From: David Schmitt Date: Wed, 16 Dec 2020 13:36:45 +0000 (+0000) Subject: Add all safe auto corrects X-Git-Tag: v2.8.1~3^2~3 X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=7958e158238c68615c5e31d0cf6fc67eb7ce9532;p=puppet-modules%2Fpuppetlabs-firewall.git Add all safe auto corrects --- diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index 2031919..c1efb79 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -378,7 +378,6 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa # # This tries deleting again with -p all to see if that helps. # - # rubocop:disable Lint/HandleExceptions if self.class.instance_variable_get(:@protocol) == 'IPv6' && properties[:proto] == 'all' begin iptables delete_args.concat(['-p', 'all']) @@ -426,8 +425,8 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa # String#lines would be nice, but we need to support Ruby 1.8.5 nf_warning_msg = "# Warning: ip6?tables-legacy tables present, use ip6?tables-legacy-save to see them\n" iptables_save.gsub(%r{#{nf_warning_msg}}, '').split("\n").each do |line| - unless line =~ %r{^\#\s+|^\:\S+|^COMMIT|^FATAL} - if line =~ %r{^\*} + unless %r{^\#\s+|^\:\S+|^COMMIT|^FATAL}.match?(line) + if %r{^\*}.match?(line) table = line.sub(%r{\*}, '') else hash = rule_to_hash(line, table, counter) @@ -460,7 +459,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa # --condition output is in quotes, need to move ! inside quotes values.gsub!(%r{(!\s+)?--condition "(\S*?)"}, '--condition "\1\2"') # --match-set can have multiple values with weird iptables format - if values =~ %r{-m set (!\s+)?--match-set} + if %r{-m set (!\s+)?--match-set}.match?(values) values = values.gsub(%r{(!\s+)?--match-set (\S*) (\S*)}, '--match-set \1\2 \3') ind = values.index('-m set --match-set') sets = values.scan(%r{-m set --match-set ((?:!\s+)?\S* \S*)}) @@ -468,7 +467,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa values.insert(ind, "-m set --match-set \"#{sets.join(';')}\" ") end # --comment can have multiple values, the same as --match-set - if values =~ %r{-m comment --comment} + if %r{-m comment --comment}.match?(values) ind = values.index('-m comment --comment') comments = values.scan(%r{-m comment --comment "((?:\\"|[^"])*)"}) comments += values.scan(%r{-m comment --comment ([^"\s]+)\b}) @@ -476,14 +475,14 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa values = values.gsub(%r{-m comment --comment ([^"].*?)[ $]}, '') values.insert(ind, "-m comment --comment \"#{comments.join(';')}\" ") end - if values =~ %r{-m addrtype (!\s+)?--src-type} + if %r{-m addrtype (!\s+)?--src-type}.match?(values) values = values.gsub(%r{(!\s+)?--src-type (\S*)(\s--limit-iface-(in|out))?}, '--src-type \1\2\3') ind = values.index('-m addrtype --src-type') types = values.scan(%r{-m addrtype --src-type ((?:!\s+)?\S*(?: --limit-iface-(?:in|out))?)}) values = values.gsub(%r{-m addrtype --src-type ((?:!\s+)?\S*(?: --limit-iface-(?:in|out))?) ?}, '') values.insert(ind, "-m addrtype --src-type \"#{types.join(';')}\" ") end - if values =~ %r{-m addrtype (!\s+)?--dst-type} + if %r{-m addrtype (!\s+)?--dst-type}.match?(values) values = values.gsub(%r{(!\s+)?--dst-type (\S*)(\s--limit-iface-(in|out))?}, '--dst-type \1\2\3') ind = values.index('-m addrtype --dst-type') types = values.scan(%r{-m addrtype --dst-type ((?:!\s+)?\S*(?: --limit-iface-(?:in|out))?)}) @@ -555,7 +554,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa ############ # Here we iterate across our values to generate an array of keys - parser_list.reverse.each do |k| + parser_list.reverse_each do |k| resource_map_key = resource_map[k] [resource_map_key].flatten.each do |opt| if values.slice!(%r{\s#{opt}}) @@ -566,13 +565,13 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa end # Manually remove chain - if values =~ %r{(\s|^)-A\s} + if %r{(\s|^)-A\s}.match?(values) values = values.sub(%r{(\s|^)-A\s}, '\1') keys << :chain end # Manually remove table (used in some tests) - if values =~ %r{^-t\s} + if %r{^-t\s}.match?(values) values = values.sub(%r{^-t\s}, '') keys << :table end @@ -588,7 +587,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa # string, handling any quoted characters present in the value, and then # zipping the values with the array of keys. keys.zip(valrev) do |f, v| - hash[f] = if v =~ %r{^".*"$} + hash[f] = if %r{^".*"$}.match?(v) v.sub(%r{^"(.*)"$}, '\1').gsub(%r{\\(\\|'|")}, '\1') else v.dup @@ -852,7 +851,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa resource_value, wrong_values = resource_value.map { |value| if value.is_a?(String) # rubocop:disable Metrics/BlockNesting - wrong = value unless value =~ %r{^!\s+} + wrong = value unless %r{^!\s+}.match?(value) [value.sub(%r{^!\s*}, ''), wrong] else [value, nil] diff --git a/lib/puppet/provider/firewallchain/iptables_chain.rb b/lib/puppet/provider/firewallchain/iptables_chain.rb index ecd4590..ec135d8 100644 --- a/lib/puppet/provider/firewallchain/iptables_chain.rb +++ b/lib/puppet/provider/firewallchain/iptables_chain.rb @@ -37,13 +37,13 @@ Puppet::Type.type(:firewallchain).provide :iptables_chain do re: %r{^:(.+)\s(\S+)$}, }, }.freeze - INTERNAL_CHAINS = %r{^(PREROUTING|POSTROUTING|BROUTING|INPUT|FORWARD|OUTPUT)$} - TABLES = 'nat|mangle|filter|raw|rawpost|broute|security'.freeze - NAME_FORMAT = %r{^(.+):(#{TABLES}):(IP(v[46])?|ethernet)$} + INTERNAL_CHAINS = %r{^(PREROUTING|POSTROUTING|BROUTING|INPUT|FORWARD|OUTPUT)$}.freeze + TABLES = 'nat|mangle|filter|raw|rawpost|broute|security' + NAME_FORMAT = %r{^(.+):(#{TABLES}):(IP(v[46])?|ethernet)$}.freeze def create allvalidchains do |t, chain, table, protocol| - if chain =~ INTERNAL_CHAINS + if INTERNAL_CHAINS.match?(chain) # can't create internal chains warning "Attempting to create internal chain #{@resource[:name]}" end @@ -61,7 +61,7 @@ Puppet::Type.type(:firewallchain).provide :iptables_chain do def destroy allvalidchains do |t, chain, table| - if chain =~ INTERNAL_CHAINS + if INTERNAL_CHAINS.match?(chain) # can't delete internal chains warning "Attempting to destroy internal chain #{@resource[:name]}" else @@ -73,7 +73,7 @@ Puppet::Type.type(:firewallchain).provide :iptables_chain do def exists? allvalidchains do |_t, chain| - if chain =~ INTERNAL_CHAINS + if INTERNAL_CHAINS.match?(chain) # If the chain isn't present, it's likely because the module isn't loaded. # If this is true, then we fall into 2 cases # 1) It'll be loaded on demand @@ -160,7 +160,7 @@ Puppet::Type.type(:firewallchain).provide :iptables_chain do next end end - rescue Puppet::Error # rubocop:disable Lint/HandleExceptions + rescue Puppet::Error # ignore command not found for ebtables or anything that doesn't exist end end diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index dbce633..3b993bf 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -641,7 +641,7 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE validate do |value| - unless value =~ %r{^[a-zA-Z0-9\-_]+$} + unless %r{^[a-zA-Z0-9\-_]+$}.match?(value) raise ArgumentError, <<-PUPPETCODE Jump destination must consist of alphanumeric characters, an underscore or a hyphen. @@ -674,7 +674,7 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE validate do |value| - unless value =~ %r{^[a-zA-Z0-9\-_]+$} + unless %r{^[a-zA-Z0-9\-_]+$}.match?(value) raise ArgumentError, <<-PUPPETCODE Goto destination must consist of alphanumeric characters, an underscore or a hyphen. @@ -1757,7 +1757,7 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE validate do |value| - unless value =~ %r{^\d+$} + unless %r{^\d+$}.match?(value) raise ArgumentError, <<-PUPPETCODE stat_every value must be a digit PUPPETCODE @@ -1908,11 +1908,11 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE munge do |value| - if value =~ %r{^([0-9]):} + if %r{^([0-9]):}.match?(value) value = "0#{value}" end - if value =~ %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$} + if %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$}.match?(value) value = "#{value}:00" end @@ -1927,11 +1927,11 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE munge do |value| - if value =~ %r{^([0-9]):} + if %r{^([0-9]):}.match?(value) value = "0#{value}" end - if value =~ %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$} + if %r{^([0-9]|0[0-9]|1[0-9]|2[0-3]):[0-5][0-9]$}.match?(value) value = "#{value}:00" end @@ -2346,14 +2346,14 @@ Puppet::Type.newtype(:firewall) do # Now we analyse the individual properties to make sure they apply to # the correct combinations. if value(:uid) - unless value(:chain).to_s =~ %r{OUTPUT|POSTROUTING} + unless %r{OUTPUT|POSTROUTING}.match?(value(:chain).to_s) raise 'Parameter uid only applies to chains ' \ 'OUTPUT,POSTROUTING' end end if value(:gid) - unless value(:chain).to_s =~ %r{OUTPUT|POSTROUTING} + unless %r{OUTPUT|POSTROUTING}.match?(value(:chain).to_s) raise 'Parameter gid only applies to chains ' \ 'OUTPUT,POSTROUTING' end @@ -2368,7 +2368,7 @@ Puppet::Type.newtype(:firewall) do end if value(:dport) - unless value(:proto).to_s =~ %r{tcp|udp|sctp} + unless %r{tcp|udp|sctp}.match?(value(:proto).to_s) raise '[%s] Parameter dport only applies to sctp, tcp and udp ' \ 'protocols. Current protocol is [%s] and dport is [%s]' % [value(:name), should(:proto), should(:dport)] @@ -2394,7 +2394,7 @@ Puppet::Type.newtype(:firewall) do end if value(:jump).to_s == 'DNAT' - unless value(:table).to_s =~ %r{nat} + unless %r{nat}.match?(value(:table).to_s) raise 'Parameter jump => DNAT only applies to table => nat' end @@ -2404,7 +2404,7 @@ Puppet::Type.newtype(:firewall) do end if value(:jump).to_s == 'SNAT' - unless value(:table).to_s =~ %r{nat} + unless %r{nat}.match?(value(:table).to_s) raise 'Parameter jump => SNAT only applies to table => nat' end @@ -2414,7 +2414,7 @@ Puppet::Type.newtype(:firewall) do end if value(:jump).to_s == 'MASQUERADE' - unless value(:table).to_s =~ %r{nat} + unless %r{nat}.match?(value(:table).to_s) raise 'Parameter jump => MASQUERADE only applies to table => nat' end end @@ -2497,7 +2497,7 @@ Puppet::Type.newtype(:firewall) do end if value(:jump).to_s == 'CT' - unless value(:table).to_s =~ %r{raw} + unless %r{raw}.match?(value(:table).to_s) raise 'Parameter jump => CT only applies to table => raw' end end diff --git a/lib/puppet/type/firewallchain.rb b/lib/puppet/type/firewallchain.rb index 4c0215a..45c61ef 100644 --- a/lib/puppet/type/firewallchain.rb +++ b/lib/puppet/type/firewallchain.rb @@ -61,7 +61,7 @@ Puppet::Type.newtype(:firewallchain) do protocol = Regexp.last_match(3) case table when 'filter' - if chain =~ %r{^(PREROUTING|POSTROUTING|BROUTING)$} + if %r{^(PREROUTING|POSTROUTING|BROUTING)$}.match?(chain) raise ArgumentError, "INPUT, OUTPUT and FORWARD are the only inbuilt chains that can be used in table 'filter'" end when 'mangle' @@ -69,25 +69,25 @@ Puppet::Type.newtype(:firewallchain) do raise ArgumentError, "PREROUTING, POSTROUTING, INPUT, FORWARD and OUTPUT are the only inbuilt chains that can be used in table 'mangle'" end when 'nat' - if chain =~ %r{^(BROUTING|FORWARD)$} + if %r{^(BROUTING|FORWARD)$}.match?(chain) raise ArgumentError, "PREROUTING, POSTROUTING, INPUT, and OUTPUT are the only inbuilt chains that can be used in table 'nat'" end if Gem::Version.new(Facter['kernelmajversion'].value.dup) < Gem::Version.new('3.7') && protocol =~ %r{^(IP(v6)?)?$} raise ArgumentError, "table nat isn't valid in IPv6. You must specify ':IPv4' as the name suffix" end when 'raw' - if chain =~ %r{^(POSTROUTING|BROUTING|INPUT|FORWARD)$} + if %r{^(POSTROUTING|BROUTING|INPUT|FORWARD)$}.match?(chain) raise ArgumentError, 'PREROUTING and OUTPUT are the only inbuilt chains in the table \'raw\'' end when 'broute' if protocol != 'ethernet' raise ArgumentError, 'BROUTE is only valid with protocol \'ethernet\'' end - if chain =~ %r{^PREROUTING|POSTROUTING|INPUT|FORWARD|OUTPUT$} + if %r{^PREROUTING|POSTROUTING|INPUT|FORWARD|OUTPUT$}.match?(chain) raise ArgumentError, 'BROUTING is the only inbuilt chain allowed on on table \'broute\'' end when 'security' - if chain =~ %r{^(PREROUTING|POSTROUTING|BROUTING)$} + if %r{^(PREROUTING|POSTROUTING|BROUTING)$}.match?(chain) raise ArgumentError, "INPUT, OUTPUT and FORWARD are the only inbuilt chains that can be used in table 'security'" end end diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb index b43f7a0..1b4f49c 100644 --- a/lib/puppet/util/firewall.rb +++ b/lib/puppet/util/firewall.rb @@ -8,7 +8,7 @@ require 'puppet/util/ipcidr' module Puppet::Util::Firewall # Translate the symbolic names for icmp packet types to integers def icmp_name_to_number(value_icmp, protocol) - if value_icmp =~ %r{\d{1,2}$} + if %r{\d{1,2}$}.match?(value_icmp) value_icmp elsif protocol == 'inet' case value_icmp @@ -49,7 +49,7 @@ module Puppet::Util::Firewall # Convert log_level names to their respective numbers def log_level_name_to_number(value) - if value =~ %r{\A[0-7]\z} + if %r{\A[0-7]\z}.match?(value) value else case value @@ -77,12 +77,12 @@ module Puppet::Util::Firewall # nothing. def string_to_port(value, proto) proto = proto.to_s - unless proto =~ %r{^(tcp|udp)$} + unless %r{^(tcp|udp)$}.match?(proto) proto = 'tcp' end m = value.to_s.match(%r{^(!\s+)?(\S+)}) - return "#{m[1]}#{m[2]}" if m[2] =~ %r{^\d+(-\d+)?$} + return "#{m[1]}#{m[2]}" if %r{^\d+(-\d+)?$}.match?(m[2]) "#{m[1]}#{Socket.getservbyname(m[2], proto)}" end @@ -125,7 +125,7 @@ module Puppet::Util::Firewall begin new_value = Puppet::Util::IPCidr.new(addr, family) break - rescue # rubocop:disable Lint/HandleExceptions + rescue end end @@ -160,7 +160,7 @@ module Puppet::Util::Firewall if value.between?(0, 0xffffffff) return '0x' + value.to_s(16) end - rescue ArgumentError # rubocop:disable Lint/HandleExceptions + rescue ArgumentError # pass end nil diff --git a/lib/puppet/util/ipcidr.rb b/lib/puppet/util/ipcidr.rb index b44ce31..15b38e9 100644 --- a/lib/puppet/util/ipcidr.rb +++ b/lib/puppet/util/ipcidr.rb @@ -8,7 +8,7 @@ module Puppet::Util def initialize(ipaddr, family = Socket::AF_UNSPEC) super(ipaddr, family) rescue ArgumentError => e - raise ArgumentError, "Invalid address from IPAddr.new: #{ipaddr}" if e.message =~ %r{invalid address} + raise ArgumentError, "Invalid address from IPAddr.new: #{ipaddr}" if %r{invalid address}.match?(e.message) raise e end diff --git a/spec/acceptance/firewall_attributes_happy_path_spec.rb b/spec/acceptance/firewall_attributes_happy_path_spec.rb index fe77619..77efcbf 100644 --- a/spec/acceptance/firewall_attributes_happy_path_spec.rb +++ b/spec/acceptance/firewall_attributes_happy_path_spec.rb @@ -501,7 +501,8 @@ describe 'firewall attribute testing, happy path' do end it 'notrack is set' do notrack_rule = '-A PREROUTING -p udp -m multiport --dports 53 -m comment --comment "004 do not track UDP connections to port 53" -j CT --notrack' - notrack_rule = '-A PREROUTING -p udp -m multiport --dports 53 -m comment --comment "004 do not track UDP connections to port 53" -j NOTRACK' if os[:family] == 'redhat' && [5, 6].include?(os[:release].to_i) + notrack_rule = '-A PREROUTING -p udp -m multiport --dports 53 -m comment --comment "004 do not track UDP connections to port 53" -j NOTRACK' if os[:family] == 'redhat' && [5, + 6].include?(os[:release].to_i) expect(result.stdout).to match(%r{#{notrack_rule}}) end end diff --git a/spec/unit/facter/iptables_persistent_version_spec.rb b/spec/unit/facter/iptables_persistent_version_spec.rb index e9503a8..04ff63f 100644 --- a/spec/unit/facter/iptables_persistent_version_spec.rb +++ b/spec/unit/facter/iptables_persistent_version_spec.rb @@ -52,7 +52,6 @@ describe 'Facter::Util::Fact iptables_persistent_version' do 'Debian' => '0.0.20090701', 'Ubuntu' => '0.5.3ubuntu2', }.each do |os, ver| - if os == 'Debian' os_release = '8.0' elsif os == 'Ubuntu' diff --git a/spec/unit/puppet/type/firewall_spec.rb b/spec/unit/puppet/type/firewall_spec.rb index b35a273..5bd7895 100755 --- a/spec/unit/puppet/type/firewall_spec.rb +++ b/spec/unit/puppet/type/firewall_spec.rb @@ -45,7 +45,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end [:accept, :drop, :reject].each do |action| - it "should accept value #{action}" do + it "accepts value #{action}" do resource[:action] = action expect(resource[:action]).to eql action end @@ -58,7 +58,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes describe ':chain' do [:INPUT, :FORWARD, :OUTPUT, :PREROUTING, :POSTROUTING].each do |chain| - it "should accept chain value #{chain}" do + it "accepts chain value #{chain}" do resource[:chain] = chain expect(resource[:chain]).to eql chain end @@ -71,7 +71,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes describe ':table' do [:nat, :mangle, :filter, :raw].each do |table| - it "should accept table value #{table}" do + it "accepts table value #{table}" do resource[:table] = table expect(resource[:table]).to eql table end @@ -84,7 +84,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes describe ':proto' do [:ip, :tcp, :udp, :icmp, :esp, :ah, :vrrp, :igmp, :ipencap, :ipv4, :ipv6, :ospf, :gre, :pim, :all].each do |proto| - it "should accept proto value #{proto}" do + it "accepts proto value #{proto}" do resource[:proto] = proto expect(resource[:proto]).to eql proto end @@ -102,14 +102,14 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end ['QUEUE', 'RETURN', 'DNAT', 'SNAT', 'LOG', 'NFLOG', 'MASQUERADE', 'REDIRECT', 'MARK'].each do |jump| - it "should accept jump value #{jump}" do + it "accepts jump value #{jump}" do resource[:jump] = jump expect(resource[:jump]).to eql jump end end ['ACCEPT', 'DROP', 'REJECT'].each do |jump| - it "should now fail when value #{jump}" do + it "nows fail when value #{jump}" do expect(-> { resource[:jump] = jump }).to raise_error(Puppet::Error) end end @@ -121,17 +121,17 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes [:source, :destination].each do |addr| describe addr do - it "should accept a #{addr} as a string" do + it "accepts a #{addr} as a string" do resource[addr] = '127.0.0.1' expect(resource[addr]).to eql '127.0.0.1/32' end ['0.0.0.0/0', '::/0'].each do |prefix| - it "should be nil for zero prefix length address #{prefix}" do + it "is nil for zero prefix length address #{prefix}" do resource[addr] = prefix expect(resource[addr]).to be nil end end - it "should accept a negated #{addr} as a string" do + it "accepts a negated #{addr} as a string" do resource[addr] = '! 127.0.0.1' expect(resource[addr]).to eql '! 127.0.0.1/32' end @@ -172,43 +172,42 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes [:dport, :sport].each do |port| describe port do - it "should accept a #{port} as string" do + it "accepts a #{port} as string" do resource[port] = '22' expect(resource[port]).to eql ['22'] end - it "should accept a #{port} as an array" do + it "accepts a #{port} as an array" do resource[port] = ['22', '23'] expect(resource[port]).to eql ['22', '23'] end - it "should accept a #{port} as a number" do + it "accepts a #{port} as a number" do resource[port] = 22 expect(resource[port]).to eql ['22'] end - it "should accept a #{port} as a hyphen separated range" do + it "accepts a #{port} as a hyphen separated range" do resource[port] = ['22-1000'] expect(resource[port]).to eql ['22-1000'] end it "should accept a #{port} as a combination of arrays of single and " \ 'hyphen separated ranges' do - resource[port] = ['22-1000', '33', '3000-4000'] expect(resource[port]).to eql ['22-1000', '33', '3000-4000'] end - it "should convert a port name for #{port} to its number" do + it "converts a port name for #{port} to its number" do resource[port] = 'ssh' expect(resource[port]).to eql ['22'] end - it "should not accept something invalid for #{port}" do + it "does not accept something invalid for #{port}" do expect { resource[port] = 'something odd' }.to raise_error(Puppet::Error, %r{^Parameter .+ failed.+Munging failed for value ".+" in class .+: no such service}) end - it "should not accept something invalid in an array for #{port}" do + it "does not accept something invalid in an array for #{port}" do expect { resource[port] = ['something odd', 'something even odder'] }.to raise_error(Puppet::Error, %r{^Parameter .+ failed.+Munging failed for value ".+" in class .+: no such service}) end end @@ -233,7 +232,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes :UNREACHABLE, :PROHIBIT, :THROW, :NAT, :XRESOLVE].each do |type| ['! ', ''].each do |negation| ['', ' --limit-iface-in', ' --limit-iface-out'].each do |limit| - it "should accept #{addrtype} value #{negation}#{type}#{limit}" do + it "accepts #{addrtype} value #{negation}#{type}#{limit}" do resource[addrtype] = type expect(resource[addrtype]).to eql [type] end @@ -241,22 +240,22 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end end - it "should fail when #{addrtype} value is not recognized" do + it "fails when #{addrtype} value is not recognized" do expect(-> { resource[addrtype] = 'foo' }).to raise_error(Puppet::Error) end end [:iniface, :outiface].each do |iface| describe iface do - it "should accept #{iface} value as a string" do + it "accepts #{iface} value as a string" do resource[iface] = 'eth1' expect(resource[iface]).to eql 'eth1' end - it "should accept a negated #{iface} value as a string" do + it "accepts a negated #{iface} value as a string" do resource[iface] = '! eth1' expect(resource[iface]).to eql '! eth1' end - it "should accept an interface alias for the #{iface} value as a string" do + it "accepts an interface alias for the #{iface} value as a string" do resource[iface] = 'eth1:2' expect(resource[iface]).to eql 'eth1:2' end @@ -265,7 +264,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes [:tosource, :todest, :to].each do |addr| describe addr do - it "should accept #{addr} value as a string" do + it "accepts #{addr} value as a string" do resource[addr] = '127.0.0.1' end end @@ -450,27 +449,27 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes [:ctorigsrc, :ctorigdst, :ctreplsrc, :ctrepldst].each do |addr| describe addr do - it "should accept a #{addr} as a string without /32" do + it "accepts a #{addr} as a string without /32" do resource[addr] = '127.0.0.1' expect(resource[addr]).to eql '127.0.0.1' end - it "should accept a #{addr} as a string with /32" do + it "accepts a #{addr} as a string with /32" do resource[addr] = '127.0.0.1/32' expect(resource[addr]).to eql '127.0.0.1' end - it "should accept a #{addr} as a string with cidr" do + it "accepts a #{addr} as a string with cidr" do resource[addr] = '10.0.0.0/8' expect(resource[addr]).to eql '10.0.0.0/8' end - it "should accept a #{addr} as a string with ipv6 cidr" do + it "accepts a #{addr} as a string with ipv6 cidr" do resource[addr] = '2001:DB8::/64' expect(resource[addr]).to eql '2001:DB8::/64' end - it "should accept a negated #{addr} as a string" do + it "accepts a negated #{addr} as a string" do resource[addr] = '! 127.0.0.1' expect(resource[addr]).to eql '! 127.0.0.1' end - it "should accept a negated #{addr} as a string with cidr" do + it "accepts a negated #{addr} as a string with cidr" do resource[addr] = '! 10.0.0.0/8' expect(resource[addr]).to eql '! 10.0.0.0/8' end @@ -479,19 +478,19 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes [:ctorigsrcport, :ctorigdstport, :ctreplsrcport, :ctrepldstport].each do |port| describe port do - it "should accept #{port} as numeric value" do + it "accepts #{port} as numeric value" do resource[port] = 80 expect(resource[port]).to be 80 end - it "should accept #{port} as range value" do + it "accepts #{port} as range value" do resource[port] = '80:81' expect(resource[port]).to eql '80:81' end - it "should accept a negated #{port} as string value" do + it "accepts a negated #{port} as string value" do resource[port] = '! 80' expect(resource[port]).to eql '! 80' end - it "should accept a negated #{port} as range value" do + it "accepts a negated #{port} as range value" do resource[port] = '! 80:81' expect(resource[port]).to eql '! 80:81' end @@ -555,7 +554,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes describe ':recent' do ['set', 'update', 'rcheck', 'remove'].each do |recent| - it "should accept recent value #{recent}" do + it "accepts recent value #{recent}" do resource[:recent] = recent expect(resource[:recent]).to eql "--#{recent}" end @@ -648,7 +647,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end ['/', '1000/', 'pwnie'].each do |bad_mark| - it "should fail with malformed mark '#{bad_mark}'" do + it "fails with malformed mark '#{bad_mark}'" do expect(-> { resource[:set_mark] = bad_mark }).to raise_error(Puppet::Error) end end @@ -728,7 +727,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes # test where autorequire is still needed (table != filter) ['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain| - it "should autorequire fwchain #{test_chain} when table is mangle and provider is undefined" do + it "autorequires fwchain #{test_chain} when table is mangle and provider is undefined" do resource[param] = test_chain resource[:table] = :mangle expect(resource[:provider]).to be :iptables @@ -742,7 +741,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes expect(rel.target.ref).to eql resource.ref end - it "should autorequire fwchain #{test_chain} when table is mangle and provider is ip6tables" do + it "autorequires fwchain #{test_chain} when table is mangle and provider is ip6tables" do resource[param] = test_chain resource[:table] = :mangle resource[:provider] = :ip6tables @@ -759,7 +758,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes # test of case where autorequire should not happen ['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain| - it "should not autorequire fwchain #{test_chain} when table and provider are undefined" do + it "does not autorequire fwchain #{test_chain} when table and provider are undefined" do resource[param] = test_chain expect(resource[:table]).to be :filter expect(resource[:provider]).to be :iptables @@ -772,7 +771,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes expect(rel).to be nil end - it "should not autorequire fwchain #{test_chain} when table is undefined and provider is ip6tables" do + it "does not autorequire fwchain #{test_chain} when table is undefined and provider is ip6tables" do resource[param] = test_chain expect(resource[:table]).to be :filter resource[:provider] = :ip6tables @@ -813,7 +812,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes describe ':pkttype' do [:multicast, :broadcast, :unicast].each do |pkttype| - it "should accept pkttype value #{pkttype}" do + it "accepts pkttype value #{pkttype}" do resource[:pkttype] = pkttype expect(resource[:pkttype]).to eql pkttype end diff --git a/spec/unit/puppet/type/firewallchain_spec.rb b/spec/unit/puppet/type/firewallchain_spec.rb index d85332a..239ad0a 100755 --- a/spec/unit/puppet/type/firewallchain_spec.rb +++ b/spec/unit/puppet/type/firewallchain_spec.rb @@ -37,21 +37,21 @@ describe firewallchain do # rubocop:disable RSpec/MultipleDescribes ['test', '$5()*&%\'"^$09):'].each do |chainname| name = "#{chainname}:#{table}:#{protocol}" if table == 'nat' && protocol == 'IPv6' - it "should accept #{name} for Linux 3.7+" do + it "accepts #{name} for Linux 3.7+" do allow(Facter.fact(:kernelmajversion)).to receive(:value).and_return('3.7') resource[:name] = name expect(resource[:name]).to eql name end - it "should fail #{name} for Linux 2.6" do + it "fails #{name} for Linux 2.6" do allow(Facter.fact(:kernelmajversion)).to receive(:value).and_return('2.6') expect { resource[:name] = name }.to raise_error(Puppet::Error) end elsif protocol != 'ethernet' && table == 'broute' - it "should fail #{name}" do # rubocop:disable RSpec/RepeatedExample + it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample expect { resource[:name] = name }.to raise_error(Puppet::Error) end else - it "should accept name #{name}" do # rubocop:disable RSpec/RepeatedExample + it "accepts name #{name}" do # rubocop:disable RSpec/RepeatedExample resource[:name] = name expect(resource[:name]).to eql name end @@ -69,12 +69,12 @@ describe firewallchain do # rubocop:disable RSpec/MultipleDescribes 'IPv4' end if allowedinternalchains.include? internalchain - it "should allow #{name}" do # rubocop:disable RSpec/RepeatedExample + it "allows #{name}" do # rubocop:disable RSpec/RepeatedExample resource[:name] = name expect(resource[:name]).to eql name end else - it "should fail #{name}" do # rubocop:disable RSpec/RepeatedExample + it "fails #{name}" do # rubocop:disable RSpec/RepeatedExample expect { resource[:name] = name }.to raise_error(Puppet::Error) end end @@ -92,7 +92,7 @@ describe firewallchain do # rubocop:disable RSpec/MultipleDescribes describe ':policy' do [:accept, :drop, :queue, :return].each do |policy| - it "should accept policy #{policy}" do + it "accepts policy #{policy}" do resource[:policy] = policy expect(resource[:policy]).to eql policy end diff --git a/spec/unit/puppet/util/firewall_spec.rb b/spec/unit/puppet/util/firewall_spec.rb index aae3290..52f6828 100644 --- a/spec/unit/puppet/util/firewall_spec.rb +++ b/spec/unit/puppet/util/firewall_spec.rb @@ -58,7 +58,7 @@ describe 'Puppet::Util::Firewall' do subject(:host) { resource } ['inet5', 'inet8', 'foo'].each do |proto| - it "should reject invalid proto #{proto}" do + it "rejects invalid proto #{proto}" do expect { host.icmp_name_to_number('echo-reply', proto) } .to raise_error(ArgumentError, "unsupported protocol family '#{proto}'") end @@ -123,9 +123,10 @@ describe 'Puppet::Util::Firewall' do end describe '#persist_iptables' do - before(:each) { Facter.clear } subject(:host) { resource } + before(:each) { Facter.clear } + # rubocop:disable RSpec/SubjectStub describe 'when proto is IPv4' do let(:proto) { 'IPv4' }