Merge pull request #83 from crayfishx/bug/quotes_in_args

munge arguments to support quoted args
voxpupuli · Aug 23, 2016 · 91633ef · 91633ef
2 parents b1e839d + f53999e
commit 91633ef
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 7 deletions.
diff --git a/lib/puppet/provider/firewalld.rb b/lib/puppet/provider/firewalld.rb
@@ -10,7 +10,10 @@ def self.execute_firewall_cmd(args,  zone=nil, perm=true, failonfail=true, shell
     cmd_args = []
     cmd_args << '--permanent' if perm
     cmd_args << [ '--zone', zone ] unless zone.nil?
-    cmd_args << args
+
+    # Add the arguments to our command string, removing any quotes, the command
+    # provider will sort the quotes out.
+    cmd_args << args.flatten.map { |a| a.delete("'") }
 
     # We can't use the commands short cut as some things, like exists? methods need to
     # allow for the command to fail, and there is no way to override that.  So instead
@@ -45,6 +48,17 @@ def execute_firewall_cmd(args, zone=@resource[:zone], perm=true, failonfail=true
     end
   end
 
+  # Arguments should be parsed as separate array entities, but quoted arg
+  # eg --log-prefix 'IPTABLES DROPPED' should include the whole quoted part
+  # in one element
+  #
+  def parse_args(args)
+    if args.is_a?(Array)
+      args = args.flatten.join(" ")
+    end
+    args.split(/(\'[^\']*\'| )/).reject { |r| [ "", " "].include?(r) }
+  end
+
   # Occasionally we need to restart firewalld in a transient way between resources
   # (eg: services) so the provider needs an an-hoc way of doing this since we can't
   # do it from the puppet level by notifying the service.

diff --git a/lib/puppet/provider/firewalld_direct_purge/firewall_cmd.rb b/lib/puppet/provider/firewalld_direct_purge/firewall_cmd.rb
@@ -16,7 +16,7 @@ def get_instances_of(restype)
 
   def purge_resources(restype, args)
     raise Puppet::Error, "Unknown type #{restype}" unless [:chain, :passthrough, :rule].include?(restype)
-    execute_firewall_cmd(['--direct', "--remove-#{restype.to_s}", args], nil)
+    execute_firewall_cmd(['--direct', "--remove-#{restype.to_s}", parse_args(args)], nil)
   end
 
 end
diff --git a/lib/puppet/provider/firewalld_direct_rule/firewall_cmd.rb b/lib/puppet/provider/firewalld_direct_rule/firewall_cmd.rb
@@ -23,14 +23,15 @@ def destroy
     execute_firewall_cmd(['--direct', '--remove-rule', @rule_args], nil)
   end
 
+
   def generate_raw
     rule = []
     rule << [
-	    @resource[:inet_protocol],
-	    @resource[:table],
-	    @resource[:chain],
-	    @resource[:priority].to_s,
-	    @resource[:args].split(" "),
+      @resource[:inet_protocol],
+      @resource[:table],
+      @resource[:chain],
+      @resource[:priority].to_s,
+      parse_args(@resource[:args])
     ]
     rule.flatten
   end

diff --git a/spec/unit/puppet/type/firewalld_direct_rule_spec.rb b/spec/unit/puppet/type/firewalld_direct_rule_spec.rb
@@ -61,5 +61,19 @@
       provider.expects(:execute_firewall_cmd).with(['--direct', '--remove-rule', [  'ipv4', 'filter', 'OUTPUT', '4', '-p', 'tcp', '--dport=22', '-j', 'ACCEPT']], nil)
       provider.destroy
     end
+
+    context "parsing arguments" do
+      it "should correctly parse arguments into an array" do
+        args="-p tcp --dport=22 -j ACCEPT"
+        expect(provider.parse_args(args)).to eq(['-p', 'tcp', '--dport=22', '-j', 'ACCEPT'])
+      end
+
+      it "should correctly parse arguments in quotes" do
+        args="-j LOG --log-prefix '# IPTABLES DROPPED:'"
+        expect(provider.parse_args(args)).to eq(['-j', 'LOG', '--log-prefix', '\'# IPTABLES DROPPED:\''])
+      end
+    end
+
+
   end
 end