EOS
munge do |value|
+ case @resource[:provider]
+ when :iptables
+ protocol = :IPv4
+ when :ip6tables
+ protocol = :IPv6
+ else
+ self.fail("cannot work out protocol family")
+ end
+
begin
- @resource.host_to_mask(value)
+ @resource.host_to_mask(value, protocol)
rescue Exception => e
self.fail("host_to_ip failed for #{value}, exception #{e}")
end
EOS
munge do |value|
+ case @resource[:provider]
+ when :iptables
+ protocol = :IPv4
+ when :ip6tables
+ protocol = :IPv6
+ else
+ self.fail("cannot work out protocol family")
+ end
+
begin
- @resource.host_to_mask(value)
+ @resource.host_to_mask(value, protocol)
rescue Exception => e
self.fail("host_to_ip failed for #{value}, exception #{e}")
end
end
end
- # Takes an address and returns it in CIDR notation.
+ # Takes an address and protocol and returns the address in CIDR notation.
+ #
+ # The protocol is only used when the address is a hostname.
#
# If the address is:
#
# - Any address with a resulting prefix length of zero:
# It will return nil which is equivilent to not specifying an address
#
- def host_to_ip(value)
+ def host_to_ip(value, proto = nil)
begin
value = Puppet::Util::IPCidr.new(value)
rescue
- value = Puppet::Util::IPCidr.new(Resolv.getaddress(value))
+ family = case proto
+ when :IPv4
+ Socket::AF_INET
+ when :IPv6
+ Socket::AF_INET6
+ when nil
+ raise ArgumentError, "Proto must be specified for a hostname"
+ else
+ raise ArgumentError, "Unsupported address family: #{proto}"
+ end
+
+ new_value = nil
+ Resolv.each_address(value) do |addr|
+ begin
+ new_value = Puppet::Util::IPCidr.new(addr, family)
+ break
+ rescue
+ end
+ end
+
+ raise "Failed to resolve hostname #{value}" unless new_value != nil
+ value = new_value
end
return nil if value.prefixlen == 0
value.cidr
end
- # Takes an address mask and converts the host portion to CIDR notation.
+ # Takes an address mask and protocol and converts the host portion to CIDR
+ # notation.
#
# This takes into account you can negate a mask but follows all rules
# defined in host_to_ip for the host/address part.
#
- def host_to_mask(value)
+ def host_to_mask(value, proto)
match = value.match /(!)\s?(.*)$/
- return host_to_ip(value) unless match
+ return host_to_ip(value, proto) unless match
- cidr = host_to_ip(match[2])
+ cidr = host_to_ip(match[2], proto)
return nil if cidr == nil
"#{match[1]} #{cidr}"
end
describe '#host_to_ip' do
subject { resource }
it {
- expect(Resolv).to receive(:getaddress).with('puppetlabs.com').and_return('96.126.112.51')
- expect(subject.host_to_ip('puppetlabs.com')).to eql '96.126.112.51/32'
+ expect(Resolv).to receive(:each_address).at_least(:once).with('puppetlabs.com').and_yield('96.126.112.51').and_yield('2001:DB8:4650::13:8A')
+ expect(subject.host_to_ip('puppetlabs.com', :IPv4)).to eql '96.126.112.51/32'
+ expect(subject.host_to_ip('puppetlabs.com', :IPv6)).to eql '2001:db8:4650::13:8a/128'
}
it { expect(subject.host_to_ip('96.126.112.51')).to eql '96.126.112.51/32' }
it { expect(subject.host_to_ip('96.126.112.51/32')).to eql '96.126.112.51/32' }
describe '#host_to_mask' do
subject { resource }
it {
- expect(Resolv).to receive(:getaddress).at_least(:once).with('puppetlabs.com').and_return('96.126.112.51')
- expect(subject.host_to_mask('puppetlabs.com')).to eql '96.126.112.51/32'
- expect(subject.host_to_mask('!puppetlabs.com')).to eql '! 96.126.112.51/32'
+ expect(Resolv).to receive(:each_address).at_least(:once).with('puppetlabs.com').and_yield('96.126.112.51').and_yield('2001:DB8:4650::13:8A')
+ expect(subject.host_to_mask('puppetlabs.com', :IPv4)).to eql '96.126.112.51/32'
+ expect(subject.host_to_mask('!puppetlabs.com', :IPv4)).to eql '! 96.126.112.51/32'
+ expect(subject.host_to_mask('puppetlabs.com', :IPv6)).to eql '2001:db8:4650::13:8a/128'
+ expect(subject.host_to_mask('!puppetlabs.com', :IPv6)).to eql '! 2001:db8:4650::13:8a/128'
}
- it { expect(subject.host_to_mask('96.126.112.51')).to eql '96.126.112.51/32' }
- it { expect(subject.host_to_mask('!96.126.112.51')).to eql '! 96.126.112.51/32' }
- it { expect(subject.host_to_mask('96.126.112.51/32')).to eql '96.126.112.51/32' }
- it { expect(subject.host_to_mask('! 96.126.112.51/32')).to eql '! 96.126.112.51/32' }
- it { expect(subject.host_to_mask('2001:db8:85a3:0:0:8a2e:370:7334')).to eql '2001:db8:85a3::8a2e:370:7334/128' }
- it { expect(subject.host_to_mask('!2001:db8:85a3:0:0:8a2e:370:7334')).to eql '! 2001:db8:85a3::8a2e:370:7334/128' }
- it { expect(subject.host_to_mask('2001:db8:1234::/48')).to eql '2001:db8:1234::/48' }
- it { expect(subject.host_to_mask('! 2001:db8:1234::/48')).to eql '! 2001:db8:1234::/48' }
- it { expect(subject.host_to_mask('0.0.0.0/0')).to eql nil }
- it { expect(subject.host_to_mask('!0.0.0.0/0')).to eql nil }
- it { expect(subject.host_to_mask('::/0')).to eql nil }
- it { expect(subject.host_to_mask('! ::/0')).to eql nil }
+ it { expect(subject.host_to_mask('96.126.112.51', :IPv4)).to eql '96.126.112.51/32' }
+ it { expect(subject.host_to_mask('!96.126.112.51', :IPv4)).to eql '! 96.126.112.51/32' }
+ it { expect(subject.host_to_mask('96.126.112.51/32', :IPv4)).to eql '96.126.112.51/32' }
+ it { expect(subject.host_to_mask('! 96.126.112.51/32', :IPv4)).to eql '! 96.126.112.51/32' }
+ it { expect(subject.host_to_mask('2001:db8:85a3:0:0:8a2e:370:7334', :IPv6)).to eql '2001:db8:85a3::8a2e:370:7334/128' }
+ it { expect(subject.host_to_mask('!2001:db8:85a3:0:0:8a2e:370:7334', :IPv6)).to eql '! 2001:db8:85a3::8a2e:370:7334/128' }
+ it { expect(subject.host_to_mask('2001:db8:1234::/48', :IPv6)).to eql '2001:db8:1234::/48' }
+ it { expect(subject.host_to_mask('! 2001:db8:1234::/48', :IPv6)).to eql '! 2001:db8:1234::/48' }
+ it { expect(subject.host_to_mask('0.0.0.0/0', :IPv4)).to eql nil }
+ it { expect(subject.host_to_mask('!0.0.0.0/0', :IPv4)).to eql nil }
+ it { expect(subject.host_to_mask('::/0', :IPv6)).to eql nil }
+ it { expect(subject.host_to_mask('! ::/0', :IPv6)).to eql nil }
end
describe '#icmp_name_to_number' do
Code Review / puppet-modules / puppetlabs-firewall.git / commitdiff