From dc688a08ae4f11ab1a5cadd9f0901e8986a7fc70 Mon Sep 17 00:00:00 2001 From: Sharif Nassar Date: Sun, 13 Nov 2011 04:23:28 -0800 Subject: [PATCH] Whitespace cleanup. --- examples/ip6tables/test.pp | 2 +- lib/puppet/provider/firewall.rb | 2 +- lib/puppet/provider/firewall/ip6tables.rb | 4 +- lib/puppet/provider/firewall/iptables.rb | 18 ++++----- lib/puppet/type/firewall.rb | 46 +++++++++++------------ lib/puppet/util/firewall.rb | 2 +- lib/puppet/util/ipcidr.rb | 2 +- spec/fixtures/iptables/conversion_hash.rb | 34 ++++++++--------- 8 files changed, 55 insertions(+), 55 deletions(-) diff --git a/examples/ip6tables/test.pp b/examples/ip6tables/test.pp index fd5c5a4..5a5f831 100644 --- a/examples/ip6tables/test.pp +++ b/examples/ip6tables/test.pp @@ -6,7 +6,7 @@ firewall { '000 allow foo': } firewall { '001 allow boo': - action => accept, + action => accept, iniface => 'eth0', sport => 123, dport => 123, diff --git a/lib/puppet/provider/firewall.rb b/lib/puppet/provider/firewall.rb index e6ea598..0ab16f7 100644 --- a/lib/puppet/provider/firewall.rb +++ b/lib/puppet/provider/firewall.rb @@ -32,7 +32,7 @@ class Puppet::Provider::Firewall < Puppet::Provider nil end - # Executed if method is missing. In this case we are going to catch + # Executed if method is missing. In this case we are going to catch # unqualified property methods for dynamic property setting and getting. def method_missing(meth, *args, &block) dynamic_methods = self.class.instance_variable_get('@resource_map').keys diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb index 85ebe41..9b70e53 100644 --- a/lib/puppet/provider/firewall/ip6tables.rb +++ b/lib/puppet/provider/firewall/ip6tables.rb @@ -39,8 +39,8 @@ Puppet::Type.type(:firewall).provide :ip6tables, :parent => :iptables, :source = :tosource => "--to-source", } - @resource_list = [:table, :source, :destination, :iniface, :outiface, - :proto, :sport, :dport, :port, :name, :state, :icmp, :limit, :burst, :jump, + @resource_list = [:table, :source, :destination, :iniface, :outiface, + :proto, :sport, :dport, :port, :name, :state, :icmp, :limit, :burst, :jump, :todest, :tosource, :toports, :log_level, :log_prefix, :reject] end diff --git a/lib/puppet/provider/firewall/iptables.rb b/lib/puppet/provider/firewall/iptables.rb index 99848ea..1179de8 100644 --- a/lib/puppet/provider/firewall/iptables.rb +++ b/lib/puppet/provider/firewall/iptables.rb @@ -3,7 +3,7 @@ require 'digest/md5' Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Firewall do include Puppet::Util::Firewall - + @doc = "Iptables type provider" has_feature :iptables @@ -57,7 +57,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir def update debug 'Updating rule %s' % resource[:name] - iptables update_args + iptables update_args end def delete @@ -78,7 +78,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir end @property_hash.clear end - + def self.instances debug "[instances]" table = nil @@ -117,7 +117,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir keys << :chain keys.zip(values.scan(/"[^"]*"|\S+/).reverse) { |f, v| hash[f] = v.gsub(/"/, '') } - + [:dport, :sport, :port, :state].each do |prop| hash[prop] = hash[prop].split(',') if ! hash[prop].nil? end @@ -154,7 +154,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir hash[:proto] = "all" if !hash.include?(:proto) # If the jump parameter is set to one of: ACCEPT, REJECT or DROP then - # we should set the action parameter instead. + # we should set the action parameter instead. if ['ACCEPT','REJECT','DROP'].include?(hash[:jump]) then hash[:action] = hash[:jump].downcase hash.delete(:jump) @@ -180,14 +180,14 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir def delete_args count = [] line = properties[:line].gsub(/\-A/, '-D').split - + # Grab all comment indices line.each do |v| if v =~ /"/ count << line.index(v) end end - + if ! count.empty? # Remove quotes and set first comment index to full string line[count.first] = line[count.first..count.last].join(' ').gsub(/"/, '') @@ -197,7 +197,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir line[i] = nil end end - + # Return array without nils line.compact end @@ -243,7 +243,7 @@ Puppet::Type.type(:firewall).provide :iptables, :parent => Puppet::Provider::Fir def insert_order debug("[insert_order]") rules = [] - + # Find list of current rules based on chain self.class.instances.each do |rule| rules << rule.name if rule.chain == resource[:chain].to_s diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb index e6bd0d3..e63dd98 100644 --- a/lib/puppet/type/firewall.rb +++ b/lib/puppet/type/firewall.rb @@ -2,7 +2,7 @@ # # This is a workaround for bug: #4248 whereby ruby files outside of the normal # provider/type path do not load until pluginsync has occured on the puppetmaster -# +# # In this case I'm trying the relative path first, then falling back to normal # mechanisms. This should be fixed in future versions of puppet but it looks # like we'll need to maintain this for some time perhaps. @@ -14,7 +14,7 @@ Puppet::Type.newtype(:firewall) do include Puppet::Util::Firewall @doc = <<-EOS - This type provides the capability to manage firewall rules within + This type provides the capability to manage firewall rules within puppet. EOS @@ -101,7 +101,7 @@ Puppet::Type.newtype(:firewall) do newproperty(:sport, :array_matching => :all) do desc <<-EOS - The source port to match for this filter (if the protocol supports + The source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: @@ -127,7 +127,7 @@ Puppet::Type.newtype(:firewall) do newproperty(:dport, :array_matching => :all) do desc <<-EOS - The destination port to match for this filter (if the protocol supports + The destination port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: @@ -140,7 +140,7 @@ Puppet::Type.newtype(:firewall) do This would cover ports 1 to 1024. EOS - + munge do |value| @resource.string_to_port(value) end @@ -179,7 +179,7 @@ Puppet::Type.newtype(:firewall) do newproperty(:proto) do desc <<-EOS - The specific protocol to match for this rule. By default this is + The specific protocol to match for this rule. By default this is *tcp*. EOS @@ -226,19 +226,19 @@ Puppet::Type.newtype(:firewall) do newproperty(:jump, :required_features => :iptables) do desc <<-EOS - The value for the iptables --jump parameter. Normal values are: + The value for the iptables --jump parameter. Normal values are: * QUEUE * RETURN * DNAT * SNAT * LOG - * MASQUERADE + * MASQUERADE * REDIRECT - But any valid chain name is allowed. + But any valid chain name is allowed. - For the values ACCEPT, DROP and REJECT you must use the generic + For the values ACCEPT, DROP and REJECT you must use the generic 'action' parameter. This is to enfore the use of generic parameters where possible for maximum cross-platform modelling. @@ -249,14 +249,14 @@ Puppet::Type.newtype(:firewall) do validate do |value| unless value =~ /^[a-zA-Z0-9\-_]+$/ raise ArgumentError, <<-EOS - Jump destination must consist of alphanumeric characters, an + Jump destination must consist of alphanumeric characters, an underscore or a yphen. EOS end if ["accept","reject","drop"].include?(value.downcase) raise ArgumentError, <<-EOS - Jump destination should not be one of ACCEPT, REJECT or DENY. Use + Jump destination should not be one of ACCEPT, REJECT or DENY. Use the action property instead. EOS end @@ -282,14 +282,14 @@ Puppet::Type.newtype(:firewall) do # NAT specific properties newproperty(:tosource, :required_features => :snat) do desc <<-EOS - When using jump => "SNAT" you can specify the new source address using + When using jump => "SNAT" you can specify the new source address using this parameter. EOS end newproperty(:todest, :required_features => :dnat) do desc <<-EOS - When using jump => "DNAT" you can specify the new destination address + When using jump => "DNAT" you can specify the new destination address using this paramter. EOS end @@ -303,7 +303,7 @@ Puppet::Type.newtype(:firewall) do # Reject ICMP type newproperty(:reject, :required_features => :reject_type) do desc <<-EOS - When combined with jump => "REJECT" you can specify a different icmp + When combined with jump => "REJECT" you can specify a different icmp response to be sent back to the packet sender. EOS end @@ -311,14 +311,14 @@ Puppet::Type.newtype(:firewall) do # Logging properties newproperty(:log_level, :required_features => :log_level) do desc <<-EOS - When combined with jump => "LOG" specifies the system log level to log + When combined with jump => "LOG" specifies the system log level to log to. EOS end newproperty(:log_prefix, :required_features => :log_prefix) do desc <<-EOS - When combined with jump => "LOG" specifies the log prefix to use when + When combined with jump => "LOG" specifies the log prefix to use when logging. EOS end @@ -343,11 +343,11 @@ Puppet::Type.newtype(:firewall) do end end - newproperty(:state, :array_matching => :all, :required_features => + newproperty(:state, :array_matching => :all, :required_features => :state_match) do desc <<-EOS - Matches a packet based on its state in the firewall stateful inspection + Matches a packet based on its state in the firewall stateful inspection table. Values can be: * INVALID @@ -373,7 +373,7 @@ Puppet::Type.newtype(:firewall) do # Rate limiting properties newproperty(:limit, :required_features => :rate_limiting) do desc <<-EOS - Rate limiting value for matched packets. The format is: + Rate limiting value for matched packets. The format is: rate/[/second/|/minute|/hour|/day]. Example values are: '50/sec', '40/min', '30/hour', '10/day'." @@ -392,7 +392,7 @@ Puppet::Type.newtype(:firewall) do Read-only property for caching the rule line. EOS end - + validate do debug("[validate]") @@ -405,7 +405,7 @@ Puppet::Type.newtype(:firewall) do end # First we make sure the chains and tables are valid combinations - if value(:table).to_s == "filter" && + if value(:table).to_s == "filter" && value(:chain) =~ /PREROUTING|POSTROUTING/ self.fail "PREROUTING and POSTROUTING cannot be used in table 'filter'" @@ -415,7 +415,7 @@ Puppet::Type.newtype(:firewall) do self.fail "INPUT and FORWARD cannot be used in table 'nat'" end - if value(:table).to_s == "raw" && + if value(:table).to_s == "raw" && value(:chain) =~ /INPUT|FORWARD|POSTROUTING/ self.fail "INPUT, FORWARD and POSTROUTING cannot be used in table raw" diff --git a/lib/puppet/util/firewall.rb b/lib/puppet/util/firewall.rb index faf5977..6804774 100644 --- a/lib/puppet/util/firewall.rb +++ b/lib/puppet/util/firewall.rb @@ -29,7 +29,7 @@ module Puppet::Util::Firewall # This method takes a string and attempts to convert it to a port number # if valid. - # + # # If the string already contains a port number or perhaps a range of ports # in the format 22:1000 for example, it simply returns the string and does # nothing. diff --git a/lib/puppet/util/ipcidr.rb b/lib/puppet/util/ipcidr.rb index 7b59eb8..674bf18 100644 --- a/lib/puppet/util/ipcidr.rb +++ b/lib/puppet/util/ipcidr.rb @@ -4,7 +4,7 @@ require 'ipaddr' module Puppet module Util class IPCidr < IPAddr - + def netmask _to_string(@mask_addr) end diff --git a/spec/fixtures/iptables/conversion_hash.rb b/spec/fixtures/iptables/conversion_hash.rb index 3240010..fa9f21a 100644 --- a/spec/fixtures/iptables/conversion_hash.rb +++ b/spec/fixtures/iptables/conversion_hash.rb @@ -5,7 +5,7 @@ # This hash is for testing a line conversion to a hash of parameters # which will be used to create a resource. -ARGS_TO_HASH = { +ARGS_TO_HASH = { 'long_rule_1' => { :line => '-A INPUT -s 1.1.1.1 -d 1.1.1.1 -p tcp -m multiport --dports 7061,7062 -m multiport --sports 7061,7062 -m comment --comment "000 allow foo" -j ACCEPT', :table => 'filter', @@ -23,23 +23,23 @@ ARGS_TO_HASH = { :source => "1.1.1.1", :sport => ["7061","7062"], :table => "filter", - }, - }, + }, + }, 'action_drop_1' => { :line => '-A INPUT -m comment --comment "000 allow foo" -j DROP', :table => 'filter', :params => { :jump => nil, :action => "drop", - }, - }, + }, + }, 'action_reject_1' => { :line => '-A INPUT -m comment --comment "000 allow foo" -j REJECT', :table => 'filter', :params => { :jump => nil, :action => "reject", - }, + }, }, 'action_nil_1' => { :line => '-A INPUT -m comment --comment "000 allow foo"', @@ -111,7 +111,7 @@ ARGS_TO_HASH = { } # This hash is for testing converting a hash to an argument line. -HASH_TO_ARGS = { +HASH_TO_ARGS = { 'long_rule_1' => { :params => { :action => "accept", @@ -124,9 +124,9 @@ HASH_TO_ARGS = { :source => "1.1.1.1", :sport => ["7061","7062"], :table => "filter", - }, + }, :args => ["-t", :filter, "-s", "1.1.1.1", "-d", "1.1.1.1", "-p", :tcp, "-m", "multiport", "--sports", "7061,7062", "-m", "multiport", "--dports", "7061,7062", "-m", "comment", "--comment", "000 allow foo", "-j", "ACCEPT"], - }, + }, 'long_rule_2' => { :params => { :chain => "INPUT", @@ -139,15 +139,15 @@ HASH_TO_ARGS = { :source => "1.1.1.1", :sport => ["7061","7062"], :table => "filter", - }, + }, :args => ["-t", :filter, "-s", "1.1.1.1", "-d", "2.10.13.3/24", "-p", :udp, "-m", "multiport", "--sports", "7061,7062", "-m", "multiport", "--dports", "7061", "-m", "comment", "--comment", "700 allow bar", "-j", "my_custom_chain"], - }, + }, 'no_action' => { :params => { :name => "100 no action", :table => "filter", - }, - :args => ["-t", :filter, "-p", :tcp, "-m", "comment", "--comment", + }, + :args => ["-t", :filter, "-p", :tcp, "-m", "comment", "--comment", "100 no action"], }, 'sport_range_1' => { @@ -155,7 +155,7 @@ HASH_TO_ARGS = { :name => "100 sport range", :sport => ["1-1024"], :table => "filter", - }, + }, :args => ["-t", :filter, "-p", :tcp, "-m", "multiport", "--sports", "1:1024", "-m", "comment", "--comment", "100 sport range"], }, 'sport_range_2' => { @@ -163,7 +163,7 @@ HASH_TO_ARGS = { :name => "100 sport range", :sport => ["15","512-1024"], :table => "filter", - }, + }, :args => ["-t", :filter, "-p", :tcp, "-m", "multiport", "--sports", "15,512:1024", "-m", "comment", "--comment", "100 sport range"], }, 'dport_range_1' => { @@ -171,7 +171,7 @@ HASH_TO_ARGS = { :name => "100 sport range", :dport => ["1-1024"], :table => "filter", - }, + }, :args => ["-t", :filter, "-p", :tcp, "-m", "multiport", "--dports", "1:1024", "-m", "comment", "--comment", "100 sport range"], }, 'dport_range_2' => { @@ -179,7 +179,7 @@ HASH_TO_ARGS = { :name => "100 sport range", :dport => ["15","512-1024"], :table => "filter", - }, + }, :args => ["-t", :filter, "-p", :tcp, "-m", "multiport", "--dports", "15,512:1024", "-m", "comment", "--comment", "100 sport range"], }, 'states_set_from_array' => { -- 2.45.2