Skip to content

Commit c4ba81f

Browse files
committed
Port ranges as string with hyphen should work
1 parent 6620ad2 commit c4ba81f

File tree

3 files changed

+56
-20
lines changed

3 files changed

+56
-20
lines changed

lib/puppet/provider/firewall/firewall.rb

Lines changed: 24 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -416,28 +416,34 @@ def insync?(context, _name, property_name, is_hash, should_hash)
416416
when :dport, :sport, :state, :ctstate, :ctstatus
417417
is = is_hash[property_name]
418418
should = should_hash[property_name]
419+
ports = [:dport, :sport]
420+
421+
if is.is_a?(Array) && should.is_a?(Array)
422+
# Ensure values are sorted
423+
# Ensure any negation includes only the first value
424+
is_negated = true if %r{^!\s}.match?(is[0].to_s)
425+
is.each_with_index do |_value, _index|
426+
is = is.map { |value| value.to_s.tr('! ', '') }.sort
427+
end
428+
is[0] = ['!', is[0]].join(' ') if is_negated
419429

420-
# Unique logic is only needed when both values are arrays
421-
return nil unless is.is_a?(Array) && should.is_a?(Array)
422-
423-
# Ensure values are sorted
424-
# Ensure any negation includes only the first value
425-
is_negated = true if %r{^!\s}.match?(is[0].to_s)
426-
is.each_with_index do |_value, _index|
427-
is = is.map { |value| value.to_s.tr('! ', '') }.sort
428-
end
429-
is[0] = ['!', is[0]].join(' ') if is_negated
430+
should_negated = true if %r{^!\s}.match?(should[0].to_s)
431+
should.each_with_index do |_value, _index|
432+
should = should.map { |value| value.to_s.tr('! ', '') }.sort
433+
# Port range can be passed as `-` but will always be set/returned as `:`
434+
should = should.map { |value| value.to_s.tr('-', ':') }.sort if ports.include?(property_name)
435+
end
436+
should[0] = ['!', should[0]].join(' ') if should_negated
430437

431-
should_negated = true if %r{^!\s}.match?(should[0].to_s)
432-
should.each_with_index do |_value, _index|
433-
should = should.map { |value| value.to_s.tr('! ', '') }.sort
438+
is == should
439+
elsif is.is_a?(String) && should.is_a?(String)
434440
# Port range can be passed as `-` but will always be set/returned as `:`
435-
ports = [:dport, :sport]
436-
should = should.map { |value| value.to_s.tr('-', ':') }.sort if ports.include?(property_name)
437-
end
438-
should[0] = ['!', should[0]].join(' ') if should_negated
441+
should = should.tr('-', ':') if ports.include?(property_name)
439442

440-
is == should
443+
is == should
444+
else
445+
return nil
446+
end
441447
when :string_hex
442448
# Compare the values with any whitespace removed
443449
is = is_hash[property_name].to_s.gsub(%r{\s+}, '')

spec/acceptance/firewall_attributes_exceptions_spec.rb

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,21 @@ class { '::firewall': }
6868
end
6969
end
7070
end
71+
72+
context 'when port range as a string' do
73+
pp23 = <<-PUPPETCODE
74+
class { '::firewall': }
75+
firewall { '562 - test port range':
76+
proto => tcp,
77+
dport => '561-570',
78+
jump => accept,
79+
}
80+
PUPPETCODE
81+
it 'applies' do
82+
idempotent_apply(pp23)
83+
apply_manifest(pp23, catch_changes: true)
84+
end
85+
end
7186
end
7287

7388
describe 'ensure' do
@@ -652,6 +667,21 @@ class { '::firewall': }
652667
end
653668
end
654669
end
670+
671+
context 'when port range as a string' do
672+
pp20 = <<-PUPPETCODE
673+
class { '::firewall': }
674+
firewall { '561 - test port range':
675+
proto => tcp,
676+
sport => '561-570',
677+
jump => accept,
678+
}
679+
PUPPETCODE
680+
it 'applies' do
681+
idempotent_apply(pp20)
682+
apply_manifest(pp20, catch_changes: true)
683+
end
684+
end
655685
end
656686

657687
describe 'source' do

spec/unit/puppet/provider/firewall/firewall_public_spec.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@
151151
{ is_hash: { mac_source: '! 0A:1B:3C:4D:5E:6F' }, should_hash: { mac_source: '0A:1B:3C:4D:5E:6F' }, result: false },
152152
] },
153153
{ testing: 'state/ctstate/ctstatus', property_name: :state, comparisons: [
154-
{ is_hash: { state: 'NEW' }, should_hash: { state: 'NEW' }, result: nil },
154+
{ is_hash: { state: 'NEW' }, should_hash: { state: 'NEW' }, result: true },
155155
{ is_hash: { state: ['NEW'] }, should_hash: { state: 'NEW' }, result: nil },
156156
{ is_hash: { state: 'NEW' }, should_hash: { state: ['NEW', 'INVALID'] }, result: nil },
157157
{ is_hash: { state: ['INVALID', 'NEW'] }, should_hash: { state: ['NEW', 'INVALID'] }, result: true },
@@ -201,7 +201,7 @@
201201
{ is_hash: { jump: 'accept' }, should_hash: { jump: 'drop' }, result: false },
202202
] },
203203
{ testing: 'dport/sport', property_name: :dport, comparisons: [
204-
{ is_hash: { dport: '50' }, should_hash: { dport: '50' }, result: nil },
204+
{ is_hash: { dport: '50' }, should_hash: { dport: '50' }, result: true },
205205
{ is_hash: { dport: ['50:60'] }, should_hash: { dport: '50-60' }, result: nil },
206206
{ is_hash: { dport: ['50:60'] }, should_hash: { dport: ['50-60'] }, result: true },
207207
{ is_hash: { dport: ['! 50:60', '90'] }, should_hash: { dport: ['! 90', '! 50-60'] }, result: true },

0 commit comments

Comments
 (0)