From 244ee18db28d0fea719be48c778da3bfabbdaf5a Mon Sep 17 00:00:00 2001 From: robertc99 Date: Mon, 25 Sep 2023 08:48:50 +1000 Subject: [PATCH] Firewall 7.0.0 compat (#40) Thanks @robertc99 --- .github/workflows/build.yaml | 4 -- lib/puppet/functions/firewall_multi.rb | 2 +- manifests/init.pp | 10 ++-- metadata.json | 4 +- spec/acceptance/firewall_multi_spec.rb | 2 +- spec/defines/firewall_multi_spec.rb | 64 +++++++++++++------------- spec/functions/firewall_multi_spec.rb | 6 +-- 7 files changed, 42 insertions(+), 50 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e5618c1..c1bf83d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,10 +15,6 @@ jobs: strategy: matrix: include: - - ruby: "2.4.4" - puppet: "~> 5.0" - - ruby: "2.4.4" - puppet: "~> 6.0" - ruby: "2.7" puppet: "~> 7.0" diff --git a/lib/puppet/functions/firewall_multi.rb b/lib/puppet/functions/firewall_multi.rb index a41db8c..d78ccb1 100644 --- a/lib/puppet/functions/firewall_multi.rb +++ b/lib/puppet/functions/firewall_multi.rb @@ -68,7 +68,7 @@ def firewall_multi(hash) hash = explode(hash, "proto", "protocol") hash = explode(hash, "icmp", "icmp type") hash = explode(hash, "icmp", "icmp type") - hash = explode(hash, "provider", "using provider") + hash = explode(hash, "protocol", "using protocol") hash end end diff --git a/manifests/init.pp b/manifests/init.pp index 93ffed1..504d611 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,12 +6,11 @@ # @param [Array] destination An array of destination IPs or CIDRs. # @param [Array] proto An array of protocols. # @param [Array] icmp An array of ICMP types. -# @param [Array] provider An array of providers. +# @param [Array] protocol An array of protocols. # define firewall_multi ( $ensure = undef, - $provider = undef, - $action = undef, + $protocol = undef, $burst = undef, $bytecode = undef, $cgroup = undef, @@ -103,7 +102,6 @@ $physdev_is_out = undef, $physdev_out = undef, $pkttype = undef, - $port = undef, $proto = undef, $queue_bypass = undef, $queue_num = undef, @@ -158,8 +156,7 @@ { $name => { ensure => $ensure, - provider => $provider, - action => $action, + protocol => $protocol, burst => $burst, bytecode => $bytecode, cgroup => $cgroup, @@ -251,7 +248,6 @@ physdev_is_out => $physdev_is_out, physdev_out => $physdev_out, pkttype => $pkttype, - port => $port, proto => $proto, queue_bypass => $queue_bypass, queue_num => $queue_num, diff --git a/metadata.json b/metadata.json index 3b88688..1e5192c 100644 --- a/metadata.json +++ b/metadata.json @@ -72,13 +72,13 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 3.0.0" + "version_requirement": ">= 7.0.0 < 9.0.0" } ], "dependencies": [ { "name": "puppetlabs/firewall", - "version_requirement": ">= 2.8.0 <= 6.0.0" + "version_requirement": ">= 7.0.0 < 8.0.0" } ] } diff --git a/spec/acceptance/firewall_multi_spec.rb b/spec/acceptance/firewall_multi_spec.rb index 77e07e5..49eff7b 100644 --- a/spec/acceptance/firewall_multi_spec.rb +++ b/spec/acceptance/firewall_multi_spec.rb @@ -15,7 +15,7 @@ ], dport => [80, 443], proto => tcp, - action => accept, + jump => accept, } CODE diff --git a/spec/defines/firewall_multi_spec.rb b/spec/defines/firewall_multi_spec.rb index 2973ef2..c786353 100644 --- a/spec/defines/firewall_multi_spec.rb +++ b/spec/defines/firewall_multi_spec.rb @@ -23,7 +23,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources, @@ -39,7 +39,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 from #{source} to #{dest} icmp type #{icmp}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -62,7 +62,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources, @@ -75,7 +75,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 from #{source}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -95,7 +95,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources @@ -104,7 +104,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80 from #{source}").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source @@ -121,7 +121,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "destination" => destinations @@ -132,7 +132,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 to 4.4.4.4/24" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "destination" => "4.4.4.4/24" @@ -152,7 +152,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -164,7 +164,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 to #{destination}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -179,7 +179,7 @@ let(:title) { "00100 accept on port 53" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "53", "proto" => protocols } @@ -190,7 +190,7 @@ is_expected.to contain_firewall( "00100 accept on port 53 protocol #{protocol}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "53", "proto" => protocol ) @@ -206,7 +206,7 @@ { "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => icmps } end @@ -218,7 +218,7 @@ ).with( "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => icmp ) } @@ -233,7 +233,7 @@ { "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => icmps } end @@ -242,7 +242,7 @@ is_expected.to contain_firewall("00100 accept output icmp type 8").with( "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => "8" ) } @@ -255,7 +255,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp" } @@ -263,7 +263,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp" ) @@ -274,7 +274,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => nil @@ -283,7 +283,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "nil" @@ -301,7 +301,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources, @@ -313,7 +313,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 from 1.1.1.1/24" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "1.1.1.1/24", @@ -322,8 +322,8 @@ } end - context "when using two providers" do - providers = %w[ + context "when using two protocols" do + protocols = %w[ iptables ip6tables ] @@ -331,22 +331,22 @@ let(:title) { "00100 accept on ports 80 and 443" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => %w[80 443], "proto" => "tcp", - "provider" => providers + "protocol" => protocols } end it { - providers.each do |provider| + protocols.each do |protocol| is_expected.to contain_firewall( - "00100 accept on ports 80 and 443 using provider #{provider}" + "00100 accept on ports 80 and 443 using protocol #{protocol}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => %w[80 443], "proto" => "tcp", - "provider" => provider + "protocol" => protocol ) end } @@ -356,7 +356,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "1.1.1.1/24", @@ -367,7 +367,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "1.1.1.1/24", diff --git a/spec/functions/firewall_multi_spec.rb b/spec/functions/firewall_multi_spec.rb index cd9bcb8..9f0d762 100644 --- a/spec/functions/firewall_multi_spec.rb +++ b/spec/functions/firewall_multi_spec.rb @@ -12,7 +12,7 @@ context "when passed a hash" do input = { "00100 accept inbound ssh" => { - "action" => "accept", + "jump" => "accept", "source" => ["1.1.1.1/24", "2.2.2.2/24"], "dport" => 22 } @@ -20,12 +20,12 @@ output = { "00100 accept inbound ssh from 1.1.1.1/24" => { - "action" => "accept", + "jump" => "accept", "source" => "1.1.1.1/24", "dport" => 22 }, "00100 accept inbound ssh from 2.2.2.2/24" => { - "action" => "accept", + "jump" => "accept", "source" => "2.2.2.2/24", "dport" => 22 }