From 830e1762c0b7db57c7d6574d29759181ac783c9e Mon Sep 17 00:00:00 2001 From: Helen Campbell Date: Fri, 18 May 2018 15:17:07 +0100 Subject: [PATCH] pdksync_heads/master-0-g34e3266 --- .gitignore | 4 +- .pdkignore | 23 +++++++ .rubocop.yml | 14 ++++- .travis.yml | 20 +++--- .yardopts | 1 + Gemfile | 62 +++---------------- Rakefile | 5 +- lib/facter/iptables_persistent_version.rb | 2 +- lib/puppet/provider/firewall/iptables.rb | 2 +- lib/puppet/type/firewall.rb | 15 ++--- lib/puppet/type/firewallchain.rb | 4 +- lib/puppet/util/firewall.rb | 14 ++--- metadata.json | 5 +- spec/acceptance/firewall_spec.rb | 4 +- spec/fixtures/iptables/conversion_hash.rb | 18 +++--- spec/spec_helper.rb | 14 ++++- spec/spec_helper_acceptance.rb | 4 +- .../classes/firewall_linux_redhat_spec.rb | 4 +- spec/unit/classes/firewall_linux_spec.rb | 8 +-- spec/unit/puppet/provider/iptables_spec.rb | 2 +- spec/unit/puppet/type/firewall_spec.rb | 18 +++--- spec/unit/puppet/type/firewallchain_spec.rb | 14 ++--- spec/unit/puppet/util/firewall_spec.rb | 16 ++--- 23 files changed, 133 insertions(+), 140 deletions(-) create mode 100644 .pdkignore create mode 100644 .yardopts diff --git a/.gitignore b/.gitignore index d17e987..49bc2a4 100644 --- a/.gitignore +++ b/.gitignore @@ -13,11 +13,11 @@ /Gemfile.lock /junit/ /log/ -/log/ /pkg/ /spec/fixtures/manifests/ /spec/fixtures/modules/ /tmp/ /vendor/ /convert_report.txt - +/update_report.txt +.DS_Store diff --git a/.pdkignore b/.pdkignore new file mode 100644 index 0000000..49bc2a4 --- /dev/null +++ b/.pdkignore @@ -0,0 +1,23 @@ +.*.sw[op] +.metadata +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/spec/fixtures/manifests/ +/spec/fixtures/modules/ +/tmp/ +/vendor/ +/convert_report.txt +/update_report.txt +.DS_Store diff --git a/.rubocop.yml b/.rubocop.yml index a658984..7ed6225 100644 --- a/.rubocop.yml +++ b/.rubocop.yml @@ -8,11 +8,14 @@ AllCops: Exclude: - bin/* - ".vendor/**/*" - - Gemfile - - Rakefile + - "**/Gemfile" + - "**/Rakefile" - pkg/**/* - spec/fixtures/**/* - vendor/**/* + - "**/Puppetfile" + - "**/Vagrantfile" + - "**/Guardfile" Metrics/LineLength: Description: People have wide screens, use them. Max: 200 @@ -63,6 +66,13 @@ Style/TrailingCommaInLiteral: Style/SymbolArray: Description: Using percent style obscures symbolic intent of array's contents. EnforcedStyle: brackets +RSpec/MessageSpies: + EnforcedStyle: receive +Style/Documentation: + Exclude: + - lib/puppet/parser/functions/**/* +Style/WordArray: + EnforcedStyle: brackets Style/CollectionMethods: Enabled: true Style/MethodCalledOnDoEndBlock: diff --git a/.travis.yml b/.travis.yml index 1428837..76b202c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -7,7 +7,6 @@ before_install: - bundle -v - rm -f Gemfile.lock - gem update --system - - gem update bundler - gem --version - bundle -v script: @@ -16,14 +15,15 @@ bundler_args: --without system_tests rvm: - 2.4.1 env: - - PUPPET_GEM_VERSION="~> 5.0" CHECK=spec + global: + - BEAKER_PUPPET_COLLECTION=puppet5 PUPPET_GEM_VERSION="~> 5.0" matrix: fast_finish: true include: - bundler_args: dist: trusty - env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/centos-7 + env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=docker/centos-7 rvm: 2.4.1 script: bundle exec rake beaker services: docker @@ -31,23 +31,17 @@ matrix: - bundler_args: dist: trusty - env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_set=docker/ubuntu-14.04 + env: PUPPET_INSTALL_TYPE=agent BEAKER_debug=true BEAKER_PUPPET_COLLECTION=puppet5 BEAKER_set=docker/ubuntu-14.04 rvm: 2.4.1 script: bundle exec rake beaker services: docker sudo: required - - env: CHECK=rubocop + env: CHECK="syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop" - - env: CHECK="syntax lint" + env: CHECK=parallel_spec - - env: CHECK=metadata_lint - - - env: CHECK=release_checks - - - env: CHECK=spec - - - env: PUPPET_GEM_VERSION="~> 4.0" CHECK=spec + env: PUPPET_GEM_VERSION="~> 4.0" CHECK=parallel_spec rvm: 2.1.9 branches: only: diff --git a/.yardopts b/.yardopts new file mode 100644 index 0000000..29c933b --- /dev/null +++ b/.yardopts @@ -0,0 +1 @@ +--markup markdown diff --git a/Gemfile b/Gemfile index 37597a3..a7ec820 100644 --- a/Gemfile +++ b/Gemfile @@ -28,11 +28,12 @@ group :development do gem "fast_gettext", require: false if Gem::Version.new(RUBY_VERSION.dup) >= Gem::Version.new('2.1.0') gem "json_pure", '<= 2.0.1', require: false if Gem::Version.new(RUBY_VERSION.dup) < Gem::Version.new('2.0.0') gem "json", '= 1.8.1', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.1.9') + gem "json", '<= 2.0.4', require: false if Gem::Version.new(RUBY_VERSION.dup) == Gem::Version.new('2.4.4') gem "puppet-module-posix-default-r#{minor_version}", require: false, platforms: [:ruby] gem "puppet-module-posix-dev-r#{minor_version}", require: false, platforms: [:ruby] gem "puppet-module-win-default-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] gem "puppet-module-win-dev-r#{minor_version}", require: false, platforms: [:mswin, :mingw, :x64_mingw] - gem "puppet-blacksmith", '~> 3.4', require: false + gem "puppet-blacksmith", '~> 3.4', require: false, platforms: [:ruby] end group :system_tests do gem "puppet-module-posix-system-r#{minor_version}", require: false, platforms: [:ruby] @@ -49,73 +50,24 @@ puppet_type = gem_type(puppet_version) facter_version = ENV['FACTER_GEM_VERSION'] hiera_version = ENV['HIERA_GEM_VERSION'] -def puppet_older_than?(version) - puppet_version = ENV['PUPPET_GEM_VERSION'] - !puppet_version.nil? && - Gem::Version.correct?(puppet_version) && - Gem::Requirement.new("< #{version}").satisfied_by?(Gem::Version.new(puppet_version.dup)) -end - gems = {} gems['puppet'] = location_for(puppet_version) # If facter or hiera versions have been specified via the environment -# variables, use those versions. If not, and if the puppet version is < 3.5.0, -# use known good versions of both for puppet < 3.5.0. -if facter_version - gems['facter'] = location_for(facter_version) -elsif puppet_type == :gem && puppet_older_than?('3.5.0') - gems['facter'] = ['>= 1.6.11', '<= 1.7.5', require: false] -end - -if hiera_version - gems['hiera'] = location_for(ENV['HIERA_GEM_VERSION']) -elsif puppet_type == :gem && puppet_older_than?('3.5.0') - gems['hiera'] = ['>= 1.0.0', '<= 1.3.0', require: false] -end +# variables -if Gem.win_platform? && (puppet_type != :gem || puppet_older_than?('3.5.0')) - # For Puppet gems < 3.5.0 (tested as far back as 3.0.0) on Windows - if puppet_type == :gem - gems['ffi'] = ['1.9.0', require: false] - gems['minitar'] = ['0.5.4', require: false] - gems['win32-eventlog'] = ['0.5.3', '<= 0.6.5', require: false] - gems['win32-process'] = ['0.6.5', '<= 0.7.5', require: false] - gems['win32-security'] = ['~> 0.1.2', '<= 0.2.5', require: false] - gems['win32-service'] = ['0.7.2', '<= 0.8.8', require: false] - else - gems['ffi'] = ['~> 1.9.0', require: false] - gems['minitar'] = ['~> 0.5.4', require: false] - gems['win32-eventlog'] = ['~> 0.5', '<= 0.6.5', require: false] - gems['win32-process'] = ['~> 0.6', '<= 0.7.5', require: false] - gems['win32-security'] = ['~> 0.1', '<= 0.2.5', require: false] - gems['win32-service'] = ['~> 0.7', '<= 0.8.8', require: false] - end - - gems['win32-dir'] = ['~> 0.3', '<= 0.4.9', require: false] - - if RUBY_VERSION.start_with?('1.') - gems['win32console'] = ['1.3.2', require: false] - # sys-admin was removed in Puppet 3.7.0 and doesn't compile under Ruby 2.x - gems['sys-admin'] = ['1.5.6', require: false] - end +gems['facter'] = location_for(facter_version) if facter_version +gems['hiera'] = location_for(hiera_version) if hiera_version - # Puppet < 3.7.0 requires these. - # Puppet >= 3.5.0 gem includes these as requirements. - # The following versions are tested to work with 3.0.0 <= puppet < 3.7.0. - gems['win32-api'] = ['1.4.8', require: false] - gems['win32-taskscheduler'] = ['0.2.2', require: false] - gems['windows-api'] = ['0.4.3', require: false] - gems['windows-pr'] = ['1.2.3', require: false] -elsif Gem.win_platform? +if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)} # If we're using a Puppet gem on Windows which handles its own win32-xxx gem # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445). gems['win32-dir'] = ['<= 0.4.9', require: false] gems['win32-eventlog'] = ['<= 0.6.5', require: false] gems['win32-process'] = ['<= 0.7.5', require: false] gems['win32-security'] = ['<= 0.2.5', require: false] - gems['win32-service'] = ['<= 0.8.8', require: false] + gems['win32-service'] = ['0.8.8', require: false] end gems.each do |gem_name, gem_params| diff --git a/Rakefile b/Rakefile index 802f67b..d4e36da 100644 --- a/Rakefile +++ b/Rakefile @@ -1,3 +1,6 @@ require 'puppetlabs_spec_helper/rake_tasks' require 'puppet-syntax/tasks/puppet-syntax' -require 'puppet_blacksmith/rake_tasks' +require 'puppet_blacksmith/rake_tasks' if Bundler.rubygems.find_name('puppet-blacksmith').any? + +PuppetLint.configuration.send('disable_relative') + diff --git a/lib/facter/iptables_persistent_version.rb b/lib/facter/iptables_persistent_version.rb index ac225f5..01290f1 100644 --- a/lib/facter/iptables_persistent_version.rb +++ b/lib/facter/iptables_persistent_version.rb @@ -1,5 +1,5 @@ Facter.add(:iptables_persistent_version) do - confine operatingsystem: %w[Debian Ubuntu] + confine operatingsystem: ['Debian', 'Ubuntu'] setcode do # Throw away STDERR because dpkg >= 1.16.7 will make some noise if the # package isn't currently installed. diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index d212775..15c99d1 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -637,7 +637,7 @@ Puppet::Type.type(:firewall).provide :iptables, parent: Puppet::Provider::Firewa # If the jump parameter is set to one of: ACCEPT, REJECT or DROP then # we should set the action parameter instead. - if %w[ACCEPT REJECT DROP].include?(hash[:jump]) + if ['ACCEPT', 'REJECT', 'DROP'].include?(hash[:jump]) hash[:action] = hash[:jump].downcase hash.delete(:jump) end diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index a859f28..55e6502 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -489,7 +489,7 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE end - if %w[accept reject drop].include?(value.downcase) + if ['accept', 'reject', 'drop'].include?(value.downcase) raise ArgumentError, <<-PUPPETCODE Jump destination should not be one of ACCEPT, REJECT or DROP. Use the action property instead. @@ -522,7 +522,7 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE end - if %w[accept reject drop].include?(value.downcase) + if ['accept', 'reject', 'drop'].include?(value.downcase) raise ArgumentError, <<-PUPPETCODE Goto destination should not be one of ACCEPT, REJECT or DROP. Use the action property instead. @@ -1059,10 +1059,7 @@ Puppet::Type.newtype(:firewall) do PUPPETCODE # iptables uses the cisco DSCP classes as the basis for this flag. Values may be found here: # 'http://www.cisco.com/c/en/us/support/docs/quality-of-service-qos/qos-packet-marking/10103-dscpvalues.html' - valid_codes = %w[ - af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 - af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 ef - ] + valid_codes = ['af11', 'af12', 'af13', 'af21', 'af22', 'af23', 'af31', 'af32', 'af33', 'af41', 'af42', 'af43', 'cs1', 'cs2', 'cs3', 'cs4', 'cs5', 'cs6', 'cs7', 'ef'] munge do |value| unless valid_codes.include? value.downcase raise ArgumentError, "#{value} is not a valid DSCP Class" @@ -1720,7 +1717,7 @@ Puppet::Type.newtype(:firewall) do unless protocol.nil? table = value(:table) [value(:chain), value(:jump)].each do |chain| - reqs << "#{chain}:#{table}:#{protocol}" unless chain.nil? || (%w[INPUT OUTPUT FORWARD].include?(chain) && table == :filter) + reqs << "#{chain}:#{table}:#{protocol}" unless chain.nil? || (['INPUT', 'OUTPUT', 'FORWARD'].include?(chain) && table == :filter) end end @@ -1732,7 +1729,7 @@ Puppet::Type.newtype(:firewall) do autorequire(:package) do case value(:provider) when :iptables, :ip6tables - %w[iptables iptables-persistent iptables-services] + ['iptables', 'iptables-persistent', 'iptables-services'] else [] end @@ -1741,7 +1738,7 @@ Puppet::Type.newtype(:firewall) do autorequire(:service) do case value(:provider) when :iptables, :ip6tables - %w[firewalld iptables ip6tables iptables-persistent netfilter-persistent] + ['firewalld', 'iptables', 'ip6tables', 'iptables-persistent', 'netfilter-persistent'] else [] end diff --git a/lib/puppet/type/firewallchain.rb b/lib/puppet/type/firewallchain.rb index 5a1085f..16363d7 100644 --- a/lib/puppet/type/firewallchain.rb +++ b/lib/puppet/type/firewallchain.rb @@ -158,7 +158,7 @@ Puppet::Type.newtype(:firewallchain) do autorequire(:package) do case value(:provider) when :iptables_chain - %w[iptables iptables-persistent iptables-services] + ['iptables', 'iptables-persistent', 'iptables-services'] else [] end @@ -167,7 +167,7 @@ Puppet::Type.newtype(:firewallchain) do autorequire(:service) do case value(:provider) when :iptables, :ip6tables - %w[firewalld iptables ip6tables iptables-persistent netfilter-persistent] + ['firewalld', 'iptables', 'ip6tables', 'iptables-persistent', 'netfilter-persistent'] else [] end diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb index 0dc129f..8cf8308 100644 --- a/lib/puppet/util/firewall.rb +++ b/lib/puppet/util/firewall.rb @@ -196,7 +196,7 @@ module Puppet::Util::Firewall end # RHEL 7 and newer also use systemd to persist iptable rules - if os_key == 'RedHat' && %w[RedHat CentOS Scientific SL SLC Ascendos CloudLinux PSBM OracleLinux OVS OEL XenServer VirtuozzoLinux] + if os_key == 'RedHat' && ['RedHat', 'CentOS', 'Scientific', 'SL', 'SLC', 'Ascendos', 'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'XenServer', 'VirtuozzoLinux'] .include?(Facter.value(:operatingsystem)) && Facter.value(:operatingsystemrelease).to_i >= 7 os_key = 'Fedora' end @@ -205,24 +205,24 @@ module Puppet::Util::Firewall when :RedHat case proto.to_sym when :IPv4 - %w[/sbin/service iptables save] + ['/sbin/service', 'iptables', 'save'] when :IPv6 - %w[/sbin/service ip6tables save] + ['/sbin/service', 'ip6tables', 'save'] end when :Fedora case proto.to_sym when :IPv4 - %w[/usr/libexec/iptables/iptables.init save] + ['/usr/libexec/iptables/iptables.init', 'save'] when :IPv6 - %w[/usr/libexec/iptables/ip6tables.init save] + ['/usr/libexec/iptables/ip6tables.init', 'save'] end when :Debian case proto.to_sym when :IPv4, :IPv6 if persist_ver && Puppet::Util::Package.versioncmp(persist_ver, '1.0') > 0 - %w[/usr/sbin/service netfilter-persistent save] + ['/usr/sbin/service', 'netfilter-persistent', 'save'] else - %w[/usr/sbin/service iptables-persistent save] + ['/usr/sbin/service', 'iptables-persistent', 'save'] end end when :Debian_manual diff --git a/metadata.json b/metadata.json index 5ae4efd..9b206e4 100644 --- a/metadata.json +++ b/metadata.json @@ -80,6 +80,7 @@ "version_requirement": ">= 4.7.0 < 6.0.0" } ], - "template-url": "file:///opt/puppetlabs/pdk/share/cache/pdk-templates.git", - "template-ref": "1.3.2-0-g07678c8" + "template-url": "https://github.com/puppetlabs/pdk-templates", + "template-ref": "heads/master-0-g34e3266", + "pdk-version": "1.5.0" } diff --git a/spec/acceptance/firewall_spec.rb b/spec/acceptance/firewall_spec.rb index f4c3d67..f4f4d0b 100644 --- a/spec/acceptance/firewall_spec.rb +++ b/spec/acceptance/firewall_spec.rb @@ -522,7 +522,7 @@ describe 'firewall basics', docker: true do end end - %w[dst_type src_type].each do |type| + ['dst_type', 'src_type'].each do |type| describe type.to_s do context 'when MULTICAST' do pp26 = <<-PUPPETCODE @@ -1534,7 +1534,7 @@ describe 'firewall basics', docker: true do end end - %w[dst_type src_type].each do |type| + ['dst_type', 'src_type'].each do |type| describe type.to_s do context 'when MULTICAST' do pp65 = <<-PUPPETCODE diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb index fb5b2c7..60b4367 100644 --- a/spec/fixtures/iptables/conversion_hash.rb +++ b/spec/fixtures/iptables/conversion_hash.rb @@ -36,14 +36,14 @@ ARGS_TO_HASH = { action: 'accept', chain: 'INPUT', destination: '1.1.1.1/32', - dport: %w[7061 7062], + dport: ['7061', '7062'], ensure: :present, line: '-A INPUT -s 1.1.1.1/32 -d 1.1.1.1/32 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061,7062 -j ACCEPT -m comment --comment "000 allow foo"', name: '000 allow foo', proto: 'tcp', provider: 'iptables', source: '1.1.1.1/32', - sport: %w[7061 7062], + sport: ['7061', '7062'], table: 'filter', }, }, @@ -221,7 +221,7 @@ ARGS_TO_HASH = { line: '-A INPUT -m state --state INVALID,RELATED,ESTABLISHED', table: 'filter', params: { - state: %w[ESTABLISHED INVALID RELATED], + state: ['ESTABLISHED', 'INVALID', 'RELATED'], action: nil, }, }, @@ -229,7 +229,7 @@ ARGS_TO_HASH = { line: '-A INPUT -m conntrack --ctstate INVALID,RELATED,ESTABLISHED', table: 'filter', params: { - ctstate: %w[ESTABLISHED INVALID RELATED], + ctstate: ['ESTABLISHED', 'INVALID', 'RELATED'], action: nil, }, }, @@ -699,12 +699,12 @@ HASH_TO_ARGS = { action: 'accept', chain: 'INPUT', destination: '1.1.1.1', - dport: %w[7061 7062], + dport: ['7061', '7062'], ensure: :present, name: '000 allow foo', proto: 'tcp', source: '1.1.1.1', - sport: %w[7061 7062], + sport: ['7061', '7062'], table: 'filter', }, args: ['-t', :filter, '-s', '1.1.1.1/32', '-d', '1.1.1.1/32', '-p', :tcp, '-m', 'multiport', '--sports', '7061,7062', '-m', 'multiport', '--dports', '7061,7062', '-j', 'ACCEPT', '-m', 'comment', '--comment', '000 allow foo'], # rubocop:disable Metrics/LineLength @@ -719,7 +719,7 @@ HASH_TO_ARGS = { name: '700 allow bar', proto: 'udp', source: '1.1.1.1', - sport: %w[7061 7062], + sport: ['7061', '7062'], table: 'filter', }, args: ['-t', :filter, '-s', '1.1.1.1/32', '-d', '2.10.13.0/24', '-p', :udp, '-m', 'multiport', '--sports', '7061,7062', '-m', 'multiport', '--dports', '7061', '-j', 'my_custom_chain', '-m', 'comment', '--comment', '700 allow bar'], # rubocop:disable Metrics/LineLength @@ -863,7 +863,7 @@ HASH_TO_ARGS = { params: { name: '100 states_set_from_array', table: 'filter', - state: %w[ESTABLISHED INVALID], + state: ['ESTABLISHED', 'INVALID'], }, args: ['-t', :filter, '-p', :tcp, '-m', 'state', '--state', 'ESTABLISHED,INVALID', '-m', 'comment', '--comment', '100 states_set_from_array'], }, @@ -871,7 +871,7 @@ HASH_TO_ARGS = { params: { name: '100 ctstates_set_from_array', table: 'filter', - ctstate: %w[ESTABLISHED INVALID], + ctstate: ['ESTABLISHED', 'INVALID'], }, args: ['-t', :filter, '-p', :tcp, '-m', 'conntrack', '--ctstate', 'ESTABLISHED,INVALID', '-m', 'comment', '--comment', '100 ctstates_set_from_array'], }, diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index c20a317..e117192 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -1,5 +1,13 @@ + require 'puppetlabs_spec_helper/module_spec_helper' require 'rspec-puppet-facts' + +begin + require 'spec_helper_local' if File.file?(File.join(File.dirname(__FILE__), 'spec_helper_local.rb')) +rescue LoadError => loaderror + warn "Could not require spec_helper_local: #{loaderror.message}" +end + include RspecPuppetFacts default_facts = { @@ -20,5 +28,9 @@ end RSpec.configure do |c| c.default_facts = default_facts + c.before :each do + # set to strictest setting for testing + # by default Puppet runs at warning level + Puppet.settings[:strict] = :warning + end end -require 'spec_helper_local' diff --git a/spec/spec_helper_acceptance.rb b/spec/spec_helper_acceptance.rb index 8fcc589..0651b82 100644 --- a/spec/spec_helper_acceptance.rb +++ b/spec/spec_helper_acceptance.rb @@ -3,13 +3,13 @@ require 'beaker/puppet_install_helper' require 'beaker/module_install_helper' def iptables_flush_all_tables - %w[filter nat mangle raw].each do |t| + ['filter', 'nat', 'mangle', 'raw'].each do |t| expect(shell("iptables -t #{t} -F").stderr).to eq('') end end def ip6tables_flush_all_tables - %w[filter mangle].each do |t| + ['filter', 'mangle'].each do |t| expect(shell("ip6tables -t #{t} -F").stderr).to eq('') end end diff --git a/spec/unit/classes/firewall_linux_redhat_spec.rb b/spec/unit/classes/firewall_linux_redhat_spec.rb index df71d43..04a6d45 100644 --- a/spec/unit/classes/firewall_linux_redhat_spec.rb +++ b/spec/unit/classes/firewall_linux_redhat_spec.rb @@ -32,9 +32,9 @@ RSpec.shared_examples 'ensures iptables service' do end describe 'firewall::linux::redhat', type: :class do - %w[RedHat CentOS Fedora].each do |os| + ['RedHat', 'CentOS', 'Fedora'].each do |os| oldreleases = ((os == 'Fedora') ? ['14'] : ['6.5']) - newreleases = ((os == 'Fedora') ? %w[15 Rawhide] : ['7.0.1406']) + newreleases = ((os == 'Fedora') ? ['15', 'Rawhide'] : ['7.0.1406']) oldreleases.each do |osrel| context "os #{os} and osrel #{osrel}" do diff --git a/spec/unit/classes/firewall_linux_spec.rb b/spec/unit/classes/firewall_linux_spec.rb index 056e308..2fbb462 100644 --- a/spec/unit/classes/firewall_linux_spec.rb +++ b/spec/unit/classes/firewall_linux_spec.rb @@ -1,9 +1,9 @@ require 'spec_helper' describe 'firewall::linux', type: :class do - %w[RedHat CentOS Fedora].each do |os| + ['RedHat', 'CentOS', 'Fedora'].each do |os| context "Redhat Like: operatingsystem => #{os}" do - releases = ((os == 'Fedora') ? %w[14 15 Rawhide] : %w[6 7]) + releases = ((os == 'Fedora') ? ['14', '15', 'Rawhide'] : ['6', '7']) releases.each do |osrel| context "operatingsystemrelease => #{osrel}" do let(:facts) do @@ -24,9 +24,9 @@ describe 'firewall::linux', type: :class do end end - %w[Debian Ubuntu].each do |os| + ['Debian', 'Ubuntu'].each do |os| context "Debian Like: operatingsystem => #{os}" do - releases = ((os == 'Debian') ? %w[6 7 8] : ['10.04', '12.04', '14.04']) + releases = ((os == 'Debian') ? ['6', '7', '8'] : ['10.04', '12.04', '14.04']) releases.each do |osrel| let(:facts) do { diff --git a/spec/unit/puppet/provider/iptables_spec.rb b/spec/unit/puppet/provider/iptables_spec.rb index ed5bd0e..a7a23d0 100644 --- a/spec/unit/puppet/provider/iptables_spec.rb +++ b/spec/unit/puppet/provider/iptables_spec.rb @@ -273,7 +273,7 @@ describe 'iptables provider' do end resource_types = [:chain, :source, :destination, :proto, :dport, :sport, :action] - rule_values = ['INPUT', '1.1.1.1/32', '1.1.1.1/32', 'tcp', %w[7061 7062], %w[7061 7062], 'accept'] + rule_values = ['INPUT', '1.1.1.1/32', '1.1.1.1/32', 'tcp', ['7061', '7062'], ['7061', '7062'], 'accept'] it 'parsed the rule arguments correctly' do resource_types.each_with_index do |type, index| expect(resource[type]).to eq(rule_values[index]) diff --git a/spec/unit/puppet/type/firewall_spec.rb b/spec/unit/puppet/type/firewall_spec.rb index 8018b6b..5a9d42f 100755 --- a/spec/unit/puppet/type/firewall_spec.rb +++ b/spec/unit/puppet/type/firewall_spec.rb @@ -100,14 +100,14 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes expect(res.parameters[:jump]).to be nil end - %w[QUEUE RETURN DNAT SNAT LOG NFLOG MASQUERADE REDIRECT MARK].each do |jump| + ['QUEUE', 'RETURN', 'DNAT', 'SNAT', 'LOG', 'NFLOG', 'MASQUERADE', 'REDIRECT', 'MARK'].each do |jump| it "should accept jump value #{jump}" do resource[:jump] = jump expect(resource[:jump]).to eql jump end end - %w[ACCEPT DROP REJECT].each do |jump| + ['ACCEPT', 'DROP', 'REJECT'].each do |jump| it "should now fail when value #{jump}" do expect(-> { resource[:jump] = jump }).to raise_error(Puppet::Error) end @@ -145,8 +145,8 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end it "should accept a #{port} as an array" do - resource[port] = %w[22 23] - expect(resource[port]).to eql %w[22 23] + resource[port] = ['22', '23'] + expect(resource[port]).to eql ['22', '23'] end it "should accept a #{port} as a number" do @@ -412,7 +412,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end describe ':recent' do - %w[set update rcheck remove].each do |recent| + ['set', 'update', 'rcheck', 'remove'].each do |recent| it "should accept recent value #{recent}" do resource[:recent] = recent expect(resource[:recent]).to eql "--#{recent}" @@ -433,7 +433,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes expect(resource[:uid]).to eql 'root' end it 'allows me to set uid as an array, and silently hide my error' do - resource[:uid] = %w[root bobby] + resource[:uid] = ['root', 'bobby'] expect(resource[:uid]).to eql 'root' end it 'allows me to set gid' do @@ -441,7 +441,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes expect(resource[:gid]).to eql 'root' end it 'allows me to set gid as an array, and silently hide my error' do - resource[:gid] = %w[root bobby] + resource[:gid] = ['root', 'bobby'] expect(resource[:gid]).to eql 'root' end end @@ -577,7 +577,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end # test where autorequire is still needed (table != filter) - %w[INPUT OUTPUT FORWARD].each do |test_chain| + ['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain| it "should autorequire fwchain #{test_chain} when table is mangle and provider is undefined" do resource[param] = test_chain resource[:table] = :mangle @@ -608,7 +608,7 @@ describe firewall do # rubocop:disable RSpec/MultipleDescribes end # test of case where autorequire should not happen - %w[INPUT OUTPUT FORWARD].each do |test_chain| + ['INPUT', 'OUTPUT', 'FORWARD'].each do |test_chain| it "should not autorequire fwchain #{test_chain} when table and provider are undefined" do resource[param] = test_chain expect(resource[:table]).to be :filter diff --git a/spec/unit/puppet/type/firewallchain_spec.rb b/spec/unit/puppet/type/firewallchain_spec.rb index fcabcfd..89c36e9 100755 --- a/spec/unit/puppet/type/firewallchain_spec.rb +++ b/spec/unit/puppet/type/firewallchain_spec.rb @@ -26,13 +26,13 @@ describe firewallchain do # rubocop:disable RSpec/MultipleDescribes end describe ':name' do - { 'nat' => %w[PREROUTING POSTROUTING INPUT OUTPUT], - 'mangle' => %w[PREROUTING POSTROUTING INPUT FORWARD OUTPUT], - 'filter' => %w[INPUT OUTPUT FORWARD], - 'raw' => %w[PREROUTING OUTPUT], + { 'nat' => ['PREROUTING', 'POSTROUTING', 'INPUT', 'OUTPUT'], + 'mangle' => ['PREROUTING', 'POSTROUTING', 'INPUT', 'FORWARD', 'OUTPUT'], + 'filter' => ['INPUT', 'OUTPUT', 'FORWARD'], + 'raw' => ['PREROUTING', 'OUTPUT'], 'broute' => ['BROUTING'], - 'security' => %w[INPUT OUTPUT FORWARD] }.each_pair do |table, allowedinternalchains| - %w[IPv4 IPv6 ethernet].each do |protocol| + 'security' => ['INPUT', 'OUTPUT', 'FORWARD'] }.each_pair do |table, allowedinternalchains| + ['IPv4', 'IPv6', 'ethernet'].each do |protocol| ['test', '$5()*&%\'"^$09):'].each do |chainname| name = "#{chainname}:#{table}:#{protocol}" if table == 'nat' && protocol == 'IPv6' @@ -58,7 +58,7 @@ describe firewallchain do # rubocop:disable RSpec/MultipleDescribes end end - %w[PREROUTING POSTROUTING BROUTING INPUT FORWARD OUTPUT].each do |internalchain| + ['PREROUTING', 'POSTROUTING', 'BROUTING', 'INPUT', 'FORWARD', 'OUTPUT'].each do |internalchain| name = internalchain + ':' + table + ':' name += if internalchain == 'BROUTING' 'ethernet' diff --git a/spec/unit/puppet/util/firewall_spec.rb b/spec/unit/puppet/util/firewall_spec.rb index 1d21fc4..dc9580f 100644 --- a/spec/unit/puppet/util/firewall_spec.rb +++ b/spec/unit/puppet/util/firewall_spec.rb @@ -55,7 +55,7 @@ describe 'Puppet::Util::Firewall' do describe 'proto unsupported' do subject(:host) { resource } - %w[inet5 inet8 foo].each do |proto| + ['inet5', 'inet8', 'foo'].each do |proto| it "should reject invalid proto #{proto}" do expect { host.icmp_name_to_number('echo-reply', proto) } .to raise_error(ArgumentError, "unsupported protocol family '#{proto}'") @@ -133,7 +133,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('RedHat') allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6') - allow(host).to receive(:execute).with(%w[/sbin/service iptables save]) + allow(host).to receive(:execute).with(['/sbin/service', 'iptables', 'save']) host.persist_iptables(proto) end @@ -142,7 +142,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('RedHat') allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('7') - allow(host).to receive(:execute).with(%w[/usr/libexec/iptables/iptables.init save]) + allow(host).to receive(:execute).with(['/usr/libexec/iptables/iptables.init', 'save']) host.persist_iptables(proto) end @@ -151,7 +151,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('Fedora') allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('15') - allow(host).to receive(:execute).with(%w[/usr/libexec/iptables/iptables.init save]) + allow(host).to receive(:execute).with(['/usr/libexec/iptables/iptables.init', 'save']) host.persist_iptables(proto) end @@ -159,7 +159,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil) allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('CentOS') allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6.5') - allow(host).to receive(:execute).with(%w[/sbin/service iptables save]) + allow(host).to receive(:execute).with(['/sbin/service', 'iptables', 'save']) host.persist_iptables(proto) end @@ -167,7 +167,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil) allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('CentOS') allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('7.0.1406') - allow(host).to receive(:execute).with(%w[/usr/libexec/iptables/iptables.init save]) + allow(host).to receive(:execute).with(['/usr/libexec/iptables/iptables.init', 'save']) host.persist_iptables(proto) end @@ -182,7 +182,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('RedHat') allow(Facter.fact(:operatingsystemrelease)).to receive(:value).and_return('6') - allow(host).to receive(:execute).with(%w[/sbin/service iptables save]).and_raise(Puppet::ExecutionFailure, 'some error') + allow(host).to receive(:execute).with(['/sbin/service', 'iptables', 'save']).and_raise(Puppet::ExecutionFailure, 'some error') allow(host).to receive(:warning).with('Unable to persist firewall rules: some error') host.persist_iptables(proto) end @@ -195,7 +195,7 @@ describe 'Puppet::Util::Firewall' do allow(Facter.fact(:osfamily)).to receive(:value).and_return(nil) allow(Facter.fact(:operatingsystem)).to receive(:value).and_return('Ubuntu') allow(Facter.fact(:iptables_persistent_version)).to receive(:value).and_return('0.5.3ubuntu2') - allow(host).to receive(:execute).with(%w[/usr/sbin/service iptables-persistent save]) + allow(host).to receive(:execute).with(['/usr/sbin/service', 'iptables-persistent', 'save']) host.persist_iptables(proto) end -- 2.45.2