]> review.fuel-infra Code Review - puppet-modules/puppetlabs-firewall.git/commitdiff
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: cc97a34)
add acceptance test
authoradrianiurca <adrian.iurca@gmail.com>
Mon, 11 Jan 2021 17:17:48 +0000 (19:17 +0200)
committeradrianiurca <adrian.iurca@gmail.com>
Mon, 11 Jan 2021 17:17:48 +0000 (19:17 +0200)
lib/puppet/type/firewall.rb patch | blob | history
spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb patch | blob | history

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index e227aba31541a5fd8e249e569bcbb9e8be873b8f..ba1b79904dc4d182b87af7ad0aea81d1476b425a 100644 (file)
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -2075,7 +2075,11 @@ Puppet::Type.newtype(:firewall) do
       given as an argument.
     PUPPETCODE
     munge do |value|
-      _value = value.split('|').map { |x| x.include?('!') ? x : "|#{x.delete(' ')}|" }.join
+      _value = if value.include?('!')
+                 value.split('|').map { |x| x.include?('!') ? x : "|#{x.delete(' ')}|" }.join
+               else
+                 value.delete(' ')
+               end
     end
   end
 
diff --git a/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb b/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb
index 9db540dd0f5a5ec6aa54a0110054e6eab53886e0..96291e48a6c32eea220c3418eba4b1bef49e3d1f 100644 (file)
--- a/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb
+++ b/spec/acceptance/firewall_attributes_ipv6_happy_path_spec.rb
@@ -272,6 +272,16 @@ describe 'firewall attribute testing, happy path', unless: (os[:family] == 'redh
           action      => accept,
           provider    => 'ip6tables',
         }
+        firewall { '500 allow v6 non-any queries':
+          chain       => 'OUTPUT',
+          proto       => 'udp',
+          dport       => '53',
+          string_hex  => '! |0000ff0001|',
+          string_algo => 'bm',
+          to          => '65535',
+          action      => 'accept',
+          provider    => 'ip6tables',
+        }
       PUPPETCODE
       idempotent_apply(pp)
     end
@@ -379,5 +389,9 @@ describe 'firewall attribute testing, happy path', unless: (os[:family] == 'redh
     it 'checks hex_string value' do
       expect(result.stdout).to match(%r{-A INPUT -p tcp -m string --hex-string "|f46d0425b202000a|" --algo kmp --to 65535 -m comment --comment "812 - hex_string" -j ACCEPT})
     end
+    it 'checks hex_string value which include negation operator' do
+      regex_string = %r{-A OUTPUT -p udp -m multiport --dports 53 -m string ! --hex-string "|0000ff0001|" --algo bm --to 65535 -m comment --comment "500 allow v6 non-any queries" -j ACCEPT}
+      expect(result.stdout).to match(regex_string)
+    end
   end
 end