Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix rich rule with typed action #329

Merged
merged 2 commits into from
Aug 24, 2023
Merged

Fix rich rule with typed action #329

merged 2 commits into from
Aug 24, 2023

Conversation

bmagistro
Copy link
Contributor

This updates the parsing to support a rich rule with a configured reject type.

It might be possible to use symbols for keys, but I couldn't get that to work and don't know enough ruby to sort it out.

Fixes: #193
Replaces: #194

Prior to this change set, the rich rule would produce the below error message(s)

Failures:

  1) Puppet::Type::Firewalld_rich_rule provider for rule rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" reject type="tcp-reset" queries the status
     Failure/Error: raise Puppet::Error, "Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got #{value}"

     Puppet::ResourceError:
       Parameter action failed on Firewalld_rich_rule[reject ssh tcp reset]: Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got {"action"=>"reject", "type"=>"tcp-reset"}
     # ./lib/puppet/type/firewalld_rich_rule.rb:107:in `block (3 levels) in <top (required)>'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/parameter.rb:463:in `validate'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/parameter.rb:498:in `value='
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:694:in `[]='
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2548:in `block in set_parameters'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2542:in `each'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2542:in `set_parameters'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2449:in `initialize'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:218:in `new'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:218:in `block (5 levels) in <top (required)>'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:221:in `block (5 levels) in <top (required)>'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:228:in `block (5 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Puppet::Error:
     #   Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got {"action"=>"reject", "type"=>"tcp-reset"}
     #   ./lib/puppet/type/firewalld_rich_rule.rb:107:in `block (3 levels) in <top (required)>'

  2) Puppet::Type::Firewalld_rich_rule provider for rule rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" reject type="tcp-reset" creates
     Failure/Error: raise Puppet::Error, "Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got #{value}"

     Puppet::ResourceError:
       Parameter action failed on Firewalld_rich_rule[reject ssh tcp reset]: Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got {"action"=>"reject", "type"=>"tcp-reset"}
     # ./lib/puppet/type/firewalld_rich_rule.rb:107:in `block (3 levels) in <top (required)>'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/parameter.rb:463:in `validate'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/parameter.rb:498:in `value='
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:694:in `[]='
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2548:in `block in set_parameters'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2542:in `each'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2542:in `set_parameters'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2449:in `initialize'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:218:in `new'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:218:in `block (5 levels) in <top (required)>'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:221:in `block (5 levels) in <top (required)>'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:233:in `block (5 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Puppet::Error:
     #   Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got {"action"=>"reject", "type"=>"tcp-reset"}
     #   ./lib/puppet/type/firewalld_rich_rule.rb:107:in `block (3 levels) in <top (required)>'

  3) Puppet::Type::Firewalld_rich_rule provider for rule rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" reject type="tcp-reset" destroys
     Failure/Error: raise Puppet::Error, "Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got #{value}"

     Puppet::ResourceError:
       Parameter action failed on Firewalld_rich_rule[reject ssh tcp reset]: Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got {"action"=>"reject", "type"=>"tcp-reset"}
     # ./lib/puppet/type/firewalld_rich_rule.rb:107:in `block (3 levels) in <top (required)>'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/parameter.rb:463:in `validate'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/parameter.rb:498:in `value='
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:694:in `[]='
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2548:in `block in set_parameters'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2542:in `each'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2542:in `set_parameters'
     # /usr/local/bundle/ruby/2.5.0/gems/puppet-6.27.0/lib/puppet/type.rb:2449:in `initialize'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:218:in `new'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:218:in `block (5 levels) in <top (required)>'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:221:in `block (5 levels) in <top (required)>'
     # ./spec/unit/puppet/type/firewalld_rich_rule_spec.rb:238:in `block (5 levels) in <top (required)>'
     # ------------------
     # --- Caused by: ---
     # Puppet::Error:
     #   Rule action hash should contain `action` and `type` keys. Use a string if you only want to declare the action to be `accept` or `reject`. Got {"action"=>"reject", "type"=>"tcp-reset"}
     #   ./lib/puppet/type/firewalld_rich_rule.rb:107:in `block (3 levels) in <top (required)>'

Finished in 2.34 seconds (files took 2.74 seconds to load)
124 examples, 3 failures

Failed examples:

rspec './spec/unit/puppet/type/firewalld_rich_rule_spec.rb[1:4:10:1]' # Puppet::Type::Firewalld_rich_rule provider for rule rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" reject type="tcp-reset" queries the status
rspec './spec/unit/puppet/type/firewalld_rich_rule_spec.rb[1:4:10:2]' # Puppet::Type::Firewalld_rich_rule provider for rule rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" reject type="tcp-reset" creates
rspec './spec/unit/puppet/type/firewalld_rich_rule_spec.rb[1:4:10:3]' # Puppet::Type::Firewalld_rich_rule provider for rule rule family="ipv4" source address="10.0.1.2/24" service name="ssh" log level="debug" reject type="tcp-reset" destroys

Ben Magistro and others added 2 commits June 24, 2022 16:32
@bmagistro
voxpupuli#193 [tests] add failing unit test for action + type
bce38be 
Signed-off-by: Ben Magistro <koncept1@gmail.com>
@bmagistro
voxpupuli#193 fix rich rule typed action
19f4b15 
Fixes: voxpupuli#193
Replaces: voxpupuli#194

Signed-off-by: Ben Magistro <koncept1@gmail.com>
@jcpunk jcpunk added the bug Something isn't working label Aug 24, 2023
@jcpunk jcpunk merged commit fd1173c into voxpupuli:master Aug 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cannot create rich rule with reject type
2 participants
@bmagistro @jcpunk