Projet

Général

Profil

Révision 802d80d1

ID802d80d186917b8e76d459aef1825b2d06169ccf
Parent 7395300c
Enfant d5a61536

Ajouté par Nacho Barrientos il y a plus de 4 ans

Allow sourcing sets from Hiera

Voir les différences:

manifests/init.pp
35 35 
# @param nat
36 36 
#   Add default tables and chains to process NAT traffic.
37 37 
#
38 
# @param sets
39 
#   Allows sourcing set definitions directly from Hiera.
40 
#
38 41 
# @param log_prefix
39 42 
#   String that will be used as prefix when logging packets. It can contain
40 43 
#   two variables using standard sprintf() string-formatting:
......
68 71 
  Boolean $in_out_conntrack      = true,
69 72 
  Boolean $nat                   = true,
70 73 
  Hash $rules                    = {},
74 
  Hash $sets                     = {},
71 75 
  String $log_prefix             = '[nftables] %<chain>s %<comment>s',
72 76 
  Variant[Boolean[false], Pattern[
73 77 
    /icmp(v6|x)? type .+|tcp reset/]]
......
146 150 
        * => $v
147 151 
    }
148 152 
  }
153 

  		




  
  154
  
    
  # inject custom sets e.g. from hiera


  		




  
  155
  
    
  $sets.each |$n,$v| {


  		




  
  156
  
    
    nftables::set{


  		




  
  157
  
    
      $n:


  		




  
  158
  
    
        * => $v


  		




  
  159
  
    
    }


  		




  
  160
  
    
  }


  		




  149
  161
  
    
}


  		












  

    
      spec/classes/nftables_spec.rb
    
  





  121
  121
  
    
        }


  		




  122
  122
  
    
      end


  		




  123
  123
  
    

  		




  
  124
  
    
      context 'with custom sets' do


  		




  
  125
  
    
        let(:params) do


  		




  
  126
  
    
          {


  		




  
  127
  
    
            sets: {


  		




  
  128
  
    
              'testset1' => {


  		




  
  129
  
    
                type: 'ipv4_addr',


  		




  
  130
  
    
                gc_interval: 2,


  		




  
  131
  
    
              },


  		




  
  132
  
    
              'testset2' => {


  		




  
  133
  
    
                type: 'ipv6_addr',


  		




  
  134
  
    
                elements: ['2a02:62:c601::dead:beef'],


  		




  
  135
  
    
              },


  		




  
  136
  
    
            },


  		




  
  137
  
    
          }


  		




  
  138
  
    
        end


  		




  
  139
  
    

  		




  
  140
  
    
        it {


  		




  
  141
  
    
          is_expected.to contain_nftables__set('testset1').with(


  		




  
  142
  
    
            type: 'ipv4_addr',


  		




  
  143
  
    
            gc_interval: 2,


  		




  
  144
  
    
            table: 'inet-filter',


  		




  
  145
  
    
          )


  		




  
  146
  
    
        }


  		




  
  147
  
    
        it {


  		




  
  148
  
    
          is_expected.to contain_nftables__set('testset2').with(


  		




  
  149
  
    
            type: 'ipv6_addr',


  		




  
  150
  
    
            elements: ['2a02:62:c601::dead:beef'],


  		




  
  151
  
    
            table: 'inet-filter',


  		




  
  152
  
    
          )


  		




  
  153
  
    
        }


  		




  
  154
  
    
      end


  		




  
  155
  
    

  		




  124
  156
  
    
      context 'without masking firewalld' do


  		




  125
  157
  
    
        let(:params) do


  		




  126
  158
  
    
          {


  		












Formats disponibles :  Unified diff