Révision 04176b0e
switch naming to puppetserver
| manifests/rules/out/puppet.pp | ||
|---|---|---|
| 1 | 1 |
# manage outgoing puppet |
| 2 | 2 |
class nftables::rules::out::puppet ( |
| 3 |
Variant[String,Array[String,1]] $puppetmaster,
|
|
| 3 |
Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]] $puppetserver,
|
|
| 4 | 4 |
Integer $puppetserver_port = 8140, |
| 5 | 5 |
) {
|
| 6 |
any2array($puppetmaster).each |$index,$pm| {
|
|
| 6 |
Array($puppetserver, true).each |$index,$ps| {
|
|
| 7 | 7 |
nftables::rule {
|
| 8 | 8 |
"default_out-puppet-${index}":
|
| 9 | 9 |
} |
| 10 |
if $pm =~ /:/ {
|
|
| 10 |
if $ps =~ Stdlib::IP::Address::V6 {
|
|
| 11 | 11 |
Nftables::Rule["default_out-puppet-${index}"] {
|
| 12 |
content => "ip6 daddr ${pm} tcp dport ${puppetserver_port} accept",
|
|
| 12 |
content => "ip6 daddr ${ps} tcp dport ${puppetserver_port} accept",
|
|
| 13 | 13 |
} |
| 14 | 14 |
} else {
|
| 15 | 15 |
Nftables::Rule["default_out-puppet-${index}"] {
|
| 16 |
content => "ip daddr ${pm} tcp dport ${puppetserver_port} accept",
|
|
| 16 |
content => "ip daddr ${ps} tcp dport ${puppetserver_port} accept",
|
|
| 17 | 17 |
} |
| 18 | 18 |
} |
| 19 | 19 |
} |
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 48 | 48 |
include nftables::rules::out::http |
| 49 | 49 |
include nftables::rules::out::ssh::remove |
| 50 | 50 |
class{'nftables::rules::out::puppet':
|
| 51 |
puppetmaster => '127.0.0.1',
|
|
| 51 |
puppetserver => '127.0.0.1',
|
|
| 52 | 52 |
} |
| 53 | 53 |
include nftables::rules::out::all |
| 54 | 54 |
include nftables::rules::out::tor |
| spec/classes/rules/out/puppet_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::out::puppet' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
let(:params) do |
|
| 8 |
{ puppetserver: '1.2.3.4' }
|
|
| 9 |
end |
|
| 10 |
|
|
| 11 |
context 'default options' do |
|
| 12 |
it { is_expected.to compile }
|
|
| 13 |
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip daddr 1.2.3.4 tcp dport 8140 accept') }
|
|
| 14 |
end |
|
| 15 |
context 'with different port' do |
|
| 16 |
let(:params) do |
|
| 17 |
super().merge({ puppetserver_port: 8141 })
|
|
| 18 |
end |
|
| 19 |
|
|
| 20 |
it { is_expected.to compile }
|
|
| 21 |
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip daddr 1.2.3.4 tcp dport 8141 accept') }
|
|
| 22 |
end |
|
| 23 |
context 'with ipv6 address' do |
|
| 24 |
let(:params) do |
|
| 25 |
{ puppetserver: 'fe80::1' }
|
|
| 26 |
end |
|
| 27 |
|
|
| 28 |
it { is_expected.to compile }
|
|
| 29 |
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip6 daddr fe80::1 tcp dport 8140 accept') }
|
|
| 30 |
end |
|
| 31 |
context 'with ipv6 & ipv4 address' do |
|
| 32 |
let(:params) do |
|
| 33 |
{ puppetserver: ['fe80::1', '1.2.3.4'] }
|
|
| 34 |
end |
|
| 35 |
|
|
| 36 |
it { is_expected.to compile }
|
|
| 37 |
it { is_expected.to contain_nftables__rule('default_out-puppet-0').with_content('ip6 daddr fe80::1 tcp dport 8140 accept') }
|
|
| 38 |
it { is_expected.to contain_nftables__rule('default_out-puppet-1').with_content('ip daddr 1.2.3.4 tcp dport 8140 accept') }
|
|
| 39 |
end |
|
| 40 |
end |
|
| 41 |
end |
|
| 42 |
end |
|
Formats disponibles : Unified diff