Projet

Général

Profil

Révision 18ec6f48

ID18ec6f48f722a41504be0fc693cf4ab9cdbe790b
Parent e5eb7424
Enfant e4c32222, 317b8d01, ed827383, 43566263

Ajouté par tr il y a plus de 4 ans

Fix rulenames which includes an index

The rulename has a regex pattern `[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(\d+)?$/]`
which allows an index at the end of the rulename (with a delimiter).
This is split later with `$data = split($rulename, '')` but the content
of the index part is never used as a fragment. Therefor the fragment was
defined twice.
This fix will add the index to the fragment name.

Voir les différences:

manifests/rule.pp
19 19 
  if $ensure == 'present' {
20 20 
    $data = split($rulename, '-')
21 21 

  		




  
  22
  
    
    if $data[2] {


  		




  
  23
  
    
      $fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}-${data[2]}"


  		




  
  24
  
    
    } else {


  		




  
  25
  
    
      $fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}"


  		




  
  26
  
    
    }


  		




  
  27
  
    

  		




  22
  28
  
    
    concat::fragment{


  		




  23
  
  
    
      "nftables-${table}-chain-${data[0]}-rule-${data[1]}":


  		




  
  29
  
    
      $fragment:


  		




  24
  30
  
    
        order  => $order,


  		




  25
  31
  
    
        target => "nftables-${table}-chain-${data[0]}",


  		




  26
  32
  
    
    }


  		




  27
  33
  
    

  		




  28
  34
  
    
    if $content {


  		




  29
  
  
    
      Concat::Fragment["nftables-${table}-chain-${data[0]}-rule-${data[1]}"]{


  		




  
  35
  
    
      Concat::Fragment[$fragment]{


  		




  30
  36
  
    
        content => "  ${content}",


  		




  31
  37
  
    
      }


  		




  32
  38
  
    
    } else {


  		




  33
  
  
    
      Concat::Fragment["nftables-${table}-chain-${data[0]}-rule-${data[1]}"]{


  		




  
  39
  
    
      Concat::Fragment[$fragment]{


  		




  34
  40
  
    
        source => $source,


  		




  35
  41
  
    
      }


  		




  36
  42
  
    
    }


  		












  

    
      spec/classes/rules_out_dns_spec.rb
    
  





  
  1
  
    
require 'spec_helper'


  		




  
  2
  
    

  		




  
  3
  
    
describe 'nftables' do


  		




  
  4
  
    
  let(:pre_condition) { 'Exec{path => "/bin"}' }


  		




  
  5
  
    

  		




  
  6
  
    
  on_supported_os.each do |os, os_facts|


  		




  
  7
  
    
    context "on #{os}" do


  		




  
  8
  
    
      let(:facts) { os_facts }


  		




  
  9
  
    

  		




  
  10
  
    
      context 'with standard dns' do


  		




  
  11
  
    
        let(:pre_condition) do


  		




  
  12
  
    
          '


  		




  
  13
  
    
          include nftables::rules::out::dns


  		




  
  14
  
    
          '


  		




  
  15
  
    
        end


  		




  
  16
  
    

  		




  
  17
  
    
        it {


  		




  
  18
  
    
          is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp').with(


  		




  
  19
  
    
            target:  'nftables-inet-filter-chain-default_out',


  		




  
  20
  
    
            content: %r{^  udp dport 53 accept$},


  		




  
  21
  
    
            order:   '50',


  		




  
  22
  
    
          )


  		




  
  23
  
    
        }


  		




  
  24
  
    
        it {


  		




  
  25
  
    
          is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp').with(


  		




  
  26
  
    
            target:  'nftables-inet-filter-chain-default_out',


  		




  
  27
  
    
            content: %r{^  tcp dport 53 accept$},


  		




  
  28
  
    
            order:   '50',


  		




  
  29
  
    
          )


  		




  
  30
  
    
        }


  		




  
  31
  
    
      end


  		




  
  32
  
    

  		




  
  33
  
    
      context 'with custom dns servers' do


  		




  
  34
  
    
        let(:pre_condition) do


  		




  
  35
  
    
          "


  		




  
  36
  
    
          class{'nftables::rules::out::dns':


  		




  
  37
  
    
            dns_server => ['192.0.2.1', '2001:db8::1'],


  		




  
  38
  
    
          }


  		




  
  39
  
    
          "


  		




  
  40
  
    
        end


  		




  
  41
  
    

  		




  
  42
  
    
        it { is_expected.to compile }


  		




  
  43
  
    

  		




  
  44
  
    
        it {


  		




  
  45
  
    
          is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp-0').with(


  		




  
  46
  
    
            target:  'nftables-inet-filter-chain-default_out',


  		




  
  47
  
    
            content: %r{^  ip daddr 192.0.2.1 udp dport 53 accept$},


  		




  
  48
  
    
            order:   '50',


  		




  
  49
  
    
          )


  		




  
  50
  
    
        }


  		




  
  51
  
    
        it {


  		




  
  52
  
    
          is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp-0').with(


  		




  
  53
  
    
            target:  'nftables-inet-filter-chain-default_out',


  		




  
  54
  
    
            content: %r{^  ip daddr 192.0.2.1 tcp dport 53 accept$},


  		




  
  55
  
    
            order:   '50',


  		




  
  56
  
    
          )


  		




  
  57
  
    
        }


  		




  
  58
  
    

  		




  
  59
  
    
        it {


  		




  
  60
  
    
          is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnsudp-1').with(


  		




  
  61
  
    
            target:  'nftables-inet-filter-chain-default_out',


  		




  
  62
  
    
            content: %r{^  ip6 daddr 2001:db8::1 udp dport 53 accept$},


  		




  
  63
  
    
            order:   '50',


  		




  
  64
  
    
          )


  		




  
  65
  
    
        }


  		




  
  66
  
    
        it {


  		




  
  67
  
    
          is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-dnstcp-1').with(


  		




  
  68
  
    
            target:  'nftables-inet-filter-chain-default_out',


  		




  
  69
  
    
            content: %r{^  ip6 daddr 2001:db8::1 tcp dport 53 accept$},


  		




  
  70
  
    
            order:   '50',


  		




  
  71
  
    
          )


  		




  
  72
  
    
        }


  		




  
  73
  
    
      end


  		




  
  74
  
    
    end


  		




  
  75
  
    
  end


  		




  
  76
  
    
end


  		












Formats disponibles :  Unified diff