lib/puppet/provider/firewall/iptables.rb - comments cleanup for parsing

Per <https://tickets.puppetlabs.com/browse/MODULES-6876>, there are
problems with parsing some iptables rules with space and quotes
(specifically ones created by podman).  This re-clears the comments
field if it made it through earlier parsing.

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 808e289106fb9631da387e033147d37a4f4ec86a..930444b67368b20e46195f36a623b4776e481fac 100644 (file)
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## Unversioned
+
+### iptables.rb
+
+There are cases where spaces and quotes in iptables comments generated by
+mainstream sources (e.g. podman) were causing rules to not parse properly.
+We didn't fix the whole problem, but we removed those comments for parsing
+purposes.1
+
 ## [v3.0.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v3.0.0) (2021-03-01)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.8.1...v3.0.0)

diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 74eb4a1315a9f7abfe51a58397fc5bc3e3dd147b..f423949e7f828e196ab948a925cf5642fc5ba7a8 100644 (file)
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -575,6 +575,11 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa
       keys << :table
     end
 
+    # manually remove comments if they made it this far
+    if values =~ %r{-m comment --comment}
+      values = values.sub(%r{-m comment --comment "((?:\\"|[^"])*)"}, {})
+    end
+
     valrev = values.scan(%r{("([^"\\]|\\.)*"|\S+)}).transpose[0].reverse
 
     if keys.length != valrev.length