+ resource[:uid] = ['root', 'bobby']
expect(resource[:uid]).to eql 'root'
end
it 'allows me to set gid' do
expect(resource[:gid]).to eql 'root'
end
it 'allows me to set gid as an array, and silently hide my error' do
- resource[:gid] = %w[root bobby]
+ resource[:gid] = ['root', 'bobby']
expect(resource[:gid]).to eql 'root'
end
end
end
# test where autorequire is still needed (table != filter)
- %w[INPUT OUTPUT FORWARD].each do |test_chain|
+ ['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain|
it "should autorequire fwchain #{test_chain} when table is mangle and provider is undefined" do
resource[param] = test_chain
resource[:table] = :mangle
end
# test of case where autorequire should not happen
- %w[INPUT OUTPUT FORWARD].each do |test_chain|
+ ['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain|
it "should not autorequire fwchain #{test_chain} when table and provider are undefined" do
resource[param] = test_chain
expect(resource[:table]).to be :filter
end
describe ':name' do
- { 'nat' => %w[PREROUTING POSTROUTING INPUT OUTPUT],
- 'mangle' => %w[PREROUTING POSTROUTING INPUT FORWARD OUTPUT],
- 'filter' => %w[INPUT OUTPUT FORWARD],
- 'raw' => %w[PREROUTING OUTPUT],
+ { 'nat' => ['PREROUTING', 'POSTROUTING', 'INPUT', 'OUTPUT'],
+ 'mangle' => ['PREROUTING', 'POSTROUTING', 'INPUT', 'FORWARD', 'OUTPUT'],
+ 'filter' => ['INPUT', 'OUTPUT', 'FORWARD'],
+ 'raw' => ['PREROUTING', 'OUTPUT'],
'broute' => ['BROUTING'],
- 'security' => %w[INPUT OUTPUT FORWARD] }.each_pair do |table, allowedinternalchains|
- %w[IPv4 IPv6 ethernet].each do |protocol|
+ 'security' => ['INPUT', 'OUTPUT', 'FORWARD'] }.each_pair do |table, allowedinternalchains|
+ ['IPv4', 'IPv6', 'ethernet'].each do |protocol|
['test', '$5()*&%\'"^$09):'].each do |chainname|
name = "#{chainname}:#{table}:#{protocol}"
if table == 'nat' && protocol == 'IPv6'
end
end
- %w[PREROUTING POSTROUTING BROUTING INPUT FORWARD OUTPUT].each do |internalchain|
+ ['PREROUTING', 'POSTROUTING', 'BROUTING', 'INPUT', 'FORWARD', 'OUTPUT'].each do |internalchain|
name = internalchain + ':' + table + ':'
name += if internalchain == 'BROUTING'
'ethernet'
describe 'proto unsupported' do
subject(:host) { resource }
- %w[inet5 inet8 foo].each do |proto|
+ ['inet5', 'inet8', 'foo'].each do |proto|
it "should reject invalid proto #{proto}" do
expect { host.icmp_name_to_number('echo-reply', proto) }
.to raise_error(ArgumentError, "unsupported protocol family '#{proto}'")
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('RedHat')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6')
- allow(host).to receive(:execute).with(%w[/sbin/service iptables save])
+ allow(host).to receive(:execute).with(['/sbin/service', 'iptables', 'save'])
host.persist_iptables(proto)
end
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('RedHat')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('7')
- allow(host).to receive(:execute).with(%w[/usr/libexec/iptables/iptables.init save])
+ allow(host).to receive(:execute).with(['/usr/libexec/iptables/iptables.init', 'save'])
host.persist_iptables(proto)
end
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('Fedora')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('15')
- allow(host).to receive(:execute).with(%w[/usr/libexec/iptables/iptables.init save])
+ allow(host).to receive(:execute).with(['/usr/libexec/iptables/iptables.init', 'save'])
host.persist_iptables(proto)
end
allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil)
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('CentOS')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6.5')
- allow(host).to receive(:execute).with(%w[/sbin/service iptables save])
+ allow(host).to receive(:execute).with(['/sbin/service', 'iptables', 'save'])
host.persist_iptables(proto)
end
allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil)
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('CentOS')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('7.0.1406')
- allow(host).to receive(:execute).with(%w[/usr/libexec/iptables/iptables.init save])
+ allow(host).to receive(:execute).with(['/usr/libexec/iptables/iptables.init', 'save'])
host.persist_iptables(proto)
end
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('RedHat')
allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6')
- allow(host).to receive(:execute).with(%w[/sbin/service iptables save]).and_raise(Puppet::ExecutionFailure, 'some error')
+ allow(host).to receive(:execute).with(['/sbin/service', 'iptables', 'save']).and_raise(Puppet::ExecutionFailure, 'some error')
allow(host).to receive(:warning).with('Unable to persist firewall rules: some error')
host.persist_iptables(proto)
end
allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil)
allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('Ubuntu')
allow(Facter.fact(:iptables_persistent_version)).to receive(:value).and_return('0.5.3ubuntu2')
- allow(host).to receive(:execute).with(%w[/usr/sbin/service iptables-persistent save])
+ allow(host).to receive(:execute).with(['/usr/sbin/service', 'iptables-persistent', 'save'])
host.persist_iptables(proto)
end
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff