From: Sharif Nassar <sharif@mediatemple.net>
Date: Fri, 16 Nov 2012 20:49:18 +0000 (-0800)
Subject: (#16004) array_matching is contraindicated.
X-Git-Tag: 0.1.0~13^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=5a0e9721519fc6272dd3ed44ff222d313e9031fe;p=puppet-modules%2Fpuppetlabs-firewall.git

(#16004) array_matching is contraindicated.

With ":array_matching =>:all", uid/gid rules are reloaded with every
Puppet run.  This is ugly and annoying, and arguably wrong.
---

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 59234f1..6d6f289 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -469,7 +469,7 @@ Puppet::Type.newtype(:firewall) do
     newvalue(/^\d+$/)
   end
 
-  newproperty(:uid, :array_matching =>:all, :required_features => :owner) do
+  newproperty(:uid, :required_features => :owner) do
     desc <<-EOS
       UID or Username owner matching rule.  Accepts a string argument
       only, as iptables does not accept multiple uid in a single
@@ -477,7 +477,7 @@ Puppet::Type.newtype(:firewall) do
     EOS
   end
 
-  newproperty(:gid, :array_matching =>:all, :required_features => :owner) do
+  newproperty(:gid, :required_features => :owner) do
     desc <<-EOS
       GID or Group owner matching rule.  Accepts a string argument
       only, as iptables does not accept multiple gid in a single
diff --git a/spec/unit/puppet/type/firewall_spec.rb b/spec/unit/puppet/type/firewall_spec.rb
index 95fff97..ead5c9a 100755
--- a/spec/unit/puppet/type/firewall_spec.rb
+++ b/spec/unit/puppet/type/firewall_spec.rb
@@ -310,19 +310,19 @@ describe firewall do
   describe ':gid and :uid' do
     it 'should allow me to set uid' do
       @resource[:uid] = 'root'
-      @resource[:uid].should == ['root']
+      @resource[:uid].should == 'root'
     end
-    it 'should allow me to set uid as an array, breaking iptables' do
+    it 'should allow me to set uid as an array, and silently hide my error' do
       @resource[:uid] = ['root', 'bobby']
-      @resource[:uid].should == ['root', 'bobby']
+      @resource[:uid].should == 'root'
     end
     it 'should allow me to set gid' do
       @resource[:gid] = 'root'
-      @resource[:gid].should == ['root']
+      @resource[:gid].should == 'root'
     end
-    it 'should allow me to set gid as an array, breaking iptables' do
+    it 'should allow me to set gid as an array, and silently hide my error' do
       @resource[:gid] = ['root', 'bobby']
-      @resource[:gid].should == ['root', 'bobby']
+      @resource[:gid].should == 'root'
     end
   end