/manifests/rule.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rule.pp @ 215aee13

Historique | Voir | Annoter | Télécharger (982 octets)

1	8efbdf9a	tr	# manage a chain rule
2	0ba57c66	mh	# Name should be:
3	a534e044	mh	# CHAIN_NAME-rulename
4	8efbdf9a	tr	define nftables::rule(
5	0ba57c66	mh	Enum['present','absent']
6			$ensure = 'present',
7	a074dec2	tr	Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]
8	0ba57c66	mh	$rulename = $title,
9			Pattern[/^\d\d$/]
10			$order = '50',
11			Optional[String]
12	5df9303f	tr	$table = 'inet-filter',
13	8efbdf9a	tr	Optional[String]
14	0ba57c66	mh	$content = undef,
15			Optional[Variant[String,Array[String,1]]]
16			$source = undef,
17			){
18	8efbdf9a	tr
19	0ba57c66	mh	if $ensure == 'present' {
20	8efbdf9a	tr	$data = split($rulename, '-')
21
22	18ec6f48	tr	if $data[2] {
23			$fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}-${data[2]}"
24			} else {
25			$fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}"
26			}
27
28	0ba57c66	mh	concat::fragment{
29	18ec6f48	tr	$fragment:
30	e140adff	tr	order => $order,
31	8efbdf9a	tr	target => "nftables-${table}-chain-${data[0]}",
32	0ba57c66	mh	}
33
34			if $content {
35	18ec6f48	tr	Concat::Fragment[$fragment]{
36	0ba57c66	mh	content => " ${content}",
37			}
38			} else {
39	18ec6f48	tr	Concat::Fragment[$fragment]{
40	0ba57c66	mh	source => $source,
41			}
42			}
43			}
44			}