Firewall 7.0.0 compat (#40)

Thanks @robertc99
alex-harvey-z3q · Sep 24, 2023 · 244ee18 · 244ee18
1 parent cea0a08
commit 244ee18
Show file tree

Hide file tree

Showing 7 changed files with 42 additions and 50 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -15,10 +15,6 @@ jobs:
     strategy:
       matrix:
         include:
-          - ruby: "2.4.4"
-            puppet: "~> 5.0"
-          - ruby: "2.4.4"
-            puppet: "~> 6.0"
           - ruby: "2.7"
             puppet: "~> 7.0"
 

diff --git a/lib/puppet/functions/firewall_multi.rb b/lib/puppet/functions/firewall_multi.rb
@@ -68,7 +68,7 @@ def firewall_multi(hash)
     hash = explode(hash, "proto", "protocol")
     hash = explode(hash, "icmp", "icmp type")
     hash = explode(hash, "icmp", "icmp type")
-    hash = explode(hash, "provider", "using provider")
+    hash = explode(hash, "protocol", "using protocol")
     hash
   end
 end
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -6,12 +6,11 @@
 # @param [Array] destination An array of destination IPs or CIDRs.
 # @param [Array] proto An array of protocols.
 # @param [Array] icmp An array of ICMP types.
-# @param [Array] provider An array of providers.
+# @param [Array] protocol An array of protocols.
 #
 define firewall_multi (
   $ensure                      = undef,
-  $provider                    = undef,
-  $action                      = undef,
+  $protocol                    = undef,
   $burst                       = undef,
   $bytecode                    = undef,
   $cgroup                      = undef,
@@ -103,7 +102,6 @@
   $physdev_is_out              = undef,
   $physdev_out                 = undef,
   $pkttype                     = undef,
-  $port                        = undef,
   $proto                       = undef,
   $queue_bypass                = undef,
   $queue_num                   = undef,
@@ -158,8 +156,7 @@
     {
       $name => {
         ensure                      => $ensure,
-        provider                    => $provider,
-        action                      => $action,
+        protocol                    => $protocol,
         burst                       => $burst,
         bytecode                    => $bytecode,
         cgroup                      => $cgroup,
@@ -251,7 +248,6 @@
         physdev_is_out              => $physdev_is_out,
         physdev_out                 => $physdev_out,
         pkttype                     => $pkttype,
-        port                        => $port,
         proto                       => $proto,
         queue_bypass                => $queue_bypass,
         queue_num                   => $queue_num,

diff --git a/metadata.json b/metadata.json
@@ -72,13 +72,13 @@
   "requirements": [
     {
       "name": "puppet",
-      "version_requirement": ">= 3.0.0"
+      "version_requirement": ">= 7.0.0 < 9.0.0"
     }
   ],
   "dependencies": [
     {
       "name": "puppetlabs/firewall",
-      "version_requirement": ">= 2.8.0 <= 6.0.0"
+      "version_requirement": ">= 7.0.0 < 8.0.0"
     }
   ]
 }
diff --git a/spec/acceptance/firewall_multi_spec.rb b/spec/acceptance/firewall_multi_spec.rb
@@ -15,7 +15,7 @@
           ],
           dport  => [80, 443],
           proto  => tcp,
-          action => accept,
+          jump   => accept,
         }
       CODE
 

diff --git a/spec/defines/firewall_multi_spec.rb b/spec/defines/firewall_multi_spec.rb
@@ -23,7 +23,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source"      => sources,
@@ -39,7 +39,7 @@
             is_expected.to contain_firewall(
               "00100 accept on port 80 from #{source} to #{dest} icmp type #{icmp}"
             ).with(
-              "action" => "accept",
+              "jump" => "accept",
               "dport"  => "80",
               "proto"  => "tcp",
               "source"      => source,
@@ -62,7 +62,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source"      => sources,
@@ -75,7 +75,7 @@
         is_expected.to contain_firewall(
           "00100 accept on port 80 from #{source}"
         ).with(
-          "action" => "accept",
+          "jump" => "accept",
           "dport"  => "80",
           "proto"  => "tcp",
           "source"      => source,
@@ -95,7 +95,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source" => sources
@@ -104,7 +104,7 @@
 
     it {
       is_expected.to contain_firewall("00100 accept on port 80 from #{source}").with(
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source" => source
@@ -121,7 +121,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "destination" => destinations
@@ -132,7 +132,7 @@
       is_expected.to contain_firewall(
         "00100 accept on port 80 to 4.4.4.4/24"
       ).with(
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "destination" => "4.4.4.4/24"
@@ -152,7 +152,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source"      => source,
@@ -164,7 +164,7 @@
       is_expected.to contain_firewall(
         "00100 accept on port 80 to #{destination}"
       ).with(
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source"      => source,
@@ -179,7 +179,7 @@
     let(:title) { "00100 accept on port 53" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "53",
         "proto"  => protocols
       }
@@ -190,7 +190,7 @@
         is_expected.to contain_firewall(
           "00100 accept on port 53 protocol #{protocol}"
         ).with(
-          "action" => "accept",
+          "jump" => "accept",
           "dport"  => "53",
           "proto"  => protocol
         )
@@ -206,7 +206,7 @@
       {
         "chain"  => "OUTPUT",
         "proto"  => "icmp",
-        "action" => "accept",
+        "jump" => "accept",
         "icmp"   => icmps
       }
     end
@@ -218,7 +218,7 @@
         ).with(
           "chain"  => "OUTPUT",
           "proto"  => "icmp",
-          "action" => "accept",
+          "jump" => "accept",
           "icmp"   => icmp
         )
       }
@@ -233,7 +233,7 @@
       {
         "chain"  => "OUTPUT",
         "proto"  => "icmp",
-        "action" => "accept",
+        "jump" => "accept",
         "icmp"   => icmps
       }
     end
@@ -242,7 +242,7 @@
       is_expected.to contain_firewall("00100 accept output icmp type 8").with(
         "chain"  => "OUTPUT",
         "proto"  => "icmp",
-        "action" => "accept",
+        "jump" => "accept",
         "icmp"   => "8"
       )
     }
@@ -255,15 +255,15 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp"
       }
     end
 
     it {
       is_expected.to contain_firewall("00100 accept on port 80").with(
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp"
       )
@@ -274,7 +274,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source" => nil
@@ -283,7 +283,7 @@
 
     it {
       is_expected.to contain_firewall("00100 accept on port 80").with(
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source" => "nil"
@@ -301,7 +301,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source" => sources,
@@ -313,7 +313,7 @@
       is_expected.to contain_firewall(
         "00100 accept on port 80 from 1.1.1.1/24"
       ).with(
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source" => "1.1.1.1/24",
@@ -322,31 +322,31 @@
     }
   end
 
-  context "when using two providers" do
-    providers = %w[
+  context "when using two protocols" do
+    protocols = %w[
       iptables
       ip6tables
     ]
 
     let(:title) { "00100 accept on ports 80 and 443" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => %w[80 443],
         "proto"  => "tcp",
-        "provider" => providers
+        "protocol" => protocols
       }
     end
 
     it {
-      providers.each do |provider|
+      protocols.each do |protocol|
         is_expected.to contain_firewall(
-          "00100 accept on ports 80 and 443 using provider #{provider}"
+          "00100 accept on ports 80 and 443 using protocol #{protocol}"
         ).with(
-          "action"   => "accept",
+          "jump"   => "accept",
           "dport"    => %w[80 443],
           "proto"    => "tcp",
-          "provider" => provider
+          "protocol" => protocol
         )
       end
     }
@@ -356,7 +356,7 @@
     let(:title) { "00100 accept on port 80" }
     let(:params) do
       {
-        "action" => "accept",
+        "jump" => "accept",
         "dport"  => "80",
         "proto"  => "tcp",
         "source"      => "1.1.1.1/24",
@@ -367,7 +367,7 @@
 
     it {
       is_expected.to contain_firewall("00100 accept on port 80").with(
-        "action"      => "accept",
+        "jump"      => "accept",
         "dport"       => "80",
         "proto"       => "tcp",
         "source"      => "1.1.1.1/24",

diff --git a/spec/functions/firewall_multi_spec.rb b/spec/functions/firewall_multi_spec.rb
@@ -12,20 +12,20 @@
   context "when passed a hash" do
     input = {
       "00100 accept inbound ssh" => {
-        "action" => "accept",
+        "jump" => "accept",
         "source" => ["1.1.1.1/24", "2.2.2.2/24"],
         "dport"  => 22
       }
     }
 
     output = {
       "00100 accept inbound ssh from 1.1.1.1/24" => {
-        "action" => "accept",
+        "jump" => "accept",
         "source" => "1.1.1.1/24",
         "dport"  => 22
       },
       "00100 accept inbound ssh from 2.2.2.2/24" => {
-        "action" => "accept",
+        "jump" => "accept",
         "source" => "2.2.2.2/24",
         "dport"  => 22
       }