(puppetlabsGH-1164) Only common jump values should be enforced as upcase

david22swan · david22swan · commit 43d5e7373840 · 2023-09-26T10:32:17.000+01:00
Common jump values, depending on the OS, can be returned either as upcase or downcase values causing idempotentcy issues.
This had previously been dealt with by simply enforcing upcase on all passed values.
However this caused issues when passing chain's as the jump target and so the code has been update to explicitly upcase the common values only.
diff --git a/lib/puppet/provider/firewall/firewall.rb b/lib/puppet/provider/firewall/firewall.rb
@@ -863,8 +863,10 @@ def self.process_input(should)
       should[key][0] = ['!', should[key][0]].join(' ') if negated
     end
 
-    # `jump` values should always be uppercase
-    should[:jump] = should[:jump].upcase if should[:jump]
+    # `jump` common values should always be uppercase
+    jump_common_values = ['accept', 'reject', 'drop', 'queue', 'return', 'dnat', 'snat', 'log', 'nflog',
+                          'netmp', 'masquerade', 'redirect', 'mark', 'ct']
+    should[:jump] = should[:jump].upcase if should[:jump] && jump_common_values.include?(should[:jump].downcase)
 
     # `source` and `destination` must be put through host_to_mask
     should[:source] = PuppetX::Firewall::Utility.host_to_mask(should[:source], should[:protocol]) if should[:source]
