Skip to content

Commit

Permalink
Merge pull request #307 from nmaludy/bugfix/custom-service-protocols
Browse files Browse the repository at this point in the history
Fixes firewalld_custom_service where only protocols are defined
  • Loading branch information
alexjfisher authored May 11, 2022
2 parents 3aaf4f4 + 624065c commit cc669a5
Show file tree
Hide file tree
Showing 3 changed files with 52 additions and 3 deletions.
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -365,6 +365,13 @@ will produce:
<port protocol="tcp" port="8000-8002" />
```

* `protocols`: (Optional) An array of protocols allowed by the service as defined
in /etc/protocols.

```puppet
protocols => ['ospf'],
```

* `module`: (Optional) An array of strings specifying netfilter kernel helper
modules associated with this service

Expand Down
8 changes: 5 additions & 3 deletions lib/puppet/provider/firewalld_custom_service/firewall_cmd.rb
Original file line number Diff line number Diff line change
Expand Up @@ -119,9 +119,11 @@ def protocols=(should)
to_remove = @property_hash[:protocols]
else
to_remove = @property_hash[:protocols] - should
to_add = (
should + Array(@resource[:ports]).select { |x| x['port'].nil? }.map { |x| x['protocol'] }
) - @property_hash[:protocols]
ports_protos = []
unless @resource[:ports].include?(:unset)
ports_protos = Array(@resource[:ports]).select { |x| x['port'].nil? }.map { |x| x['protocol'] }
end
to_add = (should + ports_protos) - @property_hash[:protocols]
end

errors = []
Expand Down
40 changes: 40 additions & 0 deletions spec/acceptance/suites/default/00_default_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -200,6 +200,46 @@ class other_service {
apply_manifest_on(host, cleanup_manifest, catch_changes: true)
end
end

context 'with only protocols' do
let(:manifest) do
<<-EOM
firewalld_custom_service{ 'ospf':
protocols => ['ospf'],
}
EOM
end

it 'runs successfully' do
apply_manifest_on(host, manifest, catch_failures: true)
end

it 'is idempotent' do
apply_manifest_on(host, manifest, catch_changes: true)
end

context 'custom service' do
it 'exists' do
expect(on(host, 'firewall-cmd --permanent --info-service=ospf').output).not_to be_empty
end

it 'has the proper protocol' do
expect(on(host, 'firewall-cmd --permanent --service=ospf --get-protocols').output.strip).to eq('ospf')
end

it 'has no ports' do
expect(on(host, 'firewall-cmd --permanent --service=ospf --get-ports').output.strip).to be_empty
end

it 'has no modules' do
expect(on(host, 'firewall-cmd --permanent --service=ospf --get-modules').output.strip).to be_empty
end

it 'has no destinations' do
expect(on(host, 'firewall-cmd --permanent --service=ospf --get-destinations').output.strip).to be_empty
end
end
end
end

context 'disable firewalld' do
Expand Down

0 comments on commit cc669a5

Please sign in to comment.