From: Doug Knight <doug.knight@karmix.org>
Date: Fri, 24 Apr 2015 21:41:38 +0000 (-0800)
Subject: (MODULES-1976) Revise rule name validation for ruby 1.9
X-Git-Tag: 1.7.0~20^2
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=706bb3c6d82999c022fb7f077311ccc77bba9b35;p=puppet-modules%2Fpuppetlabs-firewall.git

(MODULES-1976) Revise rule name validation for ruby 1.9
---

diff --git a/README.markdown b/README.markdown
index 3b43b62..874ebef 100644
--- a/README.markdown
+++ b/README.markdown
@@ -188,7 +188,7 @@ All rules employ a numbering system in the resource's title that is used for ord
 
 You can place default rules in either `my_fw::pre` or `my_fw::post`, depending on when you would like them to run. Rules placed in the `pre` class will run first, and rules in the `post` class, last.
 
-In iptables, the title of the rule is stored using the comment feature of the underlying firewall subsystem. Values must match '/^\d+[[:alpha:][:digit:][:punct:][:space:]]+$/'.
+In iptables, the title of the rule is stored using the comment feature of the underlying firewall subsystem. Values must match '/^\d+[[:graph:][:space:]]+$/'.
 
 ####Examples of Default Rules
 
@@ -546,7 +546,7 @@ firewall { '999 this runs last':
 }
  ```
 
-  Depending on the provider, the name of the rule can be stored using the comment feature of the underlying firewall subsystem. Values must match '/^\d+[[:alpha:][:digit:][:punct:][:space:]]+$/'.
+  Depending on the provider, the name of the rule can be stored using the comment feature of the underlying firewall subsystem. Values must match '/^\d+[[:graph:][:space:]]+$/'.
 
 * `outiface`: Output interface to filter on. Values must match '/^!?\s?[a-zA-Z0-9\-\._\+\:]+$/'.  Requires the `interface_match` feature.  Supports interface alias (eth0:0) and negation.
 
diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb
index 089689c..72d681b 100644
--- a/lib/puppet/provider/firewall/iptables.rb
+++ b/lib/puppet/provider/firewall/iptables.rb
@@ -444,9 +444,9 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir
     if ! hash[:name]
       num = 9000 + counter
       hash[:name] = "#{num} #{Digest::MD5.hexdigest(line)}"
-    elsif not /^\d+[[:alpha:][:digit:][:punct:][:space:]]+$/ =~ hash[:name]
+    elsif not /^\d+[[:graph:][:space:]]+$/ =~ hash[:name]
       num = 9000 + counter
-      hash[:name] = "#{num} #{/([[:alpha:][:digit:][:punct:][:space:]]+)/.match(hash[:name])[1]}"
+      hash[:name] = "#{num} #{/([[:graph:][:space:]]+)/.match(hash[:name])[1]}"
     end
 
     # Iptables defaults to log_level '4', so it is omitted from the output of iptables-save.
diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
index 65d3533..684ddc0 100644
--- a/lib/puppet/type/firewall.rb
+++ b/lib/puppet/type/firewall.rb
@@ -90,7 +90,7 @@ Puppet::Type.newtype(:firewall) do
     isnamevar
 
     # Keep rule names simple - they must start with a number
-    newvalues(/^\d+[[:alpha:][:digit:][:punct:][:space:]]+$/)
+    newvalues(/^\d+[[:graph:][:space:]]+$/)
   end
 
   newproperty(:action) do
diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb
index e33a2e1..8b67b32 100644
--- a/spec/fixtures/iptables/conversion_hash.rb
+++ b/spec/fixtures/iptables/conversion_hash.rb
@@ -738,6 +738,13 @@ HASH_TO_ARGS = {
     },
     :args => ['-t', :filter, '-s', '192.168.0.1/32', '-p', :tcp, '-m', 'comment', '--comment', '000 allow from 192.168.0.1, please'],
   },
+  'comment_string_character_validation_2' => {
+    :params => {
+      :name => "000 allow symbols ( $+<=>^`|~ ) in ruby >= 1.9",
+      :table => 'filter',
+    },
+    :args => ['-t', :filter, '-p', :tcp, '-m', 'comment', '--comment', '000 allow symbols ( $+<=>^`|~ ) in ruby >= 1.9'],
+  },
   'port_property' => {
     :params => {
       :name => '001 port property',