From c1188af21ab37e83b499f01289c84add33ee07ad Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Thu, 14 Sep 2023 17:24:24 +1000 Subject: [PATCH 1/8] firewall 7.0.0 compat --- manifests/init.pp | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/manifests/init.pp b/manifests/init.pp index 93ffed1..504d611 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -6,12 +6,11 @@ # @param [Array] destination An array of destination IPs or CIDRs. # @param [Array] proto An array of protocols. # @param [Array] icmp An array of ICMP types. -# @param [Array] provider An array of providers. +# @param [Array] protocol An array of protocols. # define firewall_multi ( $ensure = undef, - $provider = undef, - $action = undef, + $protocol = undef, $burst = undef, $bytecode = undef, $cgroup = undef, @@ -103,7 +102,6 @@ $physdev_is_out = undef, $physdev_out = undef, $pkttype = undef, - $port = undef, $proto = undef, $queue_bypass = undef, $queue_num = undef, @@ -158,8 +156,7 @@ { $name => { ensure => $ensure, - provider => $provider, - action => $action, + protocol => $protocol, burst => $burst, bytecode => $bytecode, cgroup => $cgroup, @@ -251,7 +248,6 @@ physdev_is_out => $physdev_is_out, physdev_out => $physdev_out, pkttype => $pkttype, - port => $port, proto => $proto, queue_bypass => $queue_bypass, queue_num => $queue_num, From afb4061b280159d473860bf82a98f8f550162f4c Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Thu, 14 Sep 2023 17:28:48 +1000 Subject: [PATCH 2/8] firewall 7.0.0 compat --- metadata.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/metadata.json b/metadata.json index 3b88688..86c2d23 100644 --- a/metadata.json +++ b/metadata.json @@ -78,7 +78,7 @@ "dependencies": [ { "name": "puppetlabs/firewall", - "version_requirement": ">= 2.8.0 <= 6.0.0" + "version_requirement": ">= 2.8.0 <= 7.0.0" } ] } From e27862451074006abbd555dc6da9c9e021d53aa9 Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Thu, 14 Sep 2023 17:33:05 +1000 Subject: [PATCH 3/8] firewall 7.0.0 compat --- spec/acceptance/firewall_multi_spec.rb | 2 +- spec/defines/firewall_multi_spec.rb | 52 +++++++++++++------------- spec/functions/firewall_multi_spec.rb | 6 +-- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/spec/acceptance/firewall_multi_spec.rb b/spec/acceptance/firewall_multi_spec.rb index 77e07e5..49eff7b 100644 --- a/spec/acceptance/firewall_multi_spec.rb +++ b/spec/acceptance/firewall_multi_spec.rb @@ -15,7 +15,7 @@ ], dport => [80, 443], proto => tcp, - action => accept, + jump => accept, } CODE diff --git a/spec/defines/firewall_multi_spec.rb b/spec/defines/firewall_multi_spec.rb index 2973ef2..73178cd 100644 --- a/spec/defines/firewall_multi_spec.rb +++ b/spec/defines/firewall_multi_spec.rb @@ -23,7 +23,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources, @@ -39,7 +39,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 from #{source} to #{dest} icmp type #{icmp}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -62,7 +62,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources, @@ -75,7 +75,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 from #{source}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -95,7 +95,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources @@ -104,7 +104,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80 from #{source}").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source @@ -121,7 +121,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "destination" => destinations @@ -132,7 +132,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 to 4.4.4.4/24" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "destination" => "4.4.4.4/24" @@ -152,7 +152,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -164,7 +164,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 to #{destination}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => source, @@ -179,7 +179,7 @@ let(:title) { "00100 accept on port 53" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "53", "proto" => protocols } @@ -190,7 +190,7 @@ is_expected.to contain_firewall( "00100 accept on port 53 protocol #{protocol}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "53", "proto" => protocol ) @@ -206,7 +206,7 @@ { "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => icmps } end @@ -218,7 +218,7 @@ ).with( "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => icmp ) } @@ -233,7 +233,7 @@ { "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => icmps } end @@ -242,7 +242,7 @@ is_expected.to contain_firewall("00100 accept output icmp type 8").with( "chain" => "OUTPUT", "proto" => "icmp", - "action" => "accept", + "jump" => "accept", "icmp" => "8" ) } @@ -255,7 +255,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp" } @@ -263,7 +263,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp" ) @@ -274,7 +274,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => nil @@ -283,7 +283,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "nil" @@ -301,7 +301,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => sources, @@ -313,7 +313,7 @@ is_expected.to contain_firewall( "00100 accept on port 80 from 1.1.1.1/24" ).with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "1.1.1.1/24", @@ -331,7 +331,7 @@ let(:title) { "00100 accept on ports 80 and 443" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => %w[80 443], "proto" => "tcp", "provider" => providers @@ -343,7 +343,7 @@ is_expected.to contain_firewall( "00100 accept on ports 80 and 443 using provider #{provider}" ).with( - "action" => "accept", + "jump" => "accept", "dport" => %w[80 443], "proto" => "tcp", "provider" => provider @@ -356,7 +356,7 @@ let(:title) { "00100 accept on port 80" } let(:params) do { - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "1.1.1.1/24", @@ -367,7 +367,7 @@ it { is_expected.to contain_firewall("00100 accept on port 80").with( - "action" => "accept", + "jump" => "accept", "dport" => "80", "proto" => "tcp", "source" => "1.1.1.1/24", diff --git a/spec/functions/firewall_multi_spec.rb b/spec/functions/firewall_multi_spec.rb index cd9bcb8..9f0d762 100644 --- a/spec/functions/firewall_multi_spec.rb +++ b/spec/functions/firewall_multi_spec.rb @@ -12,7 +12,7 @@ context "when passed a hash" do input = { "00100 accept inbound ssh" => { - "action" => "accept", + "jump" => "accept", "source" => ["1.1.1.1/24", "2.2.2.2/24"], "dport" => 22 } @@ -20,12 +20,12 @@ output = { "00100 accept inbound ssh from 1.1.1.1/24" => { - "action" => "accept", + "jump" => "accept", "source" => "1.1.1.1/24", "dport" => 22 }, "00100 accept inbound ssh from 2.2.2.2/24" => { - "action" => "accept", + "jump" => "accept", "source" => "2.2.2.2/24", "dport" => 22 } From ec70aa05605a7b7d332c2c698ee7ece1af184039 Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Thu, 14 Sep 2023 17:38:14 +1000 Subject: [PATCH 4/8] firewall 7.0.0 compat --- spec/defines/firewall_multi_spec.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/spec/defines/firewall_multi_spec.rb b/spec/defines/firewall_multi_spec.rb index 73178cd..c786353 100644 --- a/spec/defines/firewall_multi_spec.rb +++ b/spec/defines/firewall_multi_spec.rb @@ -322,8 +322,8 @@ } end - context "when using two providers" do - providers = %w[ + context "when using two protocols" do + protocols = %w[ iptables ip6tables ] @@ -334,19 +334,19 @@ "jump" => "accept", "dport" => %w[80 443], "proto" => "tcp", - "provider" => providers + "protocol" => protocols } end it { - providers.each do |provider| + protocols.each do |protocol| is_expected.to contain_firewall( - "00100 accept on ports 80 and 443 using provider #{provider}" + "00100 accept on ports 80 and 443 using protocol #{protocol}" ).with( "jump" => "accept", "dport" => %w[80 443], "proto" => "tcp", - "provider" => provider + "protocol" => protocol ) end } From a855486af3e47de193c00923417a88abb49d05f6 Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Fri, 15 Sep 2023 16:20:05 +1000 Subject: [PATCH 5/8] firewall 7.0.0 compat --- metadata.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/metadata.json b/metadata.json index 86c2d23..1e5192c 100644 --- a/metadata.json +++ b/metadata.json @@ -72,13 +72,13 @@ "requirements": [ { "name": "puppet", - "version_requirement": ">= 3.0.0" + "version_requirement": ">= 7.0.0 < 9.0.0" } ], "dependencies": [ { "name": "puppetlabs/firewall", - "version_requirement": ">= 2.8.0 <= 7.0.0" + "version_requirement": ">= 7.0.0 < 8.0.0" } ] } From d7e223a3f25c2c172155600d2d81aa2fdb31df9c Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Fri, 15 Sep 2023 17:45:07 +1000 Subject: [PATCH 6/8] drop tests for puppet before 7 --- .github/workflows/build.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index e5618c1..c1bf83d 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -15,10 +15,6 @@ jobs: strategy: matrix: include: - - ruby: "2.4.4" - puppet: "~> 5.0" - - ruby: "2.4.4" - puppet: "~> 6.0" - ruby: "2.7" puppet: "~> 7.0" From f5e8243e2939d3a6b26c6dac4c59a1b7958776ac Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Sun, 17 Sep 2023 09:19:51 +1000 Subject: [PATCH 7/8] provider -> protocol --- lib/puppet/functions/firewall_multi.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/puppet/functions/firewall_multi.rb b/lib/puppet/functions/firewall_multi.rb index a41db8c..8d0fe91 100644 --- a/lib/puppet/functions/firewall_multi.rb +++ b/lib/puppet/functions/firewall_multi.rb @@ -65,10 +65,10 @@ def explode(hash, param, string) def firewall_multi(hash) hash = explode(hash, "source", "from") hash = explode(hash, "destination", "to") - hash = explode(hash, "proto", "protocol") + hash = explode(hash, "proto", "proto") hash = explode(hash, "icmp", "icmp type") hash = explode(hash, "icmp", "icmp type") - hash = explode(hash, "provider", "using provider") + hash = explode(hash, "protocol", "using protocol") hash end end From d6129f9e35508739f22338e79c61cda42060d918 Mon Sep 17 00:00:00 2001 From: Robert Cohen Date: Sun, 17 Sep 2023 09:27:02 +1000 Subject: [PATCH 8/8] provider -> protocol --- lib/puppet/functions/firewall_multi.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/puppet/functions/firewall_multi.rb b/lib/puppet/functions/firewall_multi.rb index 8d0fe91..d78ccb1 100644 --- a/lib/puppet/functions/firewall_multi.rb +++ b/lib/puppet/functions/firewall_multi.rb @@ -65,7 +65,7 @@ def explode(hash, param, string) def firewall_multi(hash) hash = explode(hash, "source", "from") hash = explode(hash, "destination", "to") - hash = explode(hash, "proto", "proto") + hash = explode(hash, "proto", "protocol") hash = explode(hash, "icmp", "icmp type") hash = explode(hash, "icmp", "icmp type") hash = explode(hash, "protocol", "using protocol")